MalShare

Integration version: 7.0

Configure MalShare to work with Google Security Operations SOAR

API Key

Your API key will be emailed to you upon successful registration to the MalShare portal.

Network

Function Default Port Direction Protocol
API Multivalues Outbound apikey

Configure MalShare Integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Integration parameters

Use the following parameters to configure the integration:

Parameter Display Name Type Default Value Is mandatory Description
Instance Name String N/A No Name of the Instance you intend to configure integration for.
Description String N/A No Description of the Instance.
Api Key String N/A Yes API Key generated in Malshare console.
Verify SSL Checkbox Unchecked No Use this checkbox, if your MalShare connection requires an SSL verification (unchecked by default).
Run Remotely Checkbox Unchecked No Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent).

Actions

Enrich Hash

Description

Search for hashes within MalShare.

Parameters

N/A

Run On

This action runs on the Filehash entity.

Action Results

Entity Enrichment
Enrichment Field Name Logic - When to apply
SHA1 Returns if it exists in JSON result
SOURCES Returns if it exists in JSON result
F_TYPE Returns if it exists in JSON result
SSDEEP Returns if it exists in JSON result
SHA256 Returns if it exists in JSON result
MD5 Returns if it exists in JSON result
Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
[{
   "EntityResult":
     {
        "SHA1": "72bc52b0962ce9043d2104c511a0c5f1c3b5faf3",
        "SOURCES": ["http://dubaifridays.com/437gfinw2?NzGQTrl=AJQIIksfc"],
        "F_TYPE": "HTML",
        "SSDEEP": "768:uTqtXcyd1AlOIkRZAI+rVEGvbnP0+Dod58GO5Fyk31Qc2vGn:uTKXcyd1pujd5Fyc4I",
        "SHA256": "32d1b186a7ae51b2aa0485fbfff44323576f7195286c44619b5bd43b446678b8",
        "MD5": "9e0e9014a11cc149174d0b306f2ac698"
      },
    "Entity": "9e0e9014a11cc149174d0b306f2ac698"
}]

Ping

Description

Test Connectivity.

Parameters

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result
Script Result Name Value Options Example
is_connect True/False is_connect:False
JSON Result
    N/A

Upload File

Description

Upload a file to MalShare.

Parameters

Parameter Type Default Value Is Mandatory Description
File Path String N/A Yes The path of the file to upload.

Run On

This action runs on all entities.

Action Results

Entity Enrichment
Enrichment Field Name Logic - When to apply
SHA1 Returns if it exists in JSON result
SOURCES Returns if it exists in JSON result
F_TYPE Returns if it exists in JSON result
SSDEEP Returns if it exists in JSON result
SHA256 Returns if it exists in JSON result
MD5 Returns if it exists in JSON result
Insights

N/A

Script Result
Script Result Name Value Options Example
is_success True/False is_success:False
JSON Result
    N/A