CrowdStrike Falcon Intelligence Sandbox

Integrations

CrowdStrike Falcon Intelligence Sandbox

• Fixed an issue for the commands cs-fx-get-full-report, and cs-fx-get-report-summary, where the report returned indicated an error, but it was not caught. The commands will now show a warning if an error is returned.
• Fixed an issue for the command cs-fx-upload-file with polling, where if the file report indicates an error, then the command will output the error and fail.
• Updated the Docker image to: demisto/python3:3.10.13.84405.

Playbooks

Detonate File - CrowdStrike Falcon Intelligence Sandbox v2

• Playbook now supports skipping unsupported files.

Playbooks

Detonate File - CrowdStrike Falcon Intelligence Sandbox

Deprecated. Use Detonate File - CrowdStrike Falcon Intelligence Sandbox v2 instead.

New: Detonate File - CrowdStrike Falcon Intelligence Sandbox v2

New: Detonates a file using CrowdStrike Falcon Intelligence Sandbox.
Accepted file formats:
Portable executables: .exe, .scr, .pif, .dll, .com, .cpl, etc.
Office documents: .doc, .docx, .ppt, .pps, .pptx, .ppsx, .xls, .xlsx, .rtf, .pub
PDF
APK
Executable JAR
Windows script component: .sct
Windows shortcut: .lnk
Windows help: .chm
HTML application: .hta
Windows script file: .wsf
Javascript: .js
Visual Basic: .vbs, .vbe
Shockwave Flash: .swf
Perl: .pl
Powershell: .ps1, .psd1, .psm1
Scalable vector graphics: .svg
Python: .py
Linux ELF executables
Email files: MIME RFC 822 .eml, Outlook .msg.

Detonate URL - CrowdStrike Falcon Intelligence Sandbox

Deprecated. Use Detonate URL - CrowdStrike Falcon Intelligence Sandbox v2 instead.

New: Detonate URL - CrowdStrike Falcon Intelligence Sandbox v2

New: Detonate one or more URLs using the CrowdStrike Falcon Intelligence Sandbox integration. This playbook returns relevant reports to the War Room and file reputations to the context data.

Playbooks

Detonate URL - CrowdStrike Falcon Intelligence Sandbox

By modifying the new input "Full Report" to False, the playbook will get the report summary of the URL detonation instead of the full report.

Detonate File - CrowdStrike Falcon Intelligence Sandbox

By modifying the new input "Full Report" to False, the playbook will get the report summary of the file detonation instead of the full report.

Integrations

CrowdStrike Falcon Intelligence Sandbox

Fixed an issue where the command cs-fx-upload-file failed when used with submit_file=yes and polling=true.

Integrations

CrowdStrike Falcon Intelligence Sandbox

Documentation and metadata improvements.

Playbooks

CrowdStrike Falcon Intelligence Sandbox Detonate and Analyze File

Updated the branch logic to detect the name of the integration CrowdStrike Falcon X.

Integrations

CrowdStrike Falcon Intelligence Sandbox

• Updated the Docker image to: demisto/python3:3.10.12.66339.

Integrations

CrowdStrike Falcon Intelligence Sandbox

• Updated the Docker image to: demisto/python3:3.10.12.63474.

Integrations

CrowdStrike Falcon Intelligence Sandbox

• Updated the Docker image to: demisto/python3:3.10.12.62631.

Integrations

CrowdStrike Falcon Intelligence Sandbox

• Updated the Docker image to: demisto/python3:3.10.11.61265.

Playbooks

Detonate URL - CrowdStrike Falcon Intelligence Sandbox

Changed mode to quiet.

Integrations

CrowdStrike Falcon Intelligence Sandbox

• Updated the Docker image to: demisto/python3:3.10.11.54132.

Integrations

CrowdStrike Falcon Intelligence Sandbox

• Updated the Docker image to: demisto/python3:3.10.10.52956.

Integrations

CrowdStrike Falcon Intelligence Sandbox

• Fixed an issue where the cs-fx-get-full-report command failed due to unexpected structure of the API response.

Integrations

CrowdStrike Falcon Intelligence Sandbox

• Fixed an issue where the cs-fx-upload-file command failed when the file_name argument had special characters.
• Fixed an issue where the cs-fx-submit-url command failed when the URL provided had special characters.

Playbooks

Detonate File - CrowdStrike Falcon Intelligence Sandbox

• Fixed an issue where the playbook failed during GenericPolling task.

Detonate URL - CrowdStrike Falcon Intelligence Sandbox

• Fixed an issue where the playbook failed during GenericPolling task.

Integrations

CrowdStrike Falcon Intelligence Sandbox

• Updated the Docker image to: demisto/python3:3.10.10.47713.
• Added the file name of the uploaded file to the context data for the cs-fx-submit-uploaded-file command.

Playbooks

CrowdStrike Falcon Intelligence Sandbox Detonate and Analyze File

Maintenance and stability enhancements.

