Detonate URL - McAfee ATD

Detonates a URL using the McAfee Advanced Threat Defense Sandbox integration.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • GenericPolling

Integrations

This playbook does not use any integrations.

Scripts

  • Set

Commands

  • atd-check-status
  • atd-get-report
  • atd-file-upload

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
URLThe URL to detonate.DataURLOptional
IntervalThe polling frequency. How often the polling command should run (in minutes).1-Optional
TimeoutHow much time to wait before a timeout occurs (in minutes).15-Optional

Playbook Outputs


PathDescriptionType
ATD.Task.taskIdThe task ID of the sample uploaded.string
ATD.Task.jobIdThe job ID of the sample uploaded.string
ATD.Task.messageIdThe message ID relevant to the sample uploaded.string
ATD.Task.urlThe URL detonated.string
ATD.Task.srcIpThe source IPv4 address.string
ATD.Task.destIpThe destination IPv4 address.string
ATD.Task.MD5The MD5 hash of the sample uploaded.string
ATD.Task.SHA1The SHA1 hash of the sample uploaded.string
ATD.Task.SHA256The SHA256 hash of the sample uploaded.string
File.NameThe filename (only in case of report type=json).string
File.TypeThe file type. For example, "PE" (only in case of report type=json).string
File.MD5The MD5 hash of the file (only in case of report type=json).string
File.SHA1The SHA1 hash of the file (only in case of report type=json).string
File.SHA256The SHA256 hash of the file (only in case of report type=json).string
File.EntryIDThe entry ID of the sample.string
DBotScore.IndicatorThe indicator that was tested (only in case of report type=json).string
DBotScore.TypeThe type of the indicator (only in case of report type=json).string
DBotScore.VendorThe vendor used to calculate the score (only in case of report type=json).string
DBotScore.ScoreThe actual score (only in case of report type=json).number
IP.AddressThe IP addresses's relevant to the sample.string
InfoFile.EntryIDThe EntryID of the report file.string
InfoFile.ExtensionThe extension of the report file.string
InfoFile.NameThe name of the report file.string
InfoFile.InfoThe info of the report file.string
InfoFile.SizeThe size of the report file.number
InfoFile.TypeThe type of the report file.string
FileThe file object.unknown
File.MaliciousThe file's malicious object.unknown
DBotScoreThe DBotScore object.unknown
InfoFileThe report file object.unknown
URL.MaliciousThe URL malicious object.unknown

Playbook Image


Detonate_URL_McAfee_ATD