ReversingLabs TitaniumScale v2

Publisher: ReversingLabs
Connector Version: 1.1.0
Product Vendor: ReversingLabs
Product Name: TitaniumScale
Product Version Supported (regex): ".*"
Minimum Product Version: 6.2.1

App integrates with ReversingLabs TitaniumScale APIs

Configuration Variables

The below configuration variables are required for this Connector to operate. These variables are specified when configuring a TitaniumScale asset in SOAR.

VARIABLE	REQUIRED	TYPE	DESCRIPTION
url	required	string	TitaniumScale URL
token	required	password	TitaniumScale token
wait_time	optional	numeric	Wait time (seconds)
retries	optional	numeric	Number of retries

Supported Actions

test connectivity - Validate the asset configuration for connectivity using supplied configuration
detonate file and get report - Detonate file and return report
get report - Query for results of an already completed detonation
get report by id - Query for results of an already completed detonation detonate file - Detonate file
get tasks list - List processing tasks generated by file submission requests delete processing task - Delete a single processing task record from the system delete processing tasks - Delete task records from the system based on the time when they were submitted get yara id - Retrieve an identifier for the current set of YARA rules on the Worker instance

action: 'test connectivity'

Validate the asset configuration for connectivity using supplied configuration

Type: test
Read only: True

Validate the asset configuration for connectivity using supplied configuration.

Action Parameters

No parameters are required for this action

Action Output

No Output

action: 'detonate file and get report'

Detonate file and return report

Type: generic
Read only: False

Detonates file and returns report.

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
vault_id	required	Vault ID of file to detonate	string	`pe file` `pdf` `flash` `apk` `jar` `doc` `xls` `ppt`
full_report	optional	Return full report	boolean

Action Output

DATA PATH	TYPE	CONTAINS	EXAMPLE VALUES
action_result.parameter.vault_id	string	`pe file` `pdf` `flash` `apk` `jar` `doc` `xls` `ppt`
action_result.parameter.full_report	boolean
action_result.status	string		success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

action: 'get report'

Query for results of an already completed detonation

Type: investigate
Read only: True

Queries for results of an already completed detonation.

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
task_url	required	Task URL to get the report of	string
full_report	optional	Get full report	boolean

Action Output

DATA PATH	TYPE	EXAMPLE VALUES
action_result.parameter.task_url	string
action_result.parameter.full_report	boolean
action_result.status	string	success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

action: 'get report by id'

Query for results of an already completed detonation

Type: generic
Read only: True

Queries for results of an already completed detonation.

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
task_id	required	Unique ID assigned to each processing task	numeric	`task id`
full	optional	Specify if the full (true), or summary (false) report should be returned	boolean
v13	optional	Specifies whether the report should be returned in TiScale 1.3 version (true), or not (false)	boolean
view	optional	Applied report transformation, see Customizing Analysis Report	string

Action Output

DATA PATH	TYPE	CONTAINS	EXAMPLE VALUES
action_result.parameter.task_id	numeric	`task id`
action_result.parameter.full	boolean
action_result.parameter.v13	boolean
action_result.parameter.view	string
action_result.status	string		success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

action: 'detonate file'

Detonate file

Type: generic
Read only: False

Detonates file and returns task ID (URL to get the report from).

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
vault_id	required	Vault ID of the file	string	`vault id`
custom_token	optional	Custom string to filter processing tasks, if there are any files that were uploaded with that custom string in the X-TiScale-Token header	string
user_data	optional	Additional JSON encoded payload. Used in parts of the processing pipeline.	string
custom_data	optional	Any user defined JSON encoded payload. This data will be included in the analysis report.	string

Action Output

DATA PATH	TYPE	CONTAINS	EXAMPLE VALUES
action_result.parameter.vault_id	string	`vault id`
action_result.parameter.custom_token	string
action_result.parameter.user_data	string
action_result.parameter.custom_data	string
action_result.status	string		success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

action: 'get tasks list'

List processing tasks generated by file submission requests

Type: generic
Read only: True

When a file is submitted for analysis a processing task is created and queued on the TiScale Worker server. All processing results are retained until deleted by the user, or when the time configured using the conf_cleanup_task_age_limit expires (whichever comes first).

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
age	optional	Number of seconds to filter processing tasks based on their age. When provided the API returns only those tasks that are older than the specified number of seconds.	numeric	`task age`
custom_token	optional	Custom string to filter processing tasks, if there are any files that were uploaded with that custom string in the X-TiScale-Token header	string

Action Output

DATA PATH	TYPE	CONTAINS	EXAMPLE VALUES
action_result.parameter.age	numeric	`task age`
action_result.parameter.custom_token	string
action_result.status	string		success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

action: 'delete processing task'

Deletes a single processing task record from the system

Type: generic
Read only: False

Users can manually delete task records from the system at any time.

