0
11.0.10
Yokohama, Xanadu, Washington DC, Vancouver Patch 4, Vancouver
The CrowdStrike Falcon Sandbox for Security Operations integration allows you to submit files and URLs as part of the security incident response process to the CrowdStrike Falcon Sandbox and perform detailed malware analysis. The results of this malware analysis submission are retained as part of the security incident record and can be used for further incident resolution steps and automation workflow activities.
This integration supports the following key capabilities:
- Automate submission of files and URLs from user-reported phishing (URP), email messages, attachments, and other security incidents.
- Option to manually submit or re-submit previously analyzed files and URLs for updated analysis.
- Flexibility to create multiple submission configurations that automatically apply sandbox submission parameters such as operating system, scan type, and runtime options, making the submission process more efficient.
- Threat lookup results and indicator history is available for files and URLs that have been analyzed multiple times.
- Tagging ServiceNow incidents with submission processing status and threat-finding results.
Fixed:
- The issue where the report summary was appended to the external link, causing the report to load a blank page.
Ensure that these dependent plugins are installed:
- ServiceNow IntegrationHub Action Step - REST (com.glide.hub.action_step.rest)
- ServiceNow IntegrationHub Runtime (com.glide.hub.integration.runtime)
- Threat Intelligence Support Common
- Security Incident Response (com.snc.security_incident)