Detonate URL - ThreatGrid Deprecated

Deprecated. Use Detonate URL - ThreatGrid v2 instead.

Cisco Secure Malware Analytics · 7 tasks · 9 inputs · 16 outputs

Inputs

  • URL — URL of the sites to detonate.
  • FileName — Name of the file to detonate.
  • VM — The VM to use (string)
  • Playbook — Name of the Threat Grid playbook to apply to this sample run
  • Private — The sample is marked private if this is present, and set to any value other than false. private
  • Source — a string used for identifying the source of the detonation (user defined)
  • Tags — A comma-separated list of tags applied to the sample.
  • Interval — Polling frequency - how often the polling command should run (minutes)
  • Timeout — How much time to wait before a timeout occurs (minutes)

Outputs

  • File.SHA256 — SHA256 hash of the file
  • File.Malicious — The File malicious description
  • File.Type — File type e.g. "PE"
  • File.Size — File size
  • File.MD5 — MD5 hash of the file
  • File.Name — Filename
  • File.SHA1 — SHA1 hash of the file
  • File — The File object
  • File.Malicious.Vendor — For malicious files, the vendor that made the decision
  • DBotScore — The DBotScore object
  • DBotScore.Indicator — The indicator we tested
  • DBotScore.Type — The type of the indicator
  • DBotScore.Vendor — Vendor used to calculate the score
  • DBotScore.Score — The actual score
  • ThreatGrid.Sample.State — The sample state
  • ThreatGrid.Sample.ID — The sample ID

Commands used

threat-grid-get-samples-state threat-grid-upload-sample threat-grid-url-to-file

Flowchart

yes Start Start Is ThreatGrid enabled? Is ThreatGrid enabled? Done Done ThreatGrid Get Samples State - threat-grid-get-samples-state ThreatGrid Get Samples State threat-grid-get-samples-state GenericPolling - GenericPolling GenericPolling GenericPolling ThreatGrid Upload File - threat-grid-upload-sample ThreatGrid Upload File threat-grid-upload-sample URL to File - threat-grid-url-to-file URL to File threat-grid-url-to-file