New FalconSubmission - CrowdStrike/psfalcon GitHub Wiki
Submit a sample to the Falcon Intelligence Sandbox
'Sha256' values are retrieved from files that are uploaded using 'Send-FalconSample'. Files must be uploaded before they can be provided to the Falcon Intelligence Sandbox.
Requires 'Sandbox (Falcon Intelligence): Write'.
| Name | Type | Description | Min | Max | Allowed | Pipeline | PipelineByName |
|---|---|---|---|---|---|---|---|
| EnvironmentId | String | Analysis environment |
androidmacOS_10.15ubuntu16_x64win7_x64win7_x86win10_x64
|
||||
| Url | String | A webpage or file URL | |||||
| ActionScript | String | Runtime script for sandbox analysis |
defaultdefault_maxantievasiondefault_randomfilesdefault_randomthemedefault_openie
|
||||
| CommandLine | String | Command line script passed to the submitted file at runtime | |||||
| SystemDate | String | A custom date to use in the analysis environment | |||||
| SystemTime | String | A custom time to use in the analysis environment | |||||
| DocumentPassword | String | Auto-filled for Adobe or Office files that prompt for a password | |||||
| NetworkSetting | String | Network settings to use in the analysis environment |
defaulttorsimulatedoffline
|
||||
| EnableTor | Boolean | Route traffic via TOR | |||||
| UserTag | String[] | Tags to categorize the submission | |||||
| SubmitName | String | Submission name | X | ||||
| Sha256 | String | Sha256 hash value | X | X |
New-FalconSubmission [-EnvironmentId] <String> [[-Url] <String>] [[-ActionScript] <String>] [[-CommandLine] <String>] [[-SystemDate] <String>] [[-SystemTime] <String>] [[-DocumentPassword] <String>] [[-NetworkSetting] <String>] [[-EnableTor] <Boolean>] [[-UserTag] <String[]>] [[-SubmitName] <String>] [[-Sha256] <String>] [-WhatIf] [-Confirm] [<CommonParameters>]POST /falconx/entities/submissions/v1
The file submitted to the Falcon Intelligence Sandbox must be previously uploaded through Send-FalconSample.
New-FalconSubmission -Sha256 <sha256> -EnvironmentId win7_x86 -SubmitName virus.exeSee Send-FalconSample.
2023-04-25: PSFalcon v2.2.5
