Skip to main content

Detonate and Analyze File - Generic

This Playbook is part of the Common Playbooks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This playbook uploads, detonates, and analyzes files for supported sandboxes. Currently supported sandboxes are Falcon X and Wildfire.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Mitre Attack - Extract Technique Information From ID
  • FalconX Detonate and Analyze File
  • Wildfire Detonate and Analyze File


This playbook does not use any integrations.




This playbook does not use any commands.

Playbook Inputs#

NameDescriptionDefault ValueRequired
FileThe details of the file to search for.Optional

Playbook Outputs#

csfalconx.resource.tagsThe analysis tags.string
csfalconx.resource.sha256The SHA256 hash of the scanned file.string
csfalconx.resource.file_nameThe name of the uploaded file.string
csfalconx.resource.sandboxThe Falcon X findings results.string
csfalconx.resource.intelThe Falcon X intelligence results.string
WildFire.ReportThe Wildfire findings results.string

Playbook Image#

Detonate and Analyze File - Generic