Skip to main content

Intezer - Analyze by hash

This Playbook is part of the Intezer Pack.#

Analyzes the given file hash on Intezer Analyze and enriches the file reputation. Supports SHA256, SHA1, and MD5 hashes.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • GenericPolling

Integrations#

  • Intezer v2

Scripts#

This playbook does not use any scripts.

Commands#

  • intezer-get-analysis-result
  • intezer-analyze-by-hash

Playbook Inputs#


NameDescriptionDefault ValueSourceRequired
IntervalHow often the polling command should run (in minutes).1-Required
TimeoutThe amount of time to wait before a timeout occurs (in minutes).10-Required
hashThe file hash of the file.SHA256FileOptional

Playbook Outputs#


PathDescriptionType
File.SHA256The SHA256 hash of the file.string
File.MaliciousThe description of the malicious file.unknown
File.TypeThe file type. For example, "PE".string
File.SizeThe file size.number
File.MD5The MD5 hash of the file.string
File.NameThe file name.string
File.SHA1The SHA1 hash of the file.string
FileThe file object.unknown
File.Malicious.VendorThe vendor that made the decision tha the file is malicious.string
DBotScoreThe DBotScore object.unknown
DBotScore.IndicatorThe indicator that was tested.string
DBotScore.TypeThe indicator type.string
DBotScore.VendorVendor used to calculate the score.string
DBotScore.ScoreThe actual score.number

Playbook Image#


Intezer_Analyze_by_hash