ReversingLabs Titanium

Integration version: 9.0

Configure ReversingLabs Titanium integration in Google Security Operations

For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations.

Actions

Get Malware Details

Description

Query ReversingLabs Titanium for hash information.

Parameters

N/A

Run On

This action runs on the Filehash entity.

Action Results

Entity Enrichment

Enrichment Field Name	Logic - When to apply
rl	Returns if it exists in JSON result
malware_presence	Returns if it exists in JSON result
status	Returns if it exists in JSON result
scanner_count	Returns if it exists in JSON result
scanner_percent	Returns if it exists in JSON result
scanner_match	Returns if it exists in JSON result
query_hash	Returns if it exists in JSON result
sha1	Returns if it exists in JSON result
first_seen	Returns if it exists in JSON result
threat_level	Returns if it exists in JSON result
trust_factor	Returns if it exists in JSON result
last_seen	Returns if it exists in JSON result
Entity	Returns if it exists in JSON result

Insights

N/A

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

[
    {
        "EntityResult": {
            "rl": {
                "malware_presence": {
                    "status": "KNOWN",
                    "scanner_count": 41,
                    "scanner_percent": 0.0,
                    "scanner_match": 0,
                    "query_hash": {
                        "sha1": "81fe8bfe87576c3ecb22426f8e57847382917acf"
                    },
                    "first_seen": "2013-03-17T15:10:55",
                    "threat_level": 0,
                    "trust_factor": 0,
                    "last_seen": "2019-05-18T19:48:34"
                }
            }
        },
        "Entity": "81fe8bfe87576c3ecb22426f8e57847382917acf"
    }
]

Ping