OPSWAT MetaDefender
Integration version: 7.0
Prerequisites
Before configuring the OPSWAT MetaDefender integration in Google Security Operations SOAR, make sure to complete the prerequisite steps.
Obtain API Key
To obtain your personal API Key, sign in to your Opswat account.
On your dashboard page, copy the API Key value under My API Key. You need this value to configure the OPSWAT MetaDefender Integration in Google Security Operations SOAR.
Configure network parameters
Function | Default Port | Direction | Protocol |
---|---|---|---|
API | Multivalues | Outbound | apikey |
Integrate OPSWAT MetaDefender with Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Actions
Ping
Test connectivity.
Entities
This action runs on all entities.
Action inputs
N/A
Action outputs
Action output type | |
---|---|
Case wall attachment | N/A |
Case wall link | N/A |
Case wall table | N/A |
Enrichment table | N/A |
Entity insight | N/A |
Insight | N/A |
JSON result | N/A |
OOTB widget | N/A |
Script result | Available |
Script result
Script result name | Value |
---|---|
is_success | True/False |
Scan Hash
Scan a hash file in OPSWAT MetaDefender.
Entities
This action runs on the Filehash entity.
Action inputs
N/A
Action outputs
Action output type | |
---|---|
Case wall attachment | N/A |
Case wall link | N/A |
Case wall table | N/A |
Entity enrichment | Available |
Entity insight | N/A |
Insight | Available |
JSON result | N/A |
OOTB widget | N/A |
Script result | Available |
Script result
Script result name | Value |
---|---|
is_success | True/False |
Entity enrichment
Entities are marked as Suspicious (True
) if the results of their scan show
the Infected
status. Else, False
.
Insight
Severity | |
---|---|
Warn | A warning insight is established to inform the enriched hash about its malicious status. |
Script result
Script result name | Value |
---|---|
is_success | True/False |