CrowdStrike Falcon Sandbox

Details
Content
Dependencies
Version History

Fully automated malware analysis (formerly Payload Security VxStream).

Integrations

Name	Description
CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)	Fully automated malware analysis using Hybrid Analysis API.
CrowdStrike Falcon Sandbox (Deprecated)	Deprecated. Use CrowdStrike Falcon Sandbox V2 instead.

Playbooks

Name	Description
Detonate URL - CrowdStrike	Deprecated. Use the cs-falcon-sandbox-submit-url command with polling=true instead.
Detonate file - CrowdStrike Falcon Sandbox v2	Detonates a File using CrowdStrike Falcon sandbox.
CrowdStrike Falcon Sandbox - Detonate file	Deprecated. Use the cs-falcon-sandbox-submit-file command with polling=true instead.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (6)

Pack Name	Pack By
Common Playbooks	By: Cortex XSOAR
Base	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

2.0.27 - R5469292 (October 20, 2025)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Added the environmentID argument to the cs-falcon-sandbox-scan command.
Fixed a bug that prevented the cs-falcon-sandbox-scan command from working properly.
Updated the Docker image to: demisto/python3:3.12.11.4284848.

Related pull requests:
- 40771

Download

2.0.26 - 4096037 (July 8, 2025)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

2.0.25 - R3980324 (June 26, 2025)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Metadata and documentation improvements.

Related pull requests:
- 39143

Download

2.0.24 - 2628530 (March 3, 2025)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Updated the CrowdStrike Falcon Sandbox V2 integration to remove the deprecated Linux Ubuntu 16.04 environment and added Linux Ubuntu 20.
Updated the Docker image to: demisto/python3:3.12.8.1983910.

Related pull requests:
- 38869

Download

2.0.23 - 1935630 (January 6, 2025)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 37472

Download

2.0.22 - 1718057 (November 28, 2024)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

2.0.21 - R1681986 (November 21, 2024)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.10.14.99865.

Related pull requests:
- 35045

Download

2.0.20 - 765039 (January 16, 2024)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32212

Download

2.0.19 - 733853 (January 2, 2024)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31878

Download

2.0.18 - 6190939 (August 30, 2023)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29318

Download

2.0.17 - 6058978 (August 15, 2023)

Playbooks

New: Detonate file - CrowdStrike Falcon Sandbox v2

New: Detonates a File using CrowdStrike Falcon sandbox. (Available from Cortex XSOAR 6.9.0).

Related pull requests:
- 28907

Download

2.0.16 - 5914533 (July 31, 2023)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Updated the Docker image to: demisto/python3:3.10.12.66339.

Related pull requests:
- 28612

Download

2.0.15 - R5866730 (July 25, 2023)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27745

Download

2.0.14 - 5456534 (June 6, 2023)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27243

Download

2.0.13 - 5356324 (May 24, 2023)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Upgraded the Docker image to: demisto/python3:3.10.11.59581.

Related pull requests:
- 26691

Download

2.0.12 - 5185403 (May 4, 2023)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Updated the Docker image to: demisto/python3:3.10.11.56857.

Related pull requests:
- 26294

Download

2.0.11 - R5170573 (May 2, 2023)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Updated the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 25962

Download

2.0.10 - 4957579 (April 3, 2023)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Updated the Docker image to: demisto/python3:3.10.10.51930.

Related pull requests:
- 25692

Download

2.0.9 - 4841233 (March 18, 2023)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Updated the Docker image to: demisto/python3:3.10.10.49934.

Related pull requests:
- 25354

Download

2.0.8 - R4718798 (March 1, 2023)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24789

Download

2.0.7 - R4646022 (February 19, 2023)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Updated the Docker image to: demisto/python3:3.10.9.46807.

Related pull requests:
- 24384

Download

2.0.6 - 3427401 (August 9, 2022)

Integrations

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

Fixed the integration display name to include reference to Hybrid Analysis.

Related pull requests:
- 20438

Download

2.0.5 - 3326856 (July 25, 2022)

Integrations

CrowdStrike Falcon Sandbox v2

Internal code improvements.

Related pull requests:
- 20083

Download

2.0.4 - 3305407 (July 21, 2022)

Integrations

CrowdStrike Falcon Sandbox v2

Removed excessive error traceback printing.

Related pull requests:
- 19484

Download

2.0.3 - 3250424 (July 12, 2022)

Integrations

CrowdStrike Falcon Sandbox v2

Updated the Docker image to: demisto/python3:3.10.5.31928.
Added the Server URL parameter.

Related pull requests:
- 20007
- 19856

Download

2.0.2 - 3157401 (June 26, 2022)

Integrations

CrowdStrike Falcon Sandbox v2

Updated the Docker image to: demisto/python3:3.10.4.30607.

Related pull requests:
- 19707

Download

2.0.1 - 2784849 (April 19, 2022)

Integrations

CrowdStrike Falcon Sandbox v2

Updated formatting of integration parameters.

Download

2.0.0 - 2419785 (February 15, 2022)

Integrations

CrowdStrike Falcon Sandbox (Deprecated)

Use the CrowdStrike Falcon Sandbox v2 integration instead.

New: CrowdStrike Falcon Sandbox v2

Use the CrowdStrike Falcon Sandbox V2 integration to submit and analyze files and URLs. This integration is backwards compatible with the CrowdStrike Falcon Sandbox integration.

Playbooks

CrowdStrike Falcon Sandbox - Detonate file

Deprecated. Use the cs-falcon-sandbox-submit-file command with polling=true instead.

Detonate URL - CrowdStrike

Deprecated. Use the cs-falcon-sandbox-submit-url command with polling=true instead.

Download

1.0.5 - R2330048 (January 30, 2022)

Integrations

CrowdStrike Falcon Sandbox

Fixed an issue where no results were found when passing any file to the file argument in the crowdstrike-scan.

Download

PUBLISHER

PLATFORMS

Cortex XSOAR

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	September 23, 2020
Last Release	October 20, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis)

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.