Skip to main content

Get Analysis Report Summary

Retrieve the analysis report summary for a given submitted file.

External Documentation

To learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
Sample IDThe sample ID of the submitted file. Can be obtained from the List Submitted Samples IDs action.

Example Output

{
    "meta": {
        "query_time": 0.016057403,
        "powered_by": "falconx-api",
        "trace_id": "09a275cf-6d1b-4ef6-816a-cb5b2cc949f8",
        "quota": {
            "total": 5000,
            "used": 3,
            "in_progress": 0
        }
    },
    "resources": [
        {
            "id": "5ddb0407bef249c19c7a975f17979a1f_eecd9a8f319940dfb0255e5d436822d9",
            "cid": "5ddb0407bef249c19c7a975f17979a1f",
            "created_timestamp": "2019-01-03T13:09:49Z",
            "origin": "uiproxy",
            "sandbox": [
                {
                    "sha256": "42a615198bcdfc72839936409c88af7ded125feabfec4753b307dc985aaba48f",
                    "environment_id": 100,
                    "environment_description": "Windows 7 32 bit",
                    "submit_name": "42a615198bcdfc72839936409c88af7ded125feabfec4753b307dc985aaba48f",
                    "threat_score": 100,
                    "verdict": "malicious",
                    "file_type": "PE32 executable (GUI) Intel 80386, for MS Windows",
                    "incidents": [
                        {
                            "name": "Fingerprint",
                            "details": [
                                "Reads the active computer name"
                            ]
                        }
                    ],
                    "classification_tags": [
                        "gop",
                        "guardianofpeace",
                        "operationtroy",
                        "phandoor",
                        "silentchollima",
                        "targeted",
                        "whoisteam"
                    ],
                    "sample_flags": [
                        "Extracted Files"
                    ]
                }
            ],
            "intel": [
                {
                    "actors": [
                        {
                            "id": 1779,
                            "name": "SILENT CHOLLIMA",
                            "slug": "silent-chollima"
                        }
                    ]
                }
            ],
            "tags": [
                "silent chollima",
                "operationtroy",
                "silentchollima",
                "whoisteam",
                "guardianofpeace",
                "targeted",
                "darkseoul",
                "andariel",
                "phandoor",
                "gop"
            ],
            "ioc_report_strict_csv_artifact_id": "9a24ffdfe64bc885dc023a43ced533fd90c4187ffe4800e266d54b79c3e1b198",
            "ioc_report_broad_csv_artifact_id": "a93e7888b9fd253a05c0568a85a8c572d09a301db4fada4177695a65235ab813",
            "ioc_report_strict_json_artifact_id": "ea103590a8fb876486f6f8d21180f82ea7497285aebd48aedfe6b13b44849850",
            "ioc_report_broad_json_artifact_id": "555b372175de540a3ea29c7410f451a125b53d4f9bb10fe17c0a1317a5e2fa9e"
        }
    ],
    "errors": []
}

Workflow Library Example

Get Analysis Report Summary with Crowdstrike and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop