icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

Thank You

Downloading Threat Grid
SHA256 checksum (threat-grid_230.tgz) 50e3db7608cc60d92a8a27911e92a1c2b3725a1482fd275020e183e768df9ef8 SHA256 checksum (threat-grid_229.tgz) 2ab3a945e6ae07168851cff4c8844b2e3c81a7403c28c3f40368cbe4e494023f SHA256 checksum (threat-grid_227.tgz) b01d7cf1bea40c134af065ce57359e1a68e8ed3848ca01b842ebe3f626518efa SHA256 checksum (threat-grid_2110.tgz) 355461fec39f042c3f6f6f23f84db11095f4d13d19c6d45c6ee878e471ccf639

Flag As Inappropriate

soar

Threat Grid

Splunk SOAR Cloud
Splunk Built
Overview
This app supports executing investigative actions to analyze executables and URLs on the Threat Grid sandbox

Supported Actions Version 2.3.0

  • test connectivity: Validate the asset configuration for connectivity. This action logs into the device to check the connection and credentials
  • detonate file: Run the file in the Threat Grid sandbox and retrieve the analysis results
  • get report: Query for results of an already completed task in Threat Grid
  • detonate url: Load a URL in the Threat Grid sandbox and retrieve the analysis results
  • list playbooks: List the playbooks available in the connected ThreatGrid environment
  • list vms: List the VMs available in the connected ThreatGrid environment
  • list submissions: List the submissions present on ThreatGrid based on the query provided

Supported Actions Version 2.2.9

  • test connectivity: Validate the asset configuration for connectivity. This action logs into the device to check the connection and credentials
  • detonate file: Run the file in the Threat Grid sandbox and retrieve the analysis results
  • get report: Query for results of an already completed task in Threat Grid
  • detonate url: Load a URL in the Threat Grid sandbox and retrieve the analysis results
  • list playbooks: List the playbooks available in the connected ThreatGrid environment
  • list submissions: List the submissions present on ThreatGrid based on the query provided

Supported Actions Version 2.2.7

  • test connectivity: Validate the asset configuration for connectivity. This action logs into the device to check the connection and credentials
  • detonate file: Run the file in the Threat Grid sandbox and retrieve the analysis results
  • get report: Query for results of an already completed task in Threat Grid
  • detonate url: Load a URL in the Threat Grid sandbox and retrieve the analysis results
  • list playbooks: List the playbooks available in the connected ThreatGrid environment
  • list submissions: List the submissions present on ThreatGrid based on the query provided

Supported Actions Version 2.1.10

  • test connectivity: Validate the asset configuration for connectivity. This action logs into the device to check the connection and credentials
  • detonate file: Run the file in the Threat Grid sandbox and retrieve the analysis results
  • get report: Query for results of an already completed task in Threat Grid
  • detonate url: Load a URL in the Threat Grid sandbox and retrieve the analysis results
  • list playbooks: List the playbooks available in the connected ThreatGrid environment
  • list submissions: List the submissions present on ThreatGrid based on the query provided

Release Notes

Version 2.3.0
June 15, 2022
  • Added support for the following parameters in the 'detonate file' action [PAPP-25706]
    • tags
    • vm_runtime
  • Added support for the following parameters in the 'detonate url' action [PAPP-25705]
    • vm
    • tags
    • private
    • vm_runtime
  • Added new action 'list vms' [PAPP-25958]
  • Removed dropdown from the 'vm' parameter in the 'detonate file' action [PAPP-25706]
  • Added new asset configuration parameter to always mark uploads as private [PAPP-26185]
  • Fixed an invalid URL issue for the 'test connectivity' action
Version 2.2.9
Jan. 20, 2022

Threat Grid Release Notes - Published by Splunk January 20, 2022

Version 2.2.9 - Released January 20, 2022

  • Marked the app as FIPS Compliant [PAPP-22085]
Version 2.2.7
Dec. 3, 2021

Threat Grid Release Notes - Published by Splunk December 03, 2021

Version 2.2.7 - Released December 03, 2021

  • Added 'password' parameter to support password protected file detonation for the 'detonate file' action [PAPP-11179]
Version 2.1.10
Oct. 15, 2021

Threat Grid Release Notes - Published by Splunk October 14, 2021

Version 2.1.10 - Released October 14, 2021

  • Removed unnecessary build artifacts

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.