Detonate File - ThreatGrid v2

Detonate one or more files using the ThreatGrid integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types - EXE, DLL, JAR, JS, PDF, DOC, DOCX, RTF, XLS, PPT, PPTX, XML, ZIP, VBN, SEP, XZ, GZ, BZ2, TAR, MHTML, SWF, LNK, URL, MSI, JTD, JTT, JTDC, JTTC, HWP, HWT, HWPX, BAT, HTA, PS1, VBS, WSF, JSE, VBE, CHM

Cisco Secure Malware Analytics · 8 tasks · 3 inputs · 3 outputs

Inputs

  • File — File object of the file to detonate.
  • timeout — Indicates the time in seconds until the polling sequence times out. Default is 60.
  • interval — Indicates the time in seconds to wait between command execution when 'polling' argument is true. Minimum value is 10 seconds. Default is 10.

Outputs

  • File.Type — File type e.g. "PE"
  • File.Size — File Size
  • File.Extension — File Extension

Commands used

threat-grid-sample-upload

Flowchart

yes yes yes yes Start Start Is ThreatGrid enabled? Is ThreatGrid enabled? Is there a file to detonate? Is there a file to detonate? Done Done Is the file type supported? Is the file type supported? ThreatGrid Upload File - threat-grid-sample-upload ThreatGrid Upload File threat-grid-sample-upload Set file to context - Set Set file to context Set Is the file size bigger than 0? Is the file size bigger t...