Manually submit files or URLs to Sandbox
You can manually submit a file or URL to a sandbox when certain incident criteria, such as category is phishing, are met.
Vorbereitungen
Role required: sn_si.analyst
Warum und wann dieser Vorgang ausgeführt wird
After reviewing the security incident and the file or URL, you can select the Submit to Sandbox option to perform a malware analysis.
Prozedur
-
On the Observables tab, select a record or multiple records for which you want to perform malware or threat analysis and click Submit to Sandbox.
-
When the File Submission filter appears, select your preferred sandbox configuration in Submission configuration, and click Submit to Sandbox.
- Wahlweise:
Select Additional runtime options if you want to provide further custom options.
Field Description Custom commandline Regular application command line or a special operation. System date System date in yyyy-MM-dd format. System time System time in HH:mm format. After you initiate the submission, you can view the Work notes to see the status of your submission. For further information on the status of the submission or to analyze the results, view the Sandbox Submission Results.Hinweis:In CrowdStrike Falcon X Sandbox, quick scan isn’t supported for URLs. If the worknotes has too much information, you can use the Filter option to drill down to the required worknotes that is relevant to you.
Nächste Maßnahme
When you submit the observables to the sandbox for malware analysis, view the sandbox submission results to take the next steps on potential threats.