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
task_id	required	ID of the task to delete	numeric	`task id`

Action Output

DATA PATH	TYPE	CONTAINS	EXAMPLE VALUES
action_result.parameter.task_id	numeric	`task id`
action_result.status	string		success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

action: 'delete processing tasks'

Delete task records from the system based on the time when they were submitted

Type: generic
Read only: False

All file processing results are automatically removed from the platform 30 minutes after processing is completed. However, users can manually delete task records from the system at any time. Task age is calculated as being the difference between the current system timestamp and the timestamp of the task submission.

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
age	required	Number of seconds to delete processing tasks based on their age	numeric	`task age`

Action Output

DATA PATH	TYPE	CONTAINS	EXAMPLE VALUES
action_result.parameter.age	numeric	`task age`
action_result.status	string		success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

action: 'get yara id'

Retrieve an identifier for the current set of YARA rules on the Worker instance

Type: generic
Read only: True

If there are any changes to the set of YARA rules, the identifier will change. Therefore, this endpoint can be used to monitor changes to YARA rules by comparing the responses retrieved over multiple time intervals.

Action Parameters

No parameters are required for this action

Action Output

DATA PATH	TYPE	EXAMPLE VALUES
action_result.data.*.id	string
action_result.status	string	success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

Configuration Variables

The below configuration variables are required for this Connector to operate. These variables are specified when configuring a TitaniumScale asset in SOAR.

VARIABLE	REQUIRED	TYPE	DESCRIPTION
url	required	string	TitaniumScale URL
token	required	password	TitaniumScale token
wait_time	optional	numeric	Wait time (seconds)
retries	optional	numeric	Number of retries

Supported Actions

test connectivity - Validate the asset configuration for connectivity using supplied configuration
detonate file and get report - Detonate file and return report
get report - Query for results of an already completed detonation
get report by id - Query for results of an already completed detonation
detonate file - Detonate file
get task list - List processing tasks generated by file submission requests
delete processing task - Deletes a single processing task record from the system
delete processing tasks - Delete task records from the system based on the time when they were submitted
get yara id - Retrieve an identifier for the current set of YARA rules on the Worker instance

action: 'test connectivity'

Validate the asset configuration for connectivity using supplied configuration

Type: test
Read only: True

Validate the asset configuration for connectivity using supplied configuration.

Action Parameters

No parameters are required for this action

Action Output

No Output

action: 'detonate file and get report'

Detonate file and return report

Type: generic
Read only: False

Detonates file and returns report.

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
vault_id	required	Vault ID of file to detonate	string	`pe file` `pdf` `flash` `apk` `jar` `doc` `xls` `ppt`
full_report	optional	Return full report	boolean

Action Output

DATA PATH	TYPE	CONTAINS	EXAMPLE VALUES
action_result.parameter.vault_id	string	`pe file` `pdf` `flash` `apk` `jar` `doc` `xls` `ppt`
action_result.parameter.full_report	boolean
action_result.status	string		success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

action: 'get report'

Query for results of an already completed detonation

Type: investigate
Read only: True

Queries for results of an already completed detonation.

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
task_url	required	Task URL to get the report of	string
full_report	optional	Get full report	boolean

Action Output

DATA PATH	TYPE	EXAMPLE VALUES
action_result.parameter.task_url	string
action_result.parameter.full_report	boolean
action_result.status	string	success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

action: 'get report by id'

Query for results of an already completed detonation

Type: investigate
Read only: True

Queries for results of an already completed detonation.

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
task_id	required	Unique ID assigned to each processing task	numeric	`task id`
full	optional	Specify if the full (true), or summary (false) report should be returned	boolean
v13	optional	Specifies whether the report should be returned in TiScale 1.3 version (true), or not (false)	boolean
view	optional	Applied report transformation, see Customizing Analysis Report	string

Action Output

DATA PATH	TYPE	CONTAINS	EXAMPLE VALUES
action_result.parameter.task_id	numeric	`task id`
action_result.parameter.full	boolean
action_result.parameter.v13	boolean
action_result.parameter.view	string
action_result.status	string		success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

action: 'detonate file'

Detonate file

Type: generic
Read only: False

Detonates file and returns task ID (URL to get the report from).

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
vault_id	required	Vault ID of the file	string	`vault id`
custom_token	optional	Custom string to filter processing tasks, if there are any files that were uploaded with that custom string in the X-TiScale-Token header	string
user_data	optional	Additional JSON encoded payload. Used in parts of the processing pipeline.	string
custom_data	optional	Any user defined JSON encoded payload. This data will be included in the analysis report.	string

Action Output

DATA PATH	TYPE	CONTAINS	EXAMPLE VALUES
action_result.parameter.vault_id	string	`vault id`
action_result.parameter.custom_token	string
action_result.parameter.user_data	string
action_result.parameter.custom_data	string
action_result.status	string		success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

action: 'get task list'

List processing tasks generated by file submission requests

Type: generic
Read only: True

When a file is submitted for analysis a processing task is created and queued on the TiScale Worker server. All processing results are retained until deleted by the user, or when the time configured using the conf_cleanup_task_age_limit expires (whichever comes first).

