Detonate and Analyze File - Generic
This playbook uploads, detonates, and analyzes files for supported sandboxes. Currently supported sandboxes are Falcon Intelligence Sandbox, JoeSecurity, and Wildfire.
Common Playbooks · 18 tasks · 1 input · 52 outputs
Inputs
File— The details of the file to search for.
Outputs
csfalconx.resource.tags— The analysis tags.csfalconx.resource.sha256— The SHA256 hash of the scanned file.csfalconx.resource.file_name— The name of the uploaded file.csfalconx.resource.sandbox— The Falcon Intelligence Sandbox findings.csfalconx.resource.intel— The Falcon Intelligence Sandbox intelligence results.WildFire.Report— The Wildfire findings.AttackPattern— The MITRE Attack pattern information.MITREATTACK— Full MITRE data for the attack pattern.DBotScore— DBotScore object.Joe.Analysis— Joe Analysis object.DBotScore.Vendor— The vendor used to calculate the score.DBotScore.Indicator— The indicator that was tested.DBotScore.Type— The indicator type.DBotScore.Score— The actual score.DBotScore.Malicious— DBotScore Malicious objectDBotScore.Malicious.Vendor— The vendor used to calculate the score.DBotScore.Malicious.Detections— The sub analysis detection statusesDBotScore.Malicious.SHA1— The SHA1 of the fileJoe.Analysis.ID— Web IDJoe.Analysis.Status— Analysis StatusJoe.Analysis.Comments— Analysis CommentsJoe.Analysis.Time— Submitted TimeJoe.Analysis.Runs— Sub-Analysis InformationJoe.Analysis.Result— Analysis ResultsJoe.Analysis.Errors— Raised errors during samplingJoe.Analysis.Systems— Analysis OSJoe.Analysis.MD5— MD5 of analysis sampleJoe.Analysis.SHA1— SHA1 of analysis sampleJoe.Analysis.SHA256— SHA256 of analysis sampleJoe.Analysis.SampleName— Sample Data, could be a file name or URLInfoFile— Report file objectInfoFile.Name— The filename.InfoFile.EntryID— The entry ID of the report.InfoFile.Size— File size.InfoFile.Type— File type, e.g., "PE".InfoFile.Info— Basic information of the file.InfoFile.Extension— The extension of the image file.File— File objectFile.Extension— File extension.File.MD5— The MD5 hash of the file.File.Name— The full file name.File.SHA1— The SHA1 hash of the file.File.SHA256— The SHA256 hash of the file.ExtractedIndicators— outputs.extractindicatorsAttackPattern.STIXID— The STIX ID of the Attack Pattern.AttackPattern.KillChainPhases— The kill chain phases of the Attack Pattern.AttackPattern.FirstSeenBySource— The first seen by source of the Attack Pattern.AttackPattern.Description— The description of the Attack Pattern.AttackPattern.OperatingSystemRefs— The operating system references of the Attack Pattern.AttackPattern.Publications— The publications of the Attack Pattern.AttackPattern.MITREID— The MITRE ID of the Attack Pattern.AttackPattern.Tags— The tags of the Attack Pattern.
Commands used
attack-pattern
extractIndicators
joe-download-report
rasterize-pdf