CrowdStrike Falcon X

Use the CrowdStrike Falcon Intelligence Sandbox integration to submit files, file hashes, URLs, and FTPs for sandbox analysis, and to retrieve reports.

Forensics & Malware Analysis · CrowdStrike Falcon Intelligence Sandbox

Configuration parameters

  • base_url — Cloud Base URL (e.g., https://api.crowdstrike.com)
  • credentials — Client ID (required)
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • reliability — Source Reliability

Commands (11)

  • cs-fx-check-quota

    Returns the total quota number and the in use quota number.

  • cs-fx-download-ioc

    Downloads IOC packs, PCAP files, and other analysis artifacts.

  • cs-fx-find-reports

    Finds sandbox reports by providing an FQL filter and paging details.

  • cs-fx-find-submission-id

    Finds submission IDs for uploaded files by providing an FQL filter and paging details. Returns a set of submission IDs that match the search criteria.

  • cs-fx-get-analysis-status

    Checks the status of a sandbox analysis.

  • cs-fx-get-full-report

    Gets a full version of a sandbox report.

  • cs-fx-get-report-summary

    Gets a short summary version of a sandbox report.

  • cs-fx-submit-uploaded-file

    Submits a sample SHA256 hash for sandbox analysis.

  • cs-fx-submit-url

    Submits a URL or FTP for sandbox analysis.

  • cs-fx-upload-file

    Uploads a file for sandbox analysis.

  • file

    Gets reputation data for one or more files, by sha256 hashes.