Publisher: Splunk Community
Connector Version: 2.2.1
Product Vendor: Cuckoo
Product Name: Cuckoo
Product Version Supported (regex): ".*"
Minimum Product Version: 5.0.0
This app supports executing various investigative and generic actions on the Cuckoo sandbox
This app uses the pexpect module, which is licensed under the ISC License (ISCL), Copyright (c) Noah Spurrier, Thomas Kluyver, Jeff Quast.
This app uses the ptyprocess module, which is licensed under the ISC License (ISCL), Copyright (c) Thomas Kluyver.
If you add the base URL to the Cuckoo instance's Web Interface, a link will be generated and added to the action result which will point to analysis summary for each action.
-
The existing action parameter has been modified in the action given below. Hence, it is requested to the end-user to please update their existing playbooks by re-inserting | modifying | deleting the corresponding action blocks or by providing appropriate values to these action parameters to ensure the correct functioning of the playbooks created on the earlier versions of the app.
- Detonate File - The new [zip_and_encrypt] parameter has been added providing an option to zip and encrypt the file.
-
New action 'submit strings' has been added. Hence, it is requested to the end-user to please update their existing playbooks by inserting the corresponding action blocks for this action on the earlier versions of the app.
The app uses HTTP/ HTTPS protocol for communicating with the Cuckoo server. Below are the default ports used by Splunk SOAR.
| SERVICE NAME | TRANSPORT PROTOCOL | PORT |
|---|---|---|
| http | tcp | 80 |
| https | tcp | 443 |
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Cuckoo asset in SOAR.
| VARIABLE | REQUIRED | TYPE | DESCRIPTION |
|---|---|---|---|
| server | required | string | Server IP/Hostname |
| port | required | string | REST API Port |
| use_https | optional | boolean | Connect with HTTPS |
| verify_server_cert | optional | boolean | Verify server certificate |
| timeout | required | numeric | Timeout (seconds) |
| username | optional | string | HTTP Basic Auth Username |
| password | optional | password | HTTP Basic Auth Password |
| append_uri | optional | string | Additional URI Path to Add to the Server |
| web_ui_base_url | optional | string | Base URL to the Web Interface (e.g. https://10.16.6.42:8000/) |
test connectivity - Validate the asset configuration for connectivity using supplied configuration
detonate file - Run the file in the sandbox and retrieve the analysis results
get report - Query for results of an already completed detonation
detonate url - Load a URL in the Cuckoo sandbox and retrieve the analysis results
submit strings - Add VirusTotal compatible URL/Domain to the list of pending tasks
Validate the asset configuration for connectivity using supplied configuration
Type: test
Read only: True
No parameters are required for this action
No Output
Run the file in the sandbox and retrieve the analysis results
Type: generic
Read only: False
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| vault_id | required | Vault ID of file to detonate | string | vault id sha1 |
| file_name | optional | Filename to use | string | file name |
| zip_and_encrypt | optional | Option to zip and encrypt file, WARNING: password visible as zip command line argument | boolean |
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.parameter.file_name | string | file name |
| action_result.parameter.vault_id | string | vault id sha1 |
| action_result.parameter.zip_and_encrypt | string | |
| action_result.data.*.report.behavior.apistats.984.CopyFileA | numeric | |
| action_result.data.*.report.behavior.apistats.984.CreateServiceA | numeric | |
| action_result.data.*.report.behavior.apistats.984.FindResourceExW | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetFileAttributesW | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetFileSize | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetFileType | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetSystemInfo | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetSystemMetrics | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetSystemTimeAsFileTime | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetSystemWindowsDirectoryW | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetTempPathW | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetTimeZoneInformation | numeric | |
| action_result.data.*.report.behavior.apistats.984.LdrGetDllHandle | numeric | |
| action_result.data.*.report.behavior.apistats.984.LdrGetProcedureAddress | numeric | |
| action_result.data.*.report.behavior.apistats.984.LdrLoadDll | numeric | |
| action_result.data.*.report.behavior.apistats.984.LoadResource | numeric | |
| action_result.data.*.report.behavior.apistats.984.LoadStringA | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtAllocateVirtualMemory | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtClose | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtCreateFile | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtCreateMutant | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtCreateSection | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtCreateThreadEx | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtDelayExecution | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtDuplicateObject | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtFreeVirtualMemory | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtMapViewOfSection | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtOpenKey | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtOpenMutant | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtProtectVirtualMemory | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtQueryAttributesFile | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtQueryInformationFile | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtQueryValueKey | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtReadFile | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtResumeThread | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtWriteFile | numeric | |
| action_result.data.*.report.behavior.apistats.984.OpenSCManagerA | numeric | |
| action_result.data.*.report.behavior.apistats.984.OutputDebugStringA | numeric | |
| action_result.data.*.report.behavior.apistats.984.RegCloseKey | numeric | |
| action_result.data.*.report.behavior.apistats.984.RegOpenKeyExA | numeric | |
| action_result.data.*.report.behavior.apistats.984.RegOpenKeyExW | numeric | |
| action_result.data.*.report.behavior.apistats.984.RegQueryValueExA | numeric | |
| action_result.data.*.report.behavior.apistats.984.RegQueryValueExW | numeric | |
| action_result.data.*.report.behavior.apistats.984.RegSetValueExA | numeric | |
| action_result.data.*.report.behavior.apistats.984.SetEndOfFile | numeric | |
| action_result.data.*.report.behavior.apistats.984.SetFileAttributesW | numeric | |
| action_result.data.*.report.behavior.apistats.984.SetFilePointer | numeric | |
| action_result.data.*.report.behavior.apistats.984.SetFileTime | numeric | |
| action_result.data.*.report.behavior.apistats.984.SetUnhandledExceptionFilter | numeric | |
| action_result.data.*.report.behavior.apistats.984.SetWindowsHookExA | numeric | |
| action_result.data.*.report.behavior.apistats.984.StartServiceA | numeric | |
| action_result.data.*.report.behavior.generic.*.first_seen | numeric | |
| action_result.data.*.report.behavior.generic.*.pid | numeric | pid |
| action_result.data.*.report.behavior.generic.*.ppid | numeric | pid |
| action_result.data.*.report.behavior.generic.*.process_name | string | file name |
| action_result.data.*.report.behavior.generic.*.process_path | string | file path file name |
| action_result.data.*.report.behavior.generic.*.summary.dll_loaded | string | |
| action_result.data.*.report.behavior.generic.*.summary.file_copied.* | string | file path |
| action_result.data.*.report.behavior.generic.*.summary.file_created | string | file path |
| action_result.data.*.report.behavior.generic.*.summary.file_exists | string | file path |
| action_result.data.*.report.behavior.generic.*.summary.file_opened | string | file path file name |
| action_result.data.*.report.behavior.generic.*.summary.file_read | string | file path file name |
| action_result.data.*.report.behavior.generic.*.summary.file_recreated | string | file path |
| action_result.data.*.report.behavior.generic.*.summary.file_written | string | file path |
| action_result.data.*.report.behavior.generic.*.summary.mutex | string | file path file name |
| action_result.data.*.report.behavior.generic.*.summary.regkey_opened | string | |
| action_result.data.*.report.behavior.generic.*.summary.regkey_read | string | |
| action_result.data.*.report.behavior.generic.*.summary.regkey_written | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.api | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.access | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.allocation_type | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.base_address | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.base_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.basename | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.buffer | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.callback_function | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.commit_size | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.create_disposition | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.create_options | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.database_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.desired_access | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.dirpath | string | file path |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.display_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.error_control | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.fail_if_exists | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.file_attributes | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.file_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.file_size_low | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.filepath | string | file path file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.filepath_r | string | file name file path |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.flags | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.free_type | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.function_address | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.function_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.handle_attributes | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.hook_identifier | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.id | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.index | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.information_class | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.initial_owner | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.key_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.key_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.language_identifier | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.length | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.machine_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.milliseconds | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.module | string | file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.module_address | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.module_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.module_name | string | file name file path |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.move_method | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.mutant_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.mutant_name | string | file path file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.newfilepath | string | file path file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.newfilepath_r | string | file path file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.object_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.offset | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.oldfilepath | string | file path file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.oldfilepath_r | string | file path file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.options | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.ordinal | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.parameter | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.password | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.pointer | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.process_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.process_identifier | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.processor_count | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.protection | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.reg_type | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.region_size | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.regkey | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.regkey_r | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.resource_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.section_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.section_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.section_offset | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.service_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.service_manager_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.service_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.service_start_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.service_type | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.share_access | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.size | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.skipped | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.source_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.source_process_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.source_process_identifier | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.stack_zero_bits | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.start_type | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.status_info | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.string | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.suspend_count | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.suspended | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.target_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.target_process_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.target_process_identifier | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.thread_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.thread_identifier | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.thread_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.type | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.value | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.view_size | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.win32_protect | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.category | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.allocation_type | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.create_disposition | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.create_options | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.desired_access | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.file_attributes | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.hook_identifier | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.index | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.information_class | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.protection | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.reg_type | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.share_access | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.status_info | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.win32_protect | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.last_error | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.nt_status | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.return_value | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.status | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.tid | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.time | numeric | |
| action_result.data.*.report.behavior.processes.*.command_line | string | file path file name |
| action_result.data.*.report.behavior.processes.*.first_seen | numeric | |
| action_result.data.*.report.behavior.processes.*.modules.*.baseaddr | string | |
| action_result.data.*.report.behavior.processes.*.modules.*.basename | string | file name |
| action_result.data.*.report.behavior.processes.*.modules.*.filepath | string | file path file name |
| action_result.data.*.report.behavior.processes.*.modules.*.imgsize | numeric | |
| action_result.data.*.report.behavior.processes.*.pid | numeric | pid |
| action_result.data.*.report.behavior.processes.*.ppid | numeric | pid |
| action_result.data.*.report.behavior.processes.*.process_name | string | file name |
| action_result.data.*.report.behavior.processes.*.process_path | string | file path file name |
| action_result.data.*.report.behavior.processes.*.tid | numeric | |
| action_result.data.*.report.behavior.processes.*.time | numeric | |
| action_result.data.*.report.behavior.processes.*.track | boolean | |
| action_result.data.*.report.behavior.processes.*.type | string | |
| action_result.data.*.report.behavior.processtree.*.command_line | string | file path file name |
| action_result.data.*.report.behavior.processtree.*.first_seen | numeric | |
| action_result.data.*.report.behavior.processtree.*.pid | numeric | pid |
| action_result.data.*.report.behavior.processtree.*.ppid | numeric | pid |
| action_result.data.*.report.behavior.processtree.*.process_name | string | file name |
| action_result.data.*.report.behavior.processtree.*.track | boolean | |
| action_result.data.*.report.behavior.summary.dll_loaded | string | |
| action_result.data.*.report.behavior.summary.file_copied.* | string | file path |
| action_result.data.*.report.behavior.summary.file_created | string | file path |
| action_result.data.*.report.behavior.summary.file_exists | string | file path |
| action_result.data.*.report.behavior.summary.file_opened | string | file path file name |
| action_result.data.*.report.behavior.summary.file_read | string | file path file name |
| action_result.data.*.report.behavior.summary.file_recreated | string | file path |
| action_result.data.*.report.behavior.summary.file_written | string | file path |
| action_result.data.*.report.behavior.summary.mutex | string | file path file name |
| action_result.data.*.report.behavior.summary.regkey_opened | string | |
| action_result.data.*.report.behavior.summary.regkey_read | string | |
| action_result.data.*.report.behavior.summary.regkey_written | string | |
| action_result.data.*.report.debug.cuckoo | string | |
| action_result.data.*.report.debug.log | string | |
| action_result.data.*.report.dropped.*.crc32 | string | |
| action_result.data.*.report.dropped.*.filepath | string | file path |
| action_result.data.*.report.dropped.*.md5 | string | md5 |
| action_result.data.*.report.dropped.*.name | string | |
| action_result.data.*.report.dropped.*.path | string | |
| action_result.data.*.report.dropped.*.pids | numeric | |
| action_result.data.*.report.dropped.*.sha1 | string | sha1 |
| action_result.data.*.report.dropped.*.sha256 | string | sha256 |
| action_result.data.*.report.dropped.*.sha512 | string | |
| action_result.data.*.report.dropped.*.size | numeric | |
| action_result.data.*.report.dropped.*.type | string | |
| action_result.data.*.report.info.added | numeric | |
| action_result.data.*.report.info.category | string | |
| action_result.data.*.report.info.custom | string | |
| action_result.data.*.report.info.duration | numeric | |
| action_result.data.*.report.info.ended | numeric | |
| action_result.data.*.report.info.git.fetch_head | string | |
| action_result.data.*.report.info.git.head | string | |
| action_result.data.*.report.info.id | numeric | |
| action_result.data.*.report.info.machine.label | string | |
| action_result.data.*.report.info.machine.manager | string | |
| action_result.data.*.report.info.machine.name | string | |
| action_result.data.*.report.info.machine.shutdown_on | string | |
| action_result.data.*.report.info.machine.started_on | string | |
| action_result.data.*.report.info.machine.status | string | |
| action_result.data.*.report.info.monitor | string | sha1 |
| action_result.data.*.report.info.options | string | |
| action_result.data.*.report.info.owner | string | |
| action_result.data.*.report.info.package | string | |
| action_result.data.*.report.info.platform | string | |
| action_result.data.*.report.info.route | string | |
| action_result.data.*.report.info.score | numeric | |
| action_result.data.*.report.info.started | numeric | |
| action_result.data.*.report.info.version | string | |
| action_result.data.*.report.metadata.output.dropped.*.basename | string | |
| action_result.data.*.report.metadata.output.dropped.*.dirname | string | |
| action_result.data.*.report.metadata.output.dropped.*.sha256 | string | sha256 |
| action_result.data.*.report.metadata.output.pcap.basename | string | |
| action_result.data.*.report.metadata.output.pcap.dirname | string | |
| action_result.data.*.report.metadata.output.pcap.sha256 | string | sha256 |
| action_result.data.*.report.network.dns.*.answers.*.data | string | ip |
| action_result.data.*.report.network.dns.*.answers.*.type | string | |
| action_result.data.*.report.network.dns.*.request | string | |
| action_result.data.*.report.network.dns.*.type | string | |
| action_result.data.*.report.network.dns_servers | string | ip |
| action_result.data.*.report.network.domains.*.domain | string | domain |
| action_result.data.*.report.network.domains.*.ip | string | ip |
| action_result.data.*.report.network.hosts | string | ip |
| action_result.data.*.report.network.pcap_sha256 | string | sha256 |
| action_result.data.*.report.network.sorted_pcap_sha256 | string | sha256 |
| action_result.data.*.report.network.udp.*.dport | numeric | |
| action_result.data.*.report.network.udp.*.dst | string | ip |
| action_result.data.*.report.network.udp.*.offset | numeric | |
| action_result.data.*.report.network.udp.*.sport | numeric | |
| action_result.data.*.report.network.udp.*.src | string | ip |
| action_result.data.*.report.network.udp.*.time | numeric | |
| action_result.data.*.report.screenshots.*.ocr | string | |
| action_result.data.*.report.screenshots.*.path | string | |
| action_result.data.*.report.signatures.*.description | string | |
| action_result.data.*.report.signatures.*.families | string | |
| action_result.data.*.report.signatures.*.markcount | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.api | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.allocation_type | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.base_address | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.desired_access | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.display_name | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.error_control | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.filepath | string | file path file name |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.filepath_r | string | file path file name |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.password | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.process_handle | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.process_identifier | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.protection | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.region_size | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.service_handle | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.service_manager_handle | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.service_name | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.service_start_name | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.service_type | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.start_type | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.category | string | |
| action_result.data.*.report.signatures.*.marks.*.call.flags.allocation_type | string | |
| action_result.data.*.report.signatures.*.marks.*.call.flags.protection | string | |
| action_result.data.*.report.signatures.*.marks.*.call.return_value | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.status | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.tid | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.time | numeric | |
| action_result.data.*.report.signatures.*.marks.*.category | string | |
| action_result.data.*.report.signatures.*.marks.*.cid | numeric | |
| action_result.data.*.report.signatures.*.marks.*.description | string | |
| action_result.data.*.report.signatures.*.marks.*.entropy | numeric | |
| action_result.data.*.report.signatures.*.marks.*.filetype | string | |
| action_result.data.*.report.signatures.*.marks.*.ioc | string | |
| action_result.data.*.report.signatures.*.marks.*.language | string | |
| action_result.data.*.report.signatures.*.marks.*.name | string | |
| action_result.data.*.report.signatures.*.marks.*.offset | string | |
| action_result.data.*.report.signatures.*.marks.*.pid | numeric | pid |
| action_result.data.*.report.signatures.*.marks.*.section.entropy | numeric | |
| action_result.data.*.report.signatures.*.marks.*.section.name | string | |
| action_result.data.*.report.signatures.*.marks.*.section.size_of_data | string | |
| action_result.data.*.report.signatures.*.marks.*.section.virtual_address | string | |
| action_result.data.*.report.signatures.*.marks.*.section.virtual_size | string | |
| action_result.data.*.report.signatures.*.marks.*.service_name | string | |
| action_result.data.*.report.signatures.*.marks.*.service_path | string | file path file name |
| action_result.data.*.report.signatures.*.marks.*.size | string | |
| action_result.data.*.report.signatures.*.marks.*.sublanguage | string | |
| action_result.data.*.report.signatures.*.marks.*.type | string | |
| action_result.data.*.report.signatures.*.name | string | |
| action_result.data.*.report.signatures.*.references | string | url |
| action_result.data.*.report.signatures.*.severity | numeric | |
| action_result.data.*.report.static.imported_dll_count | numeric | |
| action_result.data.*.report.static.pe_exports.*.address | string | |
| action_result.data.*.report.static.pe_exports.*.name | string | |
| action_result.data.*.report.static.pe_exports.*.ordinal | numeric | |
| action_result.data.*.report.static.pe_imphash | string | md5 |
| action_result.data.*.report.static.pe_imports.*.dll | string | file name |
| action_result.data.*.report.static.pe_imports.*.imports.*.address | string | |
| action_result.data.*.report.static.pe_imports.*.imports.*.name | string | |
| action_result.data.*.report.static.pe_resources.*.filetype | string | |
| action_result.data.*.report.static.pe_resources.*.language | string | |
| action_result.data.*.report.static.pe_resources.*.name | string | |
| action_result.data.*.report.static.pe_resources.*.offset | string | |
| action_result.data.*.report.static.pe_resources.*.size | string | |
| action_result.data.*.report.static.pe_resources.*.sublanguage | string | |
| action_result.data.*.report.static.pe_sections.*.entropy | numeric | |
| action_result.data.*.report.static.pe_sections.*.name | string | |
| action_result.data.*.report.static.pe_sections.*.size_of_data | string | |
| action_result.data.*.report.static.pe_sections.*.virtual_address | string | |
| action_result.data.*.report.static.pe_sections.*.virtual_size | string | |
| action_result.data.*.report.static.pe_timestamp | string | |
| action_result.data.*.report.static.pe_versioninfo.*.name | string | |
| action_result.data.*.report.static.pe_versioninfo.*.value | string | file name |
| action_result.data.*.report.strings | string | |
| action_result.data.*.report.target.category | string | |
| action_result.data.*.report.target.file.crc32 | string | |
| action_result.data.*.report.target.file.md5 | string | md5 |
| action_result.data.*.report.target.file.name | string | file name |
| action_result.data.*.report.target.file.path | string | |
| action_result.data.*.report.target.file.sha1 | string | sha1 |
| action_result.data.*.report.target.file.sha256 | string | sha256 |
| action_result.data.*.report.target.file.sha512 | string | |
| action_result.data.*.report.target.file.size | numeric | |
| action_result.data.*.report.target.file.type | string | |
| action_result.data.*.task_status.added_on | string | |
| action_result.data.*.task_status.category | string | |
| action_result.data.*.task_status.clock | string | |
| action_result.data.*.task_status.completed_on | string | |
| action_result.data.*.task_status.custom | string | |
| action_result.data.*.task_status.duration | numeric | |
| action_result.data.*.task_status.enforce_timeout | boolean | |
| action_result.data.*.task_status.guest.id | numeric | |
| action_result.data.*.task_status.guest.label | string | |
| action_result.data.*.task_status.guest.manager | string | |
| action_result.data.*.task_status.guest.name | string | |
| action_result.data.*.task_status.guest.shutdown_on | string | |
| action_result.data.*.task_status.guest.started_on | string | |
| action_result.data.*.task_status.guest.status | string | |
| action_result.data.*.task_status.guest.task_id | numeric | |
| action_result.data.*.task_status.id | numeric | |
| action_result.data.*.task_status.machine | string | |
| action_result.data.*.task_status.memory | boolean | |
| action_result.data.*.task_status.owner | string | |
| action_result.data.*.task_status.package | string | |
| action_result.data.*.task_status.platform | string | |
| action_result.data.*.task_status.priority | numeric | |
| action_result.data.*.task_status.route | string | |
| action_result.data.*.task_status.sample.crc32 | string | |
| action_result.data.*.task_status.sample.file_size | numeric | |
| action_result.data.*.task_status.sample.file_type | string | |
| action_result.data.*.task_status.sample.id | numeric | |
| action_result.data.*.task_status.sample.md5 | string | md5 |
| action_result.data.*.task_status.sample.sha1 | string | sha1 |
| action_result.data.*.task_status.sample.sha256 | string | sha256 |
| action_result.data.*.task_status.sample.sha512 | string | |
| action_result.data.*.task_status.sample_id | numeric | |
| action_result.data.*.task_status.started_on | string | |
| action_result.data.*.task_status.status | string | |
| action_result.data.*.task_status.target | string | file name |
| action_result.data.*.task_status.timeout | numeric | |
| action_result.status | string | |
| action_result.message | string | |
| action_result.summary.id | numeric | cuckoo task id |
| action_result.summary.results_url | string | url |
| action_result.summary.target | string | file name |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
