Detonate URL - Generic
Detonate URL through active integrations that support URL detonation
Dependencies#
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks#
- Detonate URL - ThreatGrid
- Detonate URL - CrowdStrike
- Detonate URL - JoeSecurity
- Detonate URL - Lastline v2
- Detonate URL - Group-IB TDS Polygon
- Detonate URL - ANYRUN
- Detonate URL - McAfee ATD
- Detonate URL - Cuckoo
Integrations#
This playbook does not use any integrations.
Scripts#
This playbook does not use any scripts.
Commands#
This playbook does not use any commands.
Playbook Inputs#
| Name | Description | Default Value | Required |
|---|---|---|---|
| URL | URL object of url to be detonated. | URL.None | Optional |
Playbook Outputs#
| Path | Description | Type |
|---|---|---|
| File | The File's object | unknown |
| File.Name | Filename | string |
| File.Size | File size | number |
| File.Type | File type e.g. "PE" (only in case of report type=json) | string |
| File.SHA256 | SHA256 of the file | string |
| File.SHA1 | SHA1 of the file | string |
| File.MD5 | MD5 of the file | string |
| File.Malicious.Vendor | For malicious files, the vendor that made the decision | string |
| File.Malicious.Description | For malicious files, the reason for the vendor to make the decision | string |
| DBotScore | The Indicator's object | unknown |
| DBotScore.Type | The type of the indicator | string |
| DBotScore.Indicator | The indicator we tested | string |
| DBotScore.Vendor | Vendor used to calculate the score | string |
| DBotScore.Score | The actual score | number |
| Joe.Analysis.WebID | Web ID | string |
| Joe.Analysis.Status | Analysis Status | string |
| Joe.Analysis.Comments | Analysis Comments | string |
| Joe.Analysis.Time | Submitted Time | date |
| Joe.Analysis.Runs | Sub-Analysis Information | unknown |
| Joe.Analysis.Result | Analysis Results | string |
| Joe.Analysis.Errors | Raised errors during sampling | unknown |
| Joe.Analysis.Systems | Analysis OS | unknown |
| Joe.Analysis.MD5 | MD5 of analysis sample | string |
| Joe.Analysis.SHA1 | SHA1 of analysis sample | string |
| Joe.Analysis.SHA256 | SHA256 of analysis sample | string |
| Joe.Analysis.SampleName | Sample Data, could be a file name or URL | string |
| InfoFile.Name | FileName | string |
| InfoFile.EntryID | The EntryID of the sample | string |
| InfoFile.Size | File Size | number |
| InfoFile.Type | File type e.g. "PE" | string |
| InfoFile.Info | Basic information of the file | string |
| Sample.State | The sample state | string |
| Sample.ID | The sample ID | string |
| IP.Address | IP's relevant to the sample | string |
| InfoFile | The report file's object | unknown |
| Cuckoo.Task.Category | Category of task | unknown |
| Cuckoo.Task.Machine | Machine of task | unknown |
| Cuckoo.Task.Errors | Errors of task | unknown |
| Cuckoo.Task.Target | Target of task | unknown |
| Cuckoo.Task.Package | Package of task | unknown |
| Cuckoo.Task.SampleID | Sample ID of task | unknown |
| Cuckoo.Task.Guest | Task guest | unknown |
| Cuckoo.Task.Custom | Custom values of task | unknown |
| Cuckoo.Task.Owner | Task owner | unknown |
| Cuckoo.Task.Priority | Priority of task | unknown |
| Cuckoo.Task.Platform | Platform of task | unknown |
| Cuckoo.Task.Options | Task options | unknown |
| Cuckoo.Task.Status | Task status | unknown |
| Cuckoo.Task.EnforceTimeout | Is timeout of task enforced | unknown |
| Cuckoo.Task.Timeout | Task timeout | unknown |
| Cuckoo.Task.Memory | Task memory | unknown |
| Cuckoo.Task.Tags | Task tags | unknown |
| Cuckoo.Task.ID | ID of task | unknown |
| Cuckoo.Task.AddedOn | Date on which the task was added | unknown |
| Cuckoo.Task.CompletedOn | Date on which the task was completed | unknown |
| Cuckoo.Task.Score | Reported score of the the task | unknown |
| Cuckoo.Task.Monitor | Monitor of the reported task | unknown |
| ANYRUN.Task.AnalysisDate | Date and time the analysis was executed. | String |
| ANYRUN.Task.Behavior.Category | Category of a process behavior. | String |
| ANYRUN.Task.Behavior.Action | Actions performed by a process. | String |
| ANYRUN.Task.Behavior.ThreatLevel | Threat score associated with a process behavior. | Number |
| ANYRUN.Task.Behavior.ProcessUUID | Unique ID of the process whose behaviors are being profiled. | String |
| ANYRUN.Task.Connection.Reputation | Connection reputation. | String |
| ANYRUN.Task.Connection.ProcessUUID | ID of the process that created the connection. | String |
| ANYRUN.Task.Connection.ASN | Connection autonomous system network. | String |
| ANYRUN.Task.Connection.Country | Connection country. | String |
| ANYRUN.Task.Connection.Protocol | Connection protocol. | String |
| ANYRUN.Task.Connection.Port | Connection port number. | Number |
| ANYRUN.Task.Connection.IP | Connection IP number. | String |
| ANYRUN.Task.DnsRequest.Reputation | Reputation of the DNS request. | String |
| ANYRUN.Task.DnsRequest.IP | IP addresses associated with a DNS request. | Unknown |
| ANYRUN.Task.DnsRequest.Domain | Domain resolution of a DNS request. | String |
| ANYRUN.Task.Threat.ProcessUUID | Unique process ID from where the threat originated. | String |
| ANYRUN.Task.Threat.Msg | Threat message. | String |
| ANYRUN.Task.Threat.Class | Class of the threat. | String |
| ANYRUN.Task.Threat.SrcPort | Port on which the threat originated. | Number |
| ANYRUN.Task.Threat.DstPort | Destination port of the threat. | Number |
| ANYRUN.Task.Threat.SrcIP | Source IP address where the threat originated. | String |
| ANYRUN.Task.Threat.DstIP | Destination IP address of the threat. | String |
| ANYRUN.Task.HttpRequest.Reputation | Reputation of the HTTP request. | String |
| ANYRUN.Task.HttpRequest.Country | HTTP request country. | String |
| ANYRUN.Task.HttpRequest.ProcessUUID | ID of the process making the HTTP request. | String |
| ANYRUN.Task.HttpRequest.Body | HTTP request body parameters and details. | Unknown |
| ANYRUN.Task.HttpRequest.HttpCode | HTTP request response code. | Number |
| ANYRUN.Task.HttpRequest.Status | Status of the HTTP request. | String |
| ANYRUN.Task.HttpRequest.ProxyDetected | Whether the HTTP request was made through a proxy. | Boolean |
| ANYRUN.Task.HttpRequest.Port | HTTP request port. | Number |
| ANYRUN.Task.HttpRequest.IP | HTTP request IP address. | String |
| ANYRUN.Task.HttpRequest.URL | HTTP request URL. | String |
| ANYRUN.Task.HttpRequest.Host | HTTP request host. | String |
| ANYRUN.Task.HttpRequest.Method | HTTP request method type. | String |
| ANYRUN.Task.FileInfo | Details of the submitted file. | String |
| ANYRUN.Task.OS | OS of the sandbox in which the file was analyzed. | String |
| ANYRUN.Task.ID | The unique ID of the task. | String |
| ANYRUN.Task.MIME | The MIME of the file submitted for analysis. | String |
| ANYRUN.Task.Verdict | ANY.RUN verdict for the maliciousness of the submitted file or URL. | String |
| ANYRUN.Task.Process.FileName | File name of the process. | String |
| ANYRUN.Task.Process.PID | Process identification number. | Number |
| ANYRUN.Task.Process.PPID | Parent process identification number. | Number |
| ANYRUN.Task.Process.ProcessUUID | Unique process ID (used by ANY.RUN). | String |
| ANYRUN.Task.Process.CMD | Process command. | String |
| ANYRUN.Task.Process.Path | Path of the executed command. | String |
| ANYRUN.Task.Process.User | User who executed the command. | String |
| ANYRUN.Task.Process.IntegrityLevel | The process integrity level. | String |
| ANYRUN.Task.Process.ExitCode | Process exit code. | Number |
| ANYRUN.Task.Process.MainProcess | Whether the process is the main process. | Boolean |
| ANYRUN.Task.Process.Version.Company | Company responsible for the program executed. | String |
| ANYRUN.Task.Process.Version.Description | Description of the type of program. | String |
| ANYRUN.Task.Process.Version.Version | Version of the program executed. | String |
| DBotScore.Indicator | The indicator that was tested. | String |
| DBotScore.Score | The actual score. | Number |
| DBotScore.Type | Type of indicator. | String |
| DBotScore.Vendor | Vendor used to calculate the score. | String |
| URL.Data | URL data. | String |
| URL.Malicious.Vendor | For malicious URLs, the vendor that made the decision. | String |
| URL.Malicious.Description | For malicious URLs, the reason for the vendor to make the decision. | String |
| ANYRUN.Task.Status | Task analysis status. | String |