Submit a file for security analysis using a specific playbook.
External DocumentationTo learn more, visit the Intel Owl documentation.

Basic Parameters

ParameterDescription
File IdentifierThe identifier of the file to be analyzed.
PlaybookThe name of the playbook to execute for the analysis.
TLPTraffic Light Protocol classification level to control information sharing.
TagA label to assign to the analysis.

Advanced Parameters

ParameterDescription
Analyzers Runtime ConfigurationA configuration object to override default analyzers configuration.

For example:
{
“Doc_Info”: {
“additional_passwords_to_check”: [“passwd”, “2020”]
}
}
For more information about the Runtime Configuration, refer to Intel Owl API documentation.

Example Output

{
	"results": [
		{
			"job_id": 75,
			"analyzers_running": [
				"ClamAV",
				"Cymru_Hash_Registry_Get_File",
				"Doc_Info",
				"File_Info",
				"HashLookupServer_Get_File",
				"Permhash",
				"Strings_Info",
				"Yara",
				"Zippy_scan"
			],
			"connectors_running": [],
			"visualizers_running": [
				"Data_Model"
			],
			"playbook_running": "FREE_TO_USE_ANALYZERS",
			"investigation": null,
			"status": "accepted",
			"already_exists": false
		}
	],
	"count": 1
}

Workflow Library Example

Send File Analysis Playbook Request with Intel Owl and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop