...
Intezer is a platform built to analyze and investigate every alert like an experienced security analyst and reverse engineer.
Connect Intezer with Devo SOAR
Navigate to Automations > Integrations.
Search for Intezer.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Intezer API Key: API Key for Intezer.
After you've entered all the details, click Connect.
Get Latest Hash Result
This endpoint enables you to retrieve the latest available results of a previously analyze file by specifying its hash.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Hash Value | Jinja-templated text containing the hash value | Required |
Should Only Get Private Analyses | Jinja-templated text containing the boolean. Default is 'false' | Optional |
Should Only Get Composed Analyses | Jinja-templated text containing the boolean. Default is 'true' | Optional |
Output
JSON containing the following items:
...
| Code Block |
|---|
## Analyze a File
This endpoint enables you to submit a file to be analyzed.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :---------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------- |
| File Id | [Jinja-templated](doc:jinja-template) text containing the file id. | Required |
| Additional Fields | [Jinja-templated](doc:jinja-template) JSON containing the additional fields to be passed on Intezer API. Example '{"code_item_type":"file","disable_dynamic_execution":"false"}' | Optional |
### Output
JSON containing the following items:
``` {json}{
"result_url":"/analyses/7e812ee9-701b-4bd2-9c48-asdfasdfasdafb",
"error":null,
"has_error":false
} |
Get Analysis Result
This endpoint retrieves a summary of a file analysis, the summary provides high-level analysis results.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Analysis Id | Jinja-templated text containing the analysis Id. | Required |
Output
JSON containing the following items:
...
| Code Block |
|---|
## Download PCAP
Download the PCAP file of a specific analysis.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :---------- | :--------------------------------------------------------------------- | :------- |
| Analysis Id | [Jinja-templated](doc:jinja-template) text containing the analysis Id. | Required |
### Output
JSON containing the following items:
``` {json}{
"fileId":"20335089f4bb4ccasdfasdfsadf06be.pcap",
"error":null,
"has_error":false
} |
Get File Metadata
Get the root analysis sample's metadata.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Analysis Id | Jinja-templated text containing the analysis Id. | Required |
Output
JSON containing the following items:
...
| Code Block |
|---|
## Analyze A URL
Submits a URL to be analyzed.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :--------- | :-------------------------------------------------------------------- | :------- |
| URL | [Jinja-templated](doc:jinja-template) text containing URL to analyze. | Required |
### Output
JSON containing the following items:
``` {json}{
"result_url": "/url/0833e33b-2dcd-4d48-a853-8b4822675911",
"error": null,
"has_error": false
} |
Get URL Analysis Result
This endpoint retrieves a summary of the analysis of a URL analysis, the summary provides high-level analysis results
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Analysis Id | Jinja-templated text containing the analysis Id. | Required |
Output
JSON containing the following items:
...
| Code Block |
|---|
## Get Quota Usage
Get information about quota usage
### Input Field
Choose a connection that you have previously created.
### Output
JSON containing the following items:
``` {json}{
"result": {
"file_scans": {
"quota": 500,
"type": "monthly",
"usage": 5
},
"endpoint_scans": {
"quota": 50,
"type": "monthly",
"usage": 1
}
},
"error": null,
"has_error": false
} |
Get Family Artifacts
Generate artifacts by family report
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Family Id | Jinja-templated text containing the family Id. | Required |
First Seen | Jinja-templated text containing the first seen filtering artifacts in range of first_seen until current timestamp. Example: '1652083866' | Optional |
Output
JSON containing the following items:
...
| Code Block |
|---|
## Get An Artifacts By Family Report
This endpoint retrieves an artifacts by family report with distribution metadata
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :--------- | :------------------------------------------------------------------- | :------- |
| Family Id | [Jinja-templated](doc:jinja-template) text containing the family Id. | Required |
### Output
JSON containing the following items:
``` {json}{
"result": {
"artifacts": [
{
"artifact_type": "string",
"artifact_value": "string",
"effectiveness": "string",
"first_seen": 0
}
]
},
"result_url": "/analyses/0833e33b-2dcd-4d48-a853-8b4822675911",
"status": "succeeded",
"error": null,
"has_error": false
} |
Get Code Reuse
Get code reuse findings for the root analysis
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Analysis Id | Jinja-templated text containing the analysis Id. | Required |
Output
JSON containing the following items:
{json}{ "common_gene_count": 399, "gene_count": 396, "gene_type": "native_windows", "unique_gene_count": 23, "families": [ { "family_id": "f547e65e-3160-4f50-8f12-781679173ba4,", "family_name": "Longhorn,", "family_type": "malware,", "reused_gene_count": 220 }, { "family_id": "0d4b51b7-c4cf-4969-adf6-1291f1a507ea,", "family_name": "Plexor,", "family_type": "malware,", "reused_gene_count": 4 }, { "family_id": "94c0fcf1-b017-46af-a01e-9c2791f27c7b,", "family_name": "The Qt Company Ltd,", "family_type": "library,", "reused_gene_count": 72 }, { "family_id": "d803322d-e659-44fd-a198-bc8b42397b04,", "family_name": "Microsoft Visual C/C++ Libraries,", "family_type": "library,", "reused_gene_count": 63 } ], "error": null, "has_error": false }
Release Notes
v1.1.3- Updated the description ofAnalyze a File.v1.1.1- Added 6 new actions:Analyze A URL,Get URL Analysis Result,Get Quota Usage,Get Family Artifacts,Get An Artifacts By Family ReportandGet Code Reuse.v1.0.1- Introduced integration with actions:Get Latest Hash Result,Analyze a File,Get Analysis Result,Download PCAPandGet File Metadata.
...