Skip to main content

CIRCLEHashlookup

This Integration is part of the CIRCL hashlookup (hashlookup.circl.lu) Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.2.0 and later.

CIRCL hash lookup is a public API to lookup hash values against known database of files. NSRL RDS database is included and many others are also included. The API is accessible via HTTP ReST API and the API is also described as an OpenAPI. The service is free and served as a best-effort basis. This integration was integrated and tested with online version of CIRCLEHashlookup

Configure CIRCLEHashlookup in Cortex#

ParameterDescriptionRequired
Server URL (e.g. https://hashlookup.circl.lu)True
Trust any certificate (not secure)False
Use system proxy settingsFalse
Source ReliabilityReliability of the source providing the intelligence data.True
Create relationshipsCreate relationships between indicators as part of Enrichment.False

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

circl-info#


Get information about the hash lookup database

Base Command#

circl-info

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
Circl.InfostringInfo about the hashlookup database

Command Example#

Human Readable Output#

circl-bulk-md5#


Bulk search of MD5 hashes

Base Command#

circl-bulk-md5

Input#

Argument NameDescriptionRequired
md5_listList of MD5s to query.Required

Context Output#

PathTypeDescription
Circl.MD5stringResults of bulk MD5 query

Command Example#

Human Readable Output#

circl-bulk-sha1#


Bulk search of SHA1 hashes

Base Command#

circl-bulk-sha1

Input#

Argument NameDescriptionRequired
sha1_listList of SHA1 to search.Required

Context Output#

PathTypeDescription
Circl.SHA1stringResults of bulk SHA1 query

Command Example#

Human Readable Output#

file#


Checks the file reputation of the specified hash.

Base Command#

file

Input#

Argument NameDescriptionRequired
fileHash to query.Required

Context Output#

PathTypeDescription
File.NamestringName of the file
File.SizenumberSize of the file
File.MD5stringMD5 hash of the file
File.SHA1stringSHA1 hash of the file
File.SHA256stringSHA256 hash of the file
File.SHA512stringSHA512 hash of the file
File.SSDeepstringSSDeep of the file
DbotScore.IndicatorstringThe indicator value.
DbotScore.ReliabilitystringThe reliability of the source providing the intelligence data
DbotScore.ScorenumberAn integer regarding the status of the indicator
DbotScore.TypestringThe indicator type
DbotScore.VendorstringThe vendor used to calculate the score
DBotScore.IndicatorStringThe indicator that was tested.
DBotScore.ScoreNumberThe actual score.
DBotScore.TypeStringType of indicator.
DBotScore.VendorStringVendor used to calculate the score.

Command Example#

Human Readable Output#

circl-top#


Return the top 100 of most queried values.

Base Command#

circl-top

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
Circl.TopstringThe top 100 of most queried values

Command Example#

Human Readable Output#