[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-07 UTC."],[[["\u003cp\u003eThe ReversingLabs A1000 integration version 6.0 allows users to interact with the A1000 appliance through Google Security Operations SOAR.\u003c/p\u003e\n"],["\u003cp\u003eYou can delete samples and associated data from the A1000 appliance using the "Delete Sample" action, which operates on the Filehash entity.\u003c/p\u003e\n"],["\u003cp\u003eThe "Get Report" action retrieves a comprehensive report for a sample or multiple samples based on hash values, including detailed classifications and threat information, and can enrich the filehash entity.\u003c/p\u003e\n"],["\u003cp\u003eThe "Get Scan Status" action checks and returns the processing status of one or more hash values within the A1000 system.\u003c/p\u003e\n"],["\u003cp\u003eThe integration offers a "Ping" action to verify connectivity and an "Upload File" action to submit a file to the A1000 appliance for analysis, with the file information being enriched if results are found.\u003c/p\u003e\n"]]],[],null,["ReversingLabs A1000\n\nIntegration version: 6.0\n\nConfigure ReversingLabs A1000 integration in Google Security Operations\n\nFor detailed instructions on how to configure an integration in\nGoogle SecOps, see [Configure\nintegrations](/chronicle/docs/soar/respond/integrations-setup/configure-integrations).\n\nActions\n\nDelete Sample\n\nDescription\n\nDelete a set of samples that exist on the A1000 appliance. All related data\nincluding, extracted samples, and metadata will be deleted.\n\nParameters\n\nN/A\n\nUse cases\n\nN/A\n\nRun On\n\nThis action runs on the Filehash entity.\n\nAction Results\n\nEntity Enrichment\n\nN/A\n\nInsights\n\nN/A\n\nScript Result\n\n| **Script Result Name** | **Value Options** | **Example** |\n|------------------------|-------------------|---------------|\n| success | True/False | success:False |\n\nJSON Result \n\n N/A\n\nGet Report\n\nDescription\n\nGet a summary classification report and all details for a sample or a list of\nsamples using hash value(s).\n\nParameters\n\nN/A\n\nUse cases\n\nN/A\n\nRun On\n\nThis action runs on the Filehash entity.\n\nAction Results\n\nEntity Enrichment\n\n| **Enrichment Filed Name** | Logic-When to apply |\n|---------------------------|-------------------------------------|\n| threat_status | Returns if it exists in JSON result |\n| local_last_seen | Returns if it exists in JSON result |\n| classification_origin | Returns if it exists in JSON result |\n| imphash | Returns if it exists in JSON result |\n| sha1 | Returns if it exists in JSON result |\n| sha512 | Returns if it exists in JSON result |\n| md5 | Returns if it exists in JSON result |\n| threat_name | Returns if it exists in JSON result |\n| local_first_seen | Returns if it exists in JSON result |\n| classification_reason | Returns if it exists in JSON result |\n| threat_level | Returns if it exists in JSON result |\n| trust_factor | Returns if it exists in JSON result |\n| md5 | Returns if it exists in JSON result |\n| aliases | Returns if it exists in JSON result |\n\nInsights\n\nN/A\n\nScript Result\n\n| **Script Result Name** | **Value Options** | **Example** |\n|------------------------|-------------------|------------------|\n| is_success | True/False | is_success:False |\n\nJSON Result \n\n [\n {\n \"EntityResult\": {\n \"threat_status\": \"malicious\",\n \"local_last_seen\": \"2019-01-22T14: 21: 35.513535Z\",\n \"classification_origin\": {\n \"imphash\": \"\",\n \"sha1\": \"9747d177bddfc9809079283829e6bbbe315dcfa0\",\n \"sha512\": \"efabb440ab2b82dda2614308b8e2d5e1850ede3fb9c8e6f1e521f1b0728d621a6f5174c30b8e27d7964bcff0ae6b8a1a48ecc4a69d0dc3eae7eccf54a4791785\",\n \"sha256\": \"d3133784ef82208faaa3b917096d7c3e0ad9eb89a5eb4d7770418c8261da4a41\", \"md5\": \"242b13c72845a90a869ed0add78f6110\"\n },\n \"threat_name\": \"Android.Trojan.Agent\",\n \"local_first_seen\": \"2018-01-21T15: 30: 36.698843Z\",\n \"classification_reason\": \"cloud\",\n \"threat_level\": 5,\n \"trust_factor\": 5,\n \"md5\": \"2f61c5a77a64b3d45d651dc2fa7baff7\",\n \"aliases\":[\"76ea783ed0744703347a00403a73694c2a1e5a957f0f969b4284353fc7c919b4\"\n ]},\n \"Entity\": \"2f61c5a77a64b3d45d651dc2fa7baff7\"\n }\n ]\n\nGet Scan Status\n\nDescription\n\nReturn the processing status in the A1000 system for the list of hash values.\n\nParameters\n\nN/A\n\nUse cases\n\nN/A\n\nRun On\n\nThis action runs on the Filehash entity.\n\nAction Results\n\nEntity Enrichment\n\nN/A\n\nInsights\n\nN/A\n\nScript Result\n\n| **Script Result Name** | **Value Options** | **Example** |\n|------------------------|-------------------|------------------|\n| is_success | True/False | is_success:False |\n\nJSON Result \n\n [\n {\n \"EntityResult\": \"processed\",\n \"Entity\": \"2f61c5a77a64b3d45d651dc2fa7baff7\"\n },{\n \"EntityResult\": \"processed\",\n \"Entity\": \"526e57077b938b3c3dbce56f8aaaa7be\"\n }\n ]\n\nPing\n\nDescription\n\nTest connectivity.\n\nParameters\n\nN/A\n\nUse cases\n\nN/A\n\nRun On\n\nThis action runs on all entities.\n\nAction Results\n\nEntity Enrichment\n\nN/A\n\nInsights\n\nN/A\n\nScript Result\n\n| **Script Result Name** | **Value Options** | **Example** |\n|------------------------|-------------------|------------------|\n| is_success | True/False | is_success:False |\n\nJSON Result \n\n N/A\n\nUpload File\n\nDescription\n\nUpload a file for analysis on the A1000 appliance.\n\nParameters\n\n| Parameter | Type | Default Value | Description |\n|-----------|--------|---------------|-------------------|\n| File Path | String | N/A | Target file path. |\n\nUse cases\n\nN/A\n\nRun On\n\nThis action runs on all entities.\n\nAction Results\n\nEntity Enrichment\n\nN/A\n\nInsights\n\nN/A\n\nScript Result\n\n| **Script Result Name** | **Value Options** | **Example** |\n|------------------------|-------------------|---------------|\n| success | True/False | success:False |\n\nJSON Result \n\n {\n \"threat_status\": \"unknown\",\n \"local_last_seen\": \"2019-01-28T11:40:23.195946Z\",\n \"classification_origin\": null,\n \"threat_name\": null,\n \"local_first_seen\": \"2019-01-28T11:09:06.752747Z\",\n \"classification_reason\": \"unknown\",\n \"threat_level\": 0,\n \"trust_factor\": 5,\n \"md5\": \"848d57fbd8e29afa08bd3f58dd30f902\",\n \"aliases\": [\n \"Notes.txt\"\n ]\n }\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
