Results for all Sandbox submissions are
shown in the Sandbox Submission Results tab for every security
incident.
Before you begin
Role required: sn_si.analyst
Procedure
Open the security incident
that you are working with
and verify that the
sandbox
submission is successful.
Review the
Work
notes for more information and
learn
how to proceed if you
can't
verify that the scan is successful.
Either click the complete results link
in
the
Work
notes
or
at
the bottom of the security
incident,
navigate to
Show
All Related Lists> Sandbox Submission
Results.
Results are displayed in the Sandbox Submission
Results
tab.
Click open any record to view the complete
sandbox
analysis.
Optional:
Click
Resubmit to Sandbox to reprocess the observable.
Result
The Threat lookup results tab provides the threat
assessment, including malicious findings, threat scores, and additional details.
These details
are
provided in the standard threat lookup format structure for all ServiceNow threat lookup integrations.
The
Indicators of compromise
tab provides
the
malicious or suspicious
sandbox
results
with
the Confidence scores. The Confidence scores are similar to other Indicator
information that is stored in the ServiceNow platform.
Indicators that are classified as informational are not included in this
tab.
Click External link to view the
Sandbox
results
in the CrowdStrike Falcon X Sandbox portal.
Note:
This
option requires
that you
have
the CrowdStrike Falcon X Sandbox
role
to view the results.
You can
also monitor
the
sandbox
submission results for all security incidents by navigating to CrowdStrike Falcon
Sandbox > Sandbox Submission Results.
