Detonate Remote File from URL - McAfee ATD
Detonates a File from a URL using the McAfee Advanced Threat Defense sandbox integration.
McAfee Advanced Threat Defense · 10 tasks · 3 inputs · 31 outputs
Inputs
URL— URL to detonate.Interval— Polling frequency - how often the polling command should run (minutes)Timeout— How much time to wait before a timeout occurs (minutes)
Outputs
ATD.Task.taskId— The task ID of the sample uploadedATD.Task.jobId— The job ID of the sample uploadedATD.Task.messageId— The message Id relevant to the sample uploadedATD.Task.url— The URL detonatedATD.Task.srcIp— Source IPv4 addressATD.Task.destIp— Destination IPv4 addressATD.Task.MD5— MD5 of the sample uploadedATD.Task.SHA1— SHA1 of the sample uploadedATD.Task.SHA256— SHA256 of the sample uploadedFile.Name— Filename (only in case of report type=json)File.Type— File type e.g. "PE" (only in case of report type=json)File.MD5— MD5 hash of the file (only in case of report type=json)File.SHA1— SHA1 hash of the file (only in case of report type=json)File.SHA256— SHA256 hash of the file (only in case of report type=json)File.EntryID— The Entry ID of the sampleDBotScore.Indicator— The indicator we tested (only in case of report type=json)DBotScore.Type— The type of the indicator (only in case of report type=json)DBotScore.Vendor— Vendor used to calculate the score (only in case of report type=json)DBotScore.Score— The actual score (only in case of report type=json)IP.Address— IP's relevant to the sampleInfoFile.EntryID— The EntryID of the report fileInfoFile.Extension— The extension of the report fileInfoFile.Name— The name of the report fileInfoFile.Info— The info of the report fileInfoFile.Size— The size of the report fileInfoFile.Type— The type of the report fileFile— File objectFile.Malicious— File Malicious objectDBotScore— DBotScore objectInfoFile— Report file objectURL.Malicious— URL Malicious object
Commands used
atd-check-status
atd-file-upload
atd-get-report