Detonate File - BitDam

Detonates one or more files using BitDam integration. Returns verdict to the War Room and file reputations to the context data.

Supported file types are mainly PDF & microsoft office software.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • GenericPolling

Integrations

This playbook does not use any integrations.

Scripts

  • Set

Commands

  • bitdam-get-verdict
  • bitdam-upload-file

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
FileThe file object of the file to detonate. The File is taken from the context.NoneFileOptional
IntervalThe duration for executing the pooling (in minutes).1-Optional
TimeoutThe duration after which to stop pooling and to resume the playbook (in minutes).10-Optional

Playbook Outputs


PathDescriptionType
BitDam.Analysis.IDThe sample ID.string
DBotScore.VendorThe name of the vendor: BitDam.string
BitDam.Analysis.VerdictThe analysis verdict.string
BitDam.Analysis.StatusThe analysis status.string
DBotScore.IndicatorThe name of the sample file or URL.unknown
DBotScore.TypeThe 'file' for file samples.string
DBotScore.ScoreThe actual score.number

Playbook Image


Detonate_File_-_BitDam