search

splunk-soar-connectors / .github

Stores default community health files for the organization
Apache License 2.0
1 stars 7 forks source link

New App: ReversingLabs TitaniumCloud #79

Closed ivukovicRL closed 1 year ago

ivukovicRL commented 1 year ago

Name of the app reversinglabstitaniumcloud

Integration ReversingLabs TitaniumCloud

About App utilizes ReversingLabs TitaniumCloud APIs:

  1. get file - TCA-0201 - Download a sample from TitaniumCloud and add it to the vault
  2. upload file - TCA-0202 - Upload file to TitaniumCloud
  3. reanalyze file - TCA-0205 - Reanalyze sample
  4. dynamic analysis results - TCA-0106 - Retrieve dynamic analysis results
  5. submit for dynamic analysis - TCA-0207 - Submit an existing sample for dynamic analysis
  6. uri index - TCA-0401 - Retrieve a list of all available file hashes associated with a given URI
  7. uri statistics - TCA-0402 - Retrieve the number of MALICIOUS, SUSPICIOUS and KNOWN files associated with a specific URI
  8. analyze url - TCA-0404 - Analyze a given URL
  9. url reputation - TCA-0403 Queries URL Threat Intelligence
  10. rha1 functional similarity - TCA-0301 - Retrieve a list of functionally similar hashes to the provided one
  11. file analysis - TCA-0104 - Retrieve File Analysis by hash data from TitaniumCloud
  12. file reputation - TCA-0101 - Queries for file reputation info
  13. av scanners - TCA-0103 - Retrieve AV Scanner data from TitaniumCloud
  14. advanced search - TCA-0320 - Search for hashes using multi-part search criteria
  15. imphash similarity - TCA-0302 - Get a a list of all available SHA1 hashes for files sharing the same import hash (imphash)
  16. get yara retro matches - TCA-0319 - Get a recordset of YARA ruleset matches in the specified time range
  17. yara retro cancel hunt - TCA-0319 - Cancel the retro hunt for the specified ruleset
  18. yara retro check status - TCA-0319 - Check the retro hunt status for the specified ruleset
  19. yara retro start hunt - TCA-0319 - Start YARA retro hunt for the specified ruleset
  20. yara retro enable hunt - TCA-0319 - Enable YARA retro hunt
  21. get yara matches - TCA-0303 - Get a recordset of YARA ruleset matches in the specified time range
  22. yara get ruleset text - TCA-0303 - Get YARA ruleset text
  23. yara get ruleset info - TCA-0303 - Get YARA ruleset info
  24. yara delete ruleset - TCA-0303 - Delete YARA ruleset
  25. yara create ruleset - TCA-0303 - Create a new YARA ruleset

We already have a similar app: https://github.com/splunk-soar-connectors/reversinglabs-ticloud

After publishing this app we will probably remove the old one. We intentionally didn't upgrade the existing app because this is a cleaner approach and the review process will be much easier this way.

This app has much different implementation approach (utilizes our own helper lib https://pypi.org/project/reversinglabs-sdk-py3/) and is much more extensive (25 actions supported)

ivukovicRL commented 1 year ago

@gary-phantom @mpan-splunk @rgil-splunk @tonyc-phantom is our request ok, can we get the new repo?

mpan-splunk commented 1 year ago

It's been created. https://github.com/splunk-soar-connectors/reversinglabstitaniumcloud