Retrieve the analysis report summary for a given submitted file. One of the following subscriptions is required to execute this action:
  • Falcon Intelligence or Falcon Intelligence Premium.
External DocumentationTo learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
Sample IDThe sample ID of the submitted file. Can be obtained from the List Submitted Samples IDs action.

Example Output

{
	"meta": {
		"query_time": 0.016057403,
		"powered_by": "falconx-api",
		"trace_id": "09a275cf-6d1b-4ef6-816a-cb5b2cc949f8",
		"quota": {
			"total": 5000,
			"used": 3,
			"in_progress": 0
		}
	},
	"resources": [
		{
			"id": "5ddb0407bef249c19c7a975f17979a1f_eecd9a8f319940dfb0255e5d436822d9",
			"cid": "5ddb0407bef249c19c7a975f17979a1f",
			"created_timestamp": "2019-01-03T13:09:49Z",
			"origin": "uiproxy",
			"sandbox": [
				{
					"sha256": "42a615198bcdfc72839936409c88af7ded125feabfec4753b307dc985aaba48f",
					"environment_id": 100,
					"environment_description": "Windows 7 32 bit",
					"submit_name": "42a615198bcdfc72839936409c88af7ded125feabfec4753b307dc985aaba48f",
					"threat_score": 100,
					"verdict": "malicious",
					"file_type": "PE32 executable (GUI) Intel 80386, for MS Windows",
					"incidents": [
						{
							"name": "Fingerprint",
							"details": [
								"Reads the active computer name"
							]
						}
					],
					"classification_tags": [
						"gop",
						"guardianofpeace",
						"operationtroy",
						"phandoor",
						"silentchollima",
						"targeted",
						"whoisteam"
					],
					"sample_flags": [
						"Extracted Files"
					]
				}
			],
			"intel": [
				{
					"actors": [
						{
							"id": 1779,
							"name": "SILENT CHOLLIMA",
							"slug": "silent-chollima"
						}
					]
				}
			],
			"tags": [
				"silent chollima",
				"operationtroy",
				"silentchollima",
				"whoisteam",
				"guardianofpeace",
				"targeted",
				"darkseoul",
				"andariel",
				"phandoor",
				"gop"
			],
			"ioc_report_strict_csv_artifact_id": "9a24ffdfe64bc885dc023a43ced533fd90c4187ffe4800e266d54b79c3e1b198",
			"ioc_report_broad_csv_artifact_id": "a93e7888b9fd253a05c0568a85a8c572d09a301db4fada4177695a65235ab813",
			"ioc_report_strict_json_artifact_id": "ea103590a8fb876486f6f8d21180f82ea7497285aebd48aedfe6b13b44849850",
			"ioc_report_broad_json_artifact_id": "555b372175de540a3ea29c7410f451a125b53d4f9bb10fe17c0a1317a5e2fa9e"
		}
	],
	"errors": []
}

Workflow Library Example

Get Analysis Report Summary with Crowdstrike and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop