Publisher: ReversingLabs
Connector Version: 1.3.0
Product Vendor: Reversinglabs
Product Name: TitaniumCloud
Product Version Supported (regex): ".*"
Minimum Product Version: 6.1.1
App integrates with ReversingLabs TitaniumCloud APIs delivering targeted file and malware intelligence for threat identification, analysis, intelligence development, and threat hunting services
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a TitaniumCloud asset in SOAR.
VARIABLE | REQUIRED | TYPE | DESCRIPTION |
---|---|---|---|
url | required | string | TitaniumCloud URL |
username | required | string | TitaniumCloud username |
password | required | password | TitaniumCloud password |
test connectivity - Validate the asset configuration for connectivity using supplied configuration
yara create ruleset - TCA-0303 - Create a new YARA ruleset
yara delete ruleset - TCA-0303 - Delete YARA ruleset
yara get ruleset info - TCA-0303 - Get YARA ruleset info
yara get ruleset text - TCA-0303 - Get YARA ruleset text
get yara matches - TCA-0303 - Get a recordset of YARA ruleset matches in the specified time range
yara retro enable hunt - TCA-0319 - Enable YARA retro hunt
yara retro start hunt - TCA-0319 - Start YARA retro hunt for the specified ruleset
yara retro check status - TCA-0319 - Check the retro hunt status for the specified ruleset
yara retro cancel hunt - TCA-0319 - Cancel the retro hunt for the specified ruleset
get yara retro matches - TCA-0319 - Get a recordset of YARA ruleset matches in the specified time range
imphash similarity - TCA-0302 - Get a a list of all available SHA1 hashes for files sharing the same import hash (imphash)
advanced search - TCA-0320 - Search for hashes using multi-part search criteria
av scanners - TCA-0103 - Retrieve AV Scanner data from TitaniumCloud
file reputation - TCA-0101 - Queries for file reputation info
file analysis - TCA-0104 - Retrieve File Analysis by hash data from TitaniumCloud
functional similarity - TCA-0301 - Retrieve a list of functionally similar hashes to the provided one
url reputation - TCA-0403 - Queries URL Threat Intelligence
get downloaded files - TCA - 0403 - Get files downloaded from url
get latest url analysis feed - TCA - 0403 - Get latest url analysis feed
get url analysis feed from date - TCA - 0403 - Get url analysis feed from date
analyze url - TCA-0404 - Analyze a given URL
uri statistics - TCA-0402 - Retrieve the number of MALICIOUS, SUSPICIOUS and KNOWN files associated with a specific URI
uri index - TCA-0401 - Retrieve a list of all available file hashes associated with a given URI
submit for dynamic analysis - TCA-0207 - Submit an existing sample for dynamic analysis
submit url for dynamic analysis - TCA-0207 - Submit an existing url sample for dynamic analysis
dynamic analysis results - TCA-0106 - Retrieve a file dynamic analysis results
dynamic url analysis results - TCA-0106 - Retrieve an url dynamic analysis results
reanalyze file - TCA-0205 - Reanalyze sample
upload file - TCA-0202 - Upload file to TitaniumCloud
get file - TCA-0201 - Download a sample from TitaniumCloud
get network reputation - TCA-0407 - Get reputation of a requested URL, domain or IP address
get list user overrides - TCA-0408 - Get user URL classification overrides
get list user overrides aggregated - TCA-0408 - Get user URL classification overrides aggregated
network reputation user override - TCA-0408 - Override user network location reputation
Validate the asset configuration for connectivity using supplied configuration
Type: test
Read only: True
Validate the asset configuration for connectivity using supplied configuration.
No parameters are required for this action
No Output
TCA-0303 - Create a new YARA ruleset
Type: generic
Read only: False
TCA-0303 - Create a new YARA ruleset.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | required | YARA ruleset name | string | |
ruleset_text | required | Stringified YARA ruleset / a Unicode string | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.ruleset_name | string | ||
action_result.parameter.ruleset_text | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0303 - Delete YARA ruleset
Type: generic
Read only: False
TCA-0303 - Delete YARA ruleset.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | required | YARA ruleset name | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.ruleset_name | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0303 - Get YARA ruleset info
Type: generic
Read only: False
TCA-0303 - Get information for a specific YARA ruleset or all YARA rulesets in the collection.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | optional | YARA ruleset name | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.data.*.ruleset_name | string | ||
action_result.data.*.valid | string | ||
action_result.data.*.approved | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0303 - Get YARA ruleset text
Type: generic
Read only: False
TCA-0303 - Get the text of a YARA ruleset.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | required | YARA ruleset name | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.ruleset_name | string | ||
action_result.data.*.text | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0303 - Get a recordset of YARA ruleset matches in the specified time range
Type: generic
Read only: False
TCA-0303 - Get a recordset of YARA ruleset matches in the specified time range.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
time_format | required | 'utc' or 'timestamp' | string | |
time_value | required | 'YYYY-MM-DDThh:mm:ss' or Unix timestamp string | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.time_format | string | ||
action_result.parameter.time_value | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0319 - Enable YARA retro hunt
Type: generic
Read only: False
TCA-0319 - Enable the retro hunt for the specified ruleset that has been submitted to TitaniumCloud prior to deployment of YARA retro.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | required | YARA ruleset name | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.ruleset_name | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0319 - Start YARA retro hunt for the specified ruleset
Type: generic
Read only: False
TCA-0319 - Start YARA retro hunt for the specified ruleset.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | required | YARA ruleset name | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.ruleset_name | string | ||
action_result.data.*.ruleset_sha1 | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0319 - Check the retro hunt status for the specified ruleset
Type: generic
Read only: False
TCA-0319 - Check the retro hunt status for the specified ruleset.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | required | YARA ruleset name | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.ruleset_name | string | ||
action_result.data.*.retro_status | string | ||
action_result.data.*.start_time | string | ||
action_result.data.*.finish_time | string | ||
action_result.data.*.reason | string | ||
action_result.data.*.progress | string | ||
action_result.data.*.estimated_finish_time | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0319 - Cancel the retro hunt for the specified ruleset
Type: generic
Read only: False
TCA-0319 - Cancel the retro hunt for the specified ruleset.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | required | YARA ruleset name | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.ruleset_name | string | ||
action_result.data.*.ruleset_sha1 | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0319 - Get a recordset of YARA ruleset matches in the specified time range
Type: generic
Read only: False
TCA-0319 - Get a recordset of YARA ruleset matches in the specified time range.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
time_format | required | 'utc' or 'timestamp' | string | |
time_value | required | 'YYYY-MM-DDThh:mm:ss' or Unix timestamp string | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.data.*.rl.feed.name | string | ||
action_result.data.*.rl.feed.time_range.from | string | ||
action_result.data.*.rl.feed.time_range.to | string | ||
action_result.data.*.rl.feed.last_timestamp | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0302 - Get a a list of all available SHA1 hashes for files sharing the same import hash (imphash)
Type: investigate
Read only: True
TCA-0302 - Imphash Index provides a list of all available SHA1 hashes for files sharing the same import hash (imphash). An imphash is a hash calculated from a string which contains the libraries imported by a Windows Portable Executable (PE) file.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
imphash | required | Imphash | string | hash |
limit | optional | Maximum number of results | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.imphash | string | ||
action_result.parameter.limit | numeric | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0320 - Search for hashes using multi-part search criteria
Type: generic
Read only: False
TCA-0320 - Search for hashes using multi-part search criteria. Supported criteria include more than 60 keywords, 35 antivirus vendors, 137 sample types and subtypes, and 283 tags that enable creating 510 unique search expressions with support for Boolean operators and case-insensitive wildcard matching. A number of search keywords support relational operators '<=' and '>='.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
query | required | Advanced Search query | string | |
limit | optional | Maximum number of results | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.limit | numeric | ||
action_result.parameter.query | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0103 - Retrieve AV Scanner data from TitaniumCloud
Type: investigate
Read only: False
TCA-0103 - Provides AV vendor cross-reference data for a desired sample from multiple AV scanners.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
hash | required | File hash | string | sha1 sha256 md5 |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.hash | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0101 - Queries for file reputation info
Type: investigate
Read only: True
TCA-0101 - Queries for file reputation info.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
hash | required | File hash to query | string | hash sha256 sha1 md5 |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.hash | string | hash sha256 sha1 md5 |
|
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0104 - Retrieve File Analysis by hash data from TitaniumCloud
Type: investigate
Read only: False
TCA-0104 - Provides file analysis data on hashes. Metadata can include relevant portions of static analysis, AV scan information, file sources and any related IP/domain information.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
hash | required | File hash | string | sha1 sha256 md5 vault id |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.hash | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0301 - Retrieve a list of functionally similar hashes to the provided one
Type: investigate
Read only: False
TCA-0301 - Provides a list of SHA1 hashes of files that are functionally similar to the provided file (SHA1 hash) at the selected precision level.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
hash | required | File hash | string | sha1 |
limit | optional | Maximum number of results | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.hash | string | ||
action_result.parameter.limit | numeric | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0403 - Queries URL Threat Intelligence
Type: investigate
Read only: True
TCA-0403 - Queries URL Threat Intelligence.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
url | required | URL to query | string | url |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.url | string | url |
|
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA - 0403 - Get files downloaded from url
Type: generic
Read only: False
Accepts a URL string and returns a list of downloaded files aggregated through multiple pages of results.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
url | required | URL string | string | |
extended | optional | Return extended report | boolean | |
classification | optional | Return only files of this classification | string | |
last_analysis | optional | Return only files from the last analysis | boolean | |
analysis_id | optional | Return only files from this analysis | string | |
results_per_page | optional | Number of results to be returned in one page, maximum value is 1000 | numeric | |
max_results | optional | Maximum results to be returned in the list | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.parameter.url | string | ||
action_result.parameter.extended | boolean | ||
action_result.parameter.classification | string | ||
action_result.parameter.last_analysis | boolean | ||
action_result.parameter.analysis_id | string | ||
action_result.parameter.results_per_page | numeric | ||
action_result.parameter.max_results | numeric | ||
action_result.status | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA - 0403 - Get latest url analysis feed
Type: generic
Read only: False
Returns the latest URL analyses reports aggregated as list.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
results_per_page | optional | Number of results to be returned in one page, maximum value is 1000 | numeric | |
max_results | optional | Maximum results to be returned in the list | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.parameter.results_per_page | numeric | ||
action_result.parameter.max_results | numeric | ||
action_result.status | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA - 0403 - Get url analysis feed from date
Type: generic
Read only: False
Accepts time format and a start time and returns URL analyses reports from that defined time onward aggregated as a list.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
time_format | required | Possible values: 'utc' or 'timestamp' | string | |
start_time | required | Time from which to retrieve results onwards | string | |
results_per_page | optional | Number of results to be returned in one page, maximum value is 1000 | numeric | |
max_results | optional | Maximum results to be returned in the list | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.parameter.time_format | string | ||
action_result.parameter.start_time | string | ||
action_result.parameter.results_per_page | numeric | ||
action_result.parameter.max_results | numeric | ||
action_result.status | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0404 - Analyze a given URL
Type: investigate
Read only: False
TCA-0404 - This service allows users to submit a URL for analysis.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
url | required | URL to analyze | string | url |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.url | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0402 - Retrieve the number of MALICIOUS, SUSPICIOUS and KNOWN files associated with a specific URI
Type: generic
Read only: False
TCA-0402 - Provides the number of MALICIOUS, SUSPICIOUS and KNOWN files associated with a specific URI (domain, IP address, email or URL).
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
uri | required | Uri | string | sha1 |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.uri | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0401 - Retrieve a list of all available file hashes associated with a given URI
Type: generic
Read only: False
TCA-0401 - Provides a list of all available file hashes associated with a given URI (domain, IP address, email or URL) regardless of file classification.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
uri | required | Desired URI string | string | url domain |
limit | optional | Maximum number of results | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.limit | numeric | ||
action_result.parameter.uri | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0207 - Submit an existing sample for dynamic analysis
Type: investigate
Read only: False
TCA-0207 - This service allows users to detonate a file in the ReversingLabs TitaniumCloud sandbox. To submit a file for analysis, it must exist in TitaniumCloud.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
sha1 | required | Selected sample's SHA-1 hash | string | sha1 vault id |
platform | required | Selected platform on which the analysis will be performed. See TCA-0207 API documentation for available options | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.platform | string | ||
action_result.parameter.sha1 | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0207 - Submit an existing URL sample for dynamic analysis
Type: investigate
Read only: False
TCA-0207 - This service allows users to detonate an URL in the ReversingLabs TitaniumCloud sandbox. To submit an url for analysis, it must exist in TitaniumCloud.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
sha1 | required | Selected sample's url string | string | url domain |
platform | required | Selected platform on which the analysis will be performed. See TCA-0207 API documentation for available options | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.data.*.rl.url | string | url | |
action_result.data.*.rl.sha1 | string | sha1 | |
action_result.data.*.rl.status | string | ||
action_result.data.*.rl.url_base64 | string | ||
action_result.data.*.rl.analysis_id | string |
TCA-0106 - Retrieve dynamic analysis results
Type: generic
Read only: False
TCA-0106 - This service allows users to retrieve dynamic analysis results for a file that was submitted for dynamic analysis.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
sha1 | required | Selected sample's SHA-1 hash | string | sha1 |
analysis_id | optional | Return only the results of this analysis | string | |
latest | optional | Return only the latest analysis results | boolean |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.analysis_id | string | ||
action_result.parameter.latest | boolean | ||
action_result.parameter.sha1 | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0106 - Retrieve dynamic analysis results for url
Type: investigate
Read only: true
TCA-0106 - This service allows users to retrieve dynamic analysis results for an url that was submitted for dynamic analysis.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
url | required | Provide one of the following: sha1, base64 or url | string | sha1 url |
analysis_id | optional | Return only the results of this analysis | string | |
latest | optional | Return only the latest analysis results | boolean |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.parameter.analysis_id | string | ||
action_result.parameter.data.0.requested_sha1_url | string |
TCA-0205 - Reanalyze sample
Type: investigate
Read only: False
TCA-0205 - This query sends a sample with the requested hash for rescanning.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
hash | required | File hash | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.hash | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0202 - Upload file to TitaniumCloud
Type: generic
Read only: False
TCA-0202 - Upload file to TitaniumCloud.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
vault_id | required | Vault ID of file to upload | string | vault id |
file_name | optional | Filename to use | string | file name |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.file_name | string | file name |
|
action_result.parameter.vault_id | string | pe file pdf flash apk jar doc xls ppt |
|
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0201 - Download a sample from TitaniumCloud
Type: investigate
Read only: True
TCA-0201 - Download a sample from TitaniumCloud and add it to the vault.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
hash | required | Hash of file/sample to download | string | md5 sha1 sha256 |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.hash | string | md5 sha1 sha256 |
|
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0407 - Get reputation of a requested URL, domain or IP address
Type: investigate
Read only: False
Service provides information regarding the reputation of a requested URL, domain or IP address.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
network_locations | required | domain, url or ip | string | domain url ip |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0408 - Get user URL classification overrides
Type: generic
Read only: False
TCA-0408 - Get user URL classification overrides
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
next_page_sha1 | optional | Optional parameter used for pagination | string | sha1 |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.data..user_override.network_locations..network_location | string | url domain ip |
|
action_result.data..user_override.network_locations..type | string | url domain ip |
|
action_result.status | string | success or failed | |
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0408 - Get user URL classification overrides aggregated
Type: generic
Read only: False
This API automatically handles paging and returns a list of results instead of a Response object.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
max_results | optional | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.data...network_location | string | url domain ip |
|
action_result.data...type | string | url domain ip |
|
action_result.status | string | success or failed | |
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0408 - Override user network location reputation
Type: generic
Read only: False
The Network Reputation User OVerride service enables URL classification overrides
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
override_list | required | List of network locations which classification needs to be overriden | string | |
remove_overrides_list | optional | List of network locations which classification override needs to be removed | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success or failed | |
action_result.parameter.override_list | string | { "network_location": "http://example.com", "type": "url", "classification": "malicious", "categories": ["phishing"] } | |
action_result.parameter.remove_overrides_list | string | { "network_location": "http://example.com", "type": "url" } | |
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a TitaniumCloud asset in SOAR.
