ReversingLabs A1000

Integration version: 6.0

Configure ReversingLabs A1000 integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Actions

Delete Sample

Description

Delete a set of samples that exist on the A1000 appliance. All related data including, extracted samples, and metadata will be deleted.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the Filehash entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
success	True/False	success:False

JSON Result

N/A

Get Report

Description

Get a summary classification report and all details for a sample or a list of samples using hash value(s).

Parameters

N/A

Use cases

N/A

Run On

This action runs on the Filehash entity.

Action Results

Entity Enrichment

Enrichment Filed Name	Logic-When to apply
threat_status	Returns if it exists in JSON result
local_last_seen	Returns if it exists in JSON result
classification_origin	Returns if it exists in JSON result
imphash	Returns if it exists in JSON result
sha1	Returns if it exists in JSON result
sha512	Returns if it exists in JSON result
md5	Returns if it exists in JSON result
threat_name	Returns if it exists in JSON result
local_first_seen	Returns if it exists in JSON result
classification_reason	Returns if it exists in JSON result
threat_level	Returns if it exists in JSON result
trust_factor	Returns if it exists in JSON result
md5	Returns if it exists in JSON result
aliases	Returns if it exists in JSON result

Insights

N/A

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

[
    {
        "EntityResult": {
            "threat_status": "malicious",
            "local_last_seen": "2019-01-22T14: 21: 35.513535Z",
            "classification_origin": {
                "imphash": "",
                "sha1": "9747d177bddfc9809079283829e6bbbe315dcfa0",
                "sha512": "efabb440ab2b82dda2614308b8e2d5e1850ede3fb9c8e6f1e521f1b0728d621a6f5174c30b8e27d7964bcff0ae6b8a1a48ecc4a69d0dc3eae7eccf54a4791785",
                "sha256": "d3133784ef82208faaa3b917096d7c3e0ad9eb89a5eb4d7770418c8261da4a41", "md5": "242b13c72845a90a869ed0add78f6110"
            },
            "threat_name": "Android.Trojan.Agent",
            "local_first_seen": "2018-01-21T15: 30: 36.698843Z",
            "classification_reason": "cloud",
            "threat_level": 5,
            "trust_factor": 5,
            "md5": "2f61c5a77a64b3d45d651dc2fa7baff7",
            "aliases":["76ea783ed0744703347a00403a73694c2a1e5a957f0f969b4284353fc7c919b4"
            ]},
        "Entity": "2f61c5a77a64b3d45d651dc2fa7baff7"
    }
]

Get Scan Status

Description

Return the processing status in the A1000 system for the list of hash values.

Parameters

N/A

Use cases

N/A

Run On

This action runs on the Filehash entity.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

[
    {
        "EntityResult": "processed",
       "Entity": "2f61c5a77a64b3d45d651dc2fa7baff7"
    },{
        "EntityResult": "processed",
        "Entity": "526e57077b938b3c3dbce56f8aaaa7be"
    }
]

Ping

Description

Test connectivity.

Parameters

N/A

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

N/A

Upload File

Description

Upload a file for analysis on the A1000 appliance.

Parameters

Parameter	Type	Default Value	Description
File Path	String	N/A	Target file path.

Use cases

N/A

Run On

This action runs on all entities.

Action Results

Entity Enrichment

N/A

Insights

N/A

Script Result

Script Result Name	Value Options	Example
success	True/False	success:False

JSON Result

{
    "threat_status": "unknown",
    "local_last_seen": "2019-01-28T11:40:23.195946Z",
    "classification_origin": null,
    "threat_name": null,
    "local_first_seen": "2019-01-28T11:09:06.752747Z",
    "classification_reason": "unknown",
    "threat_level": 0,
    "trust_factor": 5,
    "md5": "848d57fbd8e29afa08bd3f58dd30f902",
    "aliases": [
        "Notes.txt"
    ]
}