Detonate URL - Generic Deprecated
Deprecated. Use Detonate URL - Generic v1.5 playbook instead. Detonate URL through active integrations that support URL detonation.
Common Playbooks · 21 tasks · 1 input · 138 outputs
Inputs
URL— The URL object of the URL to be detonated.
Outputs
File— The file's object.File.Name— The file name.File.Size— The file size.File.Type— The file type, for example "PE" (only for report type=json).File.SHA256— The SHA256 hash of the file.File.SHA1— The SHA1 hash of the file.File.MD5— The MD5 hash of the file.File.Malicious.Vendor— The vendor that decided the file is malicious.File.Malicious.Description— The reason the vendor decided the file is malicious.DBotScore— The indicator's object.DBotScore.Type— The indicator type.DBotScore.Indicator— The indicator that was tested.DBotScore.Vendor— The vendor used to calculate the score.DBotScore.Score— The actual score.Joe.Analysis.WebID— The Joe Analysis-related web ID.Joe.Analysis.Status— The Joe Analysis-related status.Joe.Analysis.Comments— The Joe Analysis-related comments.Joe.Analysis.Time— The Joe Analysis-related submitted time.Joe.Analysis.Runs— The Joe Analysis-related sub-analysis information.Joe.Analysis.Result— The Joe Analysis-related results.Joe.Analysis.Errors— The Joe Analysis-related errors raised during sampling.Joe.Analysis.Systems— The Joe Analysis-related operating systems.Joe.Analysis.MD5— The MD5 hash of the Joe Analysis-related sample.Joe.Analysis.SHA1— The SHA1 hash of the Joe Analysis-related sample.Joe.Analysis.SHA256— The SHA256 hash of the Joe Analysis-related sample.Joe.Analysis.SampleName— The Joe Analysis-related sample data name. Can be a file name or a URL.InfoFile.Name— The file name.InfoFile.EntryID— The EntryID of the sample.InfoFile.Size— The file size.InfoFile.Type— The file type, for example "PE".InfoFile.Info— The file basic information.Sample.State— The sample state.Sample.ID— The sample ID.IP.Address— The IP addresses relevant to the sample.InfoFile— The report file's object.Cuckoo.Task.Category— The Cuckoo-related task category.Cuckoo.Task.Machine— The Cuckoo-related task machine.Cuckoo.Task.Errors— The Cuckoo-related task errors.Cuckoo.Task.Target— The Cuckoo-related task target.Cuckoo.Task.Package— The Cuckoo-related task package.Cuckoo.Task.SampleID— The Cuckoo-related task sample ID.Cuckoo.Task.Guest— The Cuckoo-related task guest.Cuckoo.Task.Custom— The Cuckoo-related task custom values.Cuckoo.Task.Owner— The Cuckoo-related task owner.Cuckoo.Task.Priority— The Cuckoo-related task priority.Cuckoo.Task.Platform— The Cuckoo-related task platform.Cuckoo.Task.Options— The Cuckoo-related task options.Cuckoo.Task.Status— The Cuckoo-related task status.Cuckoo.Task.EnforceTimeout— Whether the Cuckoo-related task timeout is enforced.Cuckoo.Task.Timeout— The Cuckoo-related task timeout.Cuckoo.Task.Memory— The Cuckoo-related task memory.Cuckoo.Task.Tags— The Cuckoo-related task tags.Cuckoo.Task.ID— The Cuckoo-related task ID.Cuckoo.Task.AddedOn— The date the Cuckoo-related task was added.Cuckoo.Task.CompletedOn— The date the Cuckoo-related task was completed.Cuckoo.Task.Score— The reported Cuckoo-related task score.Cuckoo.Task.Monitor— The reported Cuckoo-related task monitor.ANYRUN.Task.AnalysisDate— The date and time the ANY.RUN analysis was executed.ANYRUN.Task.Behavior.Category— The ANY.RUN behavior category.ANYRUN.Task.Behavior.Action— The actions performed by an ANY.RUN behavior.ANYRUN.Task.Behavior.ThreatLevel— The threat score associated with an ANY.RUN behavior.ANYRUN.Task.Behavior.ProcessUUID— The ANY.RUN unique ID of the process whose behaviors are profiled.ANYRUN.Task.Connection.Reputation— The ANY.RUN connection reputation.ANYRUN.Task.Connection.ProcessUUID— The ANY.RUN UUID of the process that created the connection.ANYRUN.Task.Connection.ASN— The ANY.RUN connection autonomous system network.ANYRUN.Task.Connection.Country— The ANY.RUN connection country.ANYRUN.Task.Connection.Protocol— The ANY.RUN connection protocol.ANYRUN.Task.Connection.Port— The ANY.RUN connection port number.ANYRUN.Task.Connection.IP— The ANY.RUN connection IP address.ANYRUN.Task.DnsRequest.Reputation— The ANY.RUN process reputation of the DNS request.ANYRUN.Task.DnsRequest.IP— The ANY.RUN IP addresses associated with a DNS request.ANYRUN.Task.DnsRequest.Domain— The ANY.RUN domain resolution of a DNS request.ANYRUN.Task.Threat.ProcessUUID— The unique ANY.RUN UUID of the process that originated the threat.ANYRUN.Task.Threat.Msg— The ANY.RUN threat message.ANYRUN.Task.Threat.Class— The ANY.RUN threat class.ANYRUN.Task.Threat.SrcPort— The ANY.RUN port on which the threat originated.ANYRUN.Task.Threat.DstPort— The ANY.RUN threat destination port.ANYRUN.Task.Threat.SrcIP— The ANY.RUN source IP address where the threat originated.ANYRUN.Task.Threat.DstIP— The ANY.RUN threat destination IP address.ANYRUN.Task.HttpRequest.Reputation— The ANY.RUN HTTP request reputation.ANYRUN.Task.HttpRequest.Country— The ANY.RUN HTTP request country.ANYRUN.Task.HttpRequest.ProcessUUID— The ANY.RUN UUID of the process making the HTTP request.ANYRUN.Task.HttpRequest.Body— The ANY.RUN HTTP request body parameters and details.ANYRUN.Task.HttpRequest.HttpCode— The ANY.RUN HTTP request response code.ANYRUN.Task.HttpRequest.Status— The ANY.RUN status of the HTTP request.ANYRUN.Task.HttpRequest.ProxyDetected— Whether the ANY.RUN HTTP request was made through a proxy.ANYRUN.Task.HttpRequest.Port— The ANY.RUN HTTP request port.ANYRUN.Task.HttpRequest.IP— The ANY.RUN HTTP request IP address.ANYRUN.Task.HttpRequest.URL— The ANY.RUN HTTP request URL.ANYRUN.Task.HttpRequest.Host— The ANY.RUN HTTP request host.ANYRUN.Task.HttpRequest.Method— The ANY.RUN HTTP request method type.ANYRUN.Task.FileInfo— The ANY.RUN submitted file details.ANYRUN.Task.OS— The ANY.RUN operating system of the sandbox in which the file was analyzed.ANYRUN.Task.ID— The unique ANY.RUN task ID.ANYRUN.Task.MIME— The ANY.RUN MIME of the file submitted for analysis.ANYRUN.Task.Verdict— The ANY.RUN verdict for the maliciousness of the submitted file or URL.ANYRUN.Task.Process.FileName— The ANY.RUN process file name.ANYRUN.Task.Process.PID— The ANY.RUN process identification number.ANYRUN.Task.Process.PPID— The ANY.RUN process parent process identification number.ANYRUN.Task.Process.ProcessUUID— The unique ANY.RUN process UUID.ANYRUN.Task.Process.CMD— The ANY.RUN process command.ANYRUN.Task.Process.Path— The path of the executed ANY.RUN process command.ANYRUN.Task.Process.User— The user who executed the ANY.RUN process command.ANYRUN.Task.Process.IntegrityLevel— The ANY.RUN process integrity level.ANYRUN.Task.Process.ExitCode— The ANY.RUN process exit code.ANYRUN.Task.Process.MainProcess— Whether the ANY.RUN process is the main process.ANYRUN.Task.Process.Version.Company— The company responsible for the executed ANY.RUN process program.ANYRUN.Task.Process.Version.Description— The description of the ANY.RUN process program type.ANYRUN.Task.Process.Version.Version— The version of the executed program.URL.Data— The URL data.URL.Malicious.Vendor— The vendor that decided the URL is malicious.URL.Malicious.Description— The reason the vendor decided the URL is malicious.ANYRUN.Task.Status— The task analysis status.FireEyeAX.Submissions.Key— The submission keyFireEyeAX.Submissions.Severity— The severity level of the fileFireEyeAX.Submissions.InfoLevel— The info level of the report.DBotScore.Score— The actual score.DBotScore.Indicator— The indicator that was tested.DBotScore.Vendor— The vendor used to calculate the score.Triage.sample-summaries.completed— The date the sample analysis was completed.Triage.sample-summaries.created— The date the analysis report was created.Triage.sample-summaries.custom— The custom sample analysis.Triage.sample-summaries.owner— The owner of the sample summaries.Triage.sample-summaries.sample— The unique identifier of the sample.Triage.sample-summaries.score— The score of the sample on a scale of 0 to 10.Triage.sample-summaries.sha256— The SHA256 of the sample.Triage.sample-summaries.status— The status of the analysis.Triage.sample-summaries.target— The target for the analysis.Triage.sample-summaries.tasks— The tasks performed in the analysis.HybridAnalysis.URL.Scanner.Name— The URL scanner name.HybridAnalysis.URL.Scanner.Positives— The number of positive scanners.HybridAnalysis.URL.Scanner.Status— The status of the scanning.HybridAnalysis.URL.Scanner— The place holder for the scanner data.SecneurXAnalysis.Report.SHA256— SHA256 value of the analyzed sampleSecneurXAnalysis.Report.Verdict— Summary result of the analyzed sampleSecneurXAnalysis.Report.Tags— More details of the analyzed sampleSecneurXAnalysis.Report.IOC— List of IOC's observed in the analyzed sampleSecneurXAnalysis.Report.Status— Analysis queued sample state
Commands used
cs-falcon-sandbox-submit-url