Cisco Secure Malware Analytics
App Vendor: Cisco
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.1.0
API Version: API V1
About App
The Cisco Secure Malware Analytics delivers on-premises advanced malware analysis with deep threat analytics and content. Organizations with compliance and policy restrictions can analyze malware locally by submitting samples to the secure malware analytics application. With the secure malware analytics application, you can analyze all samples using proprietary and highly secure static and dynamic analysis techniques.
The Cisco Secure Malware Analytics app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Get Indicators | This action retrieves all indicators from Cisco Secure Malware Analytics. |
Search Submissions | This action searches for all submissions based on the search query text. |
Submit URL | This action submits a URL for analysis. |
Get Sample | This action returns the results of sample analysis. |
Wait For Sample | This action waits for sample analysis to complete and returns the results. |
Submit File | This action submits a file for analysis. |
Configuration Parameters
The following configuration parameters are required for the Cisco Secure Malware Analytics app to communicate with the Cisco Secure Malware Analytics enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API key to authenticate with the Cisco Secure Malware Analytics application. Example: "59gfjka6ck6chnakd8tkklt2aut9j" | Password | Required |
|
Base URL | Specify the URL for the connector to connect with the Cisco Secure Malware Analytics application. "https://panacea.threatgrid.com" | Text | Optional |
|
SSL Verification | Choose to verify the SSL certificate. | Boolean | Optional | Allowed values:
|
Action: Get Indicators
This action retrieves all indicators from Cisco Secure Malware Analytics.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Limit | Enter the number of indicators to retrieve. Example: 50 | Integer | Optional | Default value:
|
Tags | Specify the tags to retrieve indicators that include these tags. The input can be a single tag as a string or a list of tags as a list. Example: "ransomware" $LIST[ransomware, phishing] | List | Optional | |
Created after | Specify the date to retrieve indicators that were created after this date. The date must be in ISO format. Example: "2021-07-05t00:00:00z" | Text | Optional |
Example Request
[
{
"tags": [{ransomware, phishing}],
"limit": 50,
"created_after": "2021-07-05T00:00:00Z"
}
]Action: Search Submissions
This action searches for all submissions based on the search query