Stairwell Inception
Stairwell Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
Use the Stairwell Inception integration to enrich data in XSOAR using Stairwell's knowledge and perform automated variant discovery.
Not a customer and interested in signing up? You can request access here.
#
Generate required API keyFollow these steps for a self-deployed configuration.
- Access the Inception web UI and generate a API/CLI token here.
- Copy your API token for the integration configuration usage.
#
Configure Stairwell Inception in CortexParameter | Required |
---|---|
API Key | True |
Use system proxy settings | False |
Trust any certificate (not secure) | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
inception-file-enrichmentEnrich files using file hash (MD5, SHA1, SHA256) with Stairwell's knowledge.
#
Base Commandinception-file-enrichment
#
InputArgument Name | Description | Required |
---|---|---|
fileHash | File hash (MD5, SHA1, SHA256) to lookup. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Inception.File_Details | Dict | Raw JSON output from API |
#
Command Example!inception-file-enrichment fileHash=9fe1ac46f0cdebf03156a6232d771c14559f8daf
#
Context Example#
Human Readable Output#
Stairwell InceptionMD5: 00ddbafe247c891eed36bd74f66f936b SHA256: e7762f90024c5366807c7c145d3456f0ac3be086c0ec3557427d3c2c10a2052d Seen Assets: 1 Matching YARA Intel: wiper_HermeticWiper,MAL_HERMETIC_WIPER
#
AV Scanning Results
Engine Name Result ClamAV undetected Engine2 Trojan/Win.Hermeticwiper
#
inception-variant-discoveryHunt for variants using a SHA256 across all files you have access to, including your environments and Stairwell's malware feeds.
#
Base Commandinception-variant-discovery
#
InputArgument Name | Description | Required |
---|---|---|
sha256 | SHA256 of file to hunt for variants on. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Inception.Variants | Dict | Raw JSON output from API |
#
Command Example!inception-variant-discovery sha256=30e27357b7b773b226d4ee638e17b19b954226d197b0781822859269a5c22b4d
#
Context Example#
Human Readable Output#
File Variants Discovered
sha256 similarity e1a00d8923bac6f863c262236f15eb60d80571f8b31e7220c4b2912fae7e9a14 1 d2a00d8923bac6f863c262236f15eb60d80571f8b31e7220c4b2912fae7e9a12 0.9875