Skip to main content

File Enrichment - OrionMalware

This Playbook is part of the OrionMalware Pack.#

Supported versions

Supported Cortex XSOAR versions: 8.0.0 and later.

Get file information using the OrionMalware API integration.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • OrionMalware

Scripts#

  • IsIntegrationAvailable

Commands#

  • hash-scan

Playbook Inputs#

NameDescriptionDefault ValueRequired
FileHashhash to be checked against OrionMalware databaseFile.MD5Optional

Playbook Outputs#

PathDescriptionType
Orion.File.antivirus.antivirus_nameantivirus_name analysis.string
Orion.File.antivirus.threat_namethreat detected by antivirus.string
Orion.File.end_analysisend_analysis.unknown
Orion.File.first_submissionfirst_submission.unknown
Orion.File.last_updatedlast_updated.unknown
Orion.File.payloadspayloads.unknown
Orion.File.rulesrules.unknown
Orion.File.start_analysisstart analysis date.unknown
Orion.File.identification.filenamefilename of the file corresponding to the hash.unknown
Orion.File.identification.md5md5 hash of the file.unknown
Orion.File.identification.sha1sha1 hash of the file.unknown
Orion.File.identification.sha256sha256 hash of the file.unknown
Orion.File.identification.sizeByte size.unknown
Orion.File.identification.typetype of file.unknown
Orion.File.matched_mitre_attacks.descriptionmitre description.unknown
Orion.File.matched_mitre_attacks.idmitre ttp.unknown
Orion.File.matched_mitre_attacks.kill_chain_phasesmitre tactics.unknown
Orion.File.matched_mitre_attacks.nametechnique name.unknown
Orion.File.networks.addressnetwork address detected.unknown
Orion.File.risk.dynamic.descriptions.filesdynmaic file analysis.unknown
Orion.File.risk.dynamic.descriptions.networknetwork dynamic analysis.unknown
Orion.File.risk.dynamic.descriptions.persistencepersistence dynamic analysis.unknown
Orion.File.risk.dynamic.descriptions.processesprocesses dynamic analysis.unknown
Orion.File.risk.dynamic.descriptions.systemsystem dynamic analysis.unknown
Orion.File.risk.dynamic.scoresdynamic risk scoring.unknown
Orion.File.risk.leveldynamic risk.unknown
Orion.File.risk.scanner.descriptions.systemsystem static analysis.unknown
Orion.File.risk.scanner.descriptions.processesprocesses static analysis.unknown
Orion.File.risk.scanner.descriptions.persistencepersistence static analysis.unknown
Orion.File.risk.scanner.descriptions.filesfiles static analysis.unknown
Orion.File.risk.scanner.descriptions.networknetwork static analysis.unknown
Orion.File.risk.scanner.scoresstatic risk scoring.unknown
File.Orion.EngineDetectionsNumber of engines that flagged the file as malicious.unknown
File.Orion.EngineVendorsengines.unknown
File.Orion.EngineDetectionNamesthreat name.unknown
IP.AddressIP Linked to hash.unknown
Orion.IP.AddressIP Linked to hash.unknown
File.Relationships.EntityASource of relationship.unknown
File.Relationships.EntityBDestination of relationship.unknown
File.Relationships.EntityATypeSource type of relationship.unknown
File.Relationships.EntityBTypeDestination type of relationship.unknown
File.Relationships.RelationshipKind of relation.unknown
Orion.File.report_urlreport url.unknown

Playbook Image#

File Enrichment - OrionMalware

Edit this page
Report an Issue