Skip to main content

Malware Triage - ReversingLabs TitaniumCloud

This Playbook is part of the ReversingLabs TitaniumCloud Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Provides the TitaniumCloud classification of a file hash, and takes remediation actions based on that classification.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Isolate Endpoint


  • ReversingLabs TitaniumCloud v2


  • IncreaseIncidentSeverity


  • setIndicator
  • setIncident
  • reversinglabs-titaniumcloud-file-upload
  • reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results
  • reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis
  • reversinglabs-titaniumcloud-file-reputation

Playbook Inputs#

NameDescriptionDefault ValueRequired
hashSHA1 hash of a file.${File.SHA1}Optional
fileThe file itself.${File.EntryID}Optional
EndpointIPIP address of the endpoint from which the indicator came.${Endpoint.IPAddress}Optional

Playbook Outputs#

File.MD5Bad hash foundunknown
File.SHA1Bad hash SHA1unknown
File.SHA256Bad hash SHA256unknown
DBotScore.ScoreThe actual score.unknown
DBotScore.TypeThe indicator type.unknown
DBotScore.IndicatorThe indicator that was tested.unknown
DBotScore.VendorThe vendor used to calculate the score.unknown
ReversingLabs.file_reputationReport in JSON.unknown

Playbook Image#

Malware Triage - ReversingLabs TitaniumCloud