Cyware Orchestrate

Check Analysis Status

This action checks the progress of the specified analysis.

Check Submission Quota

This action checks the current status of your submission quota.

Download Artifacts

This action downloads IOCs, PCAP files, and other analysis artifacts.

Find Malware Samples

This action finds malware samples.

Find Sandbox Reports

This action finds the sandbox report by providing an FQL filter and paging details.

Get Full Report

This action retrieves the specified reports.

Get Report Summary

This action retrieves the summary of a sandbox report.

Submit File or URL

This action submits an uploaded file or URL for analysis.

Upload File

This action uploads a file for sandbox analysis.

Generic Action

This is a generic action used to make requests to any CrowdStrike Falcon Sandbox endpoint.

Base URL

Enter the base URL to access the CrowdStrike Falcon Sandbox.

Example:

https://falcon.us-2.crowdstrike.com

Text

Required

Client ID

Enter the client ID of the application.

Text

Required

Client Secret

Enter the client secret of your application.

Password

Required

Verify

Choose your preference to verify SSL while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection.

Boolean

Optional

By default, verification is not enabled.

Timeout

Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with CrowdStrike Falcon Sandbox.

Integer

Optional

Allowed range:

15-120

Default value:

15

IDs 

Enter one or more IDs of the submitted malware sample.

Example:

5ddb0407bef249c19c7a975f17979a1f_eecd9a8f319940dfb0255e5d436822d9

List

Required

You can retrieve the ID using the action Find Malware Samples.

ID 

Enter the ID of the artifact to download.

Example:

9a24ffdfe64bc885dc023a43ced533fd90c4187ffe4800e266d54b79c3e1b198

Text

Required

You can retrieve the ID using the action Get Full Report.

Name 

Enter the name of the file you are downloading.

Text

Optional

Encoding 

Enter the format to compress the downloaded file.

Text

Optional

Allowed format:

gzip

Filter

Enter the FQL query to filter the response.

Text

Required

For more information on FQL query, see CrowdStrike Falcon Sandbox API Documentation.

Offset

Enter the offset value to start retrieving reports from.

Text

Required

Limit

Enter the maximum number of submission IDs to return.

Integer

Required

Maximum allowed value:

5000

Sort

Enter the order to sort the response.

Text

Required

Allowed values:

asc, desc

Filter

Enter the FQL query to filter the response.

Text

Required

For more information on FQL query, see CrowdStrike Falcon Sandbox API Documentation.

Offset

Enter the offset value to start retrieving reports from.

Text

Required

Limit

Enter the maximum number of report IDs to return.

Integer

Required

Maximum allowed value:

5000

Sort

Enter the order to sort the response.

Text

Required

Allowed values:

asc, desc

IDs 

Enter one or more report IDs to retrieve the report details.

Example:

5ddb0407bef249c19c7a975f17979a1f_eecd9a8f319940dfb0255e5d436822d9

List

Required

You can retrieve report IDs using the action Find Sandbox Reports.

IDs 

Enter one or more report IDs to retrieve the summary details.

Example:

5ddb0407bef249c19c7a975f17979a1f_eecd9a8f319940dfb0255e5d436822d9

List

Required

You can retrieve report IDs using the action Find Sandbox Reports.

Environment ID 

Enter the ID of the sandbox environment to be used for analysis.

Text

Required

Allowed values:

400, 410, 300, 200, 160, 140, 110, 100

URL 

Enter the URL of the web page or file, which can be HTTP(S) or FTP.

Text

Optional

SHA-256 

Enter the SHA256 hash ID of the sample.

Text

Optional

Send Email Notification 

Enter true to send email notification.

Boolean

Optional

User Tags 

Enter the user tags.

Example:

['tag1', 'tag2', 'tag3']

List

Optional

Extra Params 

Enter the extra parameters to make the request.

Key Value

Optional

Allowed keys:

action_script, command_line, document_password, network_settings, submit_name, system_date, system_time

File Path

Enter the path of the file to be uploaded.

Text

Required

Allowed file formats:

.exe, .scr, .pif, .dll, .com, .cpl, .doc, .docx, .ppt, .pps, .pptx, .ppsx, .xls, .xlsx, .rtf, .pub, PDF, APK, Executable JAR, .sct, .lnk, .chm, .hta, .wsf, .js, .vbs, .vbe, .swf, .pl, .ps1, .psd1, .psm1, .svg, .py, Linux ELF executables, .eml, .msg

File Name

Enter the name of the file to be uploaded.

Text

Required

Comment

Enter the comment for the file.

Text

Optional

Is Confidential

Enter true to display this file to users within your customer account.

Boolean

Optional

Default value:

True

Method

Enter the HTTP method to make the request.

Text

Required

Allowed values:

GET, PUT, POST, DELETE

Endpoint

Enter the endpoint to make the request.

Example:

falconx/queries/submissions/v1

Text

Required

Payload

Enter the payload to make the request.

Key Value

Optional

Query Params

Enter the query parameters to make the request.

Key Value

Optional

Extra Fields

Enter the extra fields to make the request.

Key Value

Optional

Allowed keys:

payload_data, custom_output, download, files, retry_wait, retry_count, response_type.