MalShare
Integration version: 7.0
Configure MalShare to work with Google Security Operations SOAR
API Key
Your API key will be emailed to you upon successful registration to the MalShare portal.
Network
| Function | Default Port | Direction | Protocol |
|---|---|---|---|
| API | Multivalues | Outbound | apikey |
Configure MalShare Integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Integration parameters
Use the following parameters to configure the integration:
| Parameter Display Name | Type | Default Value | Is mandatory | Description |
|---|---|---|---|---|
| Instance Name | String | N/A | No | Name of the Instance you intend to configure integration for. |
| Description | String | N/A | No | Description of the Instance. |
| Api Key | String | N/A | Yes | API Key generated in Malshare console. |
| Verify SSL | Checkbox | Unchecked | No | Use this checkbox, if your MalShare connection requires an SSL verification (unchecked by default). |
| Run Remotely | Checkbox | Unchecked | No | Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent). |
Actions
Enrich Hash
Description
Search for hashes within MalShare.
Parameters
N/A
Run On
This action runs on the Filehash entity.
Action Results
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| SHA1 | Returns if it exists in JSON result |
| SOURCES | Returns if it exists in JSON result |
| F_TYPE | Returns if it exists in JSON result |
| SSDEEP | Returns if it exists in JSON result |
| SHA256 | Returns if it exists in JSON result |
| MD5 | Returns if it exists in JSON result |
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
[{
"EntityResult":
{
"SHA1": "72bc52b0962ce9043d2104c511a0c5f1c3b5faf3",
"SOURCES": ["http://dubaifridays.com/437gfinw2?NzGQTrl=AJQIIksfc"],
"F_TYPE": "HTML",
"SSDEEP": "768:uTqtXcyd1AlOIkRZAI+rVEGvbnP0+Dod58GO5Fyk31Qc2vGn:uTKXcyd1pujd5Fyc4I",
"SHA256": "32d1b186a7ae51b2aa0485fbfff44323576f7195286c44619b5bd43b446678b8",
"MD5": "9e0e9014a11cc149174d0b306f2ac698"
},
"Entity": "9e0e9014a11cc149174d0b306f2ac698"
}]
Ping
Description
Test Connectivity.
Parameters
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_connect | True/False | is_connect:False |
JSON Result
N/A
Upload File
Description
Upload a file to MalShare.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| File Path | String | N/A | Yes | The path of the file to upload. |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| SHA1 | Returns if it exists in JSON result |
| SOURCES | Returns if it exists in JSON result |
| F_TYPE | Returns if it exists in JSON result |
| SSDEEP | Returns if it exists in JSON result |
| SHA256 | Returns if it exists in JSON result |
| MD5 | Returns if it exists in JSON result |
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/A