VARIABLE | REQUIRED | TYPE | DESCRIPTION |
---|---|---|---|
url | required | string | TitaniumCloud URL |
username | required | string | TitaniumCloud username |
password | required | password | TitaniumCloud password |
test connectivity - Validate the asset configuration for connectivity using supplied configuration
yara create ruleset - TCA-0303 - Create a new YARA ruleset
yara delete ruleset - TCA-0303 - Delete YARA ruleset
yara get ruleset info - TCA-0303 - Get YARA ruleset info
yara get ruleset text - TCA-0303 - Get YARA ruleset text
get yara matches - TCA-0303 - Get a recordset of YARA ruleset matches in the specified time range
yara retro enable hunt - TCA-0319 - Enable YARA retro hunt
yara retro start hunt - TCA-0319 - Start YARA retro hunt for the specified ruleset
yara retro check status - TCA-0319 - Check the retro hunt status for the specified ruleset
yara retro cancel hunt - TCA-0319 - Cancel the retro hunt for the specified ruleset
get yara retro matches - TCA-0319 - Get a recordset of YARA ruleset matches in the specified time range
imphash similarity - TCA-0302 - Get a a list of all available SHA1 hashes for files sharing the same import hash (imphash)
advanced search - TCA-0320 - Search for hashes using multi-part search criteria
av scanners - TCA-0103 - Retrieve AV Scanner data from TitaniumCloud
file reputation - TCA-0101 - Queries for file reputation info
file analysis - TCA-0104 - Retrieve File Analysis by hash data from TitaniumCloud
functional similarity - TCA-0301 - Retrieve a list of functionally similar hashes to the provided one
url reputation - TCA-0403 - Queries URL Threat Intelligence
get downloaded files - TCA - 0403 - Get files downloaded from url
get latest url analysis feed - TCA - 0403 - Get latest url analysis feed
get url analysis feed from date - TCA - 0403 - Get url analysis feed from date
analyze url - TCA-0404 - Analyze a given URL
uri statistics - TCA-0402 - Retrieve the number of MALICIOUS, SUSPICIOUS and KNOWN files associated with a specific URI
uri index - TCA-0401 - Retrieve a list of all available file hashes associated with a given URI
submit for dynamic analysis - TCA-0207 - Submit an existing sample for dynamic analysis
submit url for dynamic analysis - TCA-0207 - Submit an url sample for dynamic analysis
dynamic analysis results - TCA-0106 - Retrieve dynamic analysis results
dynamic url analysis results - TCA-0106 - Retrieve dynamic analysis results for url
reanalyze file - TCA-0205 - Reanalyze sample
upload file - TCA-0202 - Upload file to TitaniumCloud
get file - TCA-0201 - Download a sample from TitaniumCloud
get network reputation - Network Reputation API
get list user overrides - List User Overrides
get list user overrides aggregated - Returns a list of overrides that the user has made
network reputation user override - Network Reputation User Override
Validate the asset configuration for connectivity using supplied configuration
Type: test
Read only: True
Validate the asset configuration for connectivity using supplied configuration.
No parameters are required for this action
No Output
TCA-0303 - Create a new YARA ruleset
Type: generic
Read only: False
TCA-0303 - Create a new YARA ruleset.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | required | YARA ruleset name | string | |
ruleset_text | required | Stringified YARA ruleset / a Unicode string | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.ruleset_name | string | ||
action_result.parameter.ruleset_text | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0303 - Delete YARA ruleset
Type: generic
Read only: False
TCA-0303 - Delete YARA ruleset.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | required | YARA ruleset name | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.ruleset_name | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0303 - Get YARA ruleset info
Type: generic
Read only: False
TCA-0303 - Get information for a specific YARA ruleset or all YARA rulesets in the collection.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | optional | YARA ruleset name | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.data.*.ruleset_name | string | ||
action_result.data.*.valid | string | ||
action_result.data.*.approved | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0303 - Get YARA ruleset text
Type: generic
Read only: False
TCA-0303 - Get the text of a YARA ruleset.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | required | YARA ruleset name | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.parameter.ruleset_name | string | ||
action_result.data.*.text | string | ||
action_result.status | string | success failed | |
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0303 - Get a recordset of YARA ruleset matches in the specified time range
Type: generic
Read only: False
TCA-0303 - Get a recordset of YARA ruleset matches in the specified time range.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
time_format | required | 'utc' or 'timestamp' | string | |
time_value | required | 'YYYY-MM-DDThh:mm:ss' or Unix timestamp string | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.time_format | string | ||
action_result.parameter.time_value | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0319 - Enable YARA retro hunt
Type: generic
Read only: False
TCA-0319 - Enable the retro hunt for the specified ruleset that has been submitted to TitaniumCloud prior to deployment of YARA retro.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | required | YARA ruleset name | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.ruleset_name | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0319 - Start YARA retro hunt for the specified ruleset
Type: generic
Read only: False
TCA-0319 - Start YARA retro hunt for the specified ruleset.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | required | YARA ruleset name | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.ruleset_name | string | ||
action_result.data.*.ruleset_sha1 | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0319 - Check the retro hunt status for the specified ruleset
Type: generic
Read only: False
TCA-0319 - Check the retro hunt status for the specified ruleset.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | required | YARA ruleset name | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.parameter.ruleset_name | string | ||
action_result.data.*.retro_status | string | ||
action_result.data.*.start_time | string | ||
action_result.data.*.finish_time | string | ||
action_result.data.*.reason | string | ||
action_result.data.*.progress | string | ||
action_result.data.*.estimated_finish_time | string | ||
action_result.status | string | success failed | |
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0319 - Cancel the retro hunt for the specified ruleset
Type: generic
Read only: False
TCA-0319 - Cancel the retro hunt for the specified ruleset.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ruleset_name | required | YARA ruleset name | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.ruleset_name | string | ||
action_result.data.*.ruleset_sha1 | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0319 - Get a recordset of YARA ruleset matches in the specified time range
Type: generic
Read only: False
TCA-0319 - Get a recordset of YARA ruleset matches in the specified time range.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
time_format | required | 'utc' or 'timestamp' | string | |
time_value | required | 'YYYY-MM-DDThh:mm:ss' or Unix timestamp string | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.data.*.rl.feed.name | string | ||
action_result.data.*.rl.feed.time_range.from | string | ||
action_result.data.*.rl.feed.time_range.to | string | ||
action_result.data.*.rl.feed.last_timestamp | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0302 - Get a a list of all available SHA1 hashes for files sharing the same import hash (imphash)
Type: investigate
Read only: True
TCA-0302 - Imphash Index provides a list of all available SHA1 hashes for files sharing the same import hash (imphash). An imphash is a hash calculated from a string which contains the libraries imported by a Windows Portable Executable (PE) file.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
imphash | required | Imphash | string | hash |
limit | optional | Maximum number of results | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.imphash | string | ||
action_result.parameter.limit | numeric | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0320 - Search for hashes using multi-part search criteria
Type: generic
Read only: False
TCA-0320 - Search for hashes using multi-part search criteria. Supported criteria include more than 60 keywords, 35 antivirus vendors, 137 sample types and subtypes, and 283 tags that enable creating 510 unique search expressions with support for Boolean operators and case-insensitive wildcard matching. A number of search keywords support relational operators '<=' and '>='.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
query | required | Advanced Search query | string | |
limit | optional | Maximum number of results | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.limit | numeric | ||
action_result.parameter.query | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0103 - Retrieve AV Scanner data from TitaniumCloud
Type: investigate
Read only: False
TCA-0103 - Provides AV vendor cross-reference data for a desired sample from multiple AV scanners.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
hash | required | File hash | string | sha1 sha256 md5 |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.hash | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0101 - Queries for file reputation info
Type: investigate
Read only: True
TCA-0101 - Queries for file reputation info.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
hash | required | File hash to query | string | hash sha256 sha1 md5 |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.hash | string | hash sha256 sha1 md5 |
|
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0104 - Retrieve File Analysis by hash data from TitaniumCloud
Type: investigate
Read only: False
TCA-0104 - Provides file analysis data on hashes. Metadata can include relevant portions of static analysis, AV scan information, file sources and any related IP/domain information.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
hash | required | File hash | string | sha1 sha256 md5 vauld id |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.hash | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0301 - Retrieve a list of functionally similar hashes to the provided one
Type: investigate
Read only: False
TCA-0301 - Provides a list of SHA1 hashes of files that are functionally similar to the provided file (SHA1 hash) at the selected precision level.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
hash | required | File hash | string | sha1 |
limit | optional | Maximum number of results | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.hash | string | ||
action_result.parameter.limit | numeric | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0403 - Queries URL Threat Intelligence
Type: investigate
Read only: True
TCA-0403 - Queries URL Threat Intelligence.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
url | required | URL to query | string | url |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.url | string | url |
|
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA - 0403 - Get files downloaded from url
Type: generic
Read only: False
Accepts a URL string and returns a list of downloaded files aggregated through multiple pages of results.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
url | required | URL string | string | url |
extended | optional | Return extended report | boolean | |
classification | optional | Return only files of this classification | string | |
last_analysis | optional | Return only files from the last analysis | boolean | |
analysis_id | optional | Return only files from this analysis | string | |
results_per_page | optional | Number of results to be returned in one page, maximum value is 1000 | numeric | |
max_results | optional | Maximum results to be returned in the list | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.parameter.url | string | ||
action_result.parameter.extended | boolean | ||
action_result.parameter.classification | string | ||
action_result.parameter.last_analysis | boolean | ||
action_result.parameter.analysis_id | string | ||
action_result.parameter.results_per_page | numeric | ||
action_result.parameter.max_results | numeric | ||
action_result.status | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA - 0403 - Get latest url analysis feed
Type: generic
Read only: False
Returns the latest URL analyses reports aggregated as list.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
results_per_page | optional | Number of results to be returned in one page, maximum value is 1000 | numeric | |
max_results | optional | Maximum results to be returned in the list | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.parameter.results_per_page | numeric | ||
action_result.parameter.max_results | numeric | ||
action_result.status | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA - 0403 - Get url analysis feed from date
Type: generic
Read only: False
Accepts time format and a start time and returns URL analyses report from that defined time onward aggregated as a list.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
time_format | required | Possible values: 'utc' or 'timestamp' | string | |
start_time | required | Time from which to retrieve results onwards | string | |
results_per_page | optional | Number of results to be returned in one page, maximum value is 1000 | numeric | |
max_results | optional | Maximum results to be returned in the list | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.parameter.time_format | string | ||
action_result.parameter.start_time | string | ||
action_result.parameter.results_per_page | numeric | ||
action_result.parameter.max_results | numeric | ||
action_result.status | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0404 - Analyze a given URL
Type: investigate
Read only: False
TCA-0404 - This service allows users to submit a URL for analysis.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
url | required | URL to analyze | string | url |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.url | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0402 - Retrieve the number of MALICIOUS, SUSPICIOUS and KNOWN files associated with a specific URI
Type: investigate
Read only: False
TCA-0402 - Provides the number of MALICIOUS, SUSPICIOUS and KNOWN files associated with a specific URI (domain, IP address, email or URL).
