ReversingLabs Titanium

Integration version: 9.0

Configure ReversingLabs Titanium integration in Google Security Operations

For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations .

Actions

Get Malware Details

Description

Query ReversingLabs Titanium for hash information.

Parameters

N/A

Run On

This action runs on the Filehash entity.

Action Results

Entity Enrichment

Enrichment Field Name	Logic - When to apply
rl	Returns if it exists in JSON result
malware_presence	Returns if it exists in JSON result
status	Returns if it exists in JSON result
scanner_count	Returns if it exists in JSON result
scanner_percent	Returns if it exists in JSON result
scanner_match	Returns if it exists in JSON result
query_hash	Returns if it exists in JSON result
sha1	Returns if it exists in JSON result
first_seen	Returns if it exists in JSON result
threat_level	Returns if it exists in JSON result
trust_factor	Returns if it exists in JSON result
last_seen	Returns if it exists in JSON result
Entity	Returns if it exists in JSON result

Insights

N/A

Script Result

Script Result Name	Value Options	Example
is_success	True/False	is_success:False

JSON Result

  [ 
  
 { 
  
 "EntityResult" 
 : 
  
 { 
  
 "rl" 
 : 
  
 { 
  
 "malware_presence" 
 : 
  
 { 
  
 "status" 
 : 
  
 "KNOWN" 
 , 
  
 "scanner_count" 
 : 
  
 41 
 , 
  
 "scanner_percent" 
 : 
  
 0.0 
 , 
  
 "scanner_match" 
 : 
  
 0 
 , 
  
 "query_hash" 
 : 
  
 { 
  
 "sha1" 
 : 
  
 "81fe8bfe87576c3ecb22426f8e57847382917acf" 
  
 }, 
  
 "first_seen" 
 : 
  
 "2013-03-17T15:10:55" 
 , 
  
 "threat_level" 
 : 
  
 0 
 , 
  
 "trust_factor" 
 : 
  
 0 
 , 
  
 "last_seen" 
 : 
  
 "2019-05-18T19:48:34" 
  
 } 
  
 } 
  
 }, 
  
 "Entity" 
 : 
  
 "81fe8bfe87576c3ecb22426f8e57847382917acf" 
  
 } 
 ]

Ping