Skip to main content

Detonate URL - Trend Micro Deep Discovery Analyzer Beta

This Playbook is part of the TrendAI™ Deep Discovery™ Analyzer Pack.#

Supported versions

Available on Cortex XSOAR and Cortex XSIAM.

beta

This is a beta Integration, which lets you implement and test pre-release software. Since the integration is beta, it might contain bugs. Updates to the integration during the beta phase might include non-backward compatible features. We appreciate your feedback on the quality and usability of the integration to help us identify issues, fix them, and continually improve.

Detonates a URL using the TrendAI™ Deep Discovery™ Analyzer sandbox.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • GenericPolling

Integrations#

  • Trend Micro Deep Discovery Analyzer

Scripts#

This playbook does not use any scripts.

Commands#

  • trendmicro-dda-check-status
  • trendmicro-dda-get-report
  • trendmicro-dda-upload-url

Playbook Inputs#


NameDescriptionDefault ValueRequired
URLURL to detonate.URL.DataRequired
intervalPolling frequency - how often the polling command should run (minutes)1Optional
timeputHow much time to wait before a timeout occurs (minutes)15Optional

Playbook Outputs#


PathDescriptionType
InfoFile.TypeReport file type e.g. "PE"string
InfoFile.SHA256SHA256 hash of the report filestring
TrendMicroDDA.Submissions.SHA1The SHA1 of the submissionstring
TrendMicroDDA.Submissions.RiskLevelThe Risk Level of the samplenumber
DBotScore.ScoreThe actual scorenumber
TrendMicroDDA.Submissions.isCompletedStating if the detonation was complete or notstring
DBotScore.IndicatorThe indicator we testedstring
TrendMicroDDA.Submissions.statusThe status of the samplestring
DBotScore.TypeThe type of the indicatorstring
DBotScore.VendorVendor used to calculate the scorestring
InfoFile.MD5MD5 hash of the report filestring
InfoFile.NameReport file namestring
InfoFile.SizeReport file sizenumber
File.Malicious.VendorFor malicious files, the vendor that made the decisionstring
File.Malicious.DescriptionFor malicious files, the reason for the vendor to make the decisionstring
IP.AddressIPs relevant to the submissionstring
Domain.NameDomains relevant to the submissionstring
URL.DataURL datastring
File.MD5MD5 hash of the filestring
File.SHA1SHA1 hash of the filestring
File.SHA256SHA256 hash of the filestring
File.SizeFile sizenumber
File.NameFile namestring

Playbook Image#


Detonate URL - Trend Micro Deep Discovery Analyzer Beta