Query for results of an already completed detonation
Type: investigate
Read only: True
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| id | required | Task ID to get the results of | string | cuckoo task id |
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.parameter.id | string | cuckoo task id |
| action_result.data.*.report.behavior.apistats.984.CopyFileA | numeric | |
| action_result.data.*.report.behavior.apistats.984.CreateServiceA | numeric | |
| action_result.data.*.report.behavior.apistats.984.FindResourceExW | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetFileAttributesW | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetFileSize | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetFileType | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetSystemInfo | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetSystemMetrics | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetSystemTimeAsFileTime | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetSystemWindowsDirectoryW | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetTempPathW | numeric | |
| action_result.data.*.report.behavior.apistats.984.GetTimeZoneInformation | numeric | |
| action_result.data.*.report.behavior.apistats.984.LdrGetDllHandle | numeric | |
| action_result.data.*.report.behavior.apistats.984.LdrGetProcedureAddress | numeric | |
| action_result.data.*.report.behavior.apistats.984.LdrLoadDll | numeric | |
| action_result.data.*.report.behavior.apistats.984.LoadResource | numeric | |
| action_result.data.*.report.behavior.apistats.984.LoadStringA | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtAllocateVirtualMemory | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtClose | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtCreateFile | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtCreateMutant | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtCreateSection | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtCreateThreadEx | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtDelayExecution | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtDuplicateObject | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtFreeVirtualMemory | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtMapViewOfSection | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtOpenKey | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtOpenMutant | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtProtectVirtualMemory | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtQueryAttributesFile | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtQueryInformationFile | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtQueryValueKey | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtReadFile | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtResumeThread | numeric | |
| action_result.data.*.report.behavior.apistats.984.NtWriteFile | numeric | |
| action_result.data.*.report.behavior.apistats.984.OpenSCManagerA | numeric | |
| action_result.data.*.report.behavior.apistats.984.OutputDebugStringA | numeric | |
| action_result.data.*.report.behavior.apistats.984.RegCloseKey | numeric | |
| action_result.data.*.report.behavior.apistats.984.RegOpenKeyExA | numeric | |
| action_result.data.*.report.behavior.apistats.984.RegOpenKeyExW | numeric | |
| action_result.data.*.report.behavior.apistats.984.RegQueryValueExA | numeric | |
| action_result.data.*.report.behavior.apistats.984.RegQueryValueExW | numeric | |
| action_result.data.*.report.behavior.apistats.984.RegSetValueExA | numeric | |
| action_result.data.*.report.behavior.apistats.984.SetEndOfFile | numeric | |
| action_result.data.*.report.behavior.apistats.984.SetFileAttributesW | numeric | |
| action_result.data.*.report.behavior.apistats.984.SetFilePointer | numeric | |
| action_result.data.*.report.behavior.apistats.984.SetFileTime | numeric | |
| action_result.data.*.report.behavior.apistats.984.SetUnhandledExceptionFilter | numeric | |
| action_result.data.*.report.behavior.apistats.984.SetWindowsHookExA | numeric | |
| action_result.data.*.report.behavior.apistats.984.StartServiceA | numeric | |
| action_result.data.*.report.behavior.generic.*.first_seen | numeric | |
| action_result.data.*.report.behavior.generic.*.pid | numeric | pid |
| action_result.data.*.report.behavior.generic.*.ppid | numeric | pid |
| action_result.data.*.report.behavior.generic.*.process_name | string | file name |
| action_result.data.*.report.behavior.generic.*.process_path | string | file path file name |
| action_result.data.*.report.behavior.generic.*.summary.dll_loaded | string | |
| action_result.data.*.report.behavior.generic.*.summary.file_copied.* | string | file path |
| action_result.data.*.report.behavior.generic.*.summary.file_created | string | file path |
| action_result.data.*.report.behavior.generic.*.summary.file_exists | string | file path |
| action_result.data.*.report.behavior.generic.*.summary.file_opened | string | file path file name |
| action_result.data.*.report.behavior.generic.*.summary.file_read | string | file path file name |
| action_result.data.*.report.behavior.generic.*.summary.file_recreated | string | file path |
| action_result.data.*.report.behavior.generic.*.summary.file_written | string | file path |
| action_result.data.*.report.behavior.generic.*.summary.mutex | string | file path file name |
| action_result.data.*.report.behavior.generic.*.summary.regkey_opened | string | |
| action_result.data.*.report.behavior.generic.*.summary.regkey_read | string | |
| action_result.data.*.report.behavior.generic.*.summary.regkey_written | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.api | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.access | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.allocation_type | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.base_address | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.base_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.basename | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.buffer | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.callback_function | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.commit_size | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.create_disposition | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.create_options | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.database_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.desired_access | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.dirpath | string | file path |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.display_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.error_control | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.fail_if_exists | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.file_attributes | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.file_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.file_size_low | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.filepath | string | file path file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.filepath_r | string | file name file path |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.flags | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.free_type | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.function_address | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.function_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.handle_attributes | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.hook_identifier | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.id | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.index | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.information_class | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.initial_owner | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.key_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.key_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.language_identifier | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.length | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.machine_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.milliseconds | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.module | string | file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.module_address | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.module_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.module_name | string | file name file path |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.move_method | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.mutant_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.mutant_name | string | file path file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.newfilepath | string | file path file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.newfilepath_r | string | file path file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.object_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.offset | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.oldfilepath | string | file path file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.oldfilepath_r | string | file path file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.options | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.ordinal | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.parameter | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.password | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.pointer | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.process_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.process_identifier | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.processor_count | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.protection | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.reg_type | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.region_size | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.regkey | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.regkey_r | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.resource_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.section_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.section_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.section_offset | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.service_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.service_manager_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.service_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.service_start_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.service_type | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.share_access | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.size | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.skipped | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.source_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.source_process_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.source_process_identifier | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.stack_zero_bits | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.start_type | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.status_info | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.string | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.suspend_count | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.suspended | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.target_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.target_process_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.target_process_identifier | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.thread_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.thread_identifier | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.thread_name | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.type | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.value | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.view_size | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.win32_protect | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.category | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.allocation_type | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.create_disposition | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.create_options | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.desired_access | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.file_attributes | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.hook_identifier | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.index | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.information_class | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.protection | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.reg_type | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.share_access | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.status_info | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.win32_protect | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.last_error | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.nt_status | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.return_value | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.status | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.tid | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.time | numeric | |
| action_result.data.*.report.behavior.processes.*.command_line | string | file path file name |
| action_result.data.*.report.behavior.processes.*.first_seen | numeric | |
| action_result.data.*.report.behavior.processes.*.modules.*.baseaddr | string | |
| action_result.data.*.report.behavior.processes.*.modules.*.basename | string | file name |
| action_result.data.*.report.behavior.processes.*.modules.*.filepath | string | file path file name |
| action_result.data.*.report.behavior.processes.*.modules.*.imgsize | numeric | |
| action_result.data.*.report.behavior.processes.*.pid | numeric | pid |
| action_result.data.*.report.behavior.processes.*.ppid | numeric | pid |
| action_result.data.*.report.behavior.processes.*.process_name | string | file name |
| action_result.data.*.report.behavior.processes.*.process_path | string | file path file name |
| action_result.data.*.report.behavior.processes.*.tid | numeric | |
| action_result.data.*.report.behavior.processes.*.time | numeric | |
| action_result.data.*.report.behavior.processes.*.track | boolean | |
| action_result.data.*.report.behavior.processes.*.type | string | |
| action_result.data.*.report.behavior.processtree.*.command_line | string | file path file name |
| action_result.data.*.report.behavior.processtree.*.first_seen | numeric | |
| action_result.data.*.report.behavior.processtree.*.pid | numeric | pid |
| action_result.data.*.report.behavior.processtree.*.ppid | numeric | pid |
| action_result.data.*.report.behavior.processtree.*.process_name | string | file name |
| action_result.data.*.report.behavior.processtree.*.track | boolean | |
| action_result.data.*.report.behavior.summary.dll_loaded | string | |
| action_result.data.*.report.behavior.summary.file_copied.* | string | file path |
| action_result.data.*.report.behavior.summary.file_created | string | file path |
| action_result.data.*.report.behavior.summary.file_exists | string | file path |
| action_result.data.*.report.behavior.summary.file_opened | string | file path file name |
| action_result.data.*.report.behavior.summary.file_read | string | file path file name |
| action_result.data.*.report.behavior.summary.file_recreated | string | file path |
| action_result.data.*.report.behavior.summary.file_written | string | file path |
| action_result.data.*.report.behavior.summary.mutex | string | file path file name |
| action_result.data.*.report.behavior.summary.regkey_opened | string | |
| action_result.data.*.report.behavior.summary.regkey_read | string | |
| action_result.data.*.report.behavior.summary.regkey_written | string | |
| action_result.data.*.report.debug.cuckoo | string | |
| action_result.data.*.report.debug.log | string | |
| action_result.data.*.report.dropped.*.crc32 | string | |
| action_result.data.*.report.dropped.*.filepath | string | file path |
| action_result.data.*.report.dropped.*.md5 | string | md5 |
| action_result.data.*.report.dropped.*.name | string | |
| action_result.data.*.report.dropped.*.path | string | |
| action_result.data.*.report.dropped.*.pids | numeric | |
| action_result.data.*.report.dropped.*.sha1 | string | sha1 |
| action_result.data.*.report.dropped.*.sha256 | string | sha256 |
| action_result.data.*.report.dropped.*.sha512 | string | |
| action_result.data.*.report.dropped.*.size | numeric | |
| action_result.data.*.report.dropped.*.type | string | |
| action_result.data.*.report.info.added | numeric | |
| action_result.data.*.report.info.category | string | |
| action_result.data.*.report.info.custom | string | |
| action_result.data.*.report.info.duration | numeric | |
| action_result.data.*.report.info.ended | numeric | |
| action_result.data.*.report.info.git.fetch_head | string | |
| action_result.data.*.report.info.git.head | string | |
| action_result.data.*.report.info.id | numeric | |
| action_result.data.*.report.info.machine.label | string | |
| action_result.data.*.report.info.machine.manager | string | |
| action_result.data.*.report.info.machine.name | string | |
| action_result.data.*.report.info.machine.shutdown_on | string | |
| action_result.data.*.report.info.machine.started_on | string | |
| action_result.data.*.report.info.machine.status | string | |
| action_result.data.*.report.info.monitor | string | sha1 |
| action_result.data.*.report.info.options | string | |
| action_result.data.*.report.info.owner | string | |
| action_result.data.*.report.info.package | string | |
| action_result.data.*.report.info.platform | string | |
| action_result.data.*.report.info.route | string | |
| action_result.data.*.report.info.score | numeric | |
| action_result.data.*.report.info.started | numeric | |
| action_result.data.*.report.info.version | string | |
| action_result.data.*.report.metadata.output.dropped.*.basename | string | |
| action_result.data.*.report.metadata.output.dropped.*.dirname | string | |
| action_result.data.*.report.metadata.output.dropped.*.sha256 | string | sha256 |
| action_result.data.*.report.metadata.output.pcap.basename | string | |
| action_result.data.*.report.metadata.output.pcap.dirname | string | |
| action_result.data.*.report.metadata.output.pcap.sha256 | string | sha256 |
| action_result.data.*.report.network.dns.*.answers.*.data | string | ip |
| action_result.data.*.report.network.dns.*.answers.*.type | string | |
| action_result.data.*.report.network.dns.*.request | string | |
| action_result.data.*.report.network.dns.*.type | string | |
| action_result.data.*.report.network.dns_servers | string | ip |
| action_result.data.*.report.network.domains.*.domain | string | domain |
| action_result.data.*.report.network.domains.*.ip | string | ip |
| action_result.data.*.report.network.hosts | string | ip |
| action_result.data.*.report.network.pcap_sha256 | string | sha256 |
| action_result.data.*.report.network.sorted_pcap_sha256 | string | sha256 |
| action_result.data.*.report.network.udp.*.dport | numeric | |
| action_result.data.*.report.network.udp.*.dst | string | ip |
| action_result.data.*.report.network.udp.*.offset | numeric | |
| action_result.data.*.report.network.udp.*.sport | numeric | |
| action_result.data.*.report.network.udp.*.src | string | ip |
| action_result.data.*.report.network.udp.*.time | numeric | |
| action_result.data.*.report.screenshots.*.ocr | string | |
| action_result.data.*.report.screenshots.*.path | string | |
| action_result.data.*.report.signatures.*.description | string | |
| action_result.data.*.report.signatures.*.families | string | |
| action_result.data.*.report.signatures.*.markcount | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.api | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.allocation_type | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.base_address | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.desired_access | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.display_name | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.error_control | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.filepath | string | file path file name |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.filepath_r | string | file path file name |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.password | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.process_handle | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.process_identifier | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.protection | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.region_size | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.service_handle | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.service_manager_handle | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.service_name | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.service_start_name | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.service_type | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.start_type | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.category | string | |
