OPSWAT MetaDefender

Integration version: 7.0

Prerequisites

Before configuring the OPSWAT MetaDefender integration in Google Security Operations SOAR, make sure to complete the prerequisite steps.

Obtain API Key

1. To obtain your personal API Key, sign in to your Opswat account.

2. On your dashboard page, copy the API Key value under My API Key. You need this value to configure the OPSWAT MetaDefender Integration in Google Security Operations SOAR.

Configure network parameters

Function	Default Port	Direction	Protocol
API	Multivalues	Outbound	apikey

Integrate OPSWAT MetaDefender with Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Actions

Ping

Test connectivity.

Entities

This action runs on all entities.

Action inputs

N/A

Action outputs

Action output type
Case wall attachment	N/A
Case wall link	N/A
Case wall table	N/A
Enrichment table	N/A
Entity insight	N/A
Insight	N/A
JSON result	N/A
OOTB widget	N/A
Script result	Available

Script result

Script result name	Value
is_success	True/False

Scan Hash

Scan a hash file in OPSWAT MetaDefender.

Entities

This action runs on the Filehash entity.

Action inputs

N/A

Action outputs

Action output type
Case wall attachment	N/A
Case wall link	N/A
Case wall table	N/A
Entity enrichment	Available
Entity insight	N/A
Insight	Available
JSON result	N/A
OOTB widget	N/A
Script result	Available

Script result

Script result name	Value
is_success	True/False

Entity enrichment

Entities are marked as Suspicious (True) if the results of their scan show the Infected status. Else, False.

Insight

Severity
Warn	A warning insight is established to inform the enriched hash about its malicious status.

Script result

Script result name	Value
is_success	True/False