Skip to main content

Detonate and Analyze File - Generic

This Playbook is part of the Common Playbooks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This playbook uploads, detonates, and analyzes files for supported sandboxes. Currently supported sandboxes are Falcon X and Wildfire.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Mitre Attack - Extract Technique Information From ID
  • FalconX Detonate and Analyze File
  • Wildfire Detonate and Analyze File

Integrations#

This playbook does not use any integrations.

Scripts#

IsIntegrationAvailable

Commands#

This playbook does not use any commands.

Playbook Inputs#


NameDescriptionDefault ValueRequired
FileThe details of the file to search for.Optional

Playbook Outputs#


PathDescriptionType
csfalconx.resource.tagsThe analysis tags.string
csfalconx.resource.sha256The SHA256 hash of the scanned file.string
csfalconx.resource.file_nameThe name of the uploaded file.string
csfalconx.resource.sandboxThe Falcon X findings results.string
csfalconx.resource.intelThe Falcon X intelligence results.string
WildFire.ReportThe Wildfire findings results.string

Playbook Image#


Detonate and Analyze File - Generic