ReversingLabs TitaniumCloud (Preview)
ReversingLabs TitaniumCloud is a threat intelligence solution providing up-to-date file reputation services, threat classification and rich context on over 10 billion goodware and malware files. A powerful set of REST API query and feed functions deliver targeted file and malware intelligence for threat identification, analysis, intelligence development, and threat hunting services.
This connector is available in the following products and regions:
Service | Class | Regions |
---|---|---|
Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
Contact | |
---|---|
Name | ReversingLabs support |
URL | https://support.reversinglabs.com/ |
[email protected] |
Connector Metadata | |
---|---|
Publisher | ReversingLabs |
Website | https://www.reversinglabs.com/ |
Privacy policy | https://www.reversinglabs.com/privacy-policy |
Categories | Security |
The ReversingLabs TitaniumCloud connector allows users of the ReversingLabs Titanium platform to access the rich threat intelligence data available for enhancing their ability to react to security events. The TitaniumCloud API-s provide for reputation services, threat intelligence feeds, static and dynamic file analysis and much more.
Prerequisites
To use the ReversingLabs TitaniumCloud connector, the user needs to obtain the credentials with adequate roles.
How to get credentials
Credentials can be obtained by purchasing one of ReversingLabs marketplace offers. Users needing more capabilities than what is available in the marketplace can contact ReversingLabs for a custom solution.
Get started with your connector
After enabling the connector, users can set triggers and build file analysis workflows. The TitaniumCloud connector offers over 50 analysis actions that can be used to automate various security-related routines. After setting up a trigger, users can start with uploading a new sample to the ReversingLabs analysis platform, followed by retrieving an extended file reputation report and network threat intelligence indicators. Actions provided by this connector give users options for creating extensive and highly detailed sample and indicator analysis routines.
FAQ
Q1. How long should I wait for the results of a sample I submitted for dynamic analysis?
A1. Processing time will vary depending upon the load on the service, size and complexity of the file. It is best practice to create a loop that sleeps and checks the analysis status.
Q2. Do I have to wait long to see file reputation results of a file freshly uploaded using the file upload action?
A2. In case the ReversingLabs TitaniumCloud platform has never encountered the uploaded file before, depending on the size and complexity of a file, allow the platform some time to populate all the reputation, detailed analysis and network indicator reports.
Q3. I received a 404 response for a properly formatted request towards one of TitaniumCloud API-a. What happened?
A3. Everything is fine. Since a lot of our API requests carry the sample indicator in the URL path, the API-s treat each request as a new URL. The 404 response means that there were no results for the requested sample.
Creating a connection
The connector supports the following authentication types:
Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Name | Type | Description | Required |
---|---|---|---|
Username | securestring | TitaniumCloud username | True |
Password | securestring | TitaniumCloud password | True |
Throttling Limits
Name | Calls | Renewal Period |
---|---|---|
API calls per connection | 100 | 60 seconds |
Actions
Advanced Search |
TCA-0320 Allows users to find samples in ReversingLabs TitaniumCloud by combining various search keywords |
Analyze URL |
TCA-0404 Requests an analysis of the submitted URL. |
Cancel YARA Retro Hunt |
TCA-0319 Allows users to cancel started YARA retro hunts. |
Create YARA Ruleset |
TCA-0303 Allows the authenticated user to create YARA rulesets in ReversingLabs TitaniumCloud |
Daily API usage (company) |
TCA-9999 Returns information about combined daily service usage for all users in the company. |
Daily API usage (current user) |
TCA-9999 Returns information about daily service usage for the TitaniumCloud account that sent the request. |
Date range API usage (company) |
TCA-9999 Returns information about combined date range service usage for all users in the company. |
Date range API usage (current user) |
TCA-9999 Returns total usage for all product licenses with a fixed quota over a single date range for the current user. |
Delete sample (single query) |
TCA-0204 Deletes a single sample defined by the hash value. |
Delete samples (bulk query) |
TCA-0204 Deletes multiple samples at once defined by the list of hash values in the request payload. |
Delete YARA Ruleset |
TCA-0303 Allows the authenticated user to delete YARA rulesets in ReversingLabs TitaniumCloud |
Download sample |
TCA-0201 Returns the contents of a sample matching the requested hash. |
File Reputation List User Overrides |
TCA-0102 The List File User Overrides Query |
File Reputation User Override |
TCA-0102 Service enables sample classification overrides. |
Get active YARA rulesets |
TCA-9999 Returns information about the number of active YARA rulesets for the TitaniumCloud account that sent the request. |
Get API quota limits (company) |
TCA-9999 Returns current quota limits for APIs available to all users belonging to the authenticated user’s company. |
Get API quota limits (current user) |
TCA-9999 Returns current quota limits for APIs accessible to the authenticated user. |
Get continuous reputation data changes |
TCA-0206 Returns a recordset with samples that the user is subscribed to from the requested timestamp onwards. The timestamp is defined in the request itself. |
Get domain related domains |
TCA-0405 Provides a list of domains that have the same top parent domain as the requested domain. |
Get domain resolutions |
TCA-0405 Provides a list of domain-to-IP mappings for the requested domain. |
Get dynamic analysis report (latest) |
TCA-0106 This query returns the latest analysis report for the requested sample hash. |
Get dynamic analysis report (merged) |
TCA-0106 This query returns the merged analysis report for the requested sample hash. |
Get dynamic analysis report (specific) |
TCA-0106 This query returns a specific analysis report for the requested sample hash defined by the analysis ID. |
Get dynamic analysis report for an archive (latest) |
TCA-0106 Returns the most recent dynamic analysis report for each file within the archive. |
Get dynamic analysis report for an archive (merged) |
TCA-0106 Returns the merged dynamic analysis report for each file within the archive. |
Get dynamic analysis report for url (base64) |
TCA-0106 Returns dynamic analysis reports for requested url |
Get dynamic analysis report for url (sha1) |
TCA-0106 Returns dynamic analysis reports for requested url |
Get file analysis (bulk query) |
TCA-0104 Get the analysis results for the requested hashes. |
Get file analysis (single query) |
TCA-0104 Get the analysis results for the requested hash. |
Get file analysis - non-malicious (bulk query) |
TCA-0105 Get a response containing all public knowledge about the given non-malicious samples identified by hash. |
Get file analysis - non-malicious (single query) |
TCA-0105 Get a response containing all public knowledge about the given non-malicious sample identified by hash. |
Get file reputation (bulk query) |
TCA-0101 Get information about the malware status of requested samples. |
Get file reputation (single query) |
TCA-0101 Get information about the malware status of the requested sample. |
Get historical multi-AV scan records (bulk query) |
TCA-0103 Provides cross-reference data (AV scanner scanning information, first and last seen date-time (UTC), sample type and size, first and last scanned date, etc.) for given samples. |
Get historical multi-AV scan records (single query) |
TCA-0103 Provides cross-reference data (AV scanner scanning information, first and last seen date-time (UTC), sample type and size, first and last scanned date, etc.) for a given sample. |
Get IP address resolutions |
TCA-0406 Provides a list of IP-to-domain mappings for the specified IP address. |
Get reputation data changes |
TCA-0206 Returns the next recordset with samples to which the user is subscribed with the starting point defined using the "Set start time for reputation changes" action. |
Get sample download status |
TCA-0201 Returns the file size of samples matching the requested hash values, but only if they are available for download. If the requested samples are not available for download, their size in the response will be returned as -1. |
Get specific dynamic analysis report for url (base64) |
TCA-0106 Returns the specific dynamic analysis report for requested url |
Get specific dynamic analysis report for url (SHA1) |
TCA-0106 Returns the specific dynamic analysis report for requested url |
Get the domain report |
TCA-0405 Returns threat intelligence data for the submitted domain. |
Get the IP address report |
TCA-0406 Returns threat intelligence data for the submitted IP. |
Get the latest URL analyses (first page) |
TCA-0403 Returns the latest completed URL analyses. This action only returns the first page of results. |
Get the latest URL analyses (with page parameter) |
TCA-0403 Returns the latest completed URL analyses. This action returns the requested page of results. |
Get the URL report |
TCA-0403 Returns the classification and reputation report for the submitted URL. |
Get URL analyses from requested time (first page) |
TCA-0403 Returns a list of completed URL analyses, starting from the requested time. This action only returns the first page of results. |
Get URL analyses from requested time (with page parameter) |
TCA-0403 Returns a list of completed URL analyses, starting from the requested time. This action returns the requested page of results. |
Get URL-s from domain |
TCA-0405 Provides a list of URLs associated with the requested domain. |
Get URL-s from IP address |
TCA-0406 Provides a list of URL-s associated with the requested IP. |
Get YARA Matches Feed |
TCA-0303 Returns a recordset of YARA ruleset matches in the requested time range |
Get YARA Retro Hunting Status |
TCA-0319 Allows users to check status of their own YARA retro hunts and retroactively match YARA rules against files from ReversingLabs TitaniumCloud |
Get YARA Retro Matches Feed |
TCA-0319 Returns a recordset of YARA ruleset matches in the requested time range for the authenticated user. |
Get YARA Ruleset information |
TCA-0303 API Returns information about created user YARA ruleset |
Get YARA Ruleset Text |
TCA-0303 API Returns text for specified YARA rule |
Group By RHA1 Single Query |
TCA-0321 This query returns a list containing all SHA1 hashes of functionally similar samples for the requested SHA1 sample hash and RHA1 precision level. |
Import Hash Similarity |
TCA-0302 Provides a list of all available SHA1 hashes for the requested import hash (imphash) |
Import Hash Similarity paginated |
TCA-0302 Provides a list of all available SHA1 hashes for the requested import hash (imphash) |
List files from a domain |
TCA-0405 Retrieve a list of files downloaded from the submitted domain. |
List files from a URL |
TCA-0403 Retrieve a list of files downloaded from the submitted URL. |
List files from an IP address |
TCA-0406 Retrieve a list of files downloaded from the submitted IP address. |
List User Override |
TCA-0408 List user overrides for network locations |
Monthly API usage (company) |
TCA-9999 Returns information about combined monthly service usage for all users in the company. |
Monthly API usage (current user) |
TCA-9999 Returns information about monthly service usage for the TitaniumCloud account that sent the request. |
Network Reputation API |
TCA-0407 Provides information regarding the reputation of requested URL, domain or IP Address. |
Network Reputation User Override |
TCA-0408 Enables URL classification overrides. |
Reanalyze sample (single query) |
TCA-0205 Sends a sample defined by a hash for rescanning. |
Reanalyze samples (bulk query) |
TCA-0205 Sends multiple samples defined by hashes for rescanning. |
Set start time for reputation changes |
TCA-0206 Sets the starting timestamp for the reputation data changes feed. |
Start YARA Retro Hunt |
TCA-0319 Allows users to start their own YARA retro hunts and retroactively match YARA rules against files from ReversingLabs TitaniumClou |
Submit archive for dynamic analysis |
TCA-0207 Submits an archive for dynamic anaylsis. |
Submit sample for dynamic analysis |
TCA-0207 Submits a sample for dynamic analysis. |
Subscribe to reputation changes |
TCA-0206 Subscribes to a list of samples for which the changed sections (if there are any) will be delivered in the Data Change Feed. |
Unsubscribe from reputation changes |
TCA-0206 Unsubscribes from a list of samples that the user was previously subscribed to. |
Upload sample |
TCA-0202 Upload a given sample identified by hash via open stream of POST data. |
Upload sample metadata |
TCA-0202 Upload metadata for the sample identified by hash. |
URI to hash search by URI SHA-1 (first page) |
TCA-0401 Returns hashes related to the provided URI. This request accepts an URI in the form of a SHA-1 string and returns only the first page of results. |
URI to hash search by URI SHA-1 (with page parameter) |
TCA-0401 Returns hashes related to the provided URI. This request accepts an URI in the form of a SHA-1 string and returns the requested page of results. |
URI to hash search by URI string (with page parameter) |
TCA-0401 Returns hashes related to the provided URI. This request accepts an URI string and returns the requested page of results. |
Advanced Search
TCA-0320 Allows users to find samples in ReversingLabs TitaniumCloud by combining various search keywords
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
name
|
name | True | string |
field name |
criteria
|
criteria | True | string |
operators from enum |
value
|
value | True | string |
string or object |
format
|
format | string |
specifies the format for the response |
|
records_per_page
|
records_per_page | integer |
records_per_page |
|
page
|
page | integer |
page |
|
sort
|
sort | string |
Sort by one of these fields: sha1, firstsee, threatname, sampletype, filecount, size. Append asc for ascending and desc for descending order. E.g. threatname asc. |
|
Content-Type
|
Content-Type | string |
Content-Type |
Analyze URL
TCA-0404 Requests an analysis of the submitted URL.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | True | string |
Request format. |
url
|
url | string |
url |
|
response_format
|
response_format | string |
response_format |
Cancel YARA Retro Hunt
TCA-0319 Allows users to cancel started YARA retro hunts.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Specifies the name of the YARA ruleset for which the user is requesting an action from the service
|
ruleset_name | True | string |
ruleset_name |
Content-Type
|
Content-Type | string |
Content-Type |
Create YARA Ruleset
TCA-0303 Allows the authenticated user to create YARA rulesets in ReversingLabs TitaniumCloud
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Specifies the name of the YARA ruleset
|
ruleset_name | True | string |
ruleset_name |
Configuration of the YARA rule
|
text | True | string |
text |
sample_available
|
sample_available | True | boolean |
sample_available |
Content-Type
|
Content-Type | string |
Content-Type |
Daily API usage (company)
TCA-9999 Returns information about combined daily service usage for all users in the company.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | string |
Response format. |
|
Date
|
date | string |
Specific date. YYYY-MM-DD format. Mutually exclusive with 'from' and 'to' parameters. |
|
From
|
from | string |
Start date. YYYY-MM-DD format. Needs to be used together with the 'to' parameter. Mutually exclusive with the 'date' parameter. |
|
To
|
to | string |
End date. YYYY-MM-DD format. Needs to be used together with the 'from' parameter. Mutually exclusive with the 'date' parameter. |
Daily API usage (current user)
TCA-9999 Returns information about daily service usage for the TitaniumCloud account that sent the request.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | string |
Response format. |
|
Date
|
date | string |
Specific date. YYYY-MM-DD format. Mutually exclusive with 'from' and 'to' parameters. |
|
From
|
from | string |
Start date. YYYY-MM-DD format. Needs to be used together with the 'to' parameter. Mutually exclusive with the 'date' parameter. |
|
To
|
to | string |
End date. YYYY-MM-DD format. Needs to be used together with the 'from' parameter. Mutually exclusive with the 'date' parameter. |
Date range API usage (company)
TCA-9999 Returns information about combined date range service usage for all users in the company.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | string |
Response format. |
Date range API usage (current user)
TCA-9999 Returns total usage for all product licenses with a fixed quota over a single date range for the current user.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | string |
Response format. |
Delete sample (single query)
TCA-0204 Deletes a single sample defined by the hash value.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Type
|
hash_type | True | string |
md5, sha1 or sha256 |
Hash Value
|
hash_value | True | string |
Hash string |
Delete On
|
delete_on | string |
When the sample will be deleted. Expressed in UNIX timestamp format. |
Delete samples (bulk query)
TCA-0204 Deletes multiple samples at once defined by the list of hash values in the request payload.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Post Format
|
post_format | True | string |
Request format. |
hash_type
|
hash_type | string |
hash_type |
|
delete_on
|
delete_on | string |
When the sample will be deleted. Expressed in UNIX timestamp format. |
|
hashes
|
hashes | array of string |
hashes |
Delete YARA Ruleset
TCA-0303 Allows the authenticated user to delete YARA rulesets in ReversingLabs TitaniumCloud
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Yara ruleset name
|
ruleset_name | True | string |
Yara ruleset name |
Download sample
TCA-0201 Returns the contents of a sample matching the requested hash.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Type
|
hash_type | True | string |
md5, sha1 or sha256 |
Hash Value
|
hash_value | True | string |
Hash string |
File Reputation List User Overrides
TCA-0102 The List File User Overrides Query
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Specifies which hash type will be used in the request (md5, sha1, sha256)
|
hash_type | True | string |
hash_type |
start_hash
|
start_hash | string |
The format must correspond to the one defined with the hash_type parameter. |
|
format
|
format | string |
Supported values: json, xml |
Returns
File Reputation User Override
TCA-0102 Service enables sample classification overrides.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Post format
|
post_format | True | string |
XML or JSON |
sha1
|
sha1 | string |
Provide values for md5, sha1, sha256 |
|
md5
|
md5 | string |
Provide values for md5, sha1, sha256 |
|
sha256
|
sha256 | string |
Provide values for md5, sha1, sha256 |
|
status
|
status | string |
options: MALICIOUS, SUSPICIOUS, KNOWN. For KNOWN status optional trust_factor. For MALICIOUS/SUSPICIOUS optional threat_name, threat_level |
|
trust_factor
|
trust_factor | integer |
Allowed as optional parameter for KNOWN status option |
|
threat_level
|
threat_level | integer |
Allowed as optional parameter for MALICIOUS and SUSPICIOUS status option |
|
threat_name
|
threat_name | string |
Allowed as optional parameter for MALICIOUS and SUSPICIOUS status option |
|
sha1
|
sha1 | string |
sha1 |
|
md5
|
md5 | string |
md5 |
|
sha256
|
sha256 | string |
sha256 |
Get active YARA rulesets
TCA-9999 Returns information about the number of active YARA rulesets for the TitaniumCloud account that sent the request.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | string |
Response format. |
Get API quota limits (company)
TCA-9999 Returns current quota limits for APIs available to all users belonging to the authenticated user’s company.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | string |
Response format. |
Get API quota limits (current user)
TCA-9999 Returns current quota limits for APIs accessible to the authenticated user.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | string |
Response format. |
Get continuous reputation data changes
TCA-0206 Returns a recordset with samples that the user is subscribed to from the requested timestamp onwards. The timestamp is defined in the request itself.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Time Format
|
time_format | True | string |
Unix timestamp or YYYY-MM-DDThh:mm:ss |
Time Value
|
time_value | True | string |
Time value string |
Format
|
format | string |
Response format. |
|
Events
|
events | string |
Sections that should be included in the response. Consult the API documentation for possible options. |
Get domain related domains
TCA-0405 Provides a list of domains that have the same top parent domain as the requested domain.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | True | string |
Request format. |
domain
|
domain | string |
domain |
|
response_format
|
response_format | string |
json or xml |
|
limit
|
limit | integer |
Number of results per page. |
|
page
|
page | string |
Next page string. |
Get domain resolutions
TCA-0405 Provides a list of domain-to-IP mappings for the requested domain.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | True | string |
Request format. |
domain
|
domain | string |
domain |
|
response_format
|
response_format | string |
json or xml |
|
limit
|
limit | integer |
Number of results per page. |
|
page
|
page | string |
Next page string. |
Get dynamic analysis report (latest)
TCA-0106 This query returns the latest analysis report for the requested sample hash.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Type
|
hash_type | True | string |
sha1 only |
Hash Value
|
hash_value | True | string |
Hash string |
Format
|
format | string |
Response format. |
Get dynamic analysis report (merged)
TCA-0106 This query returns the merged analysis report for the requested sample hash.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Type
|
hash_type | True | string |
sha1 only |
Hash Value
|
hash_value | True | string |
Hash string |
Format
|
format | string |
Response format. |
Get dynamic analysis report (specific)
TCA-0106 This query returns a specific analysis report for the requested sample hash defined by the analysis ID.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Type
|
hash_type | True | string |
sha1 only |
Hash Value
|
hash_value | True | string |
Hash string |
Analysis Id
|
analysis_id | True | string |
ID of the dynamic analysis report. |
Format
|
format | string |
Response format. |
Get dynamic analysis report for an archive (latest)
TCA-0106 Returns the most recent dynamic analysis report for each file within the archive.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Type
|
hash_type | True | string |
sha1 only |
Hash Value
|
hash_value | True | string |
Hash string |
Format
|
format | string |
Response format. |
Get dynamic analysis report for an archive (merged)
TCA-0106 Returns the merged dynamic analysis report for each file within the archive.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Type
|
hash_type | True | string |
sha1 only |
Hash Value
|
hash_value | True | string |
Hash string |
Format
|
format | string |
Response format. |
Get dynamic analysis report for url (base64)
TCA-0106 Returns dynamic analysis reports for requested url
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Base64 Value
|
base64_value | True | string |
Must be a string corresponding to the base64 encoding of url. |
Content-Type
|
Content-Type | string |
Content-Type |
Get dynamic analysis report for url (sha1)
TCA-0106 Returns dynamic analysis reports for requested url
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Sha1 Value
|
sha1_value | True | string |
Must be a sha1 string corresponding to the defined hash type. |
Content-Type
|
Content-Type | string |
Content-Type |
Get file analysis (bulk query)
TCA-0104 Get the analysis results for the requested hashes.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Post Format
|
post_format | True | string |
Request format. |
hash_type
|
hash_type | string |
hash_type |
|
hashes
|
hashes | array of string |
hashes |
Get file analysis (single query)
TCA-0104 Get the analysis results for the requested hash.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Type
|
hash_type | True | string |
md5, sha1 or sha256 |
Hash Value
|
hash_value | True | string |
Hash string |
Format
|
format | string |
Response format. |
Get file analysis - non-malicious (bulk query)
TCA-0105 Get a response containing all public knowledge about the given non-malicious samples identified by hash.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Post Format
|
post_format | True | string |
Request format. |
hash_type
|
hash_type | string |
hash_type |
|
hashes
|
hashes | array of string |
hashes |
Get file analysis - non-malicious (single query)
TCA-0105 Get a response containing all public knowledge about the given non-malicious sample identified by hash.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Type
|
hash_type | True | string |
md5, sha1 or sha256 |
Hash Value
|
hash_value | True | string |
Hash string |
Get file reputation (bulk query)
TCA-0101 Get information about the malware status of requested samples.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Post Format
|
post_format | True | string |
XML or JSON |
Extended
|
extended | boolean |
Show extended results. |
|
Show Hashes
|
show_hashes | boolean |
Show all hashes for the sample. |
|
hash_type
|
hash_type | string |
hash_type |
|
hashes
|
hashes | array of string |
hashes |
Get file reputation (single query)
TCA-0101 Get information about the malware status of the requested sample.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Type
|
hash_type | True | string |
Possible values are 'md5', 'sha1' and 'sha256'. |
Hash Value
|
hash_value | True | string |
Must be a hash string corresponding to the defined hash type. |
Extended
|
extended | boolean |
Show extended results. |
|
Show Hashes
|
show_hashes | boolean |
Show all hashes for the sample. |
|
Format
|
format | string |
Set the response format. |
Get historical multi-AV scan records (bulk query)
TCA-0103 Provides cross-reference data (AV scanner scanning information, first and last seen date-time (UTC), sample type and size, first and last scanned date, etc.) for given samples.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Post Format
|
post_format | True | string |
Request format. |
History
|
history | boolean |
Return historical data. |
|
Format
|
format | string |
Response format. |
|
hash_type
|
hash_type | string |
hash_type |
|
hashes
|
hashes | array of string |
hashes |
Get historical multi-AV scan records (single query)
TCA-0103 Provides cross-reference data (AV scanner scanning information, first and last seen date-time (UTC), sample type and size, first and last scanned date, etc.) for a given sample.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Type
|
hash_type | True | string |
md5, sha1 or sha256 |
Hash Value
|
hash_value | True | string |
Hash string |
History
|
history | boolean |
Return historical data. |
|
Format
|
format | string |
Response format. |
Get IP address resolutions
TCA-0406 Provides a list of IP-to-domain mappings for the specified IP address.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | True | string |
Request format. |
ip
|
ip | string |
ip |
|
response_format
|
response_format | string |
json or xml |
|
limit
|
limit | integer |
Number of results per page. |
|
page
|
page | string |
Next page string. |
Get reputation data changes
TCA-0206 Returns the next recordset with samples to which the user is subscribed with the starting point defined using the "Set start time for reputation changes" action.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | string |
Response format. |
|
events
|
events | string |
List one or more sections separated with comma: xref, sample_available, malware_presence, sample_became_shareable |
|
Limit
|
limit | integer |
Number of records to return in the response. |
Get sample download status
TCA-0201 Returns the file size of samples matching the requested hash values, but only if they are available for download. If the requested samples are not available for download, their size in the response will be returned as -1.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Post Format
|
post_format | True | string |
Request format. |
Format
|
format | string |
Response format. |
|
Content-Type
|
Content-Type | string |
Needs to be application/octet-stream |
|
hash_type
|
hash_type | string |
hash_type |
|
hashes
|
hashes | array of string |
hashes |
Get specific dynamic analysis report for url (base64)
TCA-0106 Returns the specific dynamic analysis report for requested url
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Base64 Value
|
base64_value | True | string |
Must be a base64 string corresponding of the submitted url. |
analysis_id
|
specific_report | True | string |
analysis_id for which report is retrieved |
Format
|
format | string |
Response format. |
|
Content-Type
|
Content-Type | string |
Content-Type |
Get specific dynamic analysis report for url (SHA1)
TCA-0106 Returns the specific dynamic analysis report for requested url
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
SHA1 Value
|
sha1_value | True | string |
Must be a hash string corresponding to the defined hash type. |
analysis_id
|
specific_report | True | string |
analysis_id for which report is retrieved |
Format
|
format | string |
Response format. |
|
Content-Type
|
Content-Type | string |
Content-Type |
Get the domain report
TCA-0405 Returns threat intelligence data for the submitted domain.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | True | string |
Request format. |
domain
|
domain | string |
domain |
|
response_format
|
response_format | string |
response_format |
Get the IP address report
TCA-0406 Returns threat intelligence data for the submitted IP.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | True | string |
Request format. |
ip
|
ip | string |
ip |
|
response_format
|
response_format | string |
json or xml |
Get the latest URL analyses (first page)
TCA-0403 Returns the latest completed URL analyses. This action only returns the first page of results.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | string |
Response format. |
|
Limit
|
limit | integer |
Maximum number of results returned per page. |
Get the latest URL analyses (with page parameter)
TCA-0403 Returns the latest completed URL analyses. This action returns the requested page of results.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Page
|
page | True | string |
Page marker for returning results. |
Format
|
format | string |
Response format. |
|
Limit
|
limit | integer |
Maximum number of results returned per page. |
Get the URL report
TCA-0403 Returns the classification and reputation report for the submitted URL.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | True | string |
Request format. |
url
|
url | string |
url |
|
response_format
|
response_format | string |
response_format |
Get URL analyses from requested time (first page)
TCA-0403 Returns a list of completed URL analyses, starting from the requested time. This action only returns the first page of results.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Time Format
|
time_format | True | string |
timestamp or utc |
Start Time
|
start_time | True | string |
Unix timestamp or YYYY-MM-DDThh:mm:ss |
Format
|
format | string |
Response format. |
|
Limit
|
limit | integer |
Maximum number of results returned per page. |
Get URL analyses from requested time (with page parameter)
TCA-0403 Returns a list of completed URL analyses, starting from the requested time. This action returns the requested page of results.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Time Format
|
time_format | True | string |
timestamp or utc |
Start Time
|
start_time | True | string |
Unix timestamp or YYYY-MM-DDThh:mm:ss |
Page
|
page | True | string |
Page marker for returning results. |
Format
|
format | string |
Response format. |
|
Limit
|
limit | integer |
Maximum number of results returned per page. |
Get URL-s from domain
TCA-0405 Provides a list of URLs associated with the requested domain.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | True | string |
Request format. |
domain
|
domain | string |
domain |
|
response_format
|
response_format | string |
json or xml |
|
limit
|
limit | integer |
Number of results per page. |
|
page
|
page | string |
Next page string. |
Get URL-s from IP address
TCA-0406 Provides a list of URL-s associated with the requested IP.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | True | string |
Request format. |
ip
|
ip | string |
ip |
|
response_format
|
response_format | string |
json or xml |
|
limit
|
limit | integer |
Number of results per page. |
|
page
|
page | string |
Next page string. |
Get YARA Matches Feed
TCA-0303 Returns a recordset of YARA ruleset matches in the requested time range
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Time Format
|
time_format | True | string |
Unix timestamp or YYYY-MM-DDThh:mm:ss |
Time Value
|
time_value | True | string |
Time value string |
Format
|
format | string |
Response format. |
Get YARA Retro Hunting Status
TCA-0319 Allows users to check status of their own YARA retro hunts and retroactively match YARA rules against files from ReversingLabs TitaniumCloud
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Yara ruleset name
|
ruleset_name | True | string |
Yara ruleset name |
Get YARA Retro Matches Feed
TCA-0319 Returns a recordset of YARA ruleset matches in the requested time range for the authenticated user.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Time Format
|
time_format | True | string |
Unix timestamp or YYYY-MM-DDThh:mm:ss |
Time Value
|
time_value | True | string |
Time value string |
Format
|
format | string |
Response format. |
Get YARA Ruleset information
TCA-0303 API Returns information about created user YARA ruleset
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Yara ruleset name
|
ruleset_name | True | string |
Yara ruleset name |
Get YARA Ruleset Text
TCA-0303 API Returns text for specified YARA rule
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Yara ruleset name
|
ruleset_name | True | string |
Yara ruleset name |
Group By RHA1 Single Query
TCA-0321 This query returns a list containing all SHA1 hashes of functionally similar samples for the requested SHA1 sample hash and RHA1 precision level.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
rha1_type
|
rha1_type | True | string |
This parameter accepts one of the following values: pe01, elf01, machO01, pe02 |
hash_value
|
hash_value | True | string |
The value must be a valid SHA1 hash of the sample for which the user is requesting a list of functionally similar samples |
next_page_sha1
|
next_page_sha1 | True | string |
To get the next page of results from the API, use the next_page_sha1 value from the response in place of this parameter in a new request. When the parameter is not included in the request, only the first page of results is returned. |
Content-Type
|
Content-Type | string |
Content-Type |
|
Format
|
format | string |
Set the response format. |
|
Limit
|
limit | integer |
Number of records to return in the response. |
|
Extended
|
extended | boolean |
Show extended results. |
|
Classification
|
classification | string |
Return only hashes with this classification. |
Import Hash Similarity
TCA-0302 Provides a list of all available SHA1 hashes for the requested import hash (imphash)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Value
|
hash_value | True | string |
The value must be a valid ImpHash hash for which the user is requesting a list of SHA1 hashes |
Content-Type
|
Content-Type | string |
Content-Type |
|
Format
|
format | string |
Set the response format. |
Import Hash Similarity paginated
TCA-0302 Provides a list of all available SHA1 hashes for the requested import hash (imphash)
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Value
|
hash_value | True | string |
The value must be a valid ImpHash hash for which the user is requesting a list of SHA1 hashes |
Next page sha1
|
next_page_sha1 | True | string |
The value must be a valid hash for which the user is requesting a list of SHA1 hashes |
Content-Type
|
Content-Type | string |
Content-Type |
|
Format
|
format | string |
Set the response format. |
List files from a domain
TCA-0405 Retrieve a list of files downloaded from the submitted domain.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | True | string |
Request format. |
domain
|
domain | string |
domain |
|
response_format
|
response_format | string |
response_format |
|
limit
|
limit | integer |
limit |
|
extended
|
extended | boolean |
extended |
|
classification
|
classification | string |
classification |
|
page
|
page | string |
page |
List files from a URL
TCA-0403 Retrieve a list of files downloaded from the submitted URL.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | True | string |
Request format. |
url
|
url | string |
url |
|
analysis_id
|
analysis_id | string |
Mutally exlusive with 'last_analysis' |
|
last_analysis
|
last_analysis | boolean |
Return last analysis. Mutally exlusive with 'analysis_id' |
|
response_format
|
response_format | string |
xml or json |
|
limit
|
limit | integer |
Number of results per page. |
|
extended
|
extended | boolean |
Return extended results. |
|
classification
|
classification | string |
Return only samples with this classification. |
|
page
|
page | string |
Next page string. |
List files from an IP address
TCA-0406 Retrieve a list of files downloaded from the submitted IP address.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | True | string |
Request format. |
ip
|
ip | string |
ip |
|
response_format
|
response_format | string |
json or xml |
|
limit
|
limit | integer |
Number of results per page. |
|
extended
|
extended | boolean |
Return extended results. |
|
classification
|
classification | string |
Return results with this classification. |
|
page
|
page | string |
Next page string. |
List User Override
TCA-0408 List user overrides for network locations
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | string |
Optional parameter that allows choosing the response format. Supported values: xml, json |
|
Next Network Location
|
next_network_location | string |
Optional parameter used for pagination. To get the next page of results from the API, use the next_network_location value from the response in place of this parameter in a new request. When the parameter is not included in the request, only the first page of results is returned. |
Monthly API usage (company)
TCA-9999 Returns information about combined monthly service usage for all users in the company.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | string |
Response format. |
|
Month
|
month | string |
Specific month. YYYY-MM format. Mutually exclusive with 'from' and 'to' parameters. |
|
From
|
from | string |
Start month. YYYY-MM format. Needs to be used together with the 'to' parameter. Mutually exclusive with the 'month' parameter. |
|
To
|
to | string |
End month. YYYY-MM format. Needs to be used together with the 'from' parameter. Mutually exclusive with the 'month' parameter. |
Monthly API usage (current user)
TCA-9999 Returns information about monthly service usage for the TitaniumCloud account that sent the request.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | string |
Response format. |
|
Month
|
month | string |
Specific month. YYYY-MM format. Mutually exclusive with 'from' and 'to' parameters. |
|
From
|
from | string |
Start month. YYYY-MM format. Needs to be used together with the 'to' parameter. Mutually exclusive with the 'month' parameter. |
|
To
|
to | string |
End month. YYYY-MM format. Needs to be used together with the 'from' parameter. Mutually exclusive with the 'month' parameter. |
Network Reputation API
TCA-0407 Provides information regarding the reputation of requested URL, domain or IP Address.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Post format
|
post_format | True | string |
XML or JSON |
Network Location
|
network_location | True | string |
List of network locations (url, ip, domain) |
type
|
type | string |
url or ip or domain |
|
response_format
|
response_format | string |
json or xml |
Network Reputation User Override
TCA-0408 Enables URL classification overrides.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Post format
|
post_format | True | string |
XML or JSON |
Network Location
|
network_location | True | string |
The overridden URL (domain, ip, url). |
type
|
type | True | string |
Type of URI. Only url is supported. |
classification
|
classification | True | string |
Assigned classification. Must conform to the ReversingLabs naming standard |
categories
|
categories | array of string |
categories |
|
response_format
|
response_format | string |
json or xml |
Reanalyze sample (single query)
TCA-0205 Sends a sample defined by a hash for rescanning.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Hash Type
|
hash_type | True | string |
md5, sha1 or sha256 |
Hash Value
|
hash_value | True | string |
Hash string |
Reanalyze samples (bulk query)
TCA-0205 Sends multiple samples defined by hashes for rescanning.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Post Format
|
post_format | True | string |
Request format. |
Format
|
format | string |
Response format. |
|
hash_type
|
hash_type | string |
hash_type |
|
hashes
|
hashes | array of string |
hashes |
Set start time for reputation changes
TCA-0206 Sets the starting timestamp for the reputation data changes feed.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Time Format
|
time_format | True | string |
Unix timestamp or YYYY-MM-DDThh:mm:ss |
Time Value
|
time_value | True | string |
Time value string |
Start YARA Retro Hunt
TCA-0319 Allows users to start their own YARA retro hunts and retroactively match YARA rules against files from ReversingLabs TitaniumClou
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Specifies the name of the YARA ruleset for which the user is requesting an action from the service
|
ruleset_name | True | string |
ruleset_name |
Content-Type
|
Content-Type | string |
Content-Type |
Submit archive for dynamic analysis
TCA-0207 Submits an archive for dynamic anaylsis.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Post Format
|
post_format | True | string |
Request format. |
sha1
|
sha1 | string |
sha1 |
|
platform
|
platform | string |
Platform which will be used for dynamic analysis. Consult the API documentation for possible options. |
|
response_format
|
response_format | string |
response_format |
|
optional_parameters
|
optional_parameters | string |
Consult the API documentation for possible options. |
Submit sample for dynamic analysis
TCA-0207 Submits a sample for dynamic analysis.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Post Format
|
post_format | True | string |
Request format. |
sha1
|
sha1 | string |
Select either SHA1 or url parameter for sample analysis |
|
url
|
url | string |
Select either SHA1 or url parameter for sample analysis |
|
platform
|
platform | string |
Platform which will be used for dynamic analysis. Consult the API documentation for possible options. |
|
response_format
|
response_format | string |
json or xml |
|
optional_parameters
|
optional_parameters | string |
Consult the API documentation for possible options. |
Subscribe to reputation changes
TCA-0206 Subscribes to a list of samples for which the changed sections (if there are any) will be delivered in the Data Change Feed.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Post Format
|
post_format | True | string |
Request format. |
hash_type
|
hash_type | string |
hash_type |
|
hashes
|
hashes | array of string |
hashes |
Unsubscribe from reputation changes
TCA-0206 Unsubscribes from a list of samples that the user was previously subscribed to.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Post Format
|
post_format | True | string |
Request format. |
hash_type
|
hash_type | string |
hash_type |
|
hashes
|
hashes | array of string |
hashes |
Upload sample
TCA-0202 Upload a given sample identified by hash via open stream of POST data.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Sha1 Value
|
sha1_value | True | string |
SHA1 of the sample. |
Content-Type
|
Content-Type | True | string |
Needs to be application/octet-stream |
Upload sample metadata
TCA-0202 Upload metadata for the sample identified by hash.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Sha1 Value
|
sha1_value | True | string |
SHA1 of the sample. |
Subscribe
|
subscribe | string |
Subscribe to this sample's reputation data changes. Possible values are only 'data_change' |
|
Content-Type
|
Content-Type | True | string |
Needs to be application/octet-stream |
Body
|
body | True | string |
XML request body. Consult the API documentation for examples. |
URI to hash search by URI SHA-1 (first page)
TCA-0401 Returns hashes related to the provided URI. This request accepts an URI in the form of a SHA-1 string and returns only the first page of results.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Uri Sha1
|
uri_sha1 | True | string |
SHA1 string representation of the URI |
Format
|
format | string |
Response format. |
|
Classification
|
classification | string |
Return only hashes with this classification. |
URI to hash search by URI SHA-1 (with page parameter)
TCA-0401 Returns hashes related to the provided URI. This request accepts an URI in the form of a SHA-1 string and returns the requested page of results.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Uri Sha1
|
uri_sha1 | True | string |
SHA1 string representation of the URI |
Next Page Sha1
|
next_page_sha1 | True | string |
SHA1 of the next page of results. |
Format
|
format | string |
Response format. |
|
Classification
|
classification | string |
Return only hashes with this classification. |
URI to hash search by URI string (with page parameter)
TCA-0401 Returns hashes related to the provided URI. This request accepts an URI string and returns the requested page of results.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Format
|
format | string |
Request format. |
|
Content Type Header
|
Content-Type | True | string |
API Call expect explicit content type |
uri
|
uri | string |
uri |
|
next_page_sha1
|
next_page_sha1 | string |
next_page_sha1 |