Skip to main content

Detonate URL - VMRay

This Playbook is part of the VMRay Analyzer Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Detonates a URL using the VMRay sandbox integration.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • GenericPolling

Integrations#

  • VMRay

Scripts#

  • IsIntegrationAvailable

Commands#

  • vmray-get-sample
  • vmray-get-analysis-by-sample
  • vmray-get-threat-indicators
  • vmray-get-iocs
  • vmray-upload-url
  • vmray-get-submission

Playbook Inputs#


NameDescriptionDefault ValueRequired
URLThe URL to detonate.URL.DataOptional
intervalHow often to poll for results (minutes).1Optional
timeoutHow long to wait before giving up waiting for results (minutes).10Optional

Playbook Outputs#


PathDescriptionType
VMRay.Job.JobIDThe ID of a new job.number
VMRay.Job.SampleIDThe ID of sample.number
VMRay.Job.CreatedThe timestamp of the created job.date
VMRay.Job.VMNameThe name of virtual machine.string
VMRay.Job.VMIDThe ID of virtual machine.number
VMRay.Sample.SampleIDThe sample ID of the task.number
VMRay.Sample.CreatedThe timestamp of the created sample.date
VMRay.Submission.SubmissionIDThe submission ID.number
VMRay.Submission.HadErrorsWhether there are any errors in the submission.boolean
VMRay.Submission.IsFinishedThe status of submission. Can be, "true" or "false".boolean
VMRay.Submission.MD5The MD5 hash of the sample in submission.string
VMRay.Submission.SHA1The SHA1 hash of the sample in submission.string
VMRay.Submission.SHA256The SHA256 hash of the sample in submission.string
VMRay.Submission.VerdictVerdict for the sample (Malicious, Suspicious, Clean, Not Available).String
VMRay.Submission.VerdictReasonDescription of the Verdict Reason.String
VMRay.Submission.SeveritySeverity of the sample (Malicious, Suspicious, Good, Blacklisted, Whitelisted, Unknown). Deprecated.string
VMRay.Submission.SSDeepThe SSDeep hash of the sample in submission.string
VMRay.Submission.SampleIDThe ID of the sample in submission.number
VMRay.Sample.FileNameThe file name of the sample.string
VMRay.Sample.MD5The MD5 hash of the sample.string
VMRay.Sample.SHA1The SHA1 hash of the sample.string
VMRay.Sample.SHA256The SHA256 hash of the sample.string
VMRay.Sample.SSDeepThe SSDeep of the sample.string
VMRay.Sample.VerdictVerdict for the sample (Malicious, Suspicious, Clean, Not Available).String
VMRay.Sample.VerdictReasonDescription of the Verdict Reason.String
VMRay.Sample.SeveritySeverity of the sample (Malicious, Suspicious, Good, Blacklisted, Whitelisted, Unknown). Deprecated.string
VMRay.Sample.TypeThe file type.string
VMRay.Sample.ClassificationsThe classifications of the sample.string
VMRay.Sample.IOC.URL.AnalysisIDThe IDs of the other analyses that contain the given URL.number
VMRay.Sample.IOC.URL.URLThe URL.unknown
VMRay.Sample.IOC.URL.OperationThe operation of the specified URL.unknown
VMRay.Sample.IOC.URL.IDThe ID of the URL.unknown
VMRay.Sample.IOC.URL.TypeThe type of the URL.unknown
VMRay.Sample.IOC.Domain.AnalysisIDThe IDs of the other analyses that contain the given domain.unknown
VMRay.Sample.IOC.Domain.DomainThe domain.unknown
VMRay.Sample.IOC.Domain.IDThe ID of the domain.unknown
VMRay.Sample.IOC.Domain.TypeThe type of the domain.unknown
VMRay.Sample.IOC.IP.AnalysisIDThe IDs of the other analyses that contain the given IP address.unknown
VMRay.Sample.IOC.IP.IPThe IP address.unknown
VMRay.Sample.IOC.IP.OperationThe operation of the given IP address.unknown
VMRay.Sample.IOC.IP.IDThe ID of the IP address.unknown
VMRay.Sample.IOC.IP.TypeThe type of the IP address.unknown
VMRay.Sample.IOC.Mutex.AnalysisIDThe IDs of other analyses that contain the given IP address.unknown
VMRay.Sample.IOC.Mutex.NameThe name of the mutex.unknown
VMRay.Sample.IOC.Mutex.OperationThe operation of the given mutexunknown
VMRay.Sample.IOC.Mutex.IDThe ID of the mutex.unknown
VMRay.Sample.IOC.Mutex.TypeThe type of the mutex.unknown
VMRay.Sample.IOC.File.AnalysisIDThe IDs of other analyses that contain the given file.unknown
VMRay.Sample.IOC.File.NameThe name of the file.unknown
VMRay.Sample.IOC.File.OperationThe operation of the given file.unknown
VMRay.Sample.IOC.File.IDThe ID of the file.unknown
VMRay.Sample.IOC.File.TypeThe type of the file.unknown
VMRay.Sample.IOC.File.Hashes.MD5The MD5 hash of the given file.unknown
VMRay.Sample.IOC.File.Hashes.SSDeepThe SSDeep hash of the given file.unknown
VMRay.Sample.IOC.File.Hashes.SHA256The SHA256 hash of the given file.unknown
VMRay.Sample.IOC.File.Hashes.SHA1The SHA1 hash of the given file.unknown
VMRay.ThreatIndicator.AnalysisIDThe list of connected analysis IDs.unknown
VMRay.ThreatIndicator.CategoryThe category of threat indicators.unknown
VMRay.ThreatIndicator.ClassificationThe classifications of threat indicators.unknown
VMRay.ThreatIndicator.IDThe ID of the threat indicator.unknown
VMRay.ThreatIndicator.OperationThe operation that caused the indicators.unknown

Playbook Image#


Detonate URL - VMRay