Skip to main content

Detonate File - SecneurX Analysis

This Playbook is part of the SecneurX Analysis Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.2.0 and later.

Detonates a file using the SecneurX Analysis Integration. Returns relevant reports to the War Room and file reputations to the context data.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • GenericPolling

Integrations#

  • Secneurx Analysis

Scripts#

This playbook does not use any scripts.

Commands#

  • snx-analysis-submit-file
  • snx-analysis-get-report
  • snx-analysis-get-verdict

Playbook Inputs#


NameDescriptionDefault ValueRequired
FileFile object of the file to detonate. The File is taken from the context.File.NoneOptional
PlatformOperating system platform to run the analysis on. Supported values are: ["Windows7", "Windows10", "Android", "Ubuntu"].Windows7Optional
DurationAnalysis duration in seconds.120Optional
PriorityAnalysis priority. Possible values are "High" or "Normal".NormalOptional
ExtensionExtension of the submitted file. Supported values are: ["sh", "js", "7z", "py", "doc", "rtf", "xls", "ppt", "pps", "ps1", "bat", "eml", "exe", "iso", "jar", "txt", "odt", "odp", "ods", "swf", "msg", "msi", "url", "pdf", "rar", "vbs", "zip", "cab", "lnk", "xml", "dll", "tar", "hta", "elf", "docx", "docm", "link", "xlsx", "xlsm", "xlsb", "pptx", "ppam", "html"].Optional
RebootReboot the system during analysis. The value should be "True" or "False".FalseOptional
FilePasswordPassword of the submitted file.Optional
ReportFormatThe resource type to download. Supported values are: ["json", "html"].jsonOptional
IntervalDuration for executing the pooling (in minutes).1Optional
TimeoutThe duration after which to stop pooling and to resume the playbook (in minutes).15Optional

Playbook Outputs#


PathDescriptionType
SecneurXAnalysis.Report.SHA256SHA256 value of the analyzed samplestring
SecneurXAnalysis.Report.PlatformPlatform of the analyzed sampleString
SecneurXAnalysis.Report.VerdictSummary result of the analyzed samplestring
SecneurXAnalysis.Report.TagsMore details of the analyzed samplestring
SecneurXAnalysis.Report.DnsRequestsList of DNS data observed in the analyzed samplestring
SecneurXAnalysis.Report.HttpRequestsList of HTTP data observed in the analyzed samplestring
SecneurXAnalysis.Report.JA3DigestsList of JA3 data observed in the analyzed samplestring
SecneurXAnalysis.Report.ProcessCreatedProcess behaviour data observed in the analyzed samplestring
SecneurXAnalysis.Report.RegistrySetList of Registry creations observed in the analyzed samplestring
SecneurXAnalysis.Report.RegistryDeletedList of Registry deletions observed in the analyzed samplestring
SecneurXAnalysis.Report.FileCreatedList of File creations observed in the analyzed samplestring
SecneurXAnalysis.Report.FileDroppedList of File drops observed in the analyzed samplestring
SecneurXAnalysis.Report.FileDeletedList of File deletions observed in the analyzed samplestring
SecneurXAnalysis.Report.FileModifiedList of File changes observed in the analyzed samplestring
SecneurXAnalysis.Report.IOCList of IOC's observed in the analyzed samplestring
SecneurXAnalysis.Report.StatusAnalysis queued sample statestring

Playbook Image#


Detonate File - SecneurX Analysis