ReversingLabs A1000
Integration version: 6.0
Configure ReversingLabs A1000 integration in Google Security Operations
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations.
Actions
Delete Sample
Description
Delete a set of samples that exist on the A1000 appliance. All related data including, extracted samples, and metadata will be deleted.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the Filehash entity.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| success | True/False | success:False |
JSON Result
N/A Get Report
Description
Get a summary classification report and all details for a sample or a list of samples using hash value(s).
Parameters
N/A
Use cases
N/A
Run On
This action runs on the Filehash entity.
Action Results
Entity Enrichment
| Enrichment Filed Name | Logic-When to apply |
|---|---|
| threat_status | Returns if it exists in JSON result |
| local_last_seen | Returns if it exists in JSON result |
| classification_origin | Returns if it exists in JSON result |
| imphash | Returns if it exists in JSON result |
| sha1 | Returns if it exists in JSON result |
| sha512 | Returns if it exists in JSON result |
| md5 | Returns if it exists in JSON result |
| threat_name | Returns if it exists in JSON result |
| local_first_seen | Returns if it exists in JSON result |
| classification_reason | Returns if it exists in JSON result |
| threat_level | Returns if it exists in JSON result |
| trust_factor | Returns if it exists in JSON result |
| md5 | Returns if it exists in JSON result |
| aliases | Returns if it exists in JSON result |
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
[ { "EntityResult": { "threat_status": "malicious", "local_last_seen": "2019-01-22T14: 21: 35.513535Z", "classification_origin": { "imphash": "", "sha1": "9747d177bddfc9809079283829e6bbbe315dcfa0", "sha512": "efabb440ab2b82dda2614308b8e2d5e1850ede3fb9c8e6f1e521f1b0728d621a6f5174c30b8e27d7964bcff0ae6b8a1a48ecc4a69d0dc3eae7eccf54a4791785", "sha256": "d3133784ef82208faaa3b917096d7c3e0ad9eb89a5eb4d7770418c8261da4a41", "md5": "242b13c72845a90a869ed0add78f6110" }, "threat_name": "Android.Trojan.Agent", "local_first_seen": "2018-01-21T15: 30: 36.698843Z", "classification_reason": "cloud", "threat_level": 5, "trust_factor": 5, "md5": "2f61c5a77a64b3d45d651dc2fa7baff7", "aliases":["76ea783ed0744703347a00403a73694c2a1e5a957f0f969b4284353fc7c919b4" ]}, "Entity": "2f61c5a77a64b3d45d651dc2fa7baff7" } ] Get Scan Status
Description
Return the processing status in the A1000 system for the list of hash values.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the Filehash entity.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
[ { "EntityResult": "processed", "Entity": "2f61c5a77a64b3d45d651dc2fa7baff7" },{ "EntityResult": "processed", "Entity": "526e57077b938b3c3dbce56f8aaaa7be" } ] Ping
Description
Test connectivity.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/A Upload File
Description
Upload a file for analysis on the A1000 appliance.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| File Path | String | N/A | Target file path. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| success | True/False | success:False |
JSON Result
{ "threat_status": "unknown", "local_last_seen": "2019-01-28T11:40:23.195946Z", "classification_origin": null, "threat_name": null, "local_first_seen": "2019-01-28T11:09:06.752747Z", "classification_reason": "unknown", "threat_level": 0, "trust_factor": 5, "md5": "848d57fbd8e29afa08bd3f58dd30f902", "aliases": [ "Notes.txt" ] } Need more help? Get answers from Community members and Google SecOps professionals.