To learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
Sample IDThe sample ID of the submitted file. Can be obtained from the List Submitted Samples IDs action.

Example Output

{    "meta": {        "query_time": 0.016057403,        "powered_by": "falconx-api",        "trace_id": "09a275cf-6d1b-4ef6-816a-cb5b2cc949f8",        "quota": {            "total": 5000,            "used": 3,            "in_progress": 0        }    },    "resources": [        {            "id": "5ddb0407bef249c19c7a975f17979a1f_eecd9a8f319940dfb0255e5d436822d9",            "cid": "5ddb0407bef249c19c7a975f17979a1f",            "created_timestamp": "2019-01-03T13:09:49Z",            "origin": "uiproxy",            "sandbox": [                {                    "sha256": "42a615198bcdfc72839936409c88af7ded125feabfec4753b307dc985aaba48f",                    "environment_id": 100,                    "environment_description": "Windows 7 32 bit",                    "submit_name": "42a615198bcdfc72839936409c88af7ded125feabfec4753b307dc985aaba48f",                    "threat_score": 100,                    "verdict": "malicious",                    "file_type": "PE32 executable (GUI) Intel 80386, for MS Windows",                    "incidents": [                        {                            "name": "Fingerprint",                            "details": [                                "Reads the active computer name"                            ]                        }                    ],                    "classification_tags": [                        "gop",                        "guardianofpeace",                        "operationtroy",                        "phandoor",                        "silentchollima",                        "targeted",                        "whoisteam"                    ],                    "sample_flags": [                        "Extracted Files"                    ]                }            ],            "intel": [                {                    "actors": [                        {                            "id": 1779,                            "name": "SILENT CHOLLIMA",                            "slug": "silent-chollima"                        }                    ]                }            ],            "tags": [                "silent chollima",                "operationtroy",                "silentchollima",                "whoisteam",                "guardianofpeace",                "targeted",                "darkseoul",                "andariel",                "phandoor",                "gop"            ],            "ioc_report_strict_csv_artifact_id": "9a24ffdfe64bc885dc023a43ced533fd90c4187ffe4800e266d54b79c3e1b198",            "ioc_report_broad_csv_artifact_id": "a93e7888b9fd253a05c0568a85a8c572d09a301db4fada4177695a65235ab813",            "ioc_report_strict_json_artifact_id": "ea103590a8fb876486f6f8d21180f82ea7497285aebd48aedfe6b13b44849850",            "ioc_report_broad_json_artifact_id": "555b372175de540a3ea29c7410f451a125b53d4f9bb10fe17c0a1317a5e2fa9e"        }    ],    "errors": []}

Workflow Library Example

Get Analysis Report Summary with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop