Skip to main content

Detonate file - CrowdStrike Falcon Sandbox v2

This Playbook is part of the CrowdStrike Falcon Sandbox Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.9.0 and later.

Detonates a File using CrowdStrike Falcon sandbox.


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • CrowdStrikeFalconSandboxV2


  • Set


  • cs-falcon-sandbox-scan
  • cs-falcon-sandbox-submit-sample

Playbook Inputs#

NameDescriptionDefault ValueRequired
FileThe file object of the file to detonate.FileOptional
EnvironmentIDThe environment ID where the file should be submitted. To retrieve all available IDs, please execute the crowdstrike-get-environments command.100Optional

Playbook Outputs#

File.SHA256The SHA256 hash of the file.string
File.MaliciousThe file malicious description.unknown
File.TypeThe file type, for example "PE".string
File.SizeThe file size.number
File.MD5The MD5 hash of the file.string
File.NameThe file name.string
File.SHA1The SHA1 hash of the file.string
FileThe file object.unknown
File.Malicious.VendorThe vendor that decided the file was malicious.string
DBotScoreThe DBotScore object.unknown
DBotScore.IndicatorThe tested indicator.string
DBotScore.TypeThe indicator type.string
DBotScore.VendorThe vendor used to calculate the score.string
DBotScore.ScoreThe actual score.number

Playbook Image#

Detonate file - CrowdStrike Falcon Sandbox v2