Skip to main content

Cyware Threat Intelligence eXchange

VMRay

Connector Category: Enrichment Tool

About Integration

VMRay Analyzer is an advanced malware analysis tool that empowers security teams to analyze advanced threats, including zero-day and targeted attacks dynamically. Intel Exchange uses APIVoid to enrich hashes.

Configure VMRay as an Enrichment Tool

Configure VMRay in Intel Exchange to enrich hashes.

Before you Start 

  • Ensure that you have the base URL and API token of your VMRay account.

  • Ensure that your user group has Create, Update, and View permissions for enrichment tools and their associated policies in Intel Exchange.

    Note

    Ensure that the API ID includes the permissions to retrieve hash relationship details of threat data objects.

Steps 

To configure VMRay as an enrichment tool in Intel Exchange, follow these steps:

  1. Sign in to Intel Exchange and go to Administration > Enrichment Management > Enrichment Tools

  2. Search and select the VMRay enrichment tool. 

  3. Click Add Account and enter the following details:

    1. Account Name: Enter a unique account name to identify the instance. For example, VMRay Prod.

    2. Base URL: Enter the base URL of your VMRay instance. The default base URL is https://us.cloud.vmray.com

    3. API Key: Enter the API key of your VMRay account to authenticate communication between Intel Exchange and VMRay servers.

    4. Verify SSL: Enable this option to validate the SSL certificate and secure the connection between Intel Exchange and VMRay servers. This option is enabled by default.

      Note

      Cyware recommends you select Verify SSL. If you disable this option, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection.

4. Click Save.

After successfully adding an account, you can view and enable VMRay feed enrichment types. You can also configure a quota to set a limit on the number of enrichment request the VMRay account can make. After the quota is exhausted, no further enrichment requests can be made until the quota resets for the next quota duration. For more details, refer to Define Quota in Configure Enrichment Tools.Configure Enrichment Tools

To understand the number of API calls and quota units consumed by the VMRay enrichment tool per polling, refer to the following table:

Enrichment Tool

Feed Enrichment Type

No. of API calls

Quota Consumed

VMRay

Retrieve Hash Detail

1

1

You can configure an enrichment policy to automatically enrich threat data objects using the VMRay enrichment tool. For more information, see Enrichment Policy.