Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Intezer is a platform built to analyze and investigate every alert like an experienced security analyst and reverse engineer.

Connect Intezer with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for Intezer.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Intezer API Key: API Key for Intezer.

  8. After you've entered all the details, click Connect.

Get Latest Hash Result

This endpoint enables you to retrieve the latest available results of a previously analyze file by specifying its hash.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Hash Value

Jinja-templated text containing the hash value

Required

Should Only Get Private Analyses

Jinja-templated text containing the boolean. Default is 'false'

Optional

Should Only Get Composed Analyses

Jinja-templated text containing the boolean. Default is 'true'

Optional

Output

JSON containing the following items:

``` {json}{ "result":{ "analysis_id":"7e812ee9-701b-4bd2-9c48-asdfasdf6afb", "analysis_time":"Wed, 30 Aug 2023 12:15:50 GMT", "analysis_url":"https://analyze.intezer.com/analyses/7e812ee9-701b-4bd2-9c48-asdfasdfasdfafb", "file_name":"c8ed1easdfasdfasdfd4fe98a7", "is_private":true, "sha256":"844491c8asdfasdfasdfasdfsadfa72696eb4b41bbe", "sub_verdict":"inconclusive", "verdict":"unknown" }, "has_error":false, "error":null, "status":"succeeded", "result_url":"/analyses/7e812ee9-701b-4bd2-9c48-asdfasdasdfafb" }

## Analyze a File

This endpoint enables you to submit a file to be analyzed.

### Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

| Input Name        | Description                                                                                                                                                                      | Required |
| :---------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------- |
| File Id           | [Jinja-templated](doc:jinja-template) text containing the file id.                                                                                                               | Required |
| Additional Fields | [Jinja-templated](doc:jinja-template) JSON containing the additional fields to be passed on Intezer API. Example '{"code_item_type":"file","disable_dynamic_execution":"false"}' | Optional |

### Output

JSON containing the following items:


``` {json}{
   "result_url":"/analyses/7e812ee9-701b-4bd2-9c48-asdfasdfasdafb",
   "error":null,
   "has_error":false
}

Get Analysis Result

This endpoint retrieves a summary of a file analysis, the summary provides high-level analysis results.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Analysis Id

Jinja-templated text containing the analysis Id.

Required

Output

JSON containing the following items:

``` {json}{ "result":{ "analysis_id":"9ca16018-abb5-4d39-b16a-asdfasdfsdf992", "analysis_time":"Wed, 30 Aug 2023 11:45:26 GMT", "analysis_url":"https://analyze.intezer.com/analyses/9ca16018-abb5-4d39-b16a-asdfasdfasdf992", "file_name":"a8bb5f931f8b446fab071cbe6c58196f", "is_private":true, "sha256":"844491c83df1asdfasdfasdfasdfsadfasdfecdccd7955a72696eb4b41bbe", "sub_verdict":"inconclusive", "verdict":"unknown" }, "has_error":false, "error":null, "status":"succeeded", "result_url":"/analyses/9ca16018-abb5-4d39-b16a-asdfasdf992" }

## Download PCAP

Download the PCAP file of a specific analysis.

### Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

| Input Name  | Description                                                            | Required |
| :---------- | :--------------------------------------------------------------------- | :------- |
| Analysis Id | [Jinja-templated](doc:jinja-template) text containing the analysis Id. | Required |

### Output

JSON containing the following items:


``` {json}{
   "fileId":"20335089f4bb4ccasdfasdfsadf06be.pcap",
   "error":null,
   "has_error":false
}

Get File Metadata

Get the root analysis sample's metadata.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Analysis Id

Jinja-templated text containing the analysis Id.

Required

Output

JSON containing the following items:

``` {json}{ "sha1":"eff2883619ff1asdfasdfasdfsadfef634f", "sha256":"844491c83df175a63e2f7asdfasdfasdfasdf72696eb4b41bbe", "has_error":false, "size_in_bytes":873, "md5":"c47ba7e012asdfasdfasdf7daf", "error":null, "ssdeep":"12:XKNzeiilnuPf5yblaB+qjptPf5asdfasdfasdfasdfasdfasdfasfdsadfsadfKFe8sblaTsbZ1UwJuBamLuNDqDkGHSB", "indicators":[ { "classification":"informative", "name":"non_executable" } ], "file_type":"non executable" }

## Analyze A URL

Submits a URL to be analyzed.

### Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

| Input Name | Description                                                           | Required |
| :--------- | :-------------------------------------------------------------------- | :------- |
| URL        | [Jinja-templated](doc:jinja-template) text containing URL to analyze. | Required |

### Output

JSON containing the following items:


``` {json}{
  "result_url": "/url/0833e33b-2dcd-4d48-a853-8b4822675911",
  "error": null,
  "has_error": false
}

Get URL Analysis Result

This endpoint retrieves a summary of the analysis of a URL analysis, the summary provides high-level analysis results

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Analysis Id

Jinja-templated text containing the analysis Id.

Required

Output

JSON containing the following items:

``` {json}{ "result": { "analysis_id": "0833e33b-2dcd-4d48-a853-8b4822675911", "analysis_time": "Wed, 17 Oct 2018 15:16:45 GMT", "analysis_url": "https://analyze.intezer.com/url/0833e33b-2dcd-4d48-a853-8b4822675911", "api_void_risk_score": 0, "domain_info": { "creation_date": "1997-08-13 04:00:00.000000", "domain_name": "string", "registrar": "TUCOWS, INC." }, "downloaded_file": { "analysis_id": "string", "analysis_summary": { "verdict_description": "string", "verdict_name": "malicious", "verdict_type": "malicious" }, "sha256": "string" }, "indicators": [ { "classification": "string", "text": "string" } ], "ip": "string", "redirect_chain": [ { "response_status": 0, "url": "string" } ], "scanned_url": "https://www.intezer.com", "submitted_url": "www.intezer.com", "summary": { "main_connection_gene_count": 0, "main_connection_gene_percentage": 0, "title": "string", "verdict_name": "phishing", "verdict_type": "malicious" } }, "result_url": "/analyses/0833e33b-2dcd-4d48-a853-8b4822675911", "status": "succeeded", "error": null, "has_error": false }

## Get Quota Usage

Get information about quota usage

### Input Field

Choose a connection that you have previously created.

### Output

JSON containing the following items:


``` {json}{
  "result": {
    "file_scans": {
      "quota": 500,
      "type": "monthly",
      "usage": 5
    },
    "endpoint_scans": {
      "quota": 50,
      "type": "monthly",
      "usage": 1
    }
  },
  "error": null,
  "has_error": false
}

Get Family Artifacts

Generate artifacts by family report

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Family Id

Jinja-templated text containing the family Id.

Required

First Seen

Jinja-templated text containing the first seen filtering artifacts in range of first_seen until current timestamp. Example: '1652083866'

Optional

Output

JSON containing the following items:

``` {json}{ "result_url": "/families/0833e33b-2dcd-4d48-a853-8b4822675911/artifacts", "status": "string", "error": null, "has_error": false }

## Get An Artifacts By Family Report

This endpoint retrieves an artifacts by family report with distribution metadata

### Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

| Input Name | Description                                                          | Required |
| :--------- | :------------------------------------------------------------------- | :------- |
| Family Id  | [Jinja-templated](doc:jinja-template) text containing the family Id. | Required |

### Output

JSON containing the following items:


``` {json}{
  "result": {
    "artifacts": [
      {
        "artifact_type": "string",
        "artifact_value": "string",
        "effectiveness": "string",
        "first_seen": 0
      }
    ]
  },
  "result_url": "/analyses/0833e33b-2dcd-4d48-a853-8b4822675911",
  "status": "succeeded",
  "error": null,
  "has_error": false
}

Get Code Reuse

Get code reuse findings for the root analysis

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Analysis Id

Jinja-templated text containing the analysis Id.

Required

Output

JSON containing the following items:

{json}{ "common_gene_count": 399, "gene_count": 396, "gene_type": "native_windows", "unique_gene_count": 23, "families": [ { "family_id": "f547e65e-3160-4f50-8f12-781679173ba4,", "family_name": "Longhorn,", "family_type": "malware,", "reused_gene_count": 220 }, { "family_id": "0d4b51b7-c4cf-4969-adf6-1291f1a507ea,", "family_name": "Plexor,", "family_type": "malware,", "reused_gene_count": 4 }, { "family_id": "94c0fcf1-b017-46af-a01e-9c2791f27c7b,", "family_name": "The Qt Company Ltd,", "family_type": "library,", "reused_gene_count": 72 }, { "family_id": "d803322d-e659-44fd-a198-bc8b42397b04,", "family_name": "Microsoft Visual C/C++ Libraries,", "family_type": "library,", "reused_gene_count": 63 } ], "error": null, "has_error": false }

Release Notes

  • v1.1.3 - Updated the description of Analyze a File.

  • v1.1.1 - Added 6 new actions: Analyze A URL,Get URL Analysis Result,Get Quota Usage,Get Family Artifacts,Get An Artifacts By Family Report and Get Code Reuse.

  • v1.0.1 - Introduced integration with actions: Get Latest Hash Result, Analyze a File, Get Analysis Result, Download PCAP and Get File Metadata.

  • No labels