With this Playbook app, you can automatically detonate, analyze, and submit files in MalwareBazaar from ThreatConnect to understand if they are malicious and return any contextualized telemetry. This all leads to more informed decision-making and more efficient remediation of malicious files through automation.
The following actions are available within the Playbook App:
- Submit File for Analysis – Automate the submission of new malware files.
- Download Sample – Download a sample residing on a1000. If a sample is in the cloud, you will need to download it to the a1000 instance that you are using first.
- Get Extracted Files – Retrieve a list of all extracted files from a sample using the TitaniumCore engine.
- Get Summary Report – Retrieve a summary classification report and details for a sample or list of samples based on hash_value(s)
- Get File Reputation – Retrieve TitaniumCloud File Reputation results for files stored on the a1000 instance. The file must be on the a1000 instance. If it is not, you must first upload it and send it to the cloud.
- Get Report – Retrieve TitaniumCore analysis for given sample hash value. The file must be uploaded to the a1000 instance beforehand.’
This app can be found in the ThreatConnect App Catalog under the names: ReversingLabs