Detonate File - ThreatStream
Detonate one or more files using the Anomali ThreatStream v2 integration. This playbook returns relevant reports to the War Room, and file reputations to the context data.
Anomali ThreatStream · 9 tasks · 7 inputs · 14 outputs
Inputs
File— File object of the file to detonate.VM— The VM to use (string)SubmissionClassification— Classification of the Sandbox submission.PremiumSandbox— Specifies if the premium sandbox should be used for detonation.Tags— A CSV list of tags applied to this sample.Interval— Polling frequency - how often the polling command should run (minutes).Timeout— Amount of time to wait before a timeout occurs (minutes).
Outputs
File.Malicious— The file malicious description.File.Malicious.Vendor— For malicious files, the vendor that made the decision.File.Type— File type, for example: "PE".File.Size— File size.File.MD5— MD5 hash of the file.File.Name— File name.File.SHA1— SHA1 hash of the file.File— The file object.File.SHA256— SHA256 hash of the file.DBotScore— The DBotScore object.DBotScore.Indicator— The indicator that was tested.DBotScore.Type— The indicator type.DBotScore.Vendor— Vendor used to calculate the score.DBotScore.Score— The actual score.
Commands used
threatstream-analysis-report
threatstream-submit-to-sandbox