diff --git a/Packs/CrowdStrikeFalconSandbox/Integrations/CrowdStrikeFalconSandboxV2/CrowdStrikeFalconSandboxV2.yml b/Packs/CrowdStrikeFalconSandbox/Integrations/CrowdStrikeFalconSandboxV2/CrowdStrikeFalconSandboxV2.yml index ea93501083f7..99fe580fba62 100644 --- a/Packs/CrowdStrikeFalconSandbox/Integrations/CrowdStrikeFalconSandboxV2/CrowdStrikeFalconSandboxV2.yml +++ b/Packs/CrowdStrikeFalconSandbox/Integrations/CrowdStrikeFalconSandboxV2/CrowdStrikeFalconSandboxV2.yml @@ -1,6 +1,9 @@ commonfields: id: CrowdStrike Falcon Sandbox V2 version: -1 +sectionOrder: +- Connect +- Collect name: CrowdStrike Falcon Sandbox V2 display: CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis) category: Forensics & Malware Analysis @@ -11,12 +14,14 @@ configuration: defaultvalue: https://www.hybrid-analysis.com type: 0 display: Server URL (e.g. https://www.hybrid-analysis.com) + section: Connect - name: credentials required: true defaultvalue: type: 9 displaypassword: API Key hiddenusername: true + section: Connect - additionalinfo: Reliability of the source providing the intelligence data. defaultvalue: C - Fairly reliable display: Source Reliability @@ -31,21 +36,24 @@ configuration: - F - Reliability cannot be judged required: true type: 15 + section: Collect - name: insecure display: Trust any certificate (not secure) type: 8 additionalinfo: required: false + section: Connect - name: proxy display: Use system proxy settings type: 8 additionalinfo: required: false + section: Connect script: script: "-" subtype: python3 type: python - dockerimage: demisto/python3:3.11.10.116949 + dockerimage: demisto/python3:3.12.8.1983910 commands: - name: cs-falcon-sandbox-scan polling: true @@ -419,7 +427,7 @@ script: required: true defaultValue: "" - name: environmentID - description: 'The environment ID. Available environment IDs: 300: "Linux (Ubuntu 16.04, 64 bit)"", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' + description: 'The environment ID. Available environment IDs: 310: "Linux (Ubuntu 20, 64-bit)", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' required: true auto: PREDEFINED defaultValue: "100" @@ -428,7 +436,7 @@ script: - "110" - "120" - "200" - - "300" + - "310" - name: polling description: Whether the command should poll until the result is ready. auto: PREDEFINED @@ -693,7 +701,7 @@ script: required: true defaultValue: "" - name: environmentID - description: 'The environment ID. Available environment IDs: 300: "Linux (Ubuntu 16.04, 64 bit)"", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' + description: 'The environment ID. Available environment IDs: 310: "Linux (Ubuntu 20, 64-bit)", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' required: true auto: PREDEFINED defaultValue: "100" @@ -702,7 +710,7 @@ script: - "110" - "120" - "200" - - "300" + - "310" - name: environmentId deprecated: true description: 'The environment ID.' @@ -1124,7 +1132,7 @@ script: deprecated: true description: '' - name: environmentID - description: 'The environment ID. Available environment IDs: 300: "Linux (Ubuntu 16.04, 64 bit)"", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' + description: 'The environment ID. Available environment IDs: 310: "Linux (Ubuntu 20, 64-bit)", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' auto: PREDEFINED defaultValue: "" predefined: @@ -1132,7 +1140,7 @@ script: - "110" - "120" - "200" - - "300" + - "310" - name: JobID description: The file job ID to generate a report for. defaultValue: "" @@ -1323,7 +1331,7 @@ script: deprecated: true description: '' - name: environmentID - description: 'The environment ID. Available environment IDs: 300: "Linux (Ubuntu 16.04, 64 bit)"", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' + description: 'The environment ID. Available environment IDs: 310: "Linux (Ubuntu 20, 64-bit)", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' auto: PREDEFINED defaultValue: "" predefined: @@ -1331,7 +1339,7 @@ script: - "110" - "120" - "200" - - "300" + - "310" - name: environmentId deprecated: true description: 'The environment ID.' @@ -1516,7 +1524,7 @@ script: required: true defaultValue: "" - name: environmentID - description: 'The environment ID. Available environment IDs: 300: "Linux (Ubuntu 16.04, 64 bit)"", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' + description: 'The environment ID. Available environment IDs: 310: "Linux (Ubuntu 20, 64-bit)", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' required: true auto: PREDEFINED defaultValue: "100" @@ -1525,7 +1533,7 @@ script: - "110" - "120" - "200" - - "300" + - "310" - name: polling description: Whether the command should poll