Skip to main content

Cyware Threat Intelligence eXchange

ReversingLabs

Connector Category: Enrichment Tool

About Integration

Intel Exchange (CTIX) integrates with ReversingLabs to enrich MD5, SHA1, and SHA256 hashes. This integration adds contextual information to seemingly isolated threat data, gives you visibility into threats, and makes the threat investigation faster.

Use Cases 

  • Correlate hashes with other threat data objects to get insightful threat intelligence.

  • Identify vulnerabilities in your systems and prioritize patching.

Benefits 

  • Enrich hashes in real time.

  • Get actionable intelligence to improve security strategies.

Configure ReversingLabs as Enrichment Tool

Configure ReversingLabs to enrich the MD5, SHA1, and SHA256 hashes.

Before you Start 

  • You must have the view, create, and update permissions for Enrichment Management in Intel Exchange.

  • You must have the base URL, username, and password of your ReversingLabs account.

    Note

    Ensure that the access key includes the permissions to retrieve the details of hashes.

Steps 

To configure ReversingLabs as an enrichment tool in Intel Exchange, do the following:

  1. Sign in to CTIX and go to Administration > Enrichment Management > Enrichment Tools.

  2. Search and select the ReversingLabs enrichment tool.

  3. Click Add Account.

  4. Enter a unique account name to identify the instance. For example, Prod_Reversing_Labs.

  5. Enter the base URL of your ReversingLabs instance. The default base URL is https://data.reversinglabs.com/api/.

  6. Enter the access key of your ReversingLabs account to authenticate communication between the Intel Exchange and ReversingLabs servers.

  7. Select Verify SSL to verify the SSL certificate and secure the connection between the Intel Exchange and ReversingLabs servers. By default, Verify SSL is selected.

    Note

    Cyware recommends you select Verify SSL. If you disable this option, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection.

  8. Click Save.

After successfully adding an account, you can view and enable the ReversingLabs feed enrichment types to enable users to enrich hashes. You can also configure quota to define a limit to the number of enrichment requests a ReversingLabs account makes. After the quota expires, you can not make enrichment requests until the quota resets for the next quota duration. For more information, see Define Quota in Configure Enrichment Tools.

To understand the number of API calls and quota units consumed by the ReversingLabs enrichment tool per polling, refer to the following table.

Enrichment Tool

Feed Enrichment Type

No. of API calls

Quota Consumed

ReversingLabs

Hash

2

2

You can configure an enrichment policy to automatically enrich threat data objects using the ReversingLabs enrichment tool. For more information, see Configure Enrichment Policy.Configure Enrichment Policy

Note

You can enrich a maximum of 100 hashes in a single enrichment request using ReversingLabs by configuring an enrichment policy. The amount of quota consumed in a bulk enrichment request is determined by the number of successfully enriched hashes. For example, if you submit 100 hashes but only 90 of them are enriched, then your quota consumption is 90.