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
age	optional	Number of seconds to filter processing tasks based on their age. When provided the API returns only those tasks that are older than the specified number of seconds.	numeric	`task age`
custom_token	optional	Custom string to filter processing tasks, if there are any files that were uploaded with that custom string in the X-TiScale-Token header	string

Action Output

DATA PATH	TYPE	CONTAINS	EXAMPLE VALUES
action_result.parameter.age	numeric	`task age`
action_result.parameter.custom_token	string
action_result.status	string		success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

action: 'delete processing task'

Deletes a single processing task record from the system

Type: generic
Read only: False

Users can manually delete task records from the system at any time.

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
task_id	required	ID of the task to delete	numeric	`task id`

Action Output

DATA PATH	TYPE	CONTAINS	EXAMPLE VALUES
action_result.parameter.task_id	numeric	`task id`
action_result.status	string		success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

action: 'delete processing tasks'

Delete task records from the system based on the time when they were submitted

Type: generic
Read only: False

All file processing results are automatically removed from the platform 30 minutes after processing is completed. However, users can manually delete task records from the system at any time. Task age is calculated as being the difference between the current system timestamp and the timestamp of the task submission.

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
age	required	Number of seconds to delete processing tasks based on their age	numeric	`task age`

Action Output

DATA PATH	TYPE	CONTAINS	EXAMPLE VALUES
action_result.parameter.age	numeric	`task age`
action_result.status	string		success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

action: 'get yara id'

Retrieve an identifier for the current set of YARA rules on the Worker instance

Type: generic
Read only: True

If there are any changes to the set of YARA rules, the identifier will change. Therefore, this endpoint can be used to monitor changes to YARA rules by comparing the responses retrieved over multiple time intervals.

Action Parameters

No parameters are required for this action

Action Output

DATA PATH	TYPE	EXAMPLE VALUES
action_result.data.*.id	string
action_result.status	string	success failed
action_result.data	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string

Name		Name	Last commit message	Last commit date
Latest commit History 21 Commits
.github/workflows		.github/workflows
release_notes		release_notes
views		views
wheels/py3		wheels/py3
.pre-commit-config.yaml		.pre-commit-config.yaml
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
README.md		README.md
__init__.py		__init__.py
logo_reversinglabs_tiscalev2.svg		logo_reversinglabs_tiscalev2.svg
logo_reversinglabs_tiscalev2_dark.svg		logo_reversinglabs_tiscalev2_dark.svg
manual_readme_content.md		manual_readme_content.md
requirements.txt		requirements.txt
reversinglabs_tiscalev2.json		reversinglabs_tiscalev2.json
reversinglabs_tiscalev2_connector.py		reversinglabs_tiscalev2_connector.py
reversinglabs_tiscalev2_consts.py		reversinglabs_tiscalev2_consts.py
reversinglabs_tiscalev2_views.py		reversinglabs_tiscalev2_views.py
tox.ini		tox.ini

License

splunk-soar-connectors/reversinglabs-tiscalev2

Folders and files

Latest commit

History

Repository files navigation

ReversingLabs TitaniumScale v2

Configuration Variables

Supported Actions

action: 'test connectivity'

Action Parameters

Action Output

action: 'detonate file and get report'

Action Parameters

Action Output

action: 'get report'

Action Parameters

Action Output

action: 'get report by id'

Action Parameters

Action Output

action: 'detonate file'

Action Parameters

Action Output

action: 'get tasks list'

Action Parameters

Action Output

action: 'delete processing task'

Action Parameters

Action Output

action: 'delete processing tasks'

Action Parameters

Action Output

action: 'get yara id'

Action Parameters

Action Output

Configuration Variables

Supported Actions

action: 'test connectivity'

Action Parameters

Action Output

action: 'detonate file and get report'

Action Parameters

Action Output

action: 'get report'

Action Parameters

Action Output

action: 'get report by id'

Action Parameters

Action Output

action: 'detonate file'

Action Parameters

Action Output

action: 'get task list'

Action Parameters

Action Output

action: 'delete processing task'

Action Parameters

Action Output

action: 'delete processing tasks'

Action Parameters

Action Output

action: 'get yara id'

Action Parameters

Action Output

About

Resources

License

Stars

Watchers

Forks

Releases 2

Packages 0

Contributors 4

Languages

Packages