ReversingLabs TitaniumCloud (Preview)

ReversingLabs TitaniumCloud is a threat intelligence solution providing up-to-date file reputation services, threat classification and rich context on over 10 billion goodware and malware files. A powerful set of REST API query and feed functions deliver targeted file and malware intelligence for threat identification, analysis, intelligence development, and threat hunting services.

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
     -   US Department of Defense (DoD)
Contact
Name ReversingLabs support
URL https://support.reversinglabs.com/
Email [email protected]
Connector Metadata
Publisher ReversingLabs
Website https://www.reversinglabs.com/
Privacy policy https://www.reversinglabs.com/privacy-policy
Categories Security

The ReversingLabs TitaniumCloud connector allows users of the ReversingLabs Titanium platform to access the rich threat intelligence data available for enhancing their ability to react to security events. The TitaniumCloud API-s provide for reputation services, threat intelligence feeds, static and dynamic file analysis and much more.

Prerequisites

To use the ReversingLabs TitaniumCloud connector, the user needs to obtain the credentials with adequate roles.

How to get credentials

Credentials can be obtained by purchasing one of ReversingLabs marketplace offers. Users needing more capabilities than what is available in the marketplace can contact ReversingLabs for a custom solution.

Get started with your connector

After enabling the connector, users can set triggers and build file analysis workflows. The TitaniumCloud connector offers over 50 analysis actions that can be used to automate various security-related routines. After setting up a trigger, users can start with uploading a new sample to the ReversingLabs analysis platform, followed by retrieving an extended file reputation report and network threat intelligence indicators. Actions provided by this connector give users options for creating extensive and highly detailed sample and indicator analysis routines.

FAQ

Q1. How long should I wait for the results of a sample I submitted for dynamic analysis?
A1. Processing time will vary depending upon the load on the service, size and complexity of the file. It is best practice to create a loop that sleeps and checks the analysis status.
Q2. Do I have to wait long to see file reputation results of a file freshly uploaded using the file upload action? A2. In case the ReversingLabs TitaniumCloud platform has never encountered the uploaded file before, depending on the size and complexity of a file, allow the platform some time to populate all the reputation, detailed analysis and network indicator reports. Q3. I received a 404 response for a properly formatted request towards one of TitaniumCloud API-a. What happened? A3. Everything is fine. Since a lot of our API requests carry the sample indicator in the URL path, the API-s treat each request as a new URL. The 404 response means that there were no results for the requested sample.

Creating a connection

The connector supports the following authentication types:

Default Parameters for creating connection. All regions Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Name Type Description Required
Username securestring TitaniumCloud username True
Password securestring TitaniumCloud password True

Throttling Limits

Name Calls Renewal Period
API calls per connection 100 60 seconds

Actions

Advanced Search

TCA-0320 Allows users to find samples in ReversingLabs TitaniumCloud by combining various search keywords

Analyze URL

TCA-0404 Requests an analysis of the submitted URL.

Cancel YARA Retro Hunt

TCA-0319 Allows users to cancel started YARA retro hunts.

Create YARA Ruleset

TCA-0303 Allows the authenticated user to create YARA rulesets in ReversingLabs TitaniumCloud

Daily API usage (company)

TCA-9999 Returns information about combined daily service usage for all users in the company.

Daily API usage (current user)

TCA-9999 Returns information about daily service usage for the TitaniumCloud account that sent the request.

Date range API usage (company)

TCA-9999 Returns information about combined date range service usage for all users in the company.

Date range API usage (current user)

TCA-9999 Returns total usage for all product licenses with a fixed quota over a single date range for the current user.

Delete sample (single query)

TCA-0204 Deletes a single sample defined by the hash value.

Delete samples (bulk query)

TCA-0204 Deletes multiple samples at once defined by the list of hash values in the request payload.

Delete YARA Ruleset

TCA-0303 Allows the authenticated user to delete YARA rulesets in ReversingLabs TitaniumCloud

Download sample

TCA-0201 Returns the contents of a sample matching the requested hash.

File Reputation List User Overrides

TCA-0102 The List File User Overrides Query

File Reputation User Override

TCA-0102 Service enables sample classification overrides.

Get active YARA rulesets

TCA-9999 Returns information about the number of active YARA rulesets for the TitaniumCloud account that sent the request.

Get API quota limits (company)

TCA-9999 Returns current quota limits for APIs available to all users belonging to the authenticated user’s company.

Get API quota limits (current user)

TCA-9999 Returns current quota limits for APIs accessible to the authenticated user.

Get continuous reputation data changes

TCA-0206 Returns a recordset with samples that the user is subscribed to from the requested timestamp onwards. The timestamp is defined in the request itself.

Get domain related domains

TCA-0405 Provides a list of domains that have the same top parent domain as the requested domain.

Get domain resolutions

TCA-0405 Provides a list of domain-to-IP mappings for the requested domain.

Get dynamic analysis report (latest)

TCA-0106 This query returns the latest analysis report for the requested sample hash.

Get dynamic analysis report (merged)

TCA-0106 This query returns the merged analysis report for the requested sample hash.

Get dynamic analysis report (specific)

TCA-0106 This query returns a specific analysis report for the requested sample hash defined by the analysis ID.

Get dynamic analysis report for an archive (latest)

TCA-0106 Returns the most recent dynamic analysis report for each file within the archive.

Get dynamic analysis report for an archive (merged)

TCA-0106 Returns the merged dynamic analysis report for each file within the archive.

Get dynamic analysis report for url (base64)

TCA-0106 Returns dynamic analysis reports for requested url

Get dynamic analysis report for url (sha1)

TCA-0106 Returns dynamic analysis reports for requested url

Get file analysis (bulk query)

TCA-0104 Get the analysis results for the requested hashes.

Get file analysis (single query)

TCA-0104 Get the analysis results for the requested hash.

Get file analysis - non-malicious (bulk query)

TCA-0105 Get a response containing all public knowledge about the given non-malicious samples identified by hash.

Get file analysis - non-malicious (single query)

TCA-0105 Get a response containing all public knowledge about the given non-malicious sample identified by hash.

Get file reputation (bulk query)

TCA-0101 Get information about the malware status of requested samples.

Get file reputation (single query)

TCA-0101 Get information about the malware status of the requested sample.

Get historical multi-AV scan records (bulk query)

TCA-0103 Provides cross-reference data (AV scanner scanning information, first and last seen date-time (UTC), sample type and size, first and last scanned date, etc.) for given samples.

Get historical multi-AV scan records (single query)

TCA-0103 Provides cross-reference data (AV scanner scanning information, first and last seen date-time (UTC), sample type and size, first and last scanned date, etc.) for a given sample.

Get IP address resolutions

TCA-0406 Provides a list of IP-to-domain mappings for the specified IP address.

Get reputation data changes

TCA-0206 Returns the next recordset with samples to which the user is subscribed with the starting point defined using the "Set start time for reputation changes" action.

Get sample download status

TCA-0201 Returns the file size of samples matching the requested hash values, but only if they are available for download. If the requested samples are not available for download, their size in the response will be returned as -1.

Get specific dynamic analysis report for url (base64)

TCA-0106 Returns the specific dynamic analysis report for requested url

Get specific dynamic analysis report for url (SHA1)

TCA-0106 Returns the specific dynamic analysis report for requested url

Get the domain report

TCA-0405 Returns threat intelligence data for the submitted domain.

Get the IP address report

TCA-0406 Returns threat intelligence data for the submitted IP.

Get the latest URL analyses (first page)

TCA-0403 Returns the latest completed URL analyses. This action only returns the first page of results.

Get the latest URL analyses (with page parameter)

TCA-0403 Returns the latest completed URL analyses. This action returns the requested page of results.

Get the URL report

TCA-0403 Returns the classification and reputation report for the submitted URL.

Get URL analyses from requested time (first page)

TCA-0403 Returns a list of completed URL analyses, starting from the requested time. This action only returns the first page of results.

Get URL analyses from requested time (with page parameter)

TCA-0403 Returns a list of completed URL analyses, starting from the requested time. This action returns the requested page of results.

Get URL-s from domain

TCA-0405 Provides a list of URLs associated with the requested domain.

Get URL-s from IP address

TCA-0406 Provides a list of URL-s associated with the requested IP.

Get YARA Matches Feed

TCA-0303 Returns a recordset of YARA ruleset matches in the requested time range

Get YARA Retro Hunting Status

TCA-0319 Allows users to check status of their own YARA retro hunts and retroactively match YARA rules against files from ReversingLabs TitaniumCloud

Get YARA Retro Matches Feed

TCA-0319 Returns a recordset of YARA ruleset matches in the requested time range for the authenticated user.

Get YARA Ruleset information

TCA-0303 API Returns information about created user YARA ruleset

Get YARA Ruleset Text

TCA-0303 API Returns text for specified YARA rule

Group By RHA1 Single Query

TCA-0321 This query returns a list containing all SHA1 hashes of functionally similar samples for the requested SHA1 sample hash and RHA1 precision level.

Import Hash Similarity

TCA-0302 Provides a list of all available SHA1 hashes for the requested import hash (imphash)

Import Hash Similarity paginated

TCA-0302 Provides a list of all available SHA1 hashes for the requested import hash (imphash)

List files from a domain

TCA-0405 Retrieve a list of files downloaded from the submitted domain.

List files from a URL

TCA-0403 Retrieve a list of files downloaded from the submitted URL.

List files from an IP address

TCA-0406 Retrieve a list of files downloaded from the submitted IP address.

List User Override

TCA-0408 List user overrides for network locations

Monthly API usage (company)

TCA-9999 Returns information about combined monthly service usage for all users in the company.

Monthly API usage (current user)

TCA-9999 Returns information about monthly service usage for the TitaniumCloud account that sent the request.

Network Reputation API

TCA-0407 Provides information regarding the reputation of requested URL, domain or IP Address.

Network Reputation User Override

TCA-0408 Enables URL classification overrides.

Reanalyze sample (single query)

TCA-0205 Sends a sample defined by a hash for rescanning.

Reanalyze samples (bulk query)

TCA-0205 Sends multiple samples defined by hashes for rescanning.

Set start time for reputation changes

TCA-0206 Sets the starting timestamp for the reputation data changes feed.

Start YARA Retro Hunt

TCA-0319 Allows users to start their own YARA retro hunts and retroactively match YARA rules against files from ReversingLabs TitaniumClou

Submit archive for dynamic analysis

TCA-0207 Submits an archive for dynamic anaylsis.

Submit sample for dynamic analysis

TCA-0207 Submits a sample for dynamic analysis.

Subscribe to reputation changes

TCA-0206 Subscribes to a list of samples for which the changed sections (if there are any) will be delivered in the Data Change Feed.

Unsubscribe from reputation changes

TCA-0206 Unsubscribes from a list of samples that the user was previously subscribed to.

Upload sample

TCA-0202 Upload a given sample identified by hash via open stream of POST data.

Upload sample metadata

TCA-0202 Upload metadata for the sample identified by hash.

URI to hash search by URI SHA-1 (first page)

TCA-0401 Returns hashes related to the provided URI. This request accepts an URI in the form of a SHA-1 string and returns only the first page of results.

URI to hash search by URI SHA-1 (with page parameter)

TCA-0401 Returns hashes related to the provided URI. This request accepts an URI in the form of a SHA-1 string and returns the requested page of results.

URI to hash search by URI string (with page parameter)

TCA-0401 Returns hashes related to the provided URI. This request accepts an URI string and returns the requested page of results.

TCA-0320 Allows users to find samples in ReversingLabs TitaniumCloud by combining various search keywords

Parameters

Name Key Required Type Description
name
name True string

field name

criteria
criteria True string

operators from enum

value
value True string

string or object

format
format string

specifies the format for the response

records_per_page
records_per_page integer

records_per_page

page
page integer

page

sort
sort string

Sort by one of these fields: sha1, firstsee, threatname, sampletype, filecount, size. Append asc for ascending and desc for descending order. E.g. threatname asc.

Content-Type
Content-Type string

Content-Type

Analyze URL

TCA-0404 Requests an analysis of the submitted URL.

Parameters

Name Key Required Type Description
Format
format True string

Request format.

url
url string

url

response_format
response_format string

response_format

Cancel YARA Retro Hunt

TCA-0319 Allows users to cancel started YARA retro hunts.

Parameters

Name Key Required Type Description
Specifies the name of the YARA ruleset for which the user is requesting an action from the service
ruleset_name True string

ruleset_name

Content-Type
Content-Type string

Content-Type

Create YARA Ruleset

TCA-0303 Allows the authenticated user to create YARA rulesets in ReversingLabs TitaniumCloud

Parameters

Name Key Required Type Description
Specifies the name of the YARA ruleset
ruleset_name True string

ruleset_name

Configuration of the YARA rule
text True string

text

sample_available
sample_available True boolean

sample_available

Content-Type
Content-Type string

Content-Type

Daily API usage (company)

TCA-9999 Returns information about combined daily service usage for all users in the company.

Parameters

Name Key Required Type Description
Format
format string

Response format.

Date
date string

Specific date. YYYY-MM-DD format. Mutually exclusive with 'from' and 'to' parameters.

From
from string

Start date. YYYY-MM-DD format. Needs to be used together with the 'to' parameter. Mutually exclusive with the 'date' parameter.

To
to string

End date. YYYY-MM-DD format. Needs to be used together with the 'from' parameter. Mutually exclusive with the 'date' parameter.

Daily API usage (current user)

TCA-9999 Returns information about daily service usage for the TitaniumCloud account that sent the request.

Parameters

Name Key Required Type Description
Format
format string

Response format.

Date
date string

Specific date. YYYY-MM-DD format. Mutually exclusive with 'from' and 'to' parameters.

From
from string

Start date. YYYY-MM-DD format. Needs to be used together with the 'to' parameter. Mutually exclusive with the 'date' parameter.

To
to string

End date. YYYY-MM-DD format. Needs to be used together with the 'from' parameter. Mutually exclusive with the 'date' parameter.

Date range API usage (company)

TCA-9999 Returns information about combined date range service usage for all users in the company.

Parameters

Name Key Required Type Description
Format
format string

Response format.

Date range API usage (current user)

TCA-9999 Returns total usage for all product licenses with a fixed quota over a single date range for the current user.

Parameters

Name Key Required Type Description
Format
format string

Response format.

Delete sample (single query)

TCA-0204 Deletes a single sample defined by the hash value.

Parameters

Name Key Required Type Description
Hash Type
hash_type True string

md5, sha1 or sha256

Hash Value
hash_value True string

Hash string

Delete On
delete_on string

When the sample will be deleted. Expressed in UNIX timestamp format.

Delete samples (bulk query)

TCA-0204 Deletes multiple samples at once defined by the list of hash values in the request payload.

Parameters

Name Key Required Type Description
Post Format
post_format True string

Request format.

hash_type
hash_type string

hash_type

delete_on
delete_on string

When the sample will be deleted. Expressed in UNIX timestamp format.

hashes
hashes array of string

hashes

Delete YARA Ruleset

TCA-0303 Allows the authenticated user to delete YARA rulesets in ReversingLabs TitaniumCloud

Parameters

Name Key Required Type Description
Yara ruleset name
ruleset_name True string

Yara ruleset name

Download sample

TCA-0201 Returns the contents of a sample matching the requested hash.

Parameters

Name Key Required Type Description
Hash Type
hash_type True string

md5, sha1 or sha256

Hash Value
hash_value True string

Hash string

File Reputation List User Overrides

TCA-0102 The List File User Overrides Query

Parameters

Name Key Required Type Description
Specifies which hash type will be used in the request (md5, sha1, sha256)
hash_type True string

hash_type

start_hash
start_hash string

The format must correspond to the one defined with the hash_type parameter.

format
format string

Supported values: json, xml

Returns

File Reputation User Override

TCA-0102 Service enables sample classification overrides.

Parameters

Name Key Required Type Description
Post format
post_format True string

XML or JSON

sha1
sha1 string

Provide values for md5, sha1, sha256

md5
md5 string

Provide values for md5, sha1, sha256

sha256
sha256 string

Provide values for md5, sha1, sha256

status
status string

options: MALICIOUS, SUSPICIOUS, KNOWN. For KNOWN status optional trust_factor. For MALICIOUS/SUSPICIOUS optional threat_name, threat_level

trust_factor
trust_factor integer

Allowed as optional parameter for KNOWN status option

threat_level
threat_level integer

Allowed as optional parameter for MALICIOUS and SUSPICIOUS status option

threat_name
threat_name string

Allowed as optional parameter for MALICIOUS and SUSPICIOUS status option

sha1
sha1 string

sha1

md5
md5 string

md5

sha256
sha256 string

sha256

Get active YARA rulesets

TCA-9999 Returns information about the number of active YARA rulesets for the TitaniumCloud account that sent the request.

Parameters

Name Key Required Type Description
Format
format string

Response format.

Get API quota limits (company)

TCA-9999 Returns current quota limits for APIs available to all users belonging to the authenticated user’s company.

Parameters

Name Key Required Type Description
Format
format string

Response format.

Get API quota limits (current user)

TCA-9999 Returns current quota limits for APIs accessible to the authenticated user.

Parameters

Name Key Required Type Description
Format
format string

Response format.

Get continuous reputation data changes

TCA-0206 Returns a recordset with samples that the user is subscribed to from the requested timestamp onwards. The timestamp is defined in the request itself.

Parameters

Name Key Required Type Description
Time Format
time_format True string

Unix timestamp or YYYY-MM-DDThh:mm:ss

Time Value
time_value True string

Time value string

Format
format string

Response format.

Events
events string

Sections that should be included in the response. Consult the API documentation for possible options.

TCA-0405 Provides a list of domains that have the same top parent domain as the requested domain.

Parameters

Name Key Required Type Description
Format
format True string

Request format.

domain
domain string

domain

response_format
response_format string

json or xml

limit
limit integer

Number of results per page.

page
page string

Next page string.

Get domain resolutions

TCA-0405 Provides a list of domain-to-IP mappings for the requested domain.

Parameters

Name Key Required Type Description
Format
format True string

Request format.

domain
domain string

domain

response_format
response_format string

json or xml

limit
limit integer

Number of results per page.

page
page string

Next page string.

Get dynamic analysis report (latest)

TCA-0106 This query returns the latest analysis report for the requested sample hash.

Parameters

Name Key Required Type Description
Hash Type
hash_type True string

sha1 only

Hash Value
hash_value True string

Hash string

Format
format string

Response format.

Get dynamic analysis report (merged)

TCA-0106 This query returns the merged analysis report for the requested sample hash.

Parameters

Name Key Required Type Description
Hash Type
hash_type True string

sha1 only

Hash Value
hash_value True string

Hash string

Format
format string

Response format.

Get dynamic analysis report (specific)

TCA-0106 This query returns a specific analysis report for the requested sample hash defined by the analysis ID.

Parameters

Name Key Required Type Description
Hash Type
hash_type True string

sha1 only

Hash Value
hash_value True string

Hash string

Analysis Id
analysis_id True string

ID of the dynamic analysis report.

Format
format string

Response format.

Get dynamic analysis report for an archive (latest)

TCA-0106 Returns the most recent dynamic analysis report for each file within the archive.

Parameters

Name Key Required Type Description
Hash Type
hash_type True string

sha1 only

Hash Value
hash_value True string

Hash string

Format
format string

Response format.

Get dynamic analysis report for an archive (merged)

TCA-0106 Returns the merged dynamic analysis report for each file within the archive.

Parameters

Name Key Required Type Description
Hash Type
hash_type True string

sha1 only

Hash Value
hash_value True string

Hash string

Format
format string

Response format.

Get dynamic analysis report for url (base64)

TCA-0106 Returns dynamic analysis reports for requested url

Parameters

Name Key Required Type Description
Base64 Value
base64_value True string

Must be a string corresponding to the base64 encoding of url.

Content-Type
Content-Type string

Content-Type

Get dynamic analysis report for url (sha1)

TCA-0106 Returns dynamic analysis reports for requested url

Parameters

Name Key Required Type Description
Sha1 Value
sha1_value True string

Must be a sha1 string corresponding to the defined hash type.

Content-Type
Content-Type string

Content-Type

Get file analysis (bulk query)

TCA-0104 Get the analysis results for the requested hashes.

Parameters

Name Key Required Type Description
Post Format
post_format True string

Request format.

hash_type
hash_type string

hash_type

hashes
hashes array of string

hashes

Get file analysis (single query)

TCA-0104 Get the analysis results for the requested hash.

Parameters

Name Key Required Type Description
Hash Type
hash_type True string

md5, sha1 or sha256

Hash Value
hash_value True string

Hash string

Format
format string

Response format.

Get file analysis - non-malicious (bulk query)

TCA-0105 Get a response containing all public knowledge about the given non-malicious samples identified by hash.

Parameters

Name Key Required Type Description
Post Format
post_format True string

Request format.

hash_type
hash_type string

hash_type

hashes
hashes array of string

hashes

Get file analysis - non-malicious (single query)

TCA-0105 Get a response containing all public knowledge about the given non-malicious sample identified by hash.

Parameters

Name Key Required Type Description
Hash Type
hash_type True string

md5, sha1 or sha256

Hash Value
hash_value True string

Hash string

Get file reputation (bulk query)

TCA-0101 Get information about the malware status of requested samples.

Parameters

Name Key Required Type Description
Post Format
post_format True string

XML or JSON

Extended
extended boolean

Show extended results.

Show Hashes
show_hashes boolean

Show all hashes for the sample.

hash_type
hash_type string

hash_type

hashes
hashes array of string

hashes

Get file reputation (single query)

TCA-0101 Get information about the malware status of the requested sample.

Parameters

Name Key Required Type Description
Hash Type
hash_type True string

Possible values are 'md5', 'sha1' and 'sha256'.

Hash Value
hash_value True string

Must be a hash string corresponding to the defined hash type.

Extended
extended boolean

Show extended results.

Show Hashes
show_hashes boolean

Show all hashes for the sample.

Format
format string

Set the response format.

Get historical multi-AV scan records (bulk query)

TCA-0103 Provides cross-reference data (AV scanner scanning information, first and last seen date-time (UTC), sample type and size, first and last scanned date, etc.) for given samples.

Parameters

Name Key Required Type Description
Post Format
post_format True string

Request format.

History
history boolean

Return historical data.

Format
format string

Response format.

hash_type
hash_type string

hash_type

hashes
hashes array of string

hashes

Get historical multi-AV scan records (single query)

TCA-0103 Provides cross-reference data (AV scanner scanning information, first and last seen date-time (UTC), sample type and size, first and last scanned date, etc.) for a given sample.

Parameters

Name Key Required Type Description
Hash Type
hash_type True string

md5, sha1 or sha256

Hash Value
hash_value True string

Hash string

History
history boolean

Return historical data.

Format
format string

Response format.

Get IP address resolutions

TCA-0406 Provides a list of IP-to-domain mappings for the specified IP address.

Parameters

Name Key Required Type Description
Format
format True string

Request format.

ip
ip string

ip

response_format
response_format string

json or xml

limit
limit integer

Number of results per page.

page
page string

Next page string.

Get reputation data changes

TCA-0206 Returns the next recordset with samples to which the user is subscribed with the starting point defined using the "Set start time for reputation changes" action.

Parameters

Name Key Required Type Description
Format
format string

Response format.

events
events string

List one or more sections separated with comma: xref, sample_available, malware_presence, sample_became_shareable

Limit
limit integer

Number of records to return in the response.

Get sample download status

TCA-0201 Returns the file size of samples matching the requested hash values, but only if they are available for download. If the requested samples are not available for download, their size in the response will be returned as -1.

Parameters

Name Key Required Type Description
Post Format
post_format True string

Request format.

Format
format string

Response format.

Content-Type
Content-Type string

Needs to be application/octet-stream

hash_type
hash_type string

hash_type

hashes
hashes array of string

hashes

Get specific dynamic analysis report for url (base64)

TCA-0106 Returns the specific dynamic analysis report for requested url

Parameters

Name Key Required Type Description
Base64 Value
base64_value True string

Must be a base64 string corresponding of the submitted url.

analysis_id
specific_report True string

analysis_id for which report is retrieved

Format
format string

Response format.

Content-Type
Content-Type string

Content-Type

Get specific dynamic analysis report for url (SHA1)

TCA-0106 Returns the specific dynamic analysis report for requested url

Parameters

Name Key Required Type Description
SHA1 Value
sha1_value True string

Must be a hash string corresponding to the defined hash type.

analysis_id
specific_report True string

analysis_id for which report is retrieved

Format
format string

Response format.

Content-Type
Content-Type string

Content-Type

Get the domain report

TCA-0405 Returns threat intelligence data for the submitted domain.

Parameters

Name Key Required Type Description
Format
format True string

Request format.

domain
domain string

domain

response_format
response_format string

response_format

Get the IP address report

TCA-0406 Returns threat intelligence data for the submitted IP.

Parameters

Name Key Required Type Description
Format
format True string

Request format.

ip
ip string

ip

response_format
response_format string

json or xml

Get the latest URL analyses (first page)

TCA-0403 Returns the latest completed URL analyses. This action only returns the first page of results.

Parameters

Name Key Required Type Description
Format
format string

Response format.

Limit
limit integer

Maximum number of results returned per page.

Get the latest URL analyses (with page parameter)

TCA-0403 Returns the latest completed URL analyses. This action returns the requested page of results.

Parameters

Name Key Required Type Description
Page
page True string

Page marker for returning results.

Format
format string

Response format.

Limit
limit integer

Maximum number of results returned per page.

Get the URL report

TCA-0403 Returns the classification and reputation report for the submitted URL.

Parameters

Name Key Required Type Description
Format
format True string

Request format.

url
url string

url

response_format
response_format string

response_format

Get URL analyses from requested time (first page)

TCA-0403 Returns a list of completed URL analyses, starting from the requested time. This action only returns the first page of results.

Parameters

Name Key Required Type Description
Time Format
time_format True string

timestamp or utc

Start Time
start_time True string

Unix timestamp or YYYY-MM-DDThh:mm:ss

Format
format string

Response format.

Limit
limit integer

Maximum number of results returned per page.

Get URL analyses from requested time (with page parameter)

TCA-0403 Returns a list of completed URL analyses, starting from the requested time. This action returns the requested page of results.

Parameters

Name Key Required Type Description
Time Format
time_format True string

timestamp or utc

Start Time
start_time True string

Unix timestamp or YYYY-MM-DDThh:mm:ss

Page
page True string

Page marker for returning results.

Format
format string

Response format.

Limit
limit integer

Maximum number of results returned per page.

Get URL-s from domain

TCA-0405 Provides a list of URLs associated with the requested domain.

Parameters

Name Key Required Type Description
Format
format True string

Request format.

domain
domain string

domain

response_format
response_format string

json or xml

limit
limit integer

Number of results per page.

page
page string

Next page string.

Get URL-s from IP address

TCA-0406 Provides a list of URL-s associated with the requested IP.

Parameters

Name Key Required Type Description
Format
format True string

Request format.

ip
ip string

ip

response_format
response_format string

json or xml

limit
limit integer

Number of results per page.

page
page string

Next page string.

Get YARA Matches Feed

TCA-0303 Returns a recordset of YARA ruleset matches in the requested time range

Parameters

Name Key Required Type Description
Time Format
time_format True string

Unix timestamp or YYYY-MM-DDThh:mm:ss

Time Value
time_value True string

Time value string

Format
format string

Response format.

Get YARA Retro Hunting Status

TCA-0319 Allows users to check status of their own YARA retro hunts and retroactively match YARA rules against files from ReversingLabs TitaniumCloud

Parameters

Name Key Required Type Description
Yara ruleset name
ruleset_name True string

Yara ruleset name

Get YARA Retro Matches Feed

TCA-0319 Returns a recordset of YARA ruleset matches in the requested time range for the authenticated user.

Parameters

Name Key Required Type Description
Time Format
time_format True string

Unix timestamp or YYYY-MM-DDThh:mm:ss

Time Value
time_value True string

Time value string

Format
format string

Response format.

Get YARA Ruleset information

TCA-0303 API Returns information about created user YARA ruleset

Parameters

Name Key Required Type Description
Yara ruleset name
ruleset_name True string

Yara ruleset name

Get YARA Ruleset Text

TCA-0303 API Returns text for specified YARA rule

Parameters

Name Key Required Type Description
Yara ruleset name
ruleset_name True string

Yara ruleset name

Group By RHA1 Single Query

TCA-0321 This query returns a list containing all SHA1 hashes of functionally similar samples for the requested SHA1 sample hash and RHA1 precision level.

Parameters

Name Key Required Type Description
rha1_type
rha1_type True string

This parameter accepts one of the following values: pe01, elf01, machO01, pe02

hash_value
hash_value True string

The value must be a valid SHA1 hash of the sample for which the user is requesting a list of functionally similar samples

next_page_sha1
next_page_sha1 True string

To get the next page of results from the API, use the next_page_sha1 value from the response in place of this parameter in a new request. When the parameter is not included in the request, only the first page of results is returned.

Content-Type
Content-Type string

Content-Type

Format
format string

Set the response format.

Limit
limit integer

Number of records to return in the response.

Extended
extended boolean

Show extended results.

Classification
classification string

Return only hashes with this classification.

Import Hash Similarity

TCA-0302 Provides a list of all available SHA1 hashes for the requested import hash (imphash)

Parameters

Name Key Required Type Description
Hash Value
hash_value True string

The value must be a valid ImpHash hash for which the user is requesting a list of SHA1 hashes

Content-Type
Content-Type string

Content-Type

Format
format string

Set the response format.

Import Hash Similarity paginated

TCA-0302 Provides a list of all available SHA1 hashes for the requested import hash (imphash)

Parameters

Name Key Required Type Description
Hash Value
hash_value True string

The value must be a valid ImpHash hash for which the user is requesting a list of SHA1 hashes

Next page sha1
next_page_sha1 True string

The value must be a valid hash for which the user is requesting a list of SHA1 hashes

Content-Type
Content-Type string

Content-Type

Format
format string

Set the response format.

List files from a domain

TCA-0405 Retrieve a list of files downloaded from the submitted domain.

Parameters

Name Key Required Type Description
Format
format True string

Request format.

domain
domain string

domain

response_format
response_format string

response_format

limit
limit integer

limit

extended
extended boolean

extended

classification
classification string

classification

page
page string

page

List files from a URL

TCA-0403 Retrieve a list of files downloaded from the submitted URL.

Parameters

Name Key Required Type Description
Format
format True string

Request format.

url
url string

url

analysis_id
analysis_id string

Mutally exlusive with 'last_analysis'

last_analysis
last_analysis boolean

Return last analysis. Mutally exlusive with 'analysis_id'

response_format
response_format string

xml or json

limit
limit integer

Number of results per page.

extended
extended boolean

Return extended results.

classification
classification string

Return only samples with this classification.

page
page string

Next page string.

List files from an IP address

TCA-0406 Retrieve a list of files downloaded from the submitted IP address.

Parameters

Name Key Required Type Description
Format
format True string

Request format.

ip
ip string

ip

response_format
response_format string

json or xml

limit
limit integer

Number of results per page.

extended
extended boolean

Return extended results.

classification
classification string

Return results with this classification.

page
page string

Next page string.

List User Override

TCA-0408 List user overrides for network locations

Parameters

Name Key Required Type Description
Format
format string

Optional parameter that allows choosing the response format. Supported values: xml, json

Next Network Location
next_network_location string

Optional parameter used for pagination. To get the next page of results from the API, use the next_network_location value from the response in place of this parameter in a new request. When the parameter is not included in the request, only the first page of results is returned.

Monthly API usage (company)

TCA-9999 Returns information about combined monthly service usage for all users in the company.

Parameters

Name Key Required Type Description
Format
format string

Response format.

Month
month string

Specific month. YYYY-MM format. Mutually exclusive with 'from' and 'to' parameters.

From
from string

Start month. YYYY-MM format. Needs to be used together with the 'to' parameter. Mutually exclusive with the 'month' parameter.

To
to string

End month. YYYY-MM format. Needs to be used together with the 'from' parameter. Mutually exclusive with the 'month' parameter.

Monthly API usage (current user)

TCA-9999 Returns information about monthly service usage for the TitaniumCloud account that sent the request.

Parameters

Name Key Required Type Description
Format
format string

Response format.

Month
month string

Specific month. YYYY-MM format. Mutually exclusive with 'from' and 'to' parameters.

From
from string

Start month. YYYY-MM format. Needs to be used together with the 'to' parameter. Mutually exclusive with the 'month' parameter.

To
to string

End month. YYYY-MM format. Needs to be used together with the 'from' parameter. Mutually exclusive with the 'month' parameter.

Network Reputation API

TCA-0407 Provides information regarding the reputation of requested URL, domain or IP Address.

Parameters

Name Key Required Type Description
Post format
post_format True string

XML or JSON

Network Location
network_location True string

List of network locations (url, ip, domain)

type
type string

url or ip or domain

response_format
response_format string

json or xml

Network Reputation User Override

TCA-0408 Enables URL classification overrides.

Parameters

Name Key Required Type Description
Post format
post_format True string

XML or JSON

Network Location
network_location True string

The overridden URL (domain, ip, url).

type
type True string

Type of URI. Only url is supported.

classification
classification True string

Assigned classification. Must conform to the ReversingLabs naming standard

categories
categories array of string

categories

response_format
response_format string

json or xml

Reanalyze sample (single query)

TCA-0205 Sends a sample defined by a hash for rescanning.

Parameters

Name Key Required Type Description
Hash Type
hash_type True string

md5, sha1 or sha256

Hash Value
hash_value True string

Hash string

Reanalyze samples (bulk query)

TCA-0205 Sends multiple samples defined by hashes for rescanning.

Parameters

Name Key Required Type Description
Post Format
post_format True string

Request format.

Format
format string

Response format.

hash_type
hash_type string

hash_type

hashes
hashes array of string

hashes

Set start time for reputation changes

TCA-0206 Sets the starting timestamp for the reputation data changes feed.

Parameters

Name Key Required Type Description
Time Format
time_format True string

Unix timestamp or YYYY-MM-DDThh:mm:ss

Time Value
time_value True string

Time value string

Start YARA Retro Hunt

TCA-0319 Allows users to start their own YARA retro hunts and retroactively match YARA rules against files from ReversingLabs TitaniumClou

Parameters

Name Key Required Type Description
Specifies the name of the YARA ruleset for which the user is requesting an action from the service
ruleset_name True string

ruleset_name

Content-Type
Content-Type string

Content-Type

Submit archive for dynamic analysis

TCA-0207 Submits an archive for dynamic anaylsis.

Parameters

Name Key Required Type Description
Post Format
post_format True string

Request format.

sha1
sha1 string

sha1

platform
platform string

Platform which will be used for dynamic analysis. Consult the API documentation for possible options.

response_format
response_format string

response_format

optional_parameters
optional_parameters string

Consult the API documentation for possible options.

Submit sample for dynamic analysis

TCA-0207 Submits a sample for dynamic analysis.

Parameters

Name Key Required Type Description
Post Format
post_format True string

Request format.

sha1
sha1 string

Select either SHA1 or url parameter for sample analysis

url
url string

Select either SHA1 or url parameter for sample analysis

platform
platform string

Platform which will be used for dynamic analysis. Consult the API documentation for possible options.

response_format
response_format string

json or xml

optional_parameters
optional_parameters string

Consult the API documentation for possible options.

Subscribe to reputation changes

TCA-0206 Subscribes to a list of samples for which the changed sections (if there are any) will be delivered in the Data Change Feed.

Parameters

Name Key Required Type Description
Post Format
post_format True string

Request format.

hash_type
hash_type string

hash_type

hashes
hashes array of string

hashes

Unsubscribe from reputation changes

TCA-0206 Unsubscribes from a list of samples that the user was previously subscribed to.

Parameters

Name Key Required Type Description
Post Format
post_format True string

Request format.

hash_type
hash_type string

hash_type

hashes
hashes array of string

hashes

Upload sample

TCA-0202 Upload a given sample identified by hash via open stream of POST data.

Parameters

Name Key Required Type Description
Sha1 Value
sha1_value True string

SHA1 of the sample.

Content-Type
Content-Type True string

Needs to be application/octet-stream

Upload sample metadata

TCA-0202 Upload metadata for the sample identified by hash.

Parameters

Name Key Required Type Description
Sha1 Value
sha1_value True string

SHA1 of the sample.

Subscribe
subscribe string

Subscribe to this sample's reputation data changes. Possible values are only 'data_change'

Content-Type
Content-Type True string

Needs to be application/octet-stream

Body
body True string

XML request body. Consult the API documentation for examples.

URI to hash search by URI SHA-1 (first page)

TCA-0401 Returns hashes related to the provided URI. This request accepts an URI in the form of a SHA-1 string and returns only the first page of results.

Parameters

Name Key Required Type Description
Uri Sha1
uri_sha1 True string

SHA1 string representation of the URI

Format
format string

Response format.

Classification
classification string

Return only hashes with this classification.

URI to hash search by URI SHA-1 (with page parameter)

TCA-0401 Returns hashes related to the provided URI. This request accepts an URI in the form of a SHA-1 string and returns the requested page of results.

Parameters

Name Key Required Type Description
Uri Sha1
uri_sha1 True string

SHA1 string representation of the URI

Next Page Sha1
next_page_sha1 True string

SHA1 of the next page of results.

Format
format string

Response format.

Classification
classification string

Return only hashes with this classification.

URI to hash search by URI string (with page parameter)

TCA-0401 Returns hashes related to the provided URI. This request accepts an URI string and returns the requested page of results.

Parameters

Name Key Required Type Description
Format
format string

Request format.

Content Type Header
Content-Type True string

API Call expect explicit content type

uri
uri string

uri

next_page_sha1
next_page_sha1 string

next_page_sha1