Detonate URL - Generic Deprecated

Deprecated. Use Detonate URL - Generic v1.5 playbook instead. Detonate URL through active integrations that support URL detonation.

Common Playbooks · 21 tasks · 1 input · 138 outputs

Inputs

  • URL — The URL object of the URL to be detonated.

Outputs

  • File — The file's object.
  • File.Name — The file name.
  • File.Size — The file size.
  • File.Type — The file type, for example "PE" (only for report type=json).
  • File.SHA256 — The SHA256 hash of the file.
  • File.SHA1 — The SHA1 hash of the file.
  • File.MD5 — The MD5 hash of the file.
  • File.Malicious.Vendor — The vendor that decided the file is malicious.
  • File.Malicious.Description — The reason the vendor decided the file is malicious.
  • DBotScore — The indicator's object.
  • DBotScore.Type — The indicator type.
  • DBotScore.Indicator — The indicator that was tested.
  • DBotScore.Vendor — The vendor used to calculate the score.
  • DBotScore.Score — The actual score.
  • Joe.Analysis.WebID — The Joe Analysis-related web ID.
  • Joe.Analysis.Status — The Joe Analysis-related status.
  • Joe.Analysis.Comments — The Joe Analysis-related comments.
  • Joe.Analysis.Time — The Joe Analysis-related submitted time.
  • Joe.Analysis.Runs — The Joe Analysis-related sub-analysis information.
  • Joe.Analysis.Result — The Joe Analysis-related results.
  • Joe.Analysis.Errors — The Joe Analysis-related errors raised during sampling.
  • Joe.Analysis.Systems — The Joe Analysis-related operating systems.
  • Joe.Analysis.MD5 — The MD5 hash of the Joe Analysis-related sample.
  • Joe.Analysis.SHA1 — The SHA1 hash of the Joe Analysis-related sample.
  • Joe.Analysis.SHA256 — The SHA256 hash of the Joe Analysis-related sample.
  • Joe.Analysis.SampleName — The Joe Analysis-related sample data name. Can be a file name or a URL.
  • InfoFile.Name — The file name.
  • InfoFile.EntryID — The EntryID of the sample.
  • InfoFile.Size — The file size.
  • InfoFile.Type — The file type, for example "PE".
  • InfoFile.Info — The file basic information.
  • Sample.State — The sample state.
  • Sample.ID — The sample ID.
  • IP.Address — The IP addresses relevant to the sample.
  • InfoFile — The report file's object.
  • Cuckoo.Task.Category — The Cuckoo-related task category.
  • Cuckoo.Task.Machine — The Cuckoo-related task machine.
  • Cuckoo.Task.Errors — The Cuckoo-related task errors.
  • Cuckoo.Task.Target — The Cuckoo-related task target.
  • Cuckoo.Task.Package — The Cuckoo-related task package.
  • Cuckoo.Task.SampleID — The Cuckoo-related task sample ID.
  • Cuckoo.Task.Guest — The Cuckoo-related task guest.
  • Cuckoo.Task.Custom — The Cuckoo-related task custom values.
  • Cuckoo.Task.Owner — The Cuckoo-related task owner.
  • Cuckoo.Task.Priority — The Cuckoo-related task priority.
  • Cuckoo.Task.Platform — The Cuckoo-related task platform.
  • Cuckoo.Task.Options — The Cuckoo-related task options.
  • Cuckoo.Task.Status — The Cuckoo-related task status.
  • Cuckoo.Task.EnforceTimeout — Whether the Cuckoo-related task timeout is enforced.
  • Cuckoo.Task.Timeout — The Cuckoo-related task timeout.
  • Cuckoo.Task.Memory — The Cuckoo-related task memory.
  • Cuckoo.Task.Tags — The Cuckoo-related task tags.
  • Cuckoo.Task.ID — The Cuckoo-related task ID.
  • Cuckoo.Task.AddedOn — The date the Cuckoo-related task was added.
  • Cuckoo.Task.CompletedOn — The date the Cuckoo-related task was completed.
  • Cuckoo.Task.Score — The reported Cuckoo-related task score.
  • Cuckoo.Task.Monitor — The reported Cuckoo-related task monitor.
  • ANYRUN.Task.AnalysisDate — The date and time the ANY.RUN analysis was executed.
  • ANYRUN.Task.Behavior.Category — The ANY.RUN behavior category.
  • ANYRUN.Task.Behavior.Action — The actions performed by an ANY.RUN behavior.
  • ANYRUN.Task.Behavior.ThreatLevel — The threat score associated with an ANY.RUN behavior.
  • ANYRUN.Task.Behavior.ProcessUUID — The ANY.RUN unique ID of the process whose behaviors are profiled.
  • ANYRUN.Task.Connection.Reputation — The ANY.RUN connection reputation.
  • ANYRUN.Task.Connection.ProcessUUID — The ANY.RUN UUID of the process that created the connection.
  • ANYRUN.Task.Connection.ASN — The ANY.RUN connection autonomous system network.
  • ANYRUN.Task.Connection.Country — The ANY.RUN connection country.
  • ANYRUN.Task.Connection.Protocol — The ANY.RUN connection protocol.
  • ANYRUN.Task.Connection.Port — The ANY.RUN connection port number.
  • ANYRUN.Task.Connection.IP — The ANY.RUN connection IP address.
  • ANYRUN.Task.DnsRequest.Reputation — The ANY.RUN process reputation of the DNS request.
  • ANYRUN.Task.DnsRequest.IP — The ANY.RUN IP addresses associated with a DNS request.
  • ANYRUN.Task.DnsRequest.Domain — The ANY.RUN domain resolution of a DNS request.
  • ANYRUN.Task.Threat.ProcessUUID — The unique ANY.RUN UUID of the process that originated the threat.
  • ANYRUN.Task.Threat.Msg — The ANY.RUN threat message.
  • ANYRUN.Task.Threat.Class — The ANY.RUN threat class.
  • ANYRUN.Task.Threat.SrcPort — The ANY.RUN port on which the threat originated.
  • ANYRUN.Task.Threat.DstPort — The ANY.RUN threat destination port.
  • ANYRUN.Task.Threat.SrcIP — The ANY.RUN source IP address where the threat originated.
  • ANYRUN.Task.Threat.DstIP — The ANY.RUN threat destination IP address.
  • ANYRUN.Task.HttpRequest.Reputation — The ANY.RUN HTTP request reputation.
  • ANYRUN.Task.HttpRequest.Country — The ANY.RUN HTTP request country.
  • ANYRUN.Task.HttpRequest.ProcessUUID — The ANY.RUN UUID of the process making the HTTP request.
  • ANYRUN.Task.HttpRequest.Body — The ANY.RUN HTTP request body parameters and details.
  • ANYRUN.Task.HttpRequest.HttpCode — The ANY.RUN HTTP request response code.
  • ANYRUN.Task.HttpRequest.Status — The ANY.RUN status of the HTTP request.
  • ANYRUN.Task.HttpRequest.ProxyDetected — Whether the ANY.RUN HTTP request was made through a proxy.
  • ANYRUN.Task.HttpRequest.Port — The ANY.RUN HTTP request port.
  • ANYRUN.Task.HttpRequest.IP — The ANY.RUN HTTP request IP address.
  • ANYRUN.Task.HttpRequest.URL — The ANY.RUN HTTP request URL.
  • ANYRUN.Task.HttpRequest.Host — The ANY.RUN HTTP request host.
  • ANYRUN.Task.HttpRequest.Method — The ANY.RUN HTTP request method type.
  • ANYRUN.Task.FileInfo — The ANY.RUN submitted file details.
  • ANYRUN.Task.OS — The ANY.RUN operating system of the sandbox in which the file was analyzed.
  • ANYRUN.Task.ID — The unique ANY.RUN task ID.
  • ANYRUN.Task.MIME — The ANY.RUN MIME of the file submitted for analysis.
  • ANYRUN.Task.Verdict — The ANY.RUN verdict for the maliciousness of the submitted file or URL.
  • ANYRUN.Task.Process.FileName — The ANY.RUN process file name.
  • ANYRUN.Task.Process.PID — The ANY.RUN process identification number.
  • ANYRUN.Task.Process.PPID — The ANY.RUN process parent process identification number.
  • ANYRUN.Task.Process.ProcessUUID — The unique ANY.RUN process UUID.
  • ANYRUN.Task.Process.CMD — The ANY.RUN process command.
  • ANYRUN.Task.Process.Path — The path of the executed ANY.RUN process command.
  • ANYRUN.Task.Process.User — The user who executed the ANY.RUN process command.
  • ANYRUN.Task.Process.IntegrityLevel — The ANY.RUN process integrity level.
  • ANYRUN.Task.Process.ExitCode — The ANY.RUN process exit code.
  • ANYRUN.Task.Process.MainProcess — Whether the ANY.RUN process is the main process.
  • ANYRUN.Task.Process.Version.Company — The company responsible for the executed ANY.RUN process program.
  • ANYRUN.Task.Process.Version.Description — The description of the ANY.RUN process program type.
  • ANYRUN.Task.Process.Version.Version — The version of the executed program.
  • URL.Data — The URL data.
  • URL.Malicious.Vendor — The vendor that decided the URL is malicious.
  • URL.Malicious.Description — The reason the vendor decided the URL is malicious.
  • ANYRUN.Task.Status — The task analysis status.
  • FireEyeAX.Submissions.Key — The submission key
  • FireEyeAX.Submissions.Severity — The severity level of the file
  • FireEyeAX.Submissions.InfoLevel — The info level of the report.
  • DBotScore.Score — The actual score.
  • DBotScore.Indicator — The indicator that was tested.
  • DBotScore.Vendor — The vendor used to calculate the score.
  • Triage.sample-summaries.completed — The date the sample analysis was completed.
  • Triage.sample-summaries.created — The date the analysis report was created.
  • Triage.sample-summaries.custom — The custom sample analysis.
  • Triage.sample-summaries.owner — The owner of the sample summaries.
  • Triage.sample-summaries.sample — The unique identifier of the sample.
  • Triage.sample-summaries.score — The score of the sample on a scale of 0 to 10.
  • Triage.sample-summaries.sha256 — The SHA256 of the sample.
  • Triage.sample-summaries.status — The status of the analysis.
  • Triage.sample-summaries.target — The target for the analysis.
  • Triage.sample-summaries.tasks — The tasks performed in the analysis.
  • HybridAnalysis.URL.Scanner.Name — The URL scanner name.
  • HybridAnalysis.URL.Scanner.Positives — The number of positive scanners.
  • HybridAnalysis.URL.Scanner.Status — The status of the scanning.
  • HybridAnalysis.URL.Scanner — The place holder for the scanner data.
  • SecneurXAnalysis.Report.SHA256 — SHA256 value of the analyzed sample
  • SecneurXAnalysis.Report.Verdict — Summary result of the analyzed sample
  • SecneurXAnalysis.Report.Tags — More details of the analyzed sample
  • SecneurXAnalysis.Report.IOC — List of IOC's observed in the analyzed sample
  • SecneurXAnalysis.Report.Status — Analysis queued sample state

