ReversingLabs A1000

Integration version: 6.0

Configure ReversingLabs A1000 integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Actions

Delete Sample

Description

Delete a set of samples that exist on the A1000 appliance. All related data including, extracted samples, and metadata will be deleted.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the Filehash entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
success True/False success:False
JSON Result
N/A

Get Report

Description

Get a summary classification report and all details for a sample or a list of samples using hash value(s).

Parameters

N/A

Use cases

N/A

Run On

This action runs on the Filehash entity.

Action Results

Entity Enrichment
Enrichment Filed Name Logic-When to apply
threat_status Returns if it exists in JSON result
local_last_seen Returns if it exists in JSON result
classification_origin Returns if it exists in JSON result
imphash Returns if it exists in JSON result
sha1 Returns if it exists in JSON result
sha512 Returns if it exists in JSON result
md5 Returns if it exists in JSON result
threat_name Returns if it exists in JSON result
local_first_seen Returns if it exists in JSON result
classification_reason Returns if it exists in JSON result
threat_level Returns if it exists in JSON result
trust_factor Returns if it exists in JSON result
md5 Returns if it exists in JSON result
aliases Returns if it exists in JSON result
Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
[
    {
        "EntityResult": {
            "threat_status": "malicious",
            "local_last_seen": "2019-01-22T14: 21: 35.513535Z",
            "classification_origin": {
                "imphash": "",
                "sha1": "9747d177bddfc9809079283829e6bbbe315dcfa0",
                "sha512": "efabb440ab2b82dda2614308b8e2d5e1850ede3fb9c8e6f1e521f1b0728d621a6f5174c30b8e27d7964bcff0ae6b8a1a48ecc4a69d0dc3eae7eccf54a4791785",
                "sha256": "d3133784ef82208faaa3b917096d7c3e0ad9eb89a5eb4d7770418c8261da4a41", "md5": "242b13c72845a90a869ed0add78f6110"
            },
            "threat_name": "Android.Trojan.Agent",
            "local_first_seen": "2018-01-21T15: 30: 36.698843Z",
            "classification_reason": "cloud",
            "threat_level": 5,
            "trust_factor": 5,
            "md5": "2f61c5a77a64b3d45d651dc2fa7baff7",
            "aliases":["76ea783ed0744703347a00403a73694c2a1e5a957f0f969b4284353fc7c919b4"
            ]},
        "Entity": "2f61c5a77a64b3d45d651dc2fa7baff7"
    }
]

Get Scan Status

Description

Return the processing status in the A1000 system for the list of hash values.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the Filehash entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
[
    {
        "EntityResult": "processed",
       "Entity": "2f61c5a77a64b3d45d651dc2fa7baff7"
    },{
        "EntityResult": "processed",
        "Entity": "526e57077b938b3c3dbce56f8aaaa7be"
    }
]

Ping

Description

Test connectivity.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
N/A

Upload File

Description

Upload a file for analysis on the A1000 appliance.

Parameters

Parameter Type Default Value Description
File Path String N/A Target file path.

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
success True/False success:False
JSON Result
{
    "threat_status": "unknown",
    "local_last_seen": "2019-01-28T11:40:23.195946Z",
    "classification_origin": null,
    "threat_name": null,
    "local_first_seen": "2019-01-28T11:09:06.752747Z",
    "classification_reason": "unknown",
    "threat_level": 0,
    "trust_factor": 5,
    "md5": "848d57fbd8e29afa08bd3f58dd30f902",
    "aliases": [
        "Notes.txt"
    ]
}