CrowdStrike Falcon Intelligence Sandbox Detonate and Analyze File
This playbook uploads, detonates, and analyzes files for the CrowdStrike Falcon Intelligence Sandbox.
CrowdStrike Falcon Intelligence Sandbox · 8 tasks · 10 inputs · 5 outputs
Inputs
File— The details of the file to detonate.AlertOS— The operating system for which the alert was raised. accepted values are Windows, Linux, AndroidNetworkSettings— Specifies the sandbox network configuration used for analysis. Possible values are: - default: Fully operating network (default behavior if not specified). - tor: Route network traffic via TOR. - simulated: Simulate network traffic. - offline: Disable all network traffic.EnvironmentID— Sandbox environment used for analysis.ActionScript— Runtime script for sandbox analysis.CommandLine— Command line script passed to the submitted file at runtime. Max length: 2048 characters.DocumentPassword— Auto-filled for Adobe or Office files that prompt for a password. Max length: 32 characters.SubmitName— Name of the malware sample that’s used for file type detection. and analysis.SystemDate— Set a custom date for the sandbox environment in the format yyyy-MM-dd.SystemTime— Sets a custom time for the sandbox environment in the format HH:mm.
Outputs
csfalconx.resource.tags— The analysis tags.csfalconx.resource.sha256— The SHA256 hash of the scanned file.csfalconx.resource.file_name— The name of the uploaded file.csfalconx.resource.sandbox— The Falcon Intelligence Sandbox findings.csfalconx.resource.intel— The Falcon Intelligence Sandbox intelligence results.
Commands used
cs-fx-submit-uploaded-file
cs-fx-upload-file