Commands used

cs-falcon-sandbox-submit-url

Flowchart

yes Start Start Done Done Detonate URL - ThreatGrid - Detonate URL - ThreatGrid Detonate URL - ThreatGrid Detonate URL - ThreatGrid Detonate URL - McAfee ATD - Detonate URL - McAfee ATD Detonate URL - McAfee ATD Detonate URL - McAfee ATD Detonate URL - JoeSecurity - Detonate URL - JoeSecurity Detonate URL - JoeSecurity Detonate URL - JoeSecurity Detonate URL - Lastline v2 - Detonate URL - Lastline v2 Detonate URL - Lastline v2 Detonate URL - Lastline v2 Detonate URL - Cuckoo - Detonate URL - Cuckoo Detonate URL - Cuckoo Detonate URL - Cuckoo Detonate URL - ANYRUN - Detonate URL - ANYRUN Detonate URL - ANYRUN Detonate URL - ANYRUN Detonate URL - Group-IB TDS Polygon - Detonate URL - Group-IB TDS Polygon Detonate URL - Group-IB T... Detonate URL - Group-IB TDS P... Detonate URL - CrowdStrike Falcon Intelligence Sandbox - cs-falcon-sandbox-submit-url Detonate URL - CrowdStrik... cs-falcon-sandbox-submit-url Detonate URL - WildFire v2.1 - Detonate URL - WildFire v2.1 Detonate URL - WildFire v2.1 Detonate URL - WildFire v2.1 Detonate URL - VirusTotal (API v3) - Detonate URL - VirusTotal (API v3) Detonate URL - VirusTotal... Detonate URL - VirusTotal (AP... Detonate URL - VMRay - Detonate URL - VMRay Detonate URL - VMRay Detonate URL - VMRay Detonate URL - ThreatStream - Detonate URL - ThreatStream Detonate URL - ThreatStream Detonate URL - ThreatStream Detonate URL - Hybrid Analysis - Detonate URL - Hybrid Analysis Detonate URL - Hybrid Ana... Detonate URL - Hybrid Analysis Detonate URL - FireEye AX - Detonate URL - FireEye AX Detonate URL - FireEye AX Detonate URL - FireEye AX Detonate URL - Hatching Triage - Detonate URL - Hatching Triage Detonate URL - Hatching T... Detonate URL - Hatching Triage Detonate URL - SecneurX Analysis - Detonate URL - SecneurX Analysis Detonate URL - SecneurX A... Detonate URL - SecneurX Analysis Detonate URL - CrowdStrike Falcon Intelligence Sandbox - Detonate URL - CrowdStrike Falcon Intelligence Sandbox Detonate URL - CrowdStrik... Detonate URL - CrowdStrike Fa... Check if URL exists Check if URL exists Detonate URL - MetaDefender Sandbox Detonate URL - MetaDefend...