Skip to main content
Submit a malware sample for analysis. Note, Submitting a file counts against your submission quota. If you’ve used your monthly quota, you must wait until the quota resets to submit additional files. One of the following subscriptions is required to execute this action:
  • Falcon Intelligence or Falcon Intelligence Premium.
External DocumentationTo learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
CommentProvide a comment on the file.
Environment IDThe sandbox environment ID, in which you want to analysis the file.
File IdentifierThe identifier of the file.
A file identifier represents a file created or referenced earlier in the workflow (for example, from a file action or another step that produces a file).
See Using with Files in Workflowsfor more details.
File NameThe name of the file.

Example Output

{
	"meta": {
		"query_time": 3.171612093,
		"powered_by": "falconx-api",
		"trace_id": "9078d20a-62b0-438e-9b3f-d4d44bf82334",
		"quota": {
			"total": 5000,
			"used": 0,
			"in_progress": 1
		}
	},
	"resources": [
		{
			"id": "0123456789ABCDEFGHIJKLMNOPQRSTUV_eecd9a8f319940dfb0255e5d436822d9",
			"cid": "0123456789ABCDEFGHIJKLMNOPQRSTUV",
			"origin": "uiproxy",
			"state": "created",
			"created_timestamp": "2019-01-03T13:09:49Z",
			"sandbox": [
				{
					"sha256": "42a615198bcdfc72839936409c88af7ded125feabfec4753b307dc985aaba48f",
					"environment_id": 100,
					"submit_name": "virus.exe"
				}
			]
		}
	],
	"errors": []
}

Workflow Library Example

Submit File for Analysis with Crowdstrike and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop