Detonate and Analyze File - Generic
Common Playbooks Pack.#
This Playbook is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
This playbook uploads, detonates, and analyzes files for supported sandboxes. Currently supported sandboxes are Falcon Intelligence Sandbox and Wildfire.
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooks- Detonate File - JoeSecurity V2
- Wildfire Detonate and Analyze File
- CrowdStrike Falcon Intelligence Sandbox Detonate and Analyze File
- Mitre Attack - Extract Technique Information From ID
#
IntegrationsThis playbook does not use any integrations.
#
Scripts- IsIntegrationAvailable
#
Commands- joe-download-report
- attack-pattern
- rasterize-pdf
- extractIndicators
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
File | The details of the file to search for. | Optional |
#
Playbook OutputsPath | Description | Type |
---|---|---|
csfalconx.resource.tags | The analysis tags. | string |
csfalconx.resource.sha256 | The SHA256 hash of the scanned file. | string |
csfalconx.resource.file_name | The name of the uploaded file. | string |
csfalconx.resource.sandbox | The Falcon Intelligence Sandbox findings. | string |
csfalconx.resource.intel | The Falcon Intelligence Sandbox intelligence results. | string |
WildFire.Report | The Wildfire findings. | string |
AttackPattern | The MITRE Attack pattern information. | unknown |
MITREATTACK | Full MITRE data for the attack pattern. | unknown |
DBotScore | DBotScore object. | unknown |
Joe.Analysis | Joe Analysis object. | unknown |