Skip to main content

Search For Hash In Sandbox - Generic

This Playbook is part of the Common Playbooks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This playbook searches for a specific hash in the supported sandboxes. If the hash is known, the playbook provides a detailed analysis of the sandbox report. Currently, supported sandboxes are Falcon Intelligence Sandbox, Wildfire and Joe Sandbox.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Mitre Attack - Extract Technique Information From ID


This playbook does not use any integrations.


  • SetAndHandleEmpty
  • IsIntegrationAvailable


  • cs-fx-get-full-report
  • cs-fx-find-reports
  • extractIndicators
  • attack-pattern
  • wildfire-report
  • joe-download-report
  • rasterize-pdf
  • joe-search

Playbook Inputs#

NameDescriptionDefault ValueRequired
FileSha256The SHA256 hash to search for.Optional

Playbook Outputs#

AttackPatternThe MITRE Attack pattern information.unknown
MITREATTACKFull MITRE data for the attack pattern.unknown
NonFoundHashesA list of hashes that are not found in the sandboxes.string
WildFire.ReportThe results of the Wildfire report.string
csfalconx.resource.sandboxThe results of the Falcon Intelligence Sandbox report.string
DetectedHashesA list of hashes that were detected by the sandboxes.string

Playbook Image#

Search For Hash In Sandbox - Generic