ReversingLabs TitaniumScale
This Integration is part of the ReversingLabs TitaniumScale Pack.#
Supported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
Overview#
This integration supports using ReversingLabs Advanced File Analysis to 'detonate file' on the TitaniumScale Advanced Malware Analysis Appliance.
The ReversingLabs TitaniumScale Appliance is powered by TitaniumCore, the malware analysis engine that performs automated static analysis using the Active File Decomposition technology.
TitaniumCore unpacks and recursively analyzes files without executing them, and extracts internal threat indicators to classify files and determine their threat level. TitaniumCore is capable of identifying thousands of file format families. It recursively unpacks hundreds of file format families, and fully repairs extracted files to enable further analysis.
Prerequisites#
You need to obtain the following:
- TitaniumScale instance
- TitaniumScale API Token
Configure ReversingLabs TitaniumScale on Cortex XSOAR#
Navigate to Settings > Integrations > Servers & Services.
Search for Reversinglabs TitaniumScale.
Click Add instance to create and configure a new integration instance.
Parameter Required ReversingLabs TitaniumScale instance URL True API Token True Verify host certificates True (default: False) Reliability True (default: C - Fairly reliable) Wait time between report fetching retries (seconds) True (default: 2) Number of report fetching retries True (default: 30) Click Test to validate connection.
Commands#
You can execute these commands from the XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. For all commands, full report is saved as a part of the context and also returned as a downloadable file.
- reversinglabs-titaniumscale-upload-sample-and-get-results
- reversinglabs-titaniumscale-upload-sample
- reversinglabs-titaniumscale-get-results
reversinglabs-titaniumscale-upload-sample-and-get-results#
Upload sample to TitaniumScale instance and retrieve the analysis report.
Input#
Argument Name | Description | Required |
---|---|---|
entryId | Entry ID of the sample to be uploaded | True |
Command Example#
!reversinglabs-titaniumscale-upload-sample-and-get-results entryId="3156@1651bd83-3242-43e4-8084-26de8937ca81"
Human Readable Output:#
Context Output#
Path | Description |
---|---|
File | File indicator |
DBotScore | Score |
ReversingLabs.tc_report | Full report in JSON |
Context Example:
reversinglabs-titaniumscale-upload-sample#
Upload sample to TitaniumScale instance for analysis. Returns the taskUrl which can be later used to retrieve the report.
Input#
Argument Name | Description | Required |
---|---|---|
entryId | entryId of the sample to upload | True |
Command Example#
!reversinglabs-titaniumscale-upload-sample entryId="3156@1651bd83-3242-43e4-8084-26de8937ca81"
Human Readable Output:#
Context Output#
Path | Description |
---|---|
ReversingLabs.tc_task_url | URL to retrieve the report from |
Context Example:
reversinglabs-titaniumscale-get-results#
Retrieve analysis report from TitaniumScale instance by taskUrl.
Input#
Argument Name | Description | Required |
---|---|---|
taskUrl | URL to fetch the report from | True |
Command Example#
!reversinglabs-titaniumscale-get-results taskUrl="https://tiscale-worker-integrations-demo.rl.lan/api/tiscale/v1/task/15794"
Human Readable Output:#
Context Output#
Path | Description |
---|---|
File | File indicator |
DBotScore | Score |
ReversingLabs.tc_report | Full report in JSON |