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
uri | required | Uri | string | sha1 |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.uri | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0401 - Retrieve a list of all available file hashes associated with a given URI
Type: generic
Read only: False
TCA-0401 - Provides a list of all available file hashes associated with a given URI (domain, IP address, email or URL) regardless of file classification.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
uri | required | Desired URI string | string | url domain |
limit | optional | Maximum number of results | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.limit | numeric | ||
action_result.parameter.uri | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0207 - Submit an existing sample for dynamic analysis
Type: investigate
Read only: False
TCA-0207 - This service allows users to detonate a file in the ReversingLabs TitaniumCloud sandbox. To submit a file for analysis, it must exist in TitaniumCloud.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
sha1 | required | Selected sample's SHA-1 hash | string | sha1 vault id |
platform | required | Selected platform on which the analysis will be performed. See TCA-0207 API documentation for available options | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.platform | string | ||
action_result.parameter.sha1 | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0207 - Submit an url sample for dynamic analysis
Type: investigate
Read only: False
TCA-0207 - This service allows users to analyze a url in the ReversingLabs TitaniumCloud sandbox. To submit an url for analysis, it must exist in TitaniumCloud.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
url | required | Selected sample's url string | string | url domain |
platform | required | Selected platform on which the analysis will be performed. See TCA-0207 API documentation for available options | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.data.*.rl.url | string | url |
|
action_result.data.*.rl.sha1 | string | sha1 |
|
action_result.data.*.rl.status | string | ||
action_result.data.*.rl.url_base64 | string | ||
action_result.data.*.rl.analysis_id | string | ||
action_result.status | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0106 - Retrieve dynamic analysis results
Type: investigate
Read only: False
TCA-0106 - This service allows users to retrieve dynamic analysis results for a file that was submitted for dynamic analysis.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
sha1 | required | Selected sample's SHA-1 hash | string | sha1 |
analysis_id | optional | Return only the results of this analysis | string | |
latest | optional | Return only the latest analysis results | boolean |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.analysis_id | string | ||
action_result.parameter.latest | boolean | ||
action_result.parameter.sha1 | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0106 - Retrieve dynamic analysis results for url
Type: investigate
Read only: True
TCA-0106 - This service allows users to retrieve dynamic analysis results for an url that was submitted for dynamic analysis.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
url | required | Provide one of the following: sha1, base64 or url | string | sha1 url |
analysis_id | optional | Return only the results of this analysis | string | |
latest | optional | Return only the latest analysis results | boolean |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.parameter.analysis_id | string | ||
action_result.data.0.requested_sha1_url | string | ||
action_result.status | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0205 - Reanalyze sample
Type: investigate
Read only: False
TCA-0205 - This query sends a sample with the requested hash for rescanning.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
hash | required | File hash | string | md5 sha1 sha256 |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.hash | string | ||
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0202 - Upload file to TitaniumCloud
Type: generic
Read only: False
TCA-0202 - Upload file to TitaniumCloud.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
vault_id | required | Vault ID of file to upload | string | vault id |
file_name | optional | Filename to use | string | file name |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.file_name | string | file name |
|
action_result.parameter.vault_id | string | pe file pdf flash apk jar doc xls ppt |
|
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
TCA-0201 - Download a sample from TitaniumCloud
Type: investigate
Read only: True
TCA-0201 - Download a sample from TitaniumCloud and add it to the vault.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
hash | required | Hash of file/sample to download | string | md5 sha1 sha256 |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | success failed | |
action_result.parameter.hash | string | md5 sha1 sha256 |
|
action_result.data | string | ||
action_result.summary | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
Network Reputation API
Type: investigate
Read only: False
Service provides information regarding the reputation of a requested URL, domain, or IP address.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
network_locations | required | Network location to check (URL,DNS,IP) | string | domain url ip |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.status | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
List User Overrides
Type: generic
Read only: False
The Network Reputation User Override service enables URL classification overrides. Any URL can be overridden to malicious, suspicious, or known.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
next_page_sha1 | optional | Optional parameter used for pagination | string | sha1 |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.data.*.user_override.network_locations.*.network_location | string | url domain ip |
|
action_result.data.*.user_override.network_locations.*.type | string | url domain ip |
|
action_result.status | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
Returns a list of overrides that the user has made
Type: generic
Read only: False
This API automatically handles paging and returns a list of results instead of a Response object.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
max_results | optional | Maximum number of results to be returned in the list | numeric |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.data.*.*.network_location | string | url domain ip |
|
action_result.data.*.*.type | string | url domain ip |
|
action_result.status | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |
Network Reputation User Override
Type: generic
Read only: False
The Network Reputation User Override service enables URL classification overrides.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
override_list | required | List of network locations whose classification needs to be overriden | string | |
remove_overrides_list | optional | List of network locations whose classification override needs to be removed | string |
DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES |
---|---|---|---|
action_result.parameter.override_list | string | ||
action_result.parameter.remove_overrides_list | string | ||
action_result.status | string | ||
action_result.message | string | ||
summary.total_objects | numeric | ||
summary.total_objects_successful | numeric |