Skip to main content

ReversingLabs TitaniumCloud (Deprecated)

This Integration is part of the ReversingLabs TitaniumCloud Pack.#


Use the ReversingLabs TitaniumCloud v2 integration instead.


Use the TitaniumCloud Integration Malware Analysis Platform to increase detection, analysis and response efficiency by identifying files with global goodware and malware database. It is a powerful threat intelligence solution with up-to-date, threat classification and rich context on over 6B goodware and malware files.

This integration was integrated and tested with ReversingLabs TitaniumCloud™.

Use Cases

  • Provide a file reputation status for a file to prepare for emerging threats by monitoring malware.


You need to obtain the following ReversingLabs TitaniumCloud information.

  • Base URL for malware presence :
    • Preconfigured on Cortex XSOAR -
  • Base URL for extended RL Data :
    • Preconfigured on Cortex XSOAR -
  • Credentials for ReversingLabs TitaniumCloud
    • UserName
    • Password

Configure ReversingLabs Titanium Cloud on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for ReversingLabs Titanium Cloud.
  3. Click Add instance to create and configure a new integration instance.
    • Name : a meaningful name for the integration instance.
    • Base URL for malware presence :
    • Base URL for extended RL Data :
    • Credentials and Password : paste the username and password for your TitaniumCloud account.
  4. Click Test to validate the URLs and connection.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  • Retrieve malware presence status of a sample: file

Retrieve malware presence status of a sample: file

Get the ReversingLabs malware presence status for a file. This service supports single has queries and the option to return additional response data. The ReversingLabs Malware Statuses are:

  • Malicious
  • Suspicious
  • Known
  • Unknown

Command Example

!file file="c4ab31a0e6bee10933367e74b8af630daed5bd5e" extended="true"


Parameter Description Required?
file The hash that you want to get reputation data for. Hexadecimal representation of SHA-1, SHA-256, SHA-512, or MD5 digest. required
extended Directs the data browser to return richer response schema, with additional classifications and facts about the queried sample. If you do not specify this parameter in the command, the default is false . optional

Human Readable Output (extended = false)

Human Readable Output (extended = true)

Context Output




Bad hash detected.


Bad hash SHA-1.


For malicious files, the vendor that made the decision.


For malicious files, the total number of detections.


For malicious files, the total number of engines.


The indicator that is being tested.


Indicator type.


Vendor used to calculate the score.


The actual score.

Raw Output

"malware_presence" : {
"first_seen" : "2018-05-28T03:15:44" ,
"last_seen" : "2018-05-28T03:19:00" ,
"query_hash" : {
sha1 : c4ab31a0e6bee10933367e74b8af630daed5bd5e
} ,
"scanner_count" : 45 ,
"scanner_match" : 2 ,
"scanner_percent" : 4.44444465637207 ,
"status" : "KNOWN" ,
"threat_level" : 0 ,
"trust_factor" : 5 ,