until the result is ready. auto: PREDEFINED @@ -1793,7 +1801,7 @@ script: required: true defaultValue: "" - name: environmentID - description: 'The environment ID. Available environment IDs: 300: "Linux (Ubuntu 16.04, 64 bit)"", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' + description: 'The environment ID. Available environment IDs: 310: "Linux (Ubuntu 20, 64-bit)", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' required: true auto: PREDEFINED defaultValue: "100" @@ -1802,7 +1810,7 @@ script: - "110" - "120" - "200" - - "300" + - "310" - name: polling description: Whether the command should poll until the result is ready. auto: PREDEFINED @@ -1932,7 +1940,7 @@ script: description: The sha256 hash of a file. defaultValue: "" - name: environmentID - description: 'The environment ID. Available environment IDs: 300: "Linux (Ubuntu 16.04, 64 bit)"", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' + description: 'The environment ID. Available environment IDs: 310: "Linux (Ubuntu 20, 64-bit)", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' auto: PREDEFINED defaultValue: "" predefined: @@ -1940,7 +1948,7 @@ script: - "110" - "120" - "200" - - "300" + - "310" - name: JobID description: The file job ID. defaultValue: "" @@ -1971,7 +1979,7 @@ script: description: The SHA256 hash of a file. defaultValue: "" - name: environmentID - description: 'The environment ID. Available environment IDs: 300: "Linux (Ubuntu 16.04, 64 bit)"", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' + description: 'The environment ID. Available environment IDs: 310: "Linux (Ubuntu 20, 64-bit)", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' auto: PREDEFINED defaultValue: "" predefined: @@ -1979,7 +1987,7 @@ script: - "110" - "120" - "200" - - "300" + - "310" - name: JobID description: The file job ID. defaultValue: "" @@ -2302,7 +2310,7 @@ script: description: The file job ID. defaultValue: "" - name: environmentID - description: 'The environment ID. Available environment IDs: 300: "Linux (Ubuntu 16.04, 64 bit)"", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' + description: 'The environment ID. Available environment IDs: 310: "Linux (Ubuntu 20, 64-bit)", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit".' auto: PREDEFINED defaultValue: "" predefined: @@ -2310,7 +2318,7 @@ script: - "110" - "120" - "200" - - "300" + - "310" - name: file description: The hash of the file. outputs: diff --git a/Packs/CrowdStrikeFalconSandbox/Integrations/CrowdStrikeFalconSandboxV2/README.md b/Packs/CrowdStrikeFalconSandbox/Integrations/CrowdStrikeFalconSandboxV2/README.md index dd8f0d23d646..c62b01d58de4 100644 --- a/Packs/CrowdStrikeFalconSandbox/Integrations/CrowdStrikeFalconSandboxV2/README.md +++ b/Packs/CrowdStrikeFalconSandbox/Integrations/CrowdStrikeFalconSandboxV2/README.md @@ -1075,28 +1075,28 @@ Submits a file from the investigation to the analysis server. #### Input -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| entryId | The War Room entry ID. | Required | -| environmentID | The environment ID. Available environment IDs: 300: "Linux (Ubuntu 16.04, 64 bit)"", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit". Possible values are: 100, 110, 120, 200, 300. Default is 100. | Required | -| polling | Whether the command should poll until the result is ready. Possible values are: true, false. | Optional | -| no_share_third_party | When set to 'true', the sample is never shared with any third party. Possible values are: true, false. | Optional | -| no_hash_lookup | When set to 'true', no hash lookup is done on the sample. Possible values are: true, false. | Optional | -| allow_community_access | When set to 'true', the sample is available for the community. Possible values are: true, false. | Optional | +| **Argument Name** | **Description** | **Required** | +| --- |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| --- | +| entryId | The War Room entry ID. | Required | +| environmentID | The environment ID. Available environment IDs: 310: "Linux (Ubuntu 20, 64-bit)", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit". Possible values are: 100, 110, 120, 200, 310. Default is 100. | Required | +| polling | Whether the command should poll until the result is ready. Possible values are: true, false. | Optional | +| no_share_third_party | When set to 'true', the sample is never shared with any third party. Possible values are: true, false. | Optional | +| no_hash_lookup | When set to 'true', no hash lookup is done on the sample. Possible values are: true, false. | Optional | +| allow_community_access | When set to 'true', the sample is available