Detonate URL - Generic

Detonate URL through active integrations that support URL detonation

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Detonate URL - ThreatGrid
  • Detonate URL - CrowdStrike
  • Detonate URL - JoeSecurity
  • Detonate URL - Lastline v2
  • Detonate URL - Group-IB TDS Polygon
  • Detonate URL - ANYRUN
  • Detonate URL - McAfee ATD
  • Detonate URL - Cuckoo

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueRequired
URLURL object of url to be detonated.URL.NoneOptional

Playbook Outputs


PathDescriptionType
FileThe File's objectunknown
File.NameFilenamestring
File.SizeFile sizenumber
File.TypeFile type e.g. "PE" (only in case of report type=json)string
File.SHA256SHA256 of the filestring
File.SHA1SHA1 of the filestring
File.MD5MD5 of the filestring
File.Malicious.VendorFor malicious files, the vendor that made the decisionstring
File.Malicious.DescriptionFor malicious files, the reason for the vendor to make the decisionstring
DBotScoreThe Indicator's objectunknown
DBotScore.TypeThe type of the indicatorstring
DBotScore.IndicatorThe indicator we testedstring
DBotScore.VendorVendor used to calculate the scorestring
DBotScore.ScoreThe actual scorenumber
Joe.Analysis.WebIDWeb IDstring
Joe.Analysis.StatusAnalysis Statusstring
Joe.Analysis.CommentsAnalysis Commentsstring
Joe.Analysis.TimeSubmitted Timedate
Joe.Analysis.RunsSub-Analysis Informationunknown
Joe.Analysis.ResultAnalysis Resultsstring
Joe.Analysis.ErrorsRaised errors during samplingunknown
Joe.Analysis.SystemsAnalysis OSunknown
Joe.Analysis.MD5MD5 of analysis samplestring
Joe.Analysis.SHA1SHA1 of analysis samplestring
Joe.Analysis.SHA256SHA256 of analysis samplestring
Joe.Analysis.SampleNameSample Data, could be a file name or URLstring
InfoFile.NameFileNamestring
InfoFile.EntryIDThe EntryID of the samplestring
InfoFile.SizeFile Sizenumber
InfoFile.TypeFile type e.g. "PE"string
InfoFile.InfoBasic information of the filestring
Sample.StateThe sample statestring
Sample.IDThe sample IDstring
IP.AddressIP's relevant to the samplestring
InfoFileThe report file's objectunknown
Cuckoo.Task.CategoryCategory of taskunknown
Cuckoo.Task.MachineMachine of taskunknown
Cuckoo.Task.ErrorsErrors of taskunknown
Cuckoo.Task.TargetTarget of taskunknown
Cuckoo.Task.PackagePackage of taskunknown
Cuckoo.Task.SampleIDSample ID of taskunknown
Cuckoo.Task.GuestTask guestunknown
Cuckoo.Task.CustomCustom values of taskunknown
Cuckoo.Task.OwnerTask ownerunknown
Cuckoo.Task.PriorityPriority of taskunknown
Cuckoo.Task.PlatformPlatform of taskunknown
Cuckoo.Task.OptionsTask optionsunknown
Cuckoo.Task.StatusTask statusunknown
Cuckoo.Task.EnforceTimeoutIs timeout of task enforcedunknown
Cuckoo.Task.TimeoutTask timeoutunknown
Cuckoo.Task.MemoryTask memoryunknown
Cuckoo.Task.TagsTask tagsunknown
Cuckoo.Task.IDID of taskunknown
Cuckoo.Task.AddedOnDate on which the task was addedunknown
Cuckoo.Task.CompletedOnDate on which the task was completedunknown
Cuckoo.Task.ScoreReported score of the the taskunknown
Cuckoo.Task.MonitorMonitor of the reported taskunknown
ANYRUN.Task.AnalysisDateDate and time the analysis was executed.String
ANYRUN.Task.Behavior.CategoryCategory of a process behavior.String
ANYRUN.Task.Behavior.ActionActions performed by a process.String
ANYRUN.Task.Behavior.ThreatLevelThreat score associated with a process behavior.Number
ANYRUN.Task.Behavior.ProcessUUIDUnique ID of the process whose behaviors are being profiled.String
ANYRUN.Task.Connection.ReputationConnection reputation.String
ANYRUN.Task.Connection.ProcessUUIDID of the process that created the connection.String
ANYRUN.Task.Connection.ASNConnection autonomous system network.String
ANYRUN.Task.Connection.CountryConnection country.String
ANYRUN.Task.Connection.ProtocolConnection protocol.String
ANYRUN.Task.Connection.PortConnection port number.Number
ANYRUN.Task.Connection.IPConnection IP number.String
ANYRUN.Task.DnsRequest.ReputationReputation of the DNS request.String
ANYRUN.Task.DnsRequest.IPIP addresses associated with a DNS request.Unknown
ANYRUN.Task.DnsRequest.DomainDomain resolution of a DNS request.String
ANYRUN.Task.Threat.ProcessUUIDUnique process ID from where the threat originated.String
ANYRUN.Task.Threat.MsgThreat message.String
ANYRUN.Task.Threat.ClassClass of the threat.String
ANYRUN.Task.Threat.SrcPortPort on which the threat originated.Number
ANYRUN.Task.Threat.DstPortDestination port of the threat.Number
ANYRUN.Task.Threat.SrcIPSource IP address where the threat originated.String
ANYRUN.Task.Threat.DstIPDestination IP address of the threat.String
ANYRUN.Task.HttpRequest.ReputationReputation of the HTTP request.String
ANYRUN.Task.HttpRequest.CountryHTTP request country.String
ANYRUN.Task.HttpRequest.ProcessUUIDID of the process making the HTTP request.String
ANYRUN.Task.HttpRequest.BodyHTTP request body parameters and details.Unknown
ANYRUN.Task.HttpRequest.HttpCodeHTTP request response code.Number
ANYRUN.Task.HttpRequest.StatusStatus of the HTTP request.String
ANYRUN.Task.HttpRequest.ProxyDetectedWhether the HTTP request was made through a proxy.Boolean
ANYRUN.Task.HttpRequest.PortHTTP request port.Number
ANYRUN.Task.HttpRequest.IPHTTP request IP address.String
ANYRUN.Task.HttpRequest.URLHTTP request URL.String
ANYRUN.Task.HttpRequest.HostHTTP request host.String
ANYRUN.Task.HttpRequest.MethodHTTP request method type.String
ANYRUN.Task.FileInfoDetails of the submitted file.String
ANYRUN.Task.OSOS of the sandbox in which the file was analyzed.String
ANYRUN.Task.IDThe unique ID of the task.String
ANYRUN.Task.MIMEThe MIME of the file submitted for analysis.String
ANYRUN.Task.VerdictANY.RUN verdict for the maliciousness of the submitted file or URL.String
ANYRUN.Task.Process.FileNameFile name of the process.String
ANYRUN.Task.Process.PIDProcess identification number.Number
ANYRUN.Task.Process.PPIDParent process identification number.Number
ANYRUN.Task.Process.ProcessUUIDUnique process ID (used by ANY.RUN).String
ANYRUN.Task.Process.CMDProcess command.String
ANYRUN.Task.Process.PathPath of the executed command.String
ANYRUN.Task.Process.UserUser who executed the command.String
ANYRUN.Task.Process.IntegrityLevelThe process integrity level.String
ANYRUN.Task.Process.ExitCodeProcess exit code.Number
ANYRUN.Task.Process.MainProcessWhether the process is the main process.Boolean
ANYRUN.Task.Process.Version.CompanyCompany responsible for the program executed.String
ANYRUN.Task.Process.Version.DescriptionDescription of the type of program.String
ANYRUN.Task.Process.Version.VersionVersion of the program executed.String
DBotScore.IndicatorThe indicator that was tested.String
DBotScore.ScoreThe actual score.Number
DBotScore.TypeType of indicator.String
DBotScore.VendorVendor used to calculate the score.String
URL.DataURL data.String
URL.Malicious.VendorFor malicious URLs, the vendor that made the decision.String
URL.Malicious.DescriptionFor malicious URLs, the reason for the vendor to make the decision.String
ANYRUN.Task.StatusTask analysis status.String

Playbook Image


![Detonate URL - Generic](Insert the link to your image here)