Detonate file - CrowdStrike Falcon Sandbox v2

Detonates a File using CrowdStrike Falcon sandbox.

CrowdStrike Falcon Sandbox · 8 tasks · 2 inputs · 14 outputs

Inputs

  • File — The file object of the file to detonate.
  • EnvironmentID — The environment ID where the file should be submitted. To retrieve all available IDs, please execute the crowdstrike-get-environments command.

Outputs

  • File.SHA256 — The SHA256 hash of the file.
  • File.Malicious — The file malicious description.
  • File.Type — The file type, for example "PE".
  • File.Size — The file size.
  • File.MD5 — The MD5 hash of the file.
  • File.Name — The file name.
  • File.SHA1 — The SHA1 hash of the file.
  • File — The file object.
  • File.Malicious.Vendor — The vendor that decided the file was malicious.
  • DBotScore — The DBotScore object.
  • DBotScore.Indicator — The tested indicator.
  • DBotScore.Type — The indicator type.
  • DBotScore.Vendor — The vendor used to calculate the score.
  • DBotScore.Score — The actual score.

Commands used

cs-falcon-sandbox-scan cs-falcon-sandbox-submit-sample

Flowchart

yes yes yes Start Start Is CrowdStrike Falcon Sandbox V2 enabled? Is CrowdStrike Falcon San... Done Done Initiate sandbox scan - cs-falcon-sandbox-scan Initiate sandbox scan cs-falcon-sandbox-scan Set file to context - Set Set file to context Set Upload the sample to Falcon - cs-falcon-sandbox-submit-sample Upload the sample to Falcon cs-falcon-sandbox-submit-sample Is there a file to detonate? Is there a file to detonate? Is the file type supported? Is the file type supported?