| action_result.data.*.report.signatures.*.marks.*.call.flags.allocation_type | string | |
| action_result.data.*.report.signatures.*.marks.*.call.flags.protection | string | |
| action_result.data.*.report.signatures.*.marks.*.call.return_value | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.status | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.tid | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.time | numeric | |
| action_result.data.*.report.signatures.*.marks.*.category | string | |
| action_result.data.*.report.signatures.*.marks.*.cid | numeric | |
| action_result.data.*.report.signatures.*.marks.*.description | string | |
| action_result.data.*.report.signatures.*.marks.*.entropy | numeric | |
| action_result.data.*.report.signatures.*.marks.*.filetype | string | |
| action_result.data.*.report.signatures.*.marks.*.ioc | string | |
| action_result.data.*.report.signatures.*.marks.*.language | string | |
| action_result.data.*.report.signatures.*.marks.*.name | string | |
| action_result.data.*.report.signatures.*.marks.*.offset | string | |
| action_result.data.*.report.signatures.*.marks.*.pid | numeric | pid |
| action_result.data.*.report.signatures.*.marks.*.section.entropy | numeric | |
| action_result.data.*.report.signatures.*.marks.*.section.name | string | |
| action_result.data.*.report.signatures.*.marks.*.section.size_of_data | string | |
| action_result.data.*.report.signatures.*.marks.*.section.virtual_address | string | |
| action_result.data.*.report.signatures.*.marks.*.section.virtual_size | string | |
| action_result.data.*.report.signatures.*.marks.*.service_name | string | |
| action_result.data.*.report.signatures.*.marks.*.service_path | string | file path file name |
| action_result.data.*.report.signatures.*.marks.*.size | string | |
| action_result.data.*.report.signatures.*.marks.*.sublanguage | string | |
| action_result.data.*.report.signatures.*.marks.*.type | string | |
| action_result.data.*.report.signatures.*.name | string | |
| action_result.data.*.report.signatures.*.references | string | url |
| action_result.data.*.report.signatures.*.severity | numeric | |
| action_result.data.*.report.static.imported_dll_count | numeric | |
| action_result.data.*.report.static.pe_exports.*.address | string | |
| action_result.data.*.report.static.pe_exports.*.name | string | |
| action_result.data.*.report.static.pe_exports.*.ordinal | numeric | |
| action_result.data.*.report.static.pe_imphash | string | md5 |
| action_result.data.*.report.static.pe_imports.*.dll | string | file name |
| action_result.data.*.report.static.pe_imports.*.imports.*.address | string | |
| action_result.data.*.report.static.pe_imports.*.imports.*.name | string | |
| action_result.data.*.report.static.pe_resources.*.filetype | string | |
| action_result.data.*.report.static.pe_resources.*.language | string | |
| action_result.data.*.report.static.pe_resources.*.name | string | |
| action_result.data.*.report.static.pe_resources.*.offset | string | |
| action_result.data.*.report.static.pe_resources.*.size | string | |
| action_result.data.*.report.static.pe_resources.*.sublanguage | string | |
| action_result.data.*.report.static.pe_sections.*.entropy | numeric | |
| action_result.data.*.report.static.pe_sections.*.name | string | |
| action_result.data.*.report.static.pe_sections.*.size_of_data | string | |
| action_result.data.*.report.static.pe_sections.*.virtual_address | string | |
| action_result.data.*.report.static.pe_sections.*.virtual_size | string | |
| action_result.data.*.report.static.pe_timestamp | string | |
| action_result.data.*.report.static.pe_versioninfo.*.name | string | |
| action_result.data.*.report.static.pe_versioninfo.*.value | string | file name |
| action_result.data.*.report.strings | string | |
| action_result.data.*.report.target.category | string | |
| action_result.data.*.report.target.file.crc32 | string | |
| action_result.data.*.report.target.file.md5 | string | md5 |
| action_result.data.*.report.target.file.name | string | file name |
| action_result.data.*.report.target.file.path | string | |
| action_result.data.*.report.target.file.sha1 | string | sha1 |
| action_result.data.*.report.target.file.sha256 | string | sha256 |
| action_result.data.*.report.target.file.sha512 | string | |
| action_result.data.*.report.target.file.size | numeric | |
| action_result.data.*.report.target.file.type | string | |
| action_result.data.*.task_status.added_on | string | |
| action_result.data.*.task_status.category | string | |
| action_result.data.*.task_status.clock | string | |
| action_result.data.*.task_status.completed_on | string | |
| action_result.data.*.task_status.custom | string | |
| action_result.data.*.task_status.duration | numeric | |
| action_result.data.*.task_status.enforce_timeout | boolean | |
| action_result.data.*.task_status.guest.id | numeric | |
| action_result.data.*.task_status.guest.label | string | |
| action_result.data.*.task_status.guest.manager | string | |
| action_result.data.*.task_status.guest.name | string | |
| action_result.data.*.task_status.guest.shutdown_on | string | |
| action_result.data.*.task_status.guest.started_on | string | |
| action_result.data.*.task_status.guest.status | string | |
| action_result.data.*.task_status.guest.task_id | numeric | |
| action_result.data.*.task_status.id | numeric | |
| action_result.data.*.task_status.machine | string | |
| action_result.data.*.task_status.memory | boolean | |
| action_result.data.*.task_status.owner | string | |
| action_result.data.*.task_status.package | string | |
| action_result.data.*.task_status.platform | string | |
| action_result.data.*.task_status.priority | numeric | |
| action_result.data.*.task_status.route | string | |
| action_result.data.*.task_status.sample.crc32 | string | |
| action_result.data.*.task_status.sample.file_size | numeric | |
| action_result.data.*.task_status.sample.file_type | string | |
| action_result.data.*.task_status.sample.id | numeric | |
| action_result.data.*.task_status.sample.md5 | string | md5 |
| action_result.data.*.task_status.sample.sha1 | string | sha1 |
| action_result.data.*.task_status.sample.sha256 | string | sha256 |
| action_result.data.*.task_status.sample.sha512 | string | |
| action_result.data.*.task_status.sample_id | numeric | |
| action_result.data.*.task_status.started_on | string | |
| action_result.data.*.task_status.status | string | |
| action_result.data.*.task_status.target | string | file name |
| action_result.data.*.task_status.timeout | numeric | |
| action_result.status | string | |
| action_result.message | string | |
| action_result.summary.id | string | cuckoo task id |
| action_result.summary.results_url | string | url |
| action_result.summary.target | string | |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
Load a URL in the Cuckoo sandbox and retrieve the analysis results
Type: generic
Read only: False
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| url | required | URL to detonate | string | url domain |
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.parameter.url | string | url domain |
| action_result.data.*.report.behavior.apistats.1432.CoCreateInstance | numeric | |
| action_result.data.*.report.behavior.apistats.1432.CoGetClassObject | numeric | |
| action_result.data.*.report.behavior.apistats.1432.CoInitializeEx | numeric | |
| action_result.data.*.report.behavior.apistats.1432.CoInitializeSecurity | numeric | |
| action_result.data.*.report.behavior.apistats.1432.CoUninitialize | numeric | |
| action_result.data.*.report.behavior.apistats.1432.CreateProcessInternalW | numeric | |
| action_result.data.*.report.behavior.apistats.1432.LdrLoadDll | numeric | |
| action_result.data.*.report.behavior.apistats.1432.NtCreateFile | numeric | |
| action_result.data.*.report.behavior.apistats.1432.NtDelayExecution | numeric | |
| action_result.data.*.report.behavior.apistats.1432.NtOpenFile | numeric | |
| action_result.data.*.report.behavior.apistats.1432.NtWriteFile | numeric | |
| action_result.data.*.report.behavior.apistats.1432.OleInitialize | numeric | |
| action_result.data.*.report.behavior.apistats.444.PRF | numeric | |
| action_result.data.*.report.behavior.apistats.552.CImgElement_put_src | numeric | |
| action_result.data.*.report.behavior.apistats.552.COleScript_Compile | numeric | |
| action_result.data.*.report.behavior.apistats.552.CWindow_AddTimeoutCode | numeric | |
| action_result.data.*.report.behavior.apistats.552.CoCreateInstance | numeric | |
| action_result.data.*.report.behavior.apistats.552.CoGetClassObject | numeric | |
| action_result.data.*.report.behavior.apistats.552.CoInitializeEx | numeric | |
| action_result.data.*.report.behavior.apistats.552.CoInitializeSecurity | numeric | |
| action_result.data.*.report.behavior.apistats.552.CoUninitialize | numeric | |
| action_result.data.*.report.behavior.apistats.552.LdrLoadDll | numeric | |
| action_result.data.*.report.behavior.apistats.552.NtCreateFile | numeric | |
| action_result.data.*.report.behavior.apistats.552.NtDelayExecution | numeric | |
| action_result.data.*.report.behavior.apistats.552.NtOpenFile | numeric | |
| action_result.data.*.report.behavior.apistats.552.NtWriteFile | numeric | |
| action_result.data.*.report.behavior.apistats.552.OleInitialize | numeric | |
| action_result.data.*.report.behavior.generic.*.first_seen | numeric | |
| action_result.data.*.report.behavior.generic.*.pid | numeric | pid |
| action_result.data.*.report.behavior.generic.*.ppid | numeric | pid |
| action_result.data.*.report.behavior.generic.*.process_name | string | file name |
| action_result.data.*.report.behavior.generic.*.process_path | string | file path file name |
| action_result.data.*.report.behavior.generic.*.summary.command_line | string | |
| action_result.data.*.report.behavior.generic.*.summary.dll_loaded | string | file name |
| action_result.data.*.report.behavior.generic.*.summary.file_created | string | file path |
