Symantec Content Analysis
Integration version: 5.0
Configure Symantec Content Analysis to work with Google Security Operations SOAR
Authentication to the REST API is provided using API keys that administrators can create and manage in the Content Analysis CLI interface. To generate an API key:
- Connect to the serial console or SSH to the Content Analysis appliance as a user with administrative privileges.
Enter the boldfaced commands below:
> enable Password: <enter the password> # ma-actions api-key create administrator Use of the MA API is not fully supported in CAS. Are you sure you want to proceed? [yes,no] yes ***MA API in CAS is an experimental feature and not fully tested; some functions may not behave as expected*** Note that keys are not stored on the system in plain text and cannot be retrieved later. Created new API Key: <This is the API key> (Key ID 2)Copy the generated API key and save it in a text file, as it cannot be viewed later.
Configure Symantec Content Analysis integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Actions
Get Hash Report
Description
Get samples for a hash (MD5 and SHA256).
Parameters
N/A
Run On
This action runs on the Filehash entity.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/A
Ping
Description
Verifies that the user has a connection to Symantec Content Analysis via the user's device.
Parameters
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/A
Submit File
Description
Upload a file to Symantec Content Analysis for a scan. Symantec provides a REST API for submitting individual files to Content Analysis for evaluation using the current configuration. The API is available to people or programs that want to know how Content Analysis would evaluate a file, but don't want to translate it into ICAP, the web-centric protocol that Content Analysis uses.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| File Path | String | N/A | Submit file from path. |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| file_reputation_score | N/A | N/A |
JSON Result
N/A