CrowdStrike Falcon Sandbox - Detonate file Deprecated

Deprecated. Use the cs-falcon-sandbox-submit-file command with polling=true instead.

CrowdStrike Falcon Sandbox · 9 tasks · 4 inputs · 14 outputs

Inputs

  • File — The file object of the file to detonate.
  • EnvironmentID — The environment ID to submit the file to. To get all IDs run the crowdstrike-get-environments command.
  • Interval — Polling frequency - how often the polling command should run (minutes).
  • Timeout — How much time to wait before a timeout occurs (minutes).

Outputs

  • File.SHA256 — The SHA256 hash of the file.
  • File.Malicious — The file malicious description.
  • File.Type — The file type, for example "PE".
  • File.Size — The file size.
  • File.MD5 — The MD5 hash of the file.
  • File.Name — The file name.
  • File.SHA1 — The SHA1 hash of the file.
  • File — The file object.
  • File.Malicious.Vendor — The vendor that decided the file was malicious.
  • DBotScore — The DBotScore object.
  • DBotScore.Indicator — The tested indicator.
  • DBotScore.Type — The indicator type.
  • DBotScore.Vendor — The vendor used to calculate the score.
  • DBotScore.Score — The actual score.

Commands used

crowdstrike-scan crowdstrike-submit-sample

Flowchart

yes yes yes Start Start Is CrowdStrike enabled? Is CrowdStrike enabled? Done Done CrowdStrike Scan - crowdstrike-scan CrowdStrike Scan crowdstrike-scan Set file to context - Set Set file to context Set CrowdStrike Upload Sample - crowdstrike-submit-sample CrowdStrike Upload Sample crowdstrike-submit-sample Is there a file to detonate? Is there a file to detonate? Is the file type supported? Is the file type supported? GenericPolling - GenericPolling GenericPolling GenericPolling