Intezer
Integration version: 5.0
Configure Intezer integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Actions
Ping
Description
Test connectivity to Intezer.
Parameters
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name | Value Options | Example |
---|---|---|
success | True/False | success:False |
JSON Result
N/A
Submit File
Description
Submit a file for analysis.
Parameters
Parameter | Type | Default Value | Description |
---|---|---|---|
File Paths | String | N/A | The paths of the file to analyze. |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name | Value Options | Example |
---|---|---|
verdicts | True/False | verdicts:True |
JSON Result
{
"C:\\\\Users\\\\User1\\\\Downloads\\test_file.exe":
{
"4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356":
{
"family_name": "Turla",
"analysis_id": "548e6b8b-20b1-445c-9922-af6b52a8abc3",
"sub_verdict": "known_malicious",
"analysis_url": "https://analyze.intezer.com/#/analyses/548e6b8b-20b1-445c-9922-af6b52a8abc3",
"verdict": "malicious",
"sha256": "4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356",
"is_private": true,
"analysis_time": "Thu, 14 Feb 2019 08:58:27 GMT"
}
}
}
Submit Hash
Description
Submit a hash for analysis.
Parameters
N/A
Run On
This action runs on the Filehash entity.
Action Results
Entity Enrichment
Enrichment Field Name | Logic - When to apply |
---|---|
family_name | Returns if it exists in JSON result |
analysis_id | Returns if it exists in JSON result |
sub_verdict | Returns if it exists in JSON result |
analysis_url | Returns if it exists in JSON result |
verdict | Returns if it exists in JSON result |
sha256 | Returns if it exists in JSON result |
is_private | Returns if it exists in JSON result |
analysis_time | Returns if it exists in JSON result |
Insights
N/A
Script Result
Script Result Name | Value Options | Example |
---|---|---|
verdicts | True/False | verdicts:True |
JSON Result
[{
"EntityResult":
{
"family_name": "Turla",
"analysis_id": "548e6b8b-20b1-445c-9922-af6b52a8abc3",
"sub_verdict": "known_malicious",
"analysis_url": "https://analyze.intezer.com/#/analyses/548e6b8b-20b1-445c-9922-af6b52a8abc3",
"verdict": "malicious",
"sha256": "4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356",
"is_private": true,
"analysis_time": "Thu, 14 Feb 2019 08:58:27 GMT"
},
"Entity": "4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356"
}]