| action_result.data.*.report.behavior.generic.*.summary.file_failed | string | file path |
| action_result.data.*.report.behavior.generic.*.summary.file_opened | string | file path |
| action_result.data.*.report.behavior.generic.*.summary.file_recreated | string | |
| action_result.data.*.report.behavior.generic.*.summary.file_written | string | file path |
| action_result.data.*.report.behavior.generic.*.summary.guid | string | |
| action_result.data.*.report.behavior.generic.*.summary.tls_master.* | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.api | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.argument | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.basename | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.buffer | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.class_context | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.client_random | string | sha256 |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.clsid | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.code | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.command_line | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.create_disposition | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.create_options | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.creation_flags | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.current_directory | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.desired_access | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.file_attributes | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.file_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.filepath | string | file path file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.filepath_r | string | file name |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.flags | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.iid | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.inherit_handles | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.master_secret | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.milliseconds | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.module_address | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.module_name | string | file name file path |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.offset | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.open_options | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.options | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.process_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.process_identifier | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.repeat | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.script | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.server_random | string | sha256 |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.share_access | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.skipped | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.src | string | url |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.status_info | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.thread_handle | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.thread_identifier | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.track | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.arguments.type | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.category | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.clsid | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.create_disposition | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.create_options | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.creation_flags | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.desired_access | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.file_attributes | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.iid | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.open_options | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.share_access | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.flags.status_info | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.last_error | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.nt_status | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.raw | string | |
| action_result.data.*.report.behavior.processes.*.calls.*.return_value | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.status | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.tid | numeric | |
| action_result.data.*.report.behavior.processes.*.calls.*.time | numeric | |
| action_result.data.*.report.behavior.processes.*.command_line | string | file path file name |
| action_result.data.*.report.behavior.processes.*.first_seen | numeric | |
| action_result.data.*.report.behavior.processes.*.modules.*.baseaddr | string | |
| action_result.data.*.report.behavior.processes.*.modules.*.basename | string | file name |
| action_result.data.*.report.behavior.processes.*.modules.*.filepath | string | file path file name |
| action_result.data.*.report.behavior.processes.*.modules.*.imgsize | numeric | |
| action_result.data.*.report.behavior.processes.*.pid | numeric | pid |
| action_result.data.*.report.behavior.processes.*.ppid | numeric | pid |
| action_result.data.*.report.behavior.processes.*.process_name | string | file name |
| action_result.data.*.report.behavior.processes.*.process_path | string | file path file name |
| action_result.data.*.report.behavior.processes.*.tid | numeric | |
| action_result.data.*.report.behavior.processes.*.time | numeric | |
| action_result.data.*.report.behavior.processes.*.track | boolean | |
| action_result.data.*.report.behavior.processes.*.type | string | |
| action_result.data.*.report.behavior.processtree.*.children.*.command_line | string | |
| action_result.data.*.report.behavior.processtree.*.children.*.first_seen | numeric | |
| action_result.data.*.report.behavior.processtree.*.children.*.pid | numeric | pid |
| action_result.data.*.report.behavior.processtree.*.children.*.ppid | numeric | pid |
| action_result.data.*.report.behavior.processtree.*.children.*.process_name | string | file name |
| action_result.data.*.report.behavior.processtree.*.children.*.track | boolean | |
| action_result.data.*.report.behavior.processtree.*.command_line | string | file path file name |
| action_result.data.*.report.behavior.processtree.*.first_seen | numeric | |
| action_result.data.*.report.behavior.processtree.*.pid | numeric | pid |
| action_result.data.*.report.behavior.processtree.*.ppid | numeric | pid |
| action_result.data.*.report.behavior.processtree.*.process_name | string | file name |
| action_result.data.*.report.behavior.processtree.*.track | boolean | |
| action_result.data.*.report.behavior.summary.command_line | string | |
| action_result.data.*.report.behavior.summary.dll_loaded | string | file name |
| action_result.data.*.report.behavior.summary.file_created | string | file path |
| action_result.data.*.report.behavior.summary.file_failed | string | file path |
| action_result.data.*.report.behavior.summary.file_opened | string | file path |
| action_result.data.*.report.behavior.summary.file_recreated | string | |
| action_result.data.*.report.behavior.summary.file_written | string | file path |
| action_result.data.*.report.behavior.summary.guid | string | |
| action_result.data.*.report.behavior.summary.tls_master.* | string | |
| action_result.data.*.report.debug.cuckoo | string | |
| action_result.data.*.report.debug.log | string | |
| action_result.data.*.report.dropped.*.crc32 | string | |
| action_result.data.*.report.dropped.*.filepath | string | file path |
| action_result.data.*.report.dropped.*.md5 | string | md5 |
| action_result.data.*.report.dropped.*.name | string | |
| action_result.data.*.report.dropped.*.path | string | |
| action_result.data.*.report.dropped.*.pids | numeric | |
| action_result.data.*.report.dropped.*.sha1 | string | sha1 |
| action_result.data.*.report.dropped.*.sha256 | string | sha256 |
| action_result.data.*.report.dropped.*.sha512 | string | |
| action_result.data.*.report.dropped.*.size | numeric | |
| action_result.data.*.report.dropped.*.type | string | |
| action_result.data.*.report.dropped.*.urls | string | url |
| action_result.data.*.report.info.added | numeric | |
| action_result.data.*.report.info.category | string | |
| action_result.data.*.report.info.custom | string | |
| action_result.data.*.report.info.duration | numeric | |
| action_result.data.*.report.info.ended | numeric | |
| action_result.data.*.report.info.git.fetch_head | string | |
| action_result.data.*.report.info.git.head | string | |
| action_result.data.*.report.info.id | numeric | |
| action_result.data.*.report.info.machine.label | string | |
| action_result.data.*.report.info.machine.manager | string | |
| action_result.data.*.report.info.machine.name | string | |
| action_result.data.*.report.info.machine.shutdown_on | string | |
| action_result.data.*.report.info.machine.started_on | string | |
| action_result.data.*.report.info.machine.status | string | |
| action_result.data.*.report.info.monitor | string | sha1 |
| action_result.data.*.report.info.options | string | |
| action_result.data.*.report.info.owner | string | |
| action_result.data.*.report.info.package | string | |
| action_result.data.*.report.info.platform | string | |
| action_result.data.*.report.info.route | string | |
| action_result.data.*.report.info.score | numeric | |
| action_result.data.*.report.info.started | numeric | |
| action_result.data.*.report.info.version | string | |
| action_result.data.*.report.metadata.output.dropped.*.basename | string | |
| action_result.data.*.report.metadata.output.dropped.*.dirname | string | |
| action_result.data.*.report.metadata.output.dropped.*.sha256 | string | sha256 |
| action_result.data.*.report.metadata.output.pcap.basename | string | |
| action_result.data.*.report.metadata.output.pcap.dirname | string | |
| action_result.data.*.report.metadata.output.pcap.sha256 | string | sha256 |
| action_result.data.*.report.network.dns.*.answers.*.data | string | ip |
| action_result.data.*.report.network.dns.*.answers.*.type | string | |
| action_result.data.*.report.network.dns.*.request | string | |
| action_result.data.*.report.network.dns.*.type | string | |
| action_result.data.*.report.network.dns_servers | string | ip |
| action_result.data.*.report.network.domains.*.domain | string | domain |
| action_result.data.*.report.network.domains.*.ip | string | ip |
| action_result.data.*.report.network.hosts | string | ip |
| action_result.data.*.report.network.http.*.body | string | |
| action_result.data.*.report.network.http.*.count | numeric | |
| action_result.data.*.report.network.http.*.data | string | |
| action_result.data.*.report.network.http.*.host | string | |
| action_result.data.*.report.network.http.*.method | string | |
| action_result.data.*.report.network.http.*.path | string | |
| action_result.data.*.report.network.http.*.port | numeric | |
| action_result.data.*.report.network.http.*.uri | string | url |
| action_result.data.*.report.network.http.*.user-agent | string | |
| action_result.data.*.report.network.http.*.version | string | |
| action_result.data.*.report.network.http_ex.*.dport | numeric | |
| action_result.data.*.report.network.http_ex.*.dst | string | ip |
| action_result.data.*.report.network.http_ex.*.host | string | |
| action_result.data.*.report.network.http_ex.*.md5 | string | md5 |
| action_result.data.*.report.network.http_ex.*.method | string | |
| action_result.data.*.report.network.http_ex.*.path | string | |
| action_result.data.*.report.network.http_ex.*.protocol | string | url |
| action_result.data.*.report.network.http_ex.*.req.md5 | string | md5 |
| action_result.data.*.report.network.http_ex.*.req.path | string | |
| action_result.data.*.report.network.http_ex.*.req.sha1 | string | sha1 |
| action_result.data.*.report.network.http_ex.*.request | string | |
| action_result.data.*.report.network.http_ex.*.resp.md5 | string | md5 |
| action_result.data.*.report.network.http_ex.*.resp.path | string | |
| action_result.data.*.report.network.http_ex.*.resp.sha1 | string | sha1 |
| action_result.data.*.report.network.http_ex.*.response | string | |
| action_result.data.*.report.network.http_ex.*.sha1 | string | sha1 |
| action_result.data.*.report.network.http_ex.*.sport | numeric | |
| action_result.data.*.report.network.http_ex.*.src | string | ip |
| action_result.data.*.report.network.http_ex.*.status | numeric | |
| action_result.data.*.report.network.http_ex.*.uri | string | |
| action_result.data.*.report.network.https_ex.*.dport | numeric | |
| action_result.data.*.report.network.https_ex.*.dst | string | ip |
| action_result.data.*.report.network.https_ex.*.host | string | |
| action_result.data.*.report.network.https_ex.*.md5 | string | md5 |
| action_result.data.*.report.network.https_ex.*.method | string | |
| action_result.data.*.report.network.https_ex.*.path | string | |
| action_result.data.*.report.network.https_ex.*.protocol | string | url |
| action_result.data.*.report.network.https_ex.*.req.md5 | string | md5 |
| action_result.data.*.report.network.https_ex.*.req.path | string | |
| action_result.data.*.report.network.https_ex.*.req.sha1 | string | sha1 |
| action_result.data.*.report.network.https_ex.*.request | string | |
| action_result.data.*.report.network.https_ex.*.resp.md5 | string | md5 |
| action_result.data.*.report.network.https_ex.*.resp.path | string | |
| action_result.data.*.report.network.https_ex.*.resp.sha1 | string | sha1 |
| action_result.data.*.report.network.https_ex.*.response | string | |
| action_result.data.*.report.network.https_ex.*.sha1 | string | sha1 |
| action_result.data.*.report.network.https_ex.*.sport | numeric | |
| action_result.data.*.report.network.https_ex.*.src | string | ip |
| action_result.data.*.report.network.https_ex.*.status | numeric | |
| action_result.data.*.report.network.https_ex.*.uri | string | |
| action_result.data.*.report.network.pcap_sha256 | string | sha256 |
| action_result.data.*.report.network.sorted_pcap_sha256 | string | sha256 |
| action_result.data.*.report.network.tcp.*.dport | numeric | |
| action_result.data.*.report.network.tcp.*.dst | string | ip |
| action_result.data.*.report.network.tcp.*.offset | numeric | |
| action_result.data.*.report.network.tcp.*.sport | numeric | |
| action_result.data.*.report.network.tcp.*.src | string | ip |
| action_result.data.*.report.network.tcp.*.time | numeric | |
| action_result.data.*.report.network.tls.*.server_random | string | sha256 |
| action_result.data.*.report.network.tls.*.session_id | string | sha256 |
| action_result.data.*.report.network.udp.*.dport | numeric | |
| action_result.data.*.report.network.udp.*.dst | string | ip |
| action_result.data.*.report.network.udp.*.offset | numeric | |
| action_result.data.*.report.network.udp.*.sport | numeric | |
| action_result.data.*.report.network.udp.*.src | string | ip |
| action_result.data.*.report.network.udp.*.time | numeric | |
| action_result.data.*.report.screenshots.*.ocr | string | |
| action_result.data.*.report.screenshots.*.path | string | |
| action_result.data.*.report.signatures.*.description | string | |
| action_result.data.*.report.signatures.*.markcount | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.api | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.script | string | |
| action_result.data.*.report.signatures.*.marks.*.call.arguments.type | string | |
| action_result.data.*.report.signatures.*.marks.*.call.category | string | |
| action_result.data.*.report.signatures.*.marks.*.call.raw | string | |
| action_result.data.*.report.signatures.*.marks.*.call.return_value | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.status | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.tid | numeric | |
| action_result.data.*.report.signatures.*.marks.*.call.time | numeric | |
| action_result.data.*.report.signatures.*.marks.*.category | string | |
| action_result.data.*.report.signatures.*.marks.*.cid | numeric | |
| action_result.data.*.report.signatures.*.marks.*.ioc | string | |
| action_result.data.*.report.signatures.*.marks.*.pid | numeric | pid |
| action_result.data.*.report.signatures.*.marks.*.type | string | |
| action_result.data.*.report.signatures.*.name | string | |
| action_result.data.*.report.signatures.*.severity | numeric | |
| action_result.data.*.report.target.category | string | |
| action_result.data.*.report.target.url | string | url |
| action_result.data.*.task_status.added_on | string | |
| action_result.data.*.task_status.category | string | |
| action_result.data.*.task_status.clock | string | |
| action_result.data.*.task_status.completed_on | string | |
| action_result.data.*.task_status.custom | string | |
| action_result.data.*.task_status.duration | numeric | |
| action_result.data.*.task_status.enforce_timeout | boolean | |
| action_result.data.*.task_status.guest.id | numeric | |
| action_result.data.*.task_status.guest.label | string | |
| action_result.data.*.task_status.guest.manager | string | |
| action_result.data.*.task_status.guest.name | string | |
| action_result.data.*.task_status.guest.shutdown_on | string | |
| action_result.data.*.task_status.guest.started_on | string | |
| action_result.data.*.task_status.guest.status | string | |
| action_result.data.*.task_status.guest.task_id | numeric | |
| action_result.data.*.task_status.id | numeric | |
| action_result.data.*.task_status.machine | string | |
| action_result.data.*.task_status.memory | boolean | |
| action_result.data.*.task_status.owner | string | |
| action_result.data.*.task_status.package | string | |
| action_result.data.*.task_status.platform | string | |
| action_result.data.*.task_status.priority | numeric | |
| action_result.data.*.task_status.route | string | |
| action_result.data.*.task_status.started_on | string | |
| action_result.data.*.task_status.status | string | |
| action_result.data.*.task_status.target | string | url |
| action_result.data.*.task_status.timeout | numeric | |
| action_result.status | string | |
| action_result.message | string | |
| action_result.summary.id | numeric | cuckoo task id |
| action_result.summary.results_url | string | url |
| action_result.summary.target | string | url |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
Add VirusTotal compatible URL/Domain to the list of pending tasks
Type: generic
Read only: False
| PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
|---|---|---|---|---|
| url | required | Single VirusTotal compatible URL/Domain | string | url domain |
| DATA PATH | TYPE | CONTAINS |
|---|---|---|
| action_result.parameter.url | string | url domain |
| action_result.data.*.task_status.started_on | string | |
| action_result.data.*.task_status.sample.sha1 | string | sha1 |
| action_result.data.*.task_status.sample.file_type | string | |
| action_result.data.*.task_status.sample.file_size | numeric | |
| action_result.data.*.task_status.sample.crc32 | string | |
| action_result.data.*.task_status.sample.ssdeep | string | |
| action_result.data.*.task_status.sample.sha256 | string | sha256 |
| action_result.data.*.task_status.sample.sha512 | string | |
| action_result.data.*.task_status.sample.id | numeric | |
| action_result.data.*.task_status.sample.md5 | string | md5 |
| action_result.data.*.task_status.owner | string | |
| action_result.data.*.task_status.sample_id | numeric | |
| action_result.data.*.task_status.duration | numeric | |
| action_result.data.*.task_status.id | numeric | |
| action_result.data.*.task_status.category | string | |
| action_result.data.*.task_status.machine | string | |
| action_result.data.*.task_status.clock | string | |
| action_result.data.*.task_status.custom | string | |
| action_result.data.*.task_status.priority | numeric | |
| action_result.data.*.task_status.platform | string | |
| action_result.data.*.task_status.memory | boolean | |
| action_result.data.*.task_status.status | string | |
| action_result.data.*.task_status.processing | string | |
| action_result.data.*.task_status.enforce_timeout | boolean | |
| action_result.data.*.task_status.target | string | url |
| action_result.data.*.task_status.completed_on | string | |
| action_result.data.*.task_status.package | string | |
| action_result.data.*.task_status.route | string | |
| action_result.data.*.task_status.timeout | numeric | |
| action_result.data.*.task_status.submit_id | numeric | |
| action_result.data.*.task_status.options.procmemdump | string | |
| action_result.data.*.task_status.added_on | string | |
| action_result.status | string | |
| action_result.message | string | |
| action_result.summary.id | numeric | |
| action_result.summary.target | string | |
| action_result.summary.results_url | string | url |
| summary.total_objects | numeric | |
| summary.total_objects_successful | numeric |
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent