ThreatZone Pack.#This Playbook is part of the
Supported Cortex XSOAR versions: 6.9.0 and later.
Analyzes one file using the ThreatZone static scan integration. Returns relevant reports to the War Room and file reputations to the context data. All file types are supported.
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any scripts.
|File||File object of the file to analyze. The File is taken from the context.||File||Optional|
|Interval||Duration for executing the pooling (in minutes)||1||Optional|
|Timeout||The duration after which to stop pooling and to resume the playbook (in minutes)||15||Optional|
|ThreatZone.Analysis.STATUS||The status of the submission scanning process.||String|
|ThreatZone.Analysis.LEVEL||Threat Level of the scanned file. (malicious, suspicious or informative).||String|
|ThreatZone.Analysis.URL||The result page url of the submission.||String|
|ThreatZone.Analysis.INFO||Contains the file name, scan process status and public status.||String|
|ThreatZone.Analysis.REPORT||The analysis report of the submission.||String|
|ThreatZone.Analysis.MD5||The md5 hash of the submission.||String|
|ThreatZone.Analysis.SHA1||The sha1 hash of the submission.||String|
|ThreatZone.Analysis.SHA256||The sha256 hash of the submission.||String|
|ThreatZone.Analysis.UUID||The UUID of the submission.||String|
|ThreatZone.Analysis.SANITIZED||The url of the sanitized file.||String|