MalShare
Integration version: 7.0
Configure MalShare to work with Google Security Operations
API Key
Your API key will be emailed to you upon successful registration to the MalShare portal.
Network
| Function | Default Port | Direction | Protocol |
|---|---|---|---|
|
API
|
Multivalues | Outbound | apikey |
Configure MalShare Integration in Google SecOps
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations .
Integration parameters
Use the following parameters to configure the integration:
| Parameter Display Name | Type | Default Value | Is mandatory | Description |
|---|---|---|---|---|
|
Instance Name
|
String | N/A | No | Name of the Instance you intend to configure integration for. |
|
Description
|
String | N/A | No | Description of the Instance. |
|
Api Key
|
String | N/A | Yes | API Key generated in Malshare console. |
|
Verify SSL
|
Checkbox | Unchecked | No | Use this checkbox, if your MalShare connection requires an SSL verification (unchecked by default). |
|
Run Remotely
|
Checkbox | Unchecked | No | Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent). |
Actions
Enrich Hash
Description
Search for hashes within MalShare.
Parameters
N/A
Run On
This action runs on the Filehash entity.
Action Results
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| SHA1 | Returns if it exists in JSON result |
| SOURCES | Returns if it exists in JSON result |
| F_TYPE | Returns if it exists in JSON result |
| SSDEEP | Returns if it exists in JSON result |
| SHA256 | Returns if it exists in JSON result |
| MD5 | Returns if it exists in JSON result |
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
[{
"EntityResult"
:
{
"SHA1"
:
"72bc52b0962ce9043d2104c511a0c5f1c3b5faf3"
,
"SOURCES"
:
[
"http://dubaifridays.com/437gfinw2?NzGQTrl=AJQIIksfc"
],
"F_TYPE"
:
"HTML"
,
"SSDEEP"
:
"768:uTqtXcyd1AlOIkRZAI+rVEGvbnP0+Dod58GO5Fyk31Qc2vGn:uTKXcyd1pujd5Fyc4I"
,
"SHA256"
:
"32d1b186a7ae51b2aa0485fbfff44323576f7195286c44619b5bd43b446678b8"
,
"MD5"
:
"9e0e9014a11cc149174d0b306f2ac698"
},
"Entity"
:
"9e0e9014a11cc149174d0b306f2ac698"
}]
Ping
Description
Test Connectivity.
Parameters
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_connect
|
True/False | is_connect:False |
JSON Result
N/A
Upload File
Description
Upload a file to MalShare.
Parameters
| Parameter | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
|
File Path
|
String | N/A | Yes | The path of the file to upload. |
Run On
This action runs on all entities.
Action Results
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| SHA1 | Returns if it exists in JSON result |
| SOURCES | Returns if it exists in JSON result |
| F_TYPE | Returns if it exists in JSON result |
| SSDEEP | Returns if it exists in JSON result |
| SHA256 | Returns if it exists in JSON result |
| MD5 | Returns if it exists in JSON result |
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
N/A
Need more help? Get answers from Community members and Google SecOps professionals.