Integrations

CrowdStrike Falcon Intelligence Sandbox

• Fixed an issue where each time the integration requested for a new access token even though the access token was still valid.
• Updated the Docker image to: demisto/python3:3.10.9.45313.
• Note: Organized the the integrations' parameters by sections. Relevant for XSIAM and XSOAR 8.1 and above.

Playbooks

Detonate URL - CrowdStrike Falcon Intelligence Sandbox

Maintenance and stability enhancements.

Detonate File - CrowdStrike Falcon Intelligence Sandbox

Maintenance and stability enhancements.

Integrations

CrowdStrike Falcon Intelligence Sandbox

• Maintenance and stability enhancements.

Playbooks

Detonate File - CrowdStrike Falcon Intelligence Sandbox

Maintenance and stability enhancements.

FalconX Detonate and Analyze File

Maintenance and stability enhancements.

Detonate URL - CrowdStrike Falcon Intelligence Sandbox

Maintenance and stability enhancements.

Integrations

CrowdStrike Falcon X

• Fixed an issue where the cs-fx-download-ioc command failed unexpectedly.
• Updated the Docker image to: demisto/python3:3.10.9.42476.

Integrations

CrowdStrike Falcon X

• Updated the Docker image to: demisto/python3:3.10.9.42008.

Integrations

CrowdStrike Falcon X

• Updated the Docker image to: demisto/python3:3.10.9.40422.

Integrations

CrowdStrike Falcon X

• Updated the Docker image to: demisto/python3:3.10.8.37233.

Integrations

CrowdStrike Falcon X

• Fixed an issue in which the cs-fx-download-ioc command failed to download image files.
• Updated the Docker image to: demisto/python3:3.10.7.33922.

Integrations

CrowdStrike Falcon X

• Updated the Docker image to: demisto/python3:3.10.6.33415.

Integrations

CrowdStrike Falcon X

• Updated the Docker image to: demisto/python3:3.10.5.31928.

Integrations

CrowdStrike Falcon X

Added support for the following arguments in the cs-fx-upload-file command:

• environment_id
• action_script
• command_line
• document_password
• enable_tor
• submit_name
• system_date
• system_time

Playbooks

Detonate File - CrowdStrike Falcon X

• Added support for the added arguments in the cs-fx-upload-file command.

FalconX Detonate and Analyze File

• Added support for the added arguments in the cs-fx-upload-file command.

Integrations

CrowdStrike Falcon X

• Updated the Docker image to: demisto/python3:3.10.4.30607.

Playbooks

• FalconX Detonate and Analyze File
• Fixed input description.

Playbooks

Detonate File - CrowdStrike Falcon X

• Fixed an issue where CrowdStrike Falcon X Upload File to Sandbox task used a wrong file name.

Playbooks

New: FalconX Detonate and Analyze File

This playbook uploads, detonates, and analyzes files for the CrowdStrike Falcon X sandbox (available from Cortex XSOAR 6.5.0).

Integrations

CrowdStrike Falcon X

• Improved the handling of empty results in the cs-fx-find-reports command.

Integrations

CrowdStrike Falcon X

• Updated the Docker image to: demisto/python3:3.10.4.29342.

Integrations

CrowdStrike Falcon X

• Updated the Docker image to: demisto/python3:3.10.4.28442.

Integrations

CrowdStrike Falcon X

• Updated the Docker image to: demisto/python3:3.10.4.27798.

Integrations

CrowdStrike Falcon X

• Updated the Docker image to: demisto/python3:3.10.1.27636.

• Added indicators as command outputs to cs-fx-get-full-report, cs-fx-get-report-summary, cs-fx-upload-file (when submit_file and polling are both set to true) and cs-fx-submit-uploaded-file (when polling is set to true).

• Added the source reliability parameter for indicators.

• Added relationships between indicators to dns_requests.address, dns_requests.domain and contacted_hosts.address (when applicable).

• Added the option to run cs-fx-find-reports with the hashes argument, to fetch data by a sha256 value.

• Added the !file reputation command.

• Fixed an issue where the file_name argument was not used in the cs-fx-upload-file command.

Playbooks

Detonate File - CrowdStrike Falcon X

• Fixed a typo in the context description. Playbook functionality is not effected.

Detonate URL - CrowdStrike Falcon X

• Fixed a typo in the context description. Playbook functionality is not effected.

Integrations

CrowdStrike Falcon X

Added the polling argument to the following commands:

• cs-fx-upload-file
• cs-fx-submit-uploaded-file
• cs-fx-submit-url
  When polling is set to true, the command will try to return the results.
  The polling argument enables users to search CrowdStrike using a single command, that doesn't require GenericPolling Playbook.
• Added the extended_data argument to the cs-fx-get-full-report command. When set to true the report will return with extended data which includes mitre attacks and signature information.
• Updated the Docker image to: demisto/python3:3.10.1.25933.