Skip to main content

Detonate File - ThreatGrid

This Playbook is part of the Cisco Secure Malware Analytics Pack.#


Use Detonate File - ThreatGrid v2 instead.

Detonates one or more files using the ThreatGrid integration. This playbook returns relevant reports to the War Room and file reputations to the context data.

The detonation supports the following file types: EXE, DLL, JAR, JS, PDF, DOC, DOCX, RTF, XLS, PPT, PPTX, XML, ZIP, VBN, SEP, XZ, GZ, BZ2, TAR, MHTML, SWF, LNK, URL, MSI, JTD, JTT, JTDC, JTTC, HWP, HWT, HWPX, BAT, HTA, PS1, VBS, WSF, JSE, VBE, CHM.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • GenericPolling


This playbook does not use any integrations.


  • Set


  • threat-grid-get-samples-state
  • threat-grid-upload-sample

Playbook Inputs#

NameDescriptionDefault ValueSourceRequired
FileThe file object of the file to detonate.NoneFileOptional
FileNameThe name of the file to detonate.file-detonated-via-demisto-Optional
VMThe VM to use (string).--Optional
playbookThe name of the Threat Grid playbook to apply to this sample run.Default-Optional
PrivateThe sample is marked private if this is present, and set to any value other than false.--Optional
SourceThe string used for identifying the source of the detonation (user defined).--Optional
TagsThe comma-separated list of tags applied to this sample.--Optional
IntervalThe polling frequency. How often the polling command should run (in minutes).1-Optional
TimeoutHow much time to wait before a timeout occurs (in minutes).15-Optional

Playbook Outputs#

File.MaliciousThe file malicious description.unknown
File.Malicious.VendorThe vendor that made the decision that the file is malicious.string
File.TypeThe file type. For example "PE".string
File.SizeThe file size.number
File.MD5The MD5 hash of the file.string
File.NameThe filename.string
File.SHA1The SHA1 hash of the file.string
FileThe file object.unknown
File.SHA256The SHA256 hash of the file.string
DBotScoreThe DBotScore object.unknown
DBotScore.IndicatorThe indicator we tested.string
DBotScore.TypeThe type of the indicator.string
DBotScore.VendorThe vendor used to calculate the score.string
DBotScore.ScoreThe actual score.number
Sample.StateThe sample state.unknown
Sample.IDThe sample ID.unknown

Playbook Image#