ReversingLabs A1000
Integration version: 6.0
Configure ReversingLabs A1000 integration in Google Security Operations
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations.
Actions
Delete Sample
Description
Delete a set of samples that exist on the A1000 appliance. All related data including, extracted samples, and metadata will be deleted.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the Filehash entity.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| success | True/False | success:False |
JSON Result
N/A
Get Report
Description
Get a summary classification report and all details for a sample or a list of samples using hash value(s).
Parameters
N/A
Use cases
N/A
Run On
This action runs on the Filehash entity.
Action Results
Entity Enrichment
| Enrichment Filed Name | Logic-When to apply |
|---|---|
| threat_status | Returns if it exists in JSON result |
| local_last_seen | Returns if it exists in JSON result |
| classification_origin | Returns if it exists in JSON result |
| imphash | Returns if it exists in JSON result |
| sha1 | Returns if it exists in JSON result |
| sha512 | Returns if it exists in JSON result |
| md5 | Returns if it exists in JSON result |
| threat_name | Returns if it exists in JSON result |
| local_first_seen | Returns if it exists in JSON result |
| classification_reason | Returns if it exists in JSON result |
| threat_level | Returns if it exists in JSON result |
| trust_factor | Returns if it exists in JSON result |
| md5 | Returns if it exists in JSON result |
| aliases | Returns if it exists in JSON result |
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
[
{
"EntityResult": {
"threat_status": "malicious",
"local_last_seen": "2019-01-22T14: 21: 35.513535Z",
"classification_origin": {
"imphash": "",
"sha1": "9747d177bddfc9809079283829e6bbbe315dcfa0",
"sha512": "efabb440ab2b82dda2614308b8e2d5e1850ede3fb9c8e6f1e521f1b0728d621a6f5174c30b8e27d7964bcff0ae6b8a1a48ecc4a69d0dc3eae7eccf54a4791785",
"sha256": "d3133784ef82208faaa3b917096d7c3e0ad9eb89a5eb4d7770418c8261da4a41", "md5": "242b13c72845a90a869ed0add78f6110"
},
"threat_name": "Android.Trojan.Agent",
"local_first_seen": "2018-01-21T15: 30: 36.698843Z",
"classification_reason": "cloud",
"threat_level": 5,
"trust_factor": 5,
"md5": "2f61c5a77a64b3d45d651dc2fa7baff7",
"aliases":["76ea783ed0744703347a00403a73694c2a1e5a957f0f969b4284353fc7c919b4"
]},
"Entity": "2f61c5a77a64b3d45d651dc2fa7baff7"
}
]
Get Scan Status
Description
Return the processing status in the A1000 system for the list of hash values.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the Filehash entity.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
[
{
"EntityResult": "processed",
"Entity": "2f61c5a77a64b3d45d651dc2fa7baff7"
},{
"EntityResult": "processed",
"Entity": "526e57077b938b3c3dbce56f8aaaa7be"
}
]
Ping
Description
Test connectivity.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/A
Upload File
Description
Upload a file for analysis on the A1000 appliance.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| File Path | String | N/A | Target file path. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| success | True/False | success:False |
JSON Result
{
"threat_status": "unknown",
"local_last_seen": "2019-01-28T11:40:23.195946Z",
"classification_origin": null,
"threat_name": null,
"local_first_seen": "2019-01-28T11:09:06.752747Z",
"classification_reason": "unknown",
"threat_level": 0,
"trust_factor": 5,
"md5": "848d57fbd8e29afa08bd3f58dd30f902",
"aliases": [
"Notes.txt"
]
}
Need more help? Get answers from Community members and Google SecOps professionals.