Warning

Splunkbase Classic has been deprecated and will be deactivated on February 18, 2026.

Falcon Sandbox

This app integrates with Falcon Sandbox Services to provide investigative actions

Built by

Latest Version 2.1.0

July 16, 2024

Compatibility

SOAR On-Prem, SOAR Cloud

Platform Version: 8.4, 8.0, 7.2, 7.1, 7.0, 6.4, 6.3, 6.2, 6.1

Rating

0

(0)

Support

Not Supported

Ranking

in Sandbox

This app integrates with Falcon Sandbox Services to provide investigative actions

Supported Actions

search terms: Search for samples in Falcon Sandbox database using search terms
hunt similar: Search for similar samples by given Sha256 hash in the Falcon Sandbox database
hunt ip: Search for a given IP in the Falcon Sandbox database
hunt hash: Search for a file by one kind of hash(Sha1, Md5, Sha256) in the Falcon Sandbox database
hunt file: Search for a file by one kind of data(Sha1, Md5, Sha256 or File name) in the Falcon Sandbox database
hunt malware family: Search for a given malware family in the Falcon Sandbox database
hunt domain: Search for a given domain in the Falcon Sandbox database
hunt url: Search for a given URL in the Falcon Sandbox database
get file from url: Download file from a url
get pcap: Download the pcap file of sample from Falcon Sandbox and add it to vault
get file: Download sample result data from Falcon Sandbox and add it to vault
get report: Fetch results of an already completed analysis in the Falcon Sandbox
check status: Check status of sample (file or URL) submitted in the Falcon Sandbox
check url hash: Determine a SHA256 that an online file or URL submission will have when being processed by the Falcon Sandbox
detonate url: Detonate a URL in the Falcon Sandbox
detonate online file: Detonate an online file in the Falcon Sandbox
detonate file: Detonate the file in the Falcon Sandbox
test connectivity: Validate the asset configuration for connectivity