Skip to main content

Detonate and Analyze File - Generic

This Playbook is part of the Common Playbooks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This playbook uploads, detonates, and analyzes files for supported sandboxes. Currently supported sandboxes are Falcon Intelligence Sandbox and Wildfire.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Detonate File - JoeSecurity V2
  • Wildfire Detonate and Analyze File
  • CrowdStrike Falcon Intelligence Sandbox Detonate and Analyze File
  • Mitre Attack - Extract Technique Information From ID


This playbook does not use any integrations.


  • IsIntegrationAvailable


  • joe-download-report
  • attack-pattern
  • rasterize-pdf
  • extractIndicators

Playbook Inputs#

NameDescriptionDefault ValueRequired
FileThe details of the file to search for.Optional

Playbook Outputs#

csfalconx.resource.tagsThe analysis tags.string
csfalconx.resource.sha256The SHA256 hash of the scanned file.string
csfalconx.resource.file_nameThe name of the uploaded file.string
csfalconx.resource.sandboxThe Falcon Intelligence Sandbox findings.string
csfalconx.resource.intelThe Falcon Intelligence Sandbox intelligence results.string
WildFire.ReportThe Wildfire findings.string
AttackPatternThe MITRE Attack pattern information.unknown
MITREATTACKFull MITRE data for the attack pattern.unknown
DBotScoreDBotScore object.unknown
Joe.AnalysisJoe Analysis object.unknown

Playbook Image#

Detonate and Analyze File - Generic