Console
    Start free

    ReversingLabs A1000

    This document provides guidance on how to integrate ReversingLabs A1000 with Google SecOps.

    Configure ReversingLabs A1000 integration in Google Security Operations

    For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations .

    Actions

    Delete Sample

    Description

    Delete a set of samples that exist on the A1000 appliance. All related data including, extracted samples, and metadata will be deleted.

    Parameters

    N/A

    Use cases

    N/A

    Run On

    This action runs on the Filehash entity.

    Action Results

    Entity Enrichment

    N/A

    Insights

    N/A

    Script Result
    Script Result Name Value Options Example
    success
    		 True/False success:False
    JSON Result
      N/A

    Get Report

    Description

    Get a summary classification report and all details for a sample or a list of samples using hash value(s).

    Parameters

    N/A

    Use cases

    N/A

    Run On

    This action runs on the Filehash entity.

    Action Results

    Entity Enrichment
    Enrichment Filed Name Logic-When to apply
    threat_status Returns if it exists in JSON result
    local_last_seen Returns if it exists in JSON result
    classification_origin Returns if it exists in JSON result
    imphash Returns if it exists in JSON result
    sha1 Returns if it exists in JSON result
    sha512 Returns if it exists in JSON result
    md5 Returns if it exists in JSON result
    threat_name Returns if it exists in JSON result
    local_first_seen Returns if it exists in JSON result
    classification_reason Returns if it exists in JSON result
    threat_level Returns if it exists in JSON result
    trust_factor Returns if it exists in JSON result
    md5 Returns if it exists in JSON result
    aliases Returns if it exists in JSON result
    Insights

    N/A

    Script Result
    Script Result Name Value Options Example
    is_success
    		 True/False is_success:False
    JSON Result
      [ 
  
 { 
  
 "EntityResult" 
 : 
  
 { 
  
 "threat_status" 
 : 
  
 "malicious" 
 , 
  
 "local_last_seen" 
 : 
  
 "2019-01-22T14: 21: 35.513535Z" 
 , 
  
 "classification_origin" 
 : 
  
 { 
  
 "imphash" 
 : 
  
 "" 
 , 
  
 "sha1" 
 : 
  
 "9747d177bddfc9809079283829e6bbbe315dcfa0" 
 , 
  
 "sha512" 
 : 
  
 "efabb440ab2b82dda2614308b8e2d5e1850ede3fb9c8e6f1e521f1b0728d621a6f5174c30b8e27d7964bcff0ae6b8a1a48ecc4a69d0dc3eae7eccf54a4791785" 
 , 
  
 "sha256" 
 : 
  
 "d3133784ef82208faaa3b917096d7c3e0ad9eb89a5eb4d7770418c8261da4a41" 
 , 
  
 "md5" 
 : 
  
 "242b13c72845a90a869ed0add78f6110" 
  
 }, 
  
 "threat_name" 
 : 
  
 "Android.Trojan.Agent" 
 , 
  
 "local_first_seen" 
 : 
  
 "2018-01-21T15: 30: 36.698843Z" 
 , 
  
 "classification_reason" 
 : 
  
 "cloud" 
 , 
  
 "threat_level" 
 : 
  
 5 
 , 
  
 "trust_factor" 
 : 
  
 5 
 , 
  
 "md5" 
 : 
  
 "2f61c5a77a64b3d45d651dc2fa7baff7" 
 , 
  
 "aliases" 
 :[ 
 "76ea783ed0744703347a00403a73694c2a1e5a957f0f969b4284353fc7c919b4" 
  
 ]}, 
  
 "Entity" 
 : 
  
 "2f61c5a77a64b3d45d651dc2fa7baff7" 
  
 } 
 ]

    Get Scan Status

    Description

    Return the processing status in the A1000 system for the list of hash values.

    Parameters

    N/A

    Use cases

    N/A

    Run On

    This action runs on the Filehash entity.

    Action Results

    Entity Enrichment

    N/A

    Insights

    N/A

    Script Result
    Script Result Name Value Options Example
    is_success
    		 True/False is_success:False
    JSON Result
      [ 
  
 { 
  
 "EntityResult" 
 : 
  
 "processed" 
 , 
  
 "Entity" 
 : 
  
 "2f61c5a77a64b3d45d651dc2fa7baff7" 
  
 },{ 
  
 "EntityResult" 
 : 
  
 "processed" 
 , 
  
 "Entity" 
 : 
  
 "526e57077b938b3c3dbce56f8aaaa7be" 
  
 } 
 ]

    Ping

    Description

    Test connectivity.

    Parameters

    N/A

    Use cases

    N/A

    Run On

    This action runs on all entities.

    Action Results

    Entity Enrichment

    N/A

    Insights

    N/A

    Script Result
    Script Result Name Value Options Example
    is_success
    		 True/False is_success:False
    JSON Result
      N/A

    Upload File

    Description

    Upload a file for analysis on the A1000 appliance.

    Parameters

    Parameter Type Default Value Description
    File Path
    		 String N/A Target file path.

    Use cases

    N/A

    Run On

    This action runs on all entities.

    Action Results

    Entity Enrichment

    N/A

    Insights

    N/A

    Script Result
    Script Result Name Value Options Example
    success
    		 True/False success:False
    JSON Result
      { 
  
 "threat_status" 
 : 
  
 "unknown" 
 , 
  
 "local_last_seen" 
 : 
  
 "2019-01-28T11:40:23.195946Z" 
 , 
  
 "classification_origin" 
 : 
  
 null 
 , 
  
 "threat_name" 
 : 
  
 null 
 , 
  
 "local_first_seen" 
 : 
  
 "2019-01-28T11:09:06.752747Z" 
 , 
  
 "classification_reason" 
 : 
  
 "unknown" 
 , 
  
 "threat_level" 
 : 
  
 0 
 , 
  
 "trust_factor" 
 : 
  
 5 
 , 
  
 "md5" 
 : 
  
 "848d57fbd8e29afa08bd3f58dd30f902" 
 , 
  
 "aliases" 
 : 
  
 [ 
  
 "Notes.txt" 
  
 ] 
 }

    Need more help? Get answers from Community members and Google SecOps professionals.

    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: