Skip to main content

CrowdStrike FalconX

Fully automated malware analysis

CrowdStrike Falcon X is an automated threat intelligence service built on the Falcon platform.

It provides rich content and actionable information to malware analysts and security teams to aid in their malware evaluation. It gives context around the behavior of malicious files and outlines the risk assessment providing related samples. Having this research at your fingertips can aid in the larger investigation.

Understanding malware behavior can help you identify and address potential areas of weakness to stay ahead of potential attacks.

What does this pack do?

  • Automatically analyze malware found on endpoints.
  • Determine if there are related samples from other malware search engines.
  • Enrich results with customized threat intelligence.
  • Provide security teams with custom indicators of compromise (IOCs).
  • Show not only what happened on the endpoint, but also details behind the attack.

Playbooks

This pack includes the following built-in playbooks:

  • Detonate File - CrowdStrike Falcon X: Detonate a file using CrowdStrike Falcon X sandbox.
  • Detonate URL - CrowdStrike Falcon X: Detonate one or more files using the CrowdStrike Falcon Sandbox integration. This playbook returns relevant reports to the War Room and file reputations to the context data.

PUBLISHER

Cortex XSOAR

INFO

CertificationRead more
Supported ByCortex XSOAR
CreatedAugust 19, 2020
Last ReleaseJune 16, 2022
WORKS WITH THE FOLLOWING INTEGRATIONS:
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.