Falcon Sandbox

This app integrates with Falcon Sandbox Services to provide investigative actions

Supported Actions

• search terms: Search for samples in Falcon Sandbox database using search terms
• hunt similar: Search for similar samples by given Sha256 hash in the Falcon Sandbox database
• hunt ip: Search for a given IP in the Falcon Sandbox database
• hunt hash: Search for a file by one kind of hash(Sha1, Md5, Sha256) in the Falcon Sandbox database
• hunt file: Search for a file by one kind of data(Sha1, Md5, Sha256 or File name) in the Falcon Sandbox database
• hunt malware family: Search for a given malware family in the Falcon Sandbox database
• hunt domain: Search for a given domain in the Falcon Sandbox database
• hunt url: Search for a given URL in the Falcon Sandbox database
• get file from url: Download file from a url
• get pcap: Download the pcap file of sample from Falcon Sandbox and add it to vault
• get file: Download sample result data from Falcon Sandbox and add it to vault
• get report: Fetch results of an already completed analysis in the Falcon Sandbox
• check status: Check status of sample (file or URL) submitted in the Falcon Sandbox
• check url hash: Determine a SHA256 that an online file or URL submission will have when being processed by the Falcon Sandbox
• detonate url: Detonate a URL in the Falcon Sandbox
• detonate online file: Detonate an online file in the Falcon Sandbox
• detonate file: Detonate the file in the Falcon Sandbox
• test connectivity: Validate the asset configuration for connectivity