The Falcon X Sandbox feed pulls reports for submitted files from Crowdstrike's Falcon Sandbox service and then creates indicators and attributes in the ThreatQ appliance. This downloads multiple dictionary objects, each corresponding to a specific file/url that was submitted to the sandbox in the past 24 hours. 

THE WORLD'S MOST POWERFUL MALWARE SANDBOX
Falcon Sandbox performs deep analysis of evasive and unknown threats, enriches the results with threat intelligence and delivers actionable indicators of compromise (IOCs), enabling your security team to better understand sophisticated malware attacks and strengthen their defenses.

WHY FALCON SANDBOX?

DETECT UNKNOWN THREATS
Unique hybrid analysis technology detects unknown and zero-day threats while defeating evasive malware.

ACHIEVE COMPLETE VISIBILITY
Uncover the full attack lifecycle with insight into all file, network, memory and process activity.

RESPOND FASTER
Save time and make all security teams more effective with easy-to-understand reports, actionable IOCs and seamless integration.