Skip to main content

Detonate URL - Lastline v2

This Playbook is part of the Lastline Pack.#

Detonates a URL using the Lastline Sandbox integration.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • GenericPolling

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

  • lastline-upload-url
  • lastline-check-status
  • lastline-get-report

Playbook Inputs#


NameDescriptionDefault ValueSourceRequired
URLThe URL to detonate.DataURLOptional
IntervalThe polling frequency. How often the polling command should run (in minutes).1-Optional
TimeoutThe amount of time to wait before a timeout occurs (in minutes).15-Optional

Playbook Outputs#


PathDescriptionType
File.SizeThe file size (only in case of report type=json).number
DBotScore.IndicatorThe indicator that was tested (only in case of report type=json).string
DBotScore.VendorThe vendor used to calculate the score (only in case of report type=json).string
DBotScore.ScoreThe actual score (only in case of report type=json).number
IP.AddressThe IP addresses's relevant to the sample.string
DBotScore.TypeThe type of the indicator (only in case of report type=json).string
File.NameThe filename (only in case of report type=json).string
File.TypeThe file type. For example, "PE" (only in case of report type=json).string
File.MD5The MD5 hash of the file (only in case of report type=json).string
File.SHA1The SHA1 hash of the file (only in case of report type=json).string
File.SHA256The SHA256 hash of the file (only in case of report type=json).string
File.EntryIDThe Entry ID of the sample.string
File.Malicious.VendorThe vendor that determined that a file is malicious.string
File.Malicious.DescriptionThe reason that the vendor determined that the file is malicious.string
URL.DataThe list of malicious URLs identified by Lastline analysis.string
URL.Malicious.VendorThe vendor that determined that the URL is malicious.string
URL.Malicious.DescriptionThe reason that the vendor determined that the URL is malicious.string
URL.Malicious.ScoreThe score that the malicious URL received from the vendor.number
File.Malicious.ScoreThe score that the malicious file received from the vendor.number
Lastline.Submission.StatusThe status of the submission.string
Lastline.Submission.DNSqueriesThe list of DNS queries done by the analysis subject.string
Lastline.Submission.NetworkConnectionsThe list of network connections done by the analysis subject.string
Lastline.Submission.DownloadedFilesThe list of files that were downloaded using the Microsoft Windows file-download API functions. Each element is a tuple of file-origin URL and a File element.string
Lastline.Submission.UUIDThe ID of the submission.string
Lastline.Submission.YaraSignatures.nameThe Yara signatures name.string
Lastline.Submission.YaraSignatures.scoreThe score according to the yara signatures. Must be from 0 to 100.number
Lastline.Submission.Process.argumentsThe argument of the process.string
Lastline.Submission.YaraSignatures.internalWhether the signature is only for internal use.boolean
Lastline.Submission.Process.process_idThe process ID.string
Lastline.Submission.Process.executable.abs_pathThe absolute path of the executable of the process.string
Lastline.Submission.Process.executable.filenameThe filename of the executable.string
Lastline.Submission.Process.executable.yara_signature_hitsThe Yara signature of the executable of the process.string
URLThe URL object.unknown
URL.MaliciousThe URL Malicious object.unknown
DBotScoreThe DBot score object.unknown
Lastline.SubmissionThe Lastline submission object.unknown

Playbook Image#


Detonate_URL_Lastline_v2