-
Notifications
You must be signed in to change notification settings - Fork 81
New FalconSubmission
bk-cs edited this page Sep 22, 2022
·
20 revisions
Submit a sample to the Falcon X Sandbox
Requires 'Sandbox (Falcon X): Write'.
| Name | Type | Min | Max | Allowed | Pipeline | PipelineByName | Description |
|---|---|---|---|---|---|---|---|
| EnvironmentId | String |
androidmacOS_10.15ubuntu16_x64win7_x64win7_x86win10_x64
|
False | False | Analysis environment | ||
| Sha256 | String | False | False | Sha256 hash value | |||
| Url | String | False | False | A webpage or file URL | |||
| SubmitName | String | False | False | Submission name | |||
| ActionScript | String |
defaultdefault_maxantievasiondefault_randomfilesdefault_randomthemedefault_openie
|
False | False | Runtime script for sandbox analysis | ||
| CommandLine | String | False | False | Command line script passed to the submitted file at runtime | |||
| SystemDate | String | False | False | A custom date to use in the analysis environment | |||
| SystemTime | String | False | False | A custom time to use in the analysis environment | |||
| DocumentPassword | String | False | False | Auto-filled for Adobe or Office files that prompt for a password | |||
| NetworkSetting | String |
defaulttorsimulatedoffline
|
False | False | Network settings to use in the analysis environment | ||
| EnableTor | Boolean | False | False | Route traffic via TOR | |||
| UserTag | String[] | False | False | Tags to categorize the submission |
New-FalconSubmission [-EnvironmentId] <String> [[-Sha256] <String>] [[-Url] <String>] [[-SubmitName] <String>] [[-ActionScript] <String>] [-CommandLine] <String>] [[-SystemDate] <String>] [[-SystemTime] <String>] [[-DocumentPassword] <String>] [[-NetworkSetting] <String>] [-EnableTor] <Boolean>] [[-UserTag] <String[]>] [-WhatIf] [-Confirm] [<CommonParameters>]
Generated 20220922 using PSFalcon v2.2.3

- Using PSFalcon
-
Commands by Permission
- Actors (Falcon Intelligence)
- Alerts
- API integrations
- App Logs
- Assets
- CAO Hunting
- Case Templates
- Cases
- Channel File Control Settings
- Cloud Security API Assets
- Configuration Assessment
- Content Update Policies
- Correlation Rules
- CSPM registration
- Custom IOA rules
- Device Content
- Device control policies
- Event streams
- Falcon Complete Dashboards
- Falcon Container Image
- Falcon Data Replicator
- Falcon FileVantage
- Falcon FileVantage Content
- Firewall management
- Flight Control
- Host groups
- Host Migration
- Hosts
- Identity Protection Entities
- Identity Protection GraphQL
- Identity Protection Policy Rules
- Incidents
- Indicators (Falcon Intelligence)
- Installation tokens
- Installation token settings
- IOA Exclusions
- IOC Manager APIs
- IOCs
- IT Automation - Policies
- IT Automation - Task Executions
- IT Automation - Tasks
- IT Automation - User Groups
- Kubernetes Protection
- Machine Learning exclusions
- MalQuery
- Malware Families (Falcon Intelligence)
- Message Center
- Mobile Enrollment
- Monitoring rules (Falcon Intelligence Recon)
- NGSIEM
- NGSIEM Dashboards
- NGSIEM Lookup Files
- NGSIEM Parsers
- NGSIEM Saved Queries
- On demand scans (ODS)
- OverWatch Dashboard
- Prevention Policies
- Quarantined Files
- QuickScan Pro
- Real time response
- Real time response (admin)
- Reports (Falcon Intelligence)
- Response policies
- Rules (Falcon Intelligence)
- Sample uploads
- Sandbox (Falcon Intelligence)
- Scheduled Reports
- Sensor Download
- Sensor update policies
- Sensor Usage
- Sensor Visibility Exclusions
- Snapshot
- Snapshot Scanner Image Download
- Tailored Intelligence
- Threatgraph
- User management
- Vulnerabilities
- Vulnerabilities (Falcon Intelligence)
- Workflow
- Zero Trust Assessment
- Other Commands
- Examples
-
CrowdStrike SDKs
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust