Intezer

Integration version: 5.0

Configure Intezer integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Actions

Ping

Description

Test connectivity to Intezer.

Parameters

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
success	True/False	success:False

JSON Result

N/A

Submit File

Description

Submit a file for analysis.

Parameters

Parameter	Type	Default Value	Description
File Paths	String	N/A	The paths of the file to analyze.

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
verdicts	True/False	verdicts:True

JSON Result

{
    "C:\\\\Users\\\\User1\\\\Downloads\\test_file.exe":
      {
        "4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356":
                {
                  "family_name": "Turla",
                  "analysis_id": "548e6b8b-20b1-445c-9922-af6b52a8abc3",
                  "sub_verdict": "known_malicious",
                  "analysis_url": "https://analyze.intezer.com/#/analyses/548e6b8b-20b1-445c-9922-af6b52a8abc3",
                  "verdict": "malicious",
                  "sha256": "4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356",
                  "is_private": true,
                  "analysis_time": "Thu, 14 Feb 2019 08:58:27 GMT"
                }
       }
}

Submit Hash

Description

Submit a hash for analysis.

Parameters

N/A

Run On

This action runs on the Filehash entity.

Action Results

Entity Enrichment

Enrichment Field Name	Logic - When to apply
family_name	Returns if it exists in JSON result
analysis_id	Returns if it exists in JSON result
sub_verdict	Returns if it exists in JSON result
analysis_url	Returns if it exists in JSON result
verdict	Returns if it exists in JSON result
sha256	Returns if it exists in JSON result
is_private	Returns if it exists in JSON result
analysis_time	Returns if it exists in JSON result

Insights

N/A

Script Result

Script Result Name	Value Options	Example
verdicts	True/False	verdicts:True

JSON Result

[{
    "EntityResult":
      {
        "family_name": "Turla",
        "analysis_id": "548e6b8b-20b1-445c-9922-af6b52a8abc3",
        "sub_verdict": "known_malicious",
        "analysis_url": "https://analyze.intezer.com/#/analyses/548e6b8b-20b1-445c-9922-af6b52a8abc3",
        "verdict": "malicious",
        "sha256": "4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356",
        "is_private": true,
        "analysis_time": "Thu, 14 Feb 2019 08:58:27 GMT"
      },
   "Entity": "4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356"
}]