Stay organized with collectionsSave and categorize content based on your preferences.
Symantec Content Analysis
Integration version: 5.0
Configure Symantec Content Analysis to work with Google Security Operations
Authentication to the REST API is provided using API keys that administrators
can create and manage in the Content Analysis CLI interface. To generate an API
key:
Connect to the serial console or SSH to the Content Analysis appliance as a
user with administrative privileges.
Copy the generated API key and save it in a text file, as it cannot be
viewed later.
Configure Symantec Content Analysis integration in Google SecOps
For detailed instructions on how to configure an integration in
Google SecOps, seeConfigure
integrations.
Actions
Get Hash Report
Description
Get samples for a hash (MD5 and SHA256).
Parameters
N/A
Run On
This action runs on the Filehash entity.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name
Value Options
Example
is_success
True/False
is_success:False
JSON Result
N/A
Ping
Description
Verifies that the user has a connection to Symantec Content Analysis via the
user's device.
Parameters
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
Script Result Name
Value Options
Example
is_success
True/False
is_success:False
JSON Result
N/A
Submit File
Description
Upload a file to Symantec Content Analysis for a scan. Symantec provides a REST
API for submitting individual files to Content Analysis for evaluation using the
current configuration. The API is available to people or programs that want to
know how Content Analysis would evaluate a file, but don't want to translate it
into ICAP, the web-centric protocol that Content Analysis uses.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eSymantec Content Analysis version 5.0 integrates with Google Security Operations SOAR, utilizing API keys for REST API authentication.\u003c/p\u003e\n"],["\u003cp\u003eAPI keys for Content Analysis are generated via the appliance's CLI interface with administrator privileges, and they must be saved immediately as they cannot be retrieved later.\u003c/p\u003e\n"],["\u003cp\u003eThe integration offers actions like "Get Hash Report" for retrieving samples based on file hashes, "Ping" to verify connection to Symantec Content Analysis, and "Submit File" to upload files for scanning.\u003c/p\u003e\n"],["\u003cp\u003eThe "Submit File" action uses a REST API to allow for file evaluation outside of the typical ICAP protocol and requires the file path as a parameter.\u003c/p\u003e\n"],["\u003cp\u003eEach action includes script results indicating the operation success or failure.\u003c/p\u003e\n"]]],[],null,["# Symantec Content Analysis\n=========================\n\nIntegration version: 5.0\n\nConfigure Symantec Content Analysis to work with Google Security Operations\n---------------------------------------------------------------------------\n\nAuthentication to the REST API is provided using API keys that administrators\ncan create and manage in the Content Analysis CLI interface. To generate an API\nkey:\n\n1. Connect to the serial console or SSH to the Content Analysis appliance as a user with administrative privileges.\n2. Enter the boldfaced commands below:\n\n \u003e enable\n\n Password: \u003center the password\u003e\n\n # ma-actions api-key create administrator\n\n Use of the MA API is not fully supported in CAS. Are you sure you want to proceed? [yes,no] yes\n\n ***MA API in CAS is an experimental feature and not fully tested; some functions may not behave as expected***\n\n Note that keys are not stored on the system in plain text and cannot be retrieved later.\n\n Created new API Key: \u003cThis is the API key\u003e (Key ID 2)\n\n3. Copy the generated API key and save it in a text file, as it cannot be\n viewed later.\n\n| **Note:** For additional information regarding Authentication, see [Supporting Multiple Instances](https://origin-symwisedownload.symantec.com/resources/webguides/contentanalysis/21/Content/Topics/DevGuide/generate_api_key.htm).\n\nConfigure Symantec Content Analysis integration in Google SecOps\n----------------------------------------------------------------\n\nFor detailed instructions on how to configure an integration in\nGoogle SecOps, see [Configure\nintegrations](/chronicle/docs/soar/respond/integrations-setup/configure-integrations).\n\nActions\n-------\n\n### Get Hash Report\n\n#### Description\n\nGet samples for a hash (MD5 and SHA256).\n\n#### Parameters\n\nN/A\n\n#### Run On\n\nThis action runs on the Filehash entity.\n\n#### Action Results\n\n##### Entity Enrichment\n\nN/A\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n N/A\n\n### Ping\n\n#### Description\n\nVerifies that the user has a connection to Symantec Content Analysis via the\nuser's device.\n\n#### Parameters\n\nN/A\n\n#### Run On\n\nThis action runs on all entities.\n\n#### Action Results\n\n##### Entity Enrichment\n\nN/A\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n N/A\n\n### Submit File\n\n#### Description\n\nUpload a file to Symantec Content Analysis for a scan. Symantec provides a REST\nAPI for submitting individual files to Content Analysis for evaluation using the\ncurrent configuration. The API is available to people or programs that want to\nknow how Content Analysis would evaluate a file, but don't want to translate it\ninto ICAP, the web-centric protocol that Content Analysis uses.\n\n#### Parameters\n\n#### Run On\n\nThis action runs on all entities.\n\n#### Action Results\n\n##### Entity Enrichment\n\nN/A\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n N/A\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
