On August 11, 2023, Cisco announced that Cisco SecureX will go end-of-life on July 31, 2024. The content in this Github repository will not be actively maintained following this announcement.

Submit URL to Malware Analytics

Out of Box

Response Workflow

This workflow submits a URL to Cisco Secure Malware Analytics for analysis. Supported observable: url


Change Log

Date Notes
Jun 23, 2020 - Initial release
Sep 10, 2021 - Updated to use the new system atomics

See the Important Notes page for more information about updating workflows


  • The following system atomics are used by this workflow:
    • Secure Malware Analytics - Submit URL
  • The following atomic actions must be imported before you can import this workflow:
    • None
  • The targets and account keys listed at the bottom of the page
  • Cisco Secure Malware Analytics

Workflow Steps

  1. Fetch any necessary global variables
  2. Make sure the observable is supported
  3. Submit the URL provided as the observable to Secure Malware Analytics


  • Provide the workflow your Secure Malware Analytics API token by either:
    • Storing your token in a global variable and using the Fetch Global Variables group at the beginning of the workflow to update the Secure Malware Analytics API Key local variable; or
    • Remove the Fetch Global Variables group and add your token directly to the Secure Malware Analytics API Key local variable
  • If you want to change the name of this workflow in the pivot menu, change its display name


Target Group: Default TargetGroup

Target Name Type Details Account Keys Notes
ThreatGrid_Target HTTP Endpoint Protocol: HTTPS
Host: panacea.threatgrid.com
Path: None
None Created by default