ReversingLabs A1000 (Preview)
ReversingLabs A1000 Malware Analysis Appliance integrates the ReversingLabs TitaniumCore automated static analysis technology and the TitaniumCloud File Reputation Service database. The REST Services APIs enable analysts to input samples, access unpacked files and view extracted Proactive Threat Indicators. The platform performs an in-depth static analysis of a comprehensive array of file types including Windows, Linux, Mac OS, iOS, Android, email attachments, documents and firmware.
This connector is available in the following products and regions:
Service | Class | Regions |
---|---|---|
Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
Power Automate | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Power Apps | Premium | All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Contact | |
---|---|
Name | ReversingLabs support |
URL | https://support.reversinglabs.com/ |
[email protected] |
Connector Metadata | |
---|---|
Publisher | ReversingLabs |
Website | https://www.reversinglabs.com/ |
Privacy policy | https://www.reversinglabs.com/privacy-policy |
Categories | Security |
This connector allows users of the ReversingLabs A1000 to access the API functions of the appliance. Actions such as submitting a file for analysis, retrieving results, and checking the reputation of a file are supported. Refer to the A1000 user guide in the appliance's web interface for further information about the API.
Prerequisites
In order to use this connector one must have an A1000 that is reachable from the cloud, the URL of the A1000 appliance, and an A1000 API key.
How to get credentials
Authentication to the A1000 API is performed with an API key. This key can be configured by users with administrative access to the appliance's web interface. To create an API key refer to the help file in the A1000's web GUI interface.
Get started with your connector
To get started with the A1000 connector, begin by configuring a new connection. The connector configuration will ask for a connection name and an API key value. Ensure you enter the API key value in the format Token <apikey>
, where <apikey>
is the actual API token.
After configuring the API connection, select from the available actions and provide the required inputs.
Common errors and remedies
- 403 error: "Authentication credentials were not provided."
- Ensure that you have configured the API connection using the format mentioned above.
FAQ
Q1. How long should I wait for the results of a file I submitted for analysis?
- A1. Processing time will vary depending upon the load on the appliance, size, and complexity of the file. It is best practice to create a loop that sleeps and checks the status.
Q2. Where can I find documentation on the A1000 API or any other A1000 topic?
- A2. Complete product documentation is available in the A1000 interface. After logging into the web interface click the Help menu in the upper right corner. interface. After logging into the web interface click the Help menu in the upper right corner.
Creating a connection
The connector supports the following authentication types:
Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Name | Type | Description | Required |
---|---|---|---|
Token | securestring | Your A1000 token | True |
A1000 host URL | string | A1000 host URL (Example: https://a1000.reversinglabs.com). If not specified, host URL will be defaulted to https://a1000.reversinglabs.com. |
Throttling Limits
Name | Calls | Renewal Period |
---|---|---|
API calls per connection | 100 | 60 seconds |
Actions
Check PDF report creation status |
Check the creation status of a requested PDF report. |
Create PDF report |
Create a PDF sample analysis report. |
Download PDF Report |
Download the generated PDF analysis Report. |
Perform advanced search |
Search for samples available on the local A1000 instance and TitaniumCloud using the Advanced Search capabilities. |
Retrieve a list of files from the IP address |
Provides a list of hashes and classifications for files found on the submitted IP address. |
Retrieve classification for a sample |
Retrieve classification status for a sample. |
Retrieve information for a domain |
Returns network threat intelligence about the provided domain. |
Retrieve information for a URL |
Returns network threat intelligence about the provided URL. |
Retrieve information for an IP address |
Returns network threat intelligence about the provided IP address. |
Retrieve IP address resolutions |
Provides a list of IP-to-domain mappings. |
Retrieve processing status for files |
Check status of submitted files. |
Retrieve processing status for URL-s |
Check status of submitted URL-s. |
Retrieve summary analysis report |
Retrieve a summary analysis report for local samples. |
Retrieve the detailed analysis report |
Retrieve a detailed analysis report for local samples. |
Retrieve the dynamic analysis report |
Create and download a PDF or HTLM report for samples that have gone through dynamic analysis in the ReversingLabs Cloud Sandbox. |
Retrieve the static analysis report |
Retrieve TitaniumCore analysis results for a local sample. |
Retrieve URL-s hosted on the IP address |
Returns a list of URLs hosted on the submitted IP address. |
Submit a sample for analysis |
Submit a sample for analysis from a local directory or from a URL. |
Check PDF report creation status
Check the creation status of a requested PDF report.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash
|
hash | True | string |
Hash string |
Create PDF report
Create a PDF sample analysis report.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash
|
hash | True | string |
Hash string |
Download PDF Report
Download the generated PDF analysis Report.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash
|
hash | True | string |
Hash string |
Perform advanced search
Search for samples available on the local A1000 instance and TitaniumCloud using the Advanced Search capabilities.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
query
|
query | string |
query |
|
page
|
page | integer |
Page number. |
|
records_per_page
|
records_per_page | integer |
records_per_page |
|
sort
|
sort | string |
Sorting criteria. |
Retrieve a list of files from the IP address
Provides a list of hashes and classifications for files found on the submitted IP address.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Ip
|
ip | True | string |
IP address string |
Page
|
page | string |
SHA1 hash of the next page of results, |
|
Page Size
|
page_size | integer |
Results per page |
|
Extended
|
extended | boolean |
Include additional information on downloaded files. |
|
Classification
|
classification | string |
Return only samples with this classification |
Retrieve classification for a sample
Retrieve classification status for a sample.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Value
|
hash_value | True | string |
Hash string |
Localonly
|
localonly | integer |
If set to 1, the request will only look for local samples on the appliance. |
|
AV Scanners
|
av_scanners | integer |
Include AV scanners summary information in the response. |
Retrieve information for a domain
Returns network threat intelligence about the provided domain.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Domain
|
domain | True | string |
Domain string |
Retrieve information for a URL
Returns network threat intelligence about the provided URL.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Url
|
url | True | string |
URL string |
Retrieve information for an IP address
Returns network threat intelligence about the provided IP address.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Ip
|
ip | True | string |
IP address string |
Retrieve IP address resolutions
Provides a list of IP-to-domain mappings.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Ip
|
ip | True | string |
IP address string |
Page
|
page | string |
SHA1 hash of the next page of results. |
|
Page Size
|
page_size | integer |
Results per page |
Retrieve processing status for files
Check status of submitted files.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Status
|
status | string |
Filter hashes by their status. Consult the documentation for available values. |
|
hash_values
|
hash_values | True | array of string |
hash_values |
Retrieve processing status for URL-s
Check status of submitted URL-s.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Id
|
ID | True | integer |
Identification number of the URL submission task. |
Retrieve summary analysis report
Retrieve a summary analysis report for local samples.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
hash_values
|
hash_values | True | array of string |
hash_values |
fields
|
fields | array of string |
Consult the A1000 API documentation for the supported values in the 'fields' parameter. If the 'include_networkthreatintelligence' parameter is set to 'true', 'networkthreatintelligence' and 'domainthreatintelligence' have to be included in the 'fields' parameter. |
|
include_networkthreatintelligence
|
include_networkthreatintelligence | string |
Lowercase stringified boolean. Consult the A1000 API documentation for the supported values in the 'fields' parameter. If the 'include_networkthreatintelligence' parameter is set to 'true', 'networkthreatintelligence' and 'domainthreatintelligence' have to be included in the 'fields' parameter. |
|
skip_reanalysis
|
skip_reanalysis | string |
Lowercase stringified boolean. |
Retrieve the detailed analysis report
Retrieve a detailed analysis report for local samples.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
hash_values
|
hash_values | True | array of string |
hash_values |
fields
|
fields | array of string |
Fields that will be returned in the report. Consult the A1000 API documentation for the supported values in the 'fields' parameter. |
|
skip_reanalysis
|
skip_reanalysis | string |
Lowercase stringified boolean |
Retrieve the dynamic analysis report
Create and download a PDF or HTLM report for samples that have gone through dynamic analysis in the ReversingLabs Cloud Sandbox.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Value
|
hash_value | True | string |
The hash value must be a SHA-1 string. |
Format
|
format | True | string |
Analysis report format |
Endpoint
|
endpoint | True | string |
Select a task type. |
Retrieve the static analysis report
Retrieve TitaniumCore analysis results for a local sample.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Value
|
hash_value | True | string |
Hash string |
Fields
|
fields | array |
Fields that will be returned in the report. Consult the A1000 API documentation for the supported values in the 'fields' parameter. |
Retrieve URL-s hosted on the IP address
Returns a list of URLs hosted on the submitted IP address.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Ip
|
ip | True | string |
IP address string |
Page
|
page | string |
SHA1 hash of the next page of results. |
|
Page Size
|
page_size | integer |
Results per page |
Submit a sample for analysis
Submit a sample for analysis from a local directory or from a URL.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
File
|
file | file |
Submit a sample from a file. Required but mutually exclusive with the 'url' parameter. |
|
Url
|
url | string |
Submit a sample from a URL. Required but mutually exclusive with the 'file' parameter. |
|
Filename
|
filename | string |
Custom file name. Works only with the 'file' parameter. |
|
Analysis
|
analysis | string |
Select analysis type. |
|
Tags
|
tags | string |
Set custom tags. Works only with the 'file' parameter. |
|
Comment
|
comment | string |
Set a custom comment. Works only with the 'file' parameter. |
|
Crawler
|
crawler | string |
Select a crawler type. Works only with the 'url' parameter. |
|
Archive Password
|
archive_password | string |
Password for an archive. |
|
RL Cloud Sandbox Platform
|
rl_cloud_sandbox_platform | string |
Cloud sandbox platform. |