Skip to main content

File Enrichment - VMRay

This Playbook is part of the VMRay Pack.#

Get file information using the VMRay integration.


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • VMRay


  • IsIntegrationAvailable


  • vmray-get-sample-by-hash

Playbook Inputs#

NameDescriptionDefault ValueRequired
MD5File MD5 to enrichFile.MD5Optional
SHA256File SHA256 to enrichFile.SHA256Optional
SHA1File SHA1 to enrichFile.SHA1Optional

Playbook Outputs#

File.NameThe full file name (including file extension).String
File.MD5The MD5 hash of the file.String
File.SHA1The SHA1 hash of the file.String
File.SHA256The SHA256 hash of the file.String
File.SSDeepThe SSDeep hash of the file.String
DBotScore.IndicatorThe indicator that was tested.String
DBotScore.TypeThe indicator type.String
DBotScore.VendorThe vendor used to calculate the score.String
DBotScore.ScoreThe actual score.Number
DBotScore.ReliabilityStringReliability of the source providing the intelligence data.
VMRay.Sample.SampleIDID of the sample.Number
VMRay.Sample.SampleURLURL to sample page.String
VMRay.Sample.FileNameFile name of the sample.String
VMRay.Sample.MD5MD5 hash of the sample.String
VMRay.Sample.SHA1SHA1 hash of the sample.String
VMRay.Sample.SHA256SHA256 hash of the sample.String
VMRay.Sample.SSDeepssdeep hash of the sample.String
VMRay.Sample.VerdictVerdict for the sample (Malicious, Suspicious, Clean, Not Available).String
VMRay.Sample.VerdictReasonDescription of the Verdict Reason.String
VMRay.Sample.SeveritySeverity of the sample in the submission (Malicious, Suspicious, Good, Blacklisted, Whitelisted, Unknown). Deprecated.String
VMRay.Sample.TypeFile type.String
VMRay.Sample.CreatedTimestamp of sample creation.Date
VMRay.Sample.ClassificationsClassifications of the sample.String
VMRay.Sample.ChildSampleIDsList of child sample IDs.Number
VMRay.Sample.ParentSampleIDsList of parent sample IDs.Number

Playbook Image#

File Enrichment - VMRay