Skip to content

splunk-soar-connectors/reversinglabs-tiscale

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

86 Commits
.github/workflows
.github/workflows
 
 
release_notes
release_notes
 
 
wheels
wheels
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
__init__.py
__init__.py
 
 
logo_reversinglabs_dark_tiscale.svg
logo_reversinglabs_dark_tiscale.svg
 
 
logo_reversinglabs_tiscale.svg
logo_reversinglabs_tiscale.svg
 
 
manual_readme_content.md
manual_readme_content.md
 
 
requirements.txt
requirements.txt
 
 
reversinglabs-tiscale.json
reversinglabs-tiscale.json
 
 
reversinglabs_template.html
reversinglabs_template.html
 
 
reversinglabs_view.py
reversinglabs_view.py
 
 
tiscale_connector.py
tiscale_connector.py
 
 
tiscale_consts.py
tiscale_consts.py
 
 
tiscale_test_connectivity.pdf
tiscale_test_connectivity.pdf
 
 
tox.ini
tox.ini
 
 

Repository files navigation

RL TitaniumScale Enterprise File Visibility

Publisher: ReversingLabs
Connector Version: 2.0.5
Product Vendor: ReversingLabs
Product Name: TISCALE
Product Version Supported (regex): ".*"
Minimum Product Version: 5.1.0

This app integrates with ReversingLabs TiScale Enterprise Scale File Visibility platform to automate analysis and investigative actions for file samples

ReversingLabs TitaniumScale

This app supports using ReversingLabs Advanced File Analysis to 'detonate file' on the TitaniumScale Advanced Malware Analysis Appliance.

The ReversingLabs TitaniumScale Appliance is powered by TitaniumCore, the malware analysis engine that performs automated static analysis using the Active File Decomposition technology.

TitaniumCore unpacks and recursively analyzes files without executing them, and extracts internal threat indicators to classify files and determine their threat level. TitaniumCore is capable of identifying thousands of file format families. It recursively unpacks hundreds of file format families, and fully repairs extracted files to enable further analysis.

For more information, consult the official product website.

How to Configure the App

Access the Asset Settings tab on the Asset Configuration page. The variables described in the previous section are displayed in this tab.

The "Base URL" field requires the host URL of the ReversingLabs TitaniumScale service. Select the "Verify server certificate" checkbox to ensure that the self-signed certificates are not accepted.

The "API Key" requires the authentication token for accessing the TitaniumScale REST API.

The "Detonate timeout" variable defines how long the app should wait for the results from the TitaniumScale appliance.

Configuration Variables

The below configuration variables are required for this Connector to operate. These variables are specified when configuring a TISCALE asset in SOAR.

VARIABLE REQUIRED TYPE DESCRIPTION
base_url required string Base URL to TISCALE service
verify_server_cert optional boolean Verify server certificate
api_key optional password API Key
timeout required numeric Detonate timeout in mins

Supported Actions

test connectivity - Validate the asset configuration for connectivity by attempting to log into the device
detonate file - Analyze the file in the TISCALE Advanced Malware Analysis Appliance and retrieve the analysis results

action: 'test connectivity'

Validate the asset configuration for connectivity by attempting to log into the device

Type: test
Read only: True

Action Parameters

No parameters are required for this action

Action Output

No Output

action: 'detonate file'

Analyze the file in the TISCALE Advanced Malware Analysis Appliance and retrieve the analysis results

Type: investigate
Read only: True

This action requires the input file to be present in the vault and therefore takes the vault id as the input parameter.

Action Parameters

PARAMETER REQUIRED DESCRIPTION TYPE CONTAINS
file_vault_id required Vault ID of file to detonate string vault id
file_name optional Filename to use string
hunting_report_vault_id optional Threat hunting report that represents current state of the hunting workflow string vault id
full_report optional Receive full TiScale metadata in a response boolean

Action Output

DATA PATH TYPE CONTAINS
action_result.status string
action_result.parameter.file_name string
action_result.parameter.file_vault_id string vault id
action_result.parameter.full_report string
action_result.parameter.hunting_report_vault_id string vault id
action_result.data string
action_result.data.*.hunting_report_vault_id string
action_result.data.*.readable_summary.classification.classification string
action_result.data.*.readable_summary.classification.description string
action_result.data.*.readable_summary.classification.reason string
action_result.data.*.readable_summary.classification.threat.description string
action_result.data.*.readable_summary.classification.threat.factor numeric
action_result.data.*.readable_summary.classification.threat.name string
action_result.summary string
action_result.message string
summary.total_objects numeric
summary.total_objects_successful numeric

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 2

2.0.4 Latest
Feb 21, 2022
+ 1 release

Packages

No packages published

Contributors 13

Languages