ReversingLabs A1000
Integration version: 6.0
Configure ReversingLabs A1000 integration in Google Security Operations
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations .
Actions
Delete Sample
Description
Delete a set of samples that exist on the A1000 appliance. All related data including, extracted samples, and metadata will be deleted.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the Filehash entity.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
success
|
True/False | success:False |
JSON Result
N/A
Get Report
Description
Get a summary classification report and all details for a sample or a list of samples using hash value(s).
Parameters
N/A
Use cases
N/A
Run On
This action runs on the Filehash entity.
Action Results
Entity Enrichment
| Enrichment Filed Name | Logic-When to apply |
|---|---|
| threat_status | Returns if it exists in JSON result |
| local_last_seen | Returns if it exists in JSON result |
| classification_origin | Returns if it exists in JSON result |
| imphash | Returns if it exists in JSON result |
| sha1 | Returns if it exists in JSON result |
| sha512 | Returns if it exists in JSON result |
| md5 | Returns if it exists in JSON result |
| threat_name | Returns if it exists in JSON result |
| local_first_seen | Returns if it exists in JSON result |
| classification_reason | Returns if it exists in JSON result |
| threat_level | Returns if it exists in JSON result |
| trust_factor | Returns if it exists in JSON result |
| md5 | Returns if it exists in JSON result |
| aliases | Returns if it exists in JSON result |
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
[
{
"EntityResult"
:
{
"threat_status"
:
"malicious"
,
"local_last_seen"
:
"2019-01-22T14: 21: 35.513535Z"
,
"classification_origin"
:
{
"imphash"
:
""
,
"sha1"
:
"9747d177bddfc9809079283829e6bbbe315dcfa0"
,
"sha512"
:
"efabb440ab2b82dda2614308b8e2d5e1850ede3fb9c8e6f1e521f1b0728d621a6f5174c30b8e27d7964bcff0ae6b8a1a48ecc4a69d0dc3eae7eccf54a4791785"
,
"sha256"
:
"d3133784ef82208faaa3b917096d7c3e0ad9eb89a5eb4d7770418c8261da4a41"
,
"md5"
:
"242b13c72845a90a869ed0add78f6110"
},
"threat_name"
:
"Android.Trojan.Agent"
,
"local_first_seen"
:
"2018-01-21T15: 30: 36.698843Z"
,
"classification_reason"
:
"cloud"
,
"threat_level"
:
5
,
"trust_factor"
:
5
,
"md5"
:
"2f61c5a77a64b3d45d651dc2fa7baff7"
,
"aliases"
:[
"76ea783ed0744703347a00403a73694c2a1e5a957f0f969b4284353fc7c919b4"
]},
"Entity"
:
"2f61c5a77a64b3d45d651dc2fa7baff7"
}
]
Get Scan Status
Description
Return the processing status in the A1000 system for the list of hash values.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the Filehash entity.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
[
{
"EntityResult"
:
"processed"
,
"Entity"
:
"2f61c5a77a64b3d45d651dc2fa7baff7"
},{
"EntityResult"
:
"processed"
,
"Entity"
:
"526e57077b938b3c3dbce56f8aaaa7be"
}
]
Ping
Description
Test connectivity.
Parameters
N/A
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
N/A
Upload File
Description
Upload a file for analysis on the A1000 appliance.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
|
File Path
|
String | N/A | Target file path. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
success
|
True/False | success:False |
JSON Result
{
"threat_status"
:
"unknown"
,
"local_last_seen"
:
"2019-01-28T11:40:23.195946Z"
,
"classification_origin"
:
null
,
"threat_name"
:
null
,
"local_first_seen"
:
"2019-01-28T11:09:06.752747Z"
,
"classification_reason"
:
"unknown"
,
"threat_level"
:
0
,
"trust_factor"
:
5
,
"md5"
:
"848d57fbd8e29afa08bd3f58dd30f902"
,
"aliases"
:
[
"Notes.txt"
]
}
Need more help? Get answers from Community members and Google SecOps professionals.
