Skip to main content

Intezer - Analyze File and URL

This Playbook is part of the Intezer Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Analyze Files and URLs on Intezer Analyze.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • GenericPolling
  • Calculate Severity - Generic v2

Integrations#

  • Intezer v2

Scripts#

This playbook does not use any scripts.

Commands#

  • intezer-get-analysis-result
  • intezer-analyze-by-file
  • intezer-analyze-url
  • intezer-get-latest-report

Playbook Inputs#


NameDescriptionDefault ValueSourceRequired
FileA file object that represents an email attachment.ContextOptional
URLThe URL object.ContextOptional
IntervalHow often the polling command should run (in minutes).1-Required
TimeoutThe amount of time to wait before a timeout occurs (in minutes).15-Required

Playbook Outputs#


PathDescriptionType
File.Malicious.VendorFor malicious files, the vendor that made the decisionstring
File.MetadataMetadata returned from Intezer analysis (analysis id, analysis url, family, family type, sha256, verdict, sub_verdict). Metadata will be returned only for supported files.unknown
File.ExistsInIntezerDoes the file exists on intezer genome databaseboolean
URL.Malicious.VendorFor malicious Url, the vendor that made the decisionstring
URL.MetadataMetadata returned from Intezer analysisunknown
URL.ExistsInIntezerDoes the url exists on intezerboolean
DBotScoreThe DBotScore object.unknown
DBotScore.IndicatorThe indicator that was tested.string
DBotScore.TypeThe indicator type.string
DBotScore.VendorThe vendor used to calculate the score.string
DBotScore.ScoreThe actual score.number

Playbook Image#


Intezer_Analyze_File_and_URL