for the community. Possible values are: true, false. | Optional | | action_script | Optional custom runtime action script. Available runtime scripts: default, default_maxantievasion, default_randomfiles, default_randomtheme, default_openie. Possible values are: default, default_maxantievasion, default_randomfiles, default_randomtheme, default_openie. | Optional | -| hybrid_analysis | When set to 'false', no memory dump or memory dump analysis is done. Possible values are: true, false. | Optional | -| experimental_anti_evasion | When set to 'true', sets all Kernelmode Monitor experimental anti-evasion options. Possible values are: true, false. | Optional | -| script_logging | When set to 'true', sets the Kernelmode Monitor in-depth script logging engine. Possible values are: true, false. | Optional | -| input_sample_tampering | When set to 'true', allows Kernelmode Monitor experimental anti-evasion options that tamper with the input sample. Possible values are: true, false. | Optional | -| network_settings | Network settings. Available options: default: 'Fully operating network', tor: 'Route network traffic via TOR', simulated: 'Simulate network traffic'. Possible values are: default, tor, simulated. | Optional | -| email | Optional email address that may be associated with the submission for notification. | Optional | -| comment | Optional comment text that may be associated with the submission/sample (Note: you can use #tags). | Optional | -| custom_cmd_line | Optional command line that should be passed to the analysis file. | Optional | -| custom_run_time | Optional runtime duration (in seconds). | Optional | -| submit_name | Optional 'submission name' field that will be used for file type detection and analysis. Ignored unless url contains a file. | Optional | -| priority | Optional priority value between 1 (lowest) and 10 (highest). By default all samples run with highest priority. Possible values are: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10. | Optional | -| document_password | Optional document password used to fill in Adobe/Office password prompts. | Optional | -| environment_variable | Optional system environment value. The value is provided in the format name=value. | Optional | +| hybrid_analysis | When set to 'false', no memory dump or memory dump analysis is done. Possible values are: true, false. | Optional | +| experimental_anti_evasion | When set to 'true', sets all Kernelmode Monitor experimental anti-evasion options. Possible values are: true, false. | Optional | +| script_logging | When set to 'true', sets the Kernelmode Monitor in-depth script logging engine. Possible values are: true, false. | Optional | +| input_sample_tampering | When set to 'true', allows Kernelmode Monitor experimental anti-evasion options that tamper with the input sample. Possible values are: true, false. | Optional | +| network_settings | Network settings. Available options: default: 'Fully operating network', tor: 'Route network traffic via TOR', simulated: 'Simulate network traffic'. Possible values are: default, tor, simulated. | Optional | +| email | Optional email address that may be associated with the submission for notification. | Optional | +| comment | Optional comment text that may be associated with the submission/sample (Note: you can use #tags). | Optional | +| custom_cmd_line | Optional command line that should be passed to the analysis file. | Optional | +| custom_run_time | Optional runtime duration (in seconds). | Optional | +| submit_name | Optional 'submission name' field that will be used for file type detection and analysis. Ignored unless url contains a file. | Optional | +| priority | Optional priority value between 1 (lowest) and 10 (highest). By default all samples run with highest priority. Possible values are: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10. | Optional | +| document_password | Optional document password used to fill in Adobe/Office password prompts. | Optional | +| environment_variable | Optional system environment value. The value is provided in the format name=value. | Optional | #### Context Output @@ -1995,7 +1995,7 @@ Retrieves result data on a file. Note: This command returns a file. | --- | --- | --- | | polling | Whether the command should poll until the result is ready. Possible values are: true, false. Default is True. | Optional | | file | The file hash (MD5, SHA1, or SHA256). | Optional | -| environmentID | The environment ID. Available environment IDs: 300: "Linux (Ubuntu 16.04, 64 bit)"", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit". Possible values are: 100, 110, 120, 200, 300. | Optional | +| environmentID | The environment ID. Available environment IDs: 310: "Linux (Ubuntu 20, 64-bit)", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit". Possible values are: 100, 110, 120, 200, 310. Default is 100. | Required | | JobID | The file job ID to generate a report for. | Optional | | file-type | The file type. Possible values are: xml, json, html, pdf, maec, stix, misp, misp-json, openioc. Default is pdf. | Optional | @@ -2071,7 +2071,7 @@ Submits a URL for analysis. | **Argument Name** | **Description** | **Required** | | --- | --- | --- | | url | The URL for analysis or the URL of the file to submit. | Required | -| environmentID | The environment ID. Available environment IDs: 300: "Linux (Ubuntu 16.04, 64 bit)"", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit". Possible values are: 100, 110, 120, 200, 300. Default is 100. | Required | +| environmentID | The environment ID. Available environment IDs: 310: "Linux (Ubuntu 20, 64-bit)", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit". Possible values are: 100, 110, 120, 200, 310. Default is 100. | Required | | polling | Whether the command should poll until the result is ready. Possible values are: true, false. | Optional | | no_share_third_party | When set to 'true', the sample is never shared with any third party. Possible values are: true, false. | Optional | | no_hash_lookup | When set to 'true', no hash lookup is done on the sample. Possible values are: true, false. | Optional | @@ -2538,7 +2538,7 @@ Retrieves screenshots from a report | **Argument Name** | **Description** | **Required** | | --- | --- | --- | | file | The sha256 hash of a file. | Optional | -| environmentID | The environment ID. Available environment IDs: 300: "Linux (Ubuntu 16.04, 64 bit)"", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit". Possible values are: 100, 110, 120, 200, 300. | Optional | +| environmentID | The environment ID. Available environment IDs: 310: "Linux (Ubuntu 20, 64-bit)", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit". Possible values are: 100, 110, 120, 200, 310. Default is 100. | Required | | JobID | The file job ID. | Optional | @@ -3870,7 +3870,7 @@ Gets the report state for the given ID. | **Argument Name** | **Description** | **Required** | | --- | --- | --- | | JobID | The file job ID. | Optional | -| environmentID | The environment ID. Available environment IDs: 300: "Linux (Ubuntu 16.04, 64 bit)"", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit". Possible values are: 100, 110, 120, 200, 300. | Optional | +| environmentID | The environment ID. Available environment IDs: 310: "Linux (Ubuntu 20, 64-bit)", 200: "Android Static Analysis", 120: "Windows 7 64 bit", 110: "Windows 7 32 bit (HWP Support)", 100: "Windows 7 32 bit". Possible values are: 100, 110, 120, 200, 310. Default is 100. | Required | | file | The hash of the file. | Optional | @@ -3909,4 +3909,8 @@ Gets the report state for the given ID. >|Error|Error Origin|Error Type|Related Reports|State| >|---|---|---|---|---| ->| The requested environment ID "300" and file type "pdf" have no available execution environment | CLIENT | FILE_TYPE_BAD_ERROR | | ERROR | \ No newline at end of file +>| The requested environment ID "300" and file type "pdf" have no available execution environment | CLIENT | FILE_TYPE_BAD_ERROR | | ERROR | + +## Additional Notes +- The CrowdStrike Environment ID 300 has been deprecated and is now EOL. It is recommended to use Environment ID 310 for Linux sandboxing. + diff --git a/Packs/CrowdStrikeFalconSandbox/ReleaseNotes/2_0_24.md b/Packs/CrowdStrikeFalconSandbox/ReleaseNotes/2_0_24.md new file mode 100644 index 000000000000..c8b78f08cd85 --- /dev/null +++ b/Packs/CrowdStrikeFalconSandbox/ReleaseNotes/2_0_24.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### CrowdStrike Falcon Sandbox v2 (Hybrid-Analysis) + +- Updated the CrowdStrike Falcon Sandbox V2 integration to remove the deprecated Linux Ubuntu 16.04 environment and added Linux Ubuntu 20. +- Updated the Docker image to: *demisto/python3:3.12.8.1983910*. \ No newline at end of file diff --git a/Packs/CrowdStrikeFalconSandbox/pack_metadata.json b/Packs/CrowdStrikeFalconSandbox/pack_metadata.json index 13f1036b52cc..2b229f22893f 100644 --- a/Packs/CrowdStrikeFalconSandbox/pack_metadata.json +++ b/Packs/CrowdStrikeFalconSandbox/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CrowdStrike Falcon Sandbox", "description": "Fully automated malware analysis (formerly Payload Security VxStream).", "support": "xsoar", - "currentVersion": "2.0.23", + "currentVersion": "2.0.24", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",