ReversingLabs TitaniumScale
ReversingLabs TitaniumScale Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
#
OverviewThis integration supports using ReversingLabs Advanced File Analysis to 'detonate file' on the TitaniumScale Advanced Malware Analysis Appliance.
The ReversingLabs TitaniumScale Appliance is powered by TitaniumCore, the malware analysis engine that performs automated static analysis using the Active File Decomposition technology.
TitaniumCore unpacks and recursively analyzes files without executing them, and extracts internal threat indicators to classify files and determine their threat level. TitaniumCore is capable of identifying thousands of file format families. It recursively unpacks hundreds of file format families, and fully repairs extracted files to enable further analysis.
#
PrerequisitesYou need to obtain the following:
- TitaniumScale instance
- TitaniumScale API Token
#
Configure ReversingLabs TitaniumScale in CortexParameter | Required |
---|---|
ReversingLabs TitaniumScale instance URL | True |
API Token | True |
Verify host certificates | False |
Reliability | False |
Wait time between report fetching retries (seconds). Deafult is 2 seconds. | False |
Number of report fetching retries. Default is 30. | False |
HTTP proxy address with the protocol and port number | False |
HTTP proxy username | False |
HTTP proxy password | False |
HTTPS proxy address with the protocol and port number | False |
HTTPS proxy username | False |
HTTPS proxy password | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
reversinglabs-titaniumscale-upload-sample-and-get-resultsUpload sample to TitaniumScale and retrieve analysis report.
#
Base Commandreversinglabs-titaniumscale-upload-sample-and-get-results
#
InputArgument Name | Description | Required |
---|---|---|
entryId | The file entry to upload. | Required |
custom_token | A custom token for filtering processing tasks. | Optional |
user_data | User-defined data in the form of a JSON string. This data is NOT included in file analysis reports. | Optional |
custom_data | User-defined data in the form of a JSON string. This data is included in file analysis reports. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
File.SHA256 | String | The SHA256 hash of the file. |
File.SHA1 | String | The SHA1 hash of the file. |
File.SHA512 | String | The SHA512 hash of the file. |
File.Name | String | The name of the file. |
File.EntryID | String | The Entry ID. |
File.Info | String | Information about the file. |
File.Type | String | The type of the file. |
File.MD5 | String | MD5 hash of the file. |
DBotScore.Score | Number | The actual score. |
DBotScore.Type | String | The indicator type. |
DBotScore.Indicator | String | The indicator that was tested. |
DBotScore.Vendor | String | The vendor used to calculate the score. |
ReversingLabs.tc_report | String | Full report. |
#
Command example!reversinglabs-titaniumscale-upload-sample-and-get-results entryId="371@b26c8c3a-8d0e-459f-8f2c-c0b8783a8422" custom_token="a-custom-token"
#
Context Example#
Human Readable Output#
ReversingLabs TitaniumScale upload sample and get resultsType: PE/Exe Size: 42544 bytes
IMPHASH: 054e4e5c28d6533b44ae24cbf3e08a15 MD5: a984de0ce47a8d5337ef569c812b57d0 RHA0: 6e60e6783d0e5104dab2311c93d6f9b42cebbf03 SHA1: 0000a0a381d31e0dafcaa22343d2d7e40ff76e06 SHA256: b25e707a78a472d92a99b08be5d0e55072f695275a7408d1e841a5344ca85dc3
Status: malicious Antivirus (based on the RCA Classify): Win32.Downloader.Unruy DBot score: 3
#
reversinglabs-titaniumscale-upload-sampleUpload sample to TitaniumScale for analysis.
#
Base Commandreversinglabs-titaniumscale-upload-sample
#
InputArgument Name | Description | Required |
---|---|---|
entryId | The file entry to upload. | Required |
custom_token | A custom token for filtering processing tasks. | Optional |
user_data | User-defined data in the form of a JSON string. This data is NOT included in file analysis reports. | Optional |
custom_data | User-defined data in the form of a JSON string. This data is included in file analysis reports. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ReversingLabs.task_Url | Unknown | url to get report from. |
#
Command example!reversinglabs-titaniumscale-upload-sample entryId="371@b26c8c3a-8d0e-459f-8f2c-c0b8783a8422" custom_token="a-custom-token"
#
Context Example#
Human Readable Output#
ReversingLabs TitaniumScale upload sampleTitanium Scale task URL: https://tiscale-worker-integrations-demo-01.rl.lan/api/tiscale/v1/task/42
#
reversinglabs-titaniumscale-get-resultsRetrieve report of a previously uploaded file from TitaniumScale.
#
Base Commandreversinglabs-titaniumscale-get-results
#
InputArgument Name | Description | Required |
---|---|---|
taskUrl | The file entry to upload. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
File.SHA256 | String | The SHA256 hash of the file. |
File.SHA1 | String | The SHA1 hash of the file. |
File.SHA512 | String | The SHA512 hash of the file. |
File.Name | String | The name of the file. |
File.EntryID | String | The Entry ID. |
File.Info | String | Information about the file. |
File.Type | String | The type of the file. |
File.MD5 | String | MD5 hash of the file. |
DBotScore.Score | Number | The actual score. |
DBotScore.Type | String | The indicator type. |
DBotScore.Indicator | String | The indicator that was tested. |
DBotScore.Vendor | String | The vendor used to calculate the score. |
ReversingLabs.tc_report | String | Full report. |
#
reversinglabs-titaniumscale-list-processing-tasksList active processing tasks.
#
Base Commandreversinglabs-titaniumscale-list-processing-tasks
#
InputArgument Name | Description | Required |
---|---|---|
age | Task age in seconds. | Optional |
custom_token | A custom token for filtering processing tasks. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
ReversingLabs.list_processing_tasks | Unknown | Processing tasks. |
#
Command example!reversinglabs-titaniumscale-list-processing-tasks age="60" custom_token="a-custom-token"
#
Context Example#
Human Readable Output#
ReversingLabs TitaniumScale List processing tasks#
Processing tasksNo entries.
#
reversinglabs-titaniumscale-get-processing-task-infoRetrieves information about a completed file processing task.
#
Base Commandreversinglabs-titaniumscale-get-processing-task-info
#
InputArgument Name | Description | Required |
---|---|---|
task_id | Task ID. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
ReversingLabs.tc_report | Unknown | Full report. |
#
reversinglabs-titaniumscale-delete-processing-taskDeletes a processing task.
#
Base Commandreversinglabs-titaniumscale-delete-processing-task
#
InputArgument Name | Description | Required |
---|---|---|
task_id | Task ID. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!reversinglabs-titaniumscale-delete-processing-task task_id="100"
#
Human Readable Output#
ReversingLabs TitaniumScale delete processing taskTask 100 deleted successfully.
#
reversinglabs-titaniumscale-delete-multiple-tasksDeletes multiple processing tasks.
#
Base Commandreversinglabs-titaniumscale-delete-multiple-tasks
#
InputArgument Name | Description | Required |
---|---|---|
age | Task age in seconds. | Required |
#
Context OutputThere is no context output for this command.
#
Command example!reversinglabs-titaniumscale-delete-multiple-tasks age="20"
#
Human Readable Output#
ReversingLabs TitaniumScale delete multiple tasksTasks of age 20 seconds or less deleted successfully.
#
reversinglabs-titaniumscale-get-yara-idRetrieves the identifier of the current set of YARA rules on the TitaniumScale Worker instance.
#
Base Commandreversinglabs-titaniumscale-get-yara-id
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
ReversingLabs.yara_id | Unknown | Identifier of the current set of YARA rules on the TitaniumScale Worker instance. |
#
Command example!reversinglabs-titaniumscale-get-yara-id
#
Context Example#
Human Readable Output#
ReversingLabs TitaniumScale YARA ruleset IDID: f0a151ce303ae9b9e46b236492ac9196f3f72490