Detonate File - FireEye AX

Detonate one or more files using the FireEye AX integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types - PE32, EXE, DLL, JAR, JS, PDF, DOC, DOCX, RTF, XLS, PPT, PPTX, XML, ZIP, VBN, SEP, XZ, GZ, BZ2, TAR, MHTML, SWF, LNK, URL, MSI, JTD, JTT, JTDC, JTTC, HWP, HWT, HWPX, BAT, HTA, PS1, VBS, WSF, JSE, VBE, CHM, JPG, JPEG, GIF, PNG, XLSX

FireEye (AX Series) · 9 tasks · 3 inputs · 14 outputs

Inputs

  • File — File object of the file to detonate.
  • Interval — Polling frequency - how often the polling command should run (minutes)
  • Timeout — How much time to wait before a timeout occurs (minutes)

Outputs

  • File.SHA256 — SHA256 hash of the file
  • File.Malicious — The File malicious description
  • File.Type — File type e.g. "PE"
  • File.Size — File size
  • File.MD5 — MD5 hash of the file
  • File.Name — Filename
  • File.SHA1 — SHA1 hash of the file
  • File — The File object
  • File.Malicious.Vendor — For malicious files, the vendor that made the decision
  • DBotScore — The DBotScore object
  • DBotScore.Indicator — The indicator we tested
  • DBotScore.Type — The type of the indicator
  • DBotScore.Vendor — Vendor used to calculate the score
  • DBotScore.Score — The actual score

Commands used

fe-submit fe-submit-result

Flowchart

yes yes yes Start Start Is FireEye AX enabled Is FireEye AX enabled Done Done Set file to context - Set Set file to context Set FireEye AX Upload Sample - fe-submit FireEye AX Upload Sample fe-submit Is there a file to detonate? Is there a file to detonate? Is the file type supported? Is the file type supported? GenericPolling - GenericPolling GenericPolling GenericPolling AX-result - fe-submit-result AX-result fe-submit-result