Detonate URL - CrowdStrike Deprecated

Deprecated. Use the cs-falcon-sandbox-submit-url command with polling=true instead.

CrowdStrike Falcon Sandbox · 8 tasks · 5 inputs · 14 outputs

Inputs

  • URL — URL to detonate.
  • EnvironmentID — The environment ID to submit the file to. To get all IDs run the crowdstrike-get-environments command.
  • Interval — Polling frequency - how often the polling command should run (minutes).
  • Timeout — How much time to wait before a timeout occurs (minutes).
  • dontThrowErrorOnFileDetonation — Should the playbook fail due to an unsupported file type? use true or false.

Outputs

  • File.SHA256 — The SHA256 hash of the file.
  • File.Malicious — The file malicious description.
  • File.Type — File type, for example "PE".
  • File.Size — The file size.
  • File.MD5 — The MD5 hash of the file.
  • File.Name — The file name.
  • File.SHA1 — The SHA1 hash of the file.
  • File — The file object.
  • File.Malicious.Vendor — The vendor that decided the file was malicious.
  • DBotScore — The DBotScore object.
  • DBotScore.Indicator — The tested indicator.
  • DBotScore.Type — The indicator type.
  • DBotScore.Vendor — The vendor used to calculate the score.
  • DBotScore.Score — The actual score.

Commands used

crowdstrike-scan crowdstrike-submit-url

Flowchart

yes yes yes Start Start Is CrowdStrike enabled? Is CrowdStrike enabled? Done Done CrowdStrike Scan - crowdstrike-scan CrowdStrike Scan crowdstrike-scan CrowdStrike Upload Sample - crowdstrike-submit-url CrowdStrike Upload Sample crowdstrike-submit-url Is there a URL to detonate? Is there a URL to detonate? GenericPolling - GenericPolling GenericPolling GenericPolling Was a job created ? (A job is not created if the file type is not supported.) Was a job created ? (A jo...