Skip to main content

Detonate and Analyze File - Generic

This Playbook is part of the Common Playbooks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This playbook uploads, detonates, and analyzes files for supported sandboxes. Currently supported sandboxes are Falcon X and Wildfire.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Mitre Attack - Extract Technique Information From ID
  • Wildfire Detonate and Analyze File
  • Detonate and Analyze File - JoeSecurity
  • FalconX Detonate and Analyze File


This playbook does not use any integrations.




  • extractIndicators
  • attack-pattern
  • rasterize-pdf
  • joe-download-report

Playbook Inputs#

NameDescriptionDefault ValueRequired
FileThe details of the file to search for.Optional

Playbook Outputs#

csfalconx.resource.tagsThe analysis tags.string
csfalconx.resource.sha256The SHA256 hash of the scanned file.string
csfalconx.resource.file_nameThe name of the uploaded file.string
csfalconx.resource.sandboxThe Falcon X findings.string
csfalconx.resource.intelThe Falcon X intelligence results.string
WildFire.ReportThe Wildfire findings.string
AttackPatternThe MITRE Attack pattern information.unknown
MITREATTACKFull MITRE data for the attack pattern.unknown
DBotScoreDBotScore object.unknown
Joe.AnalysisJoe Analysis object.unknown

Playbook Image#

Detonate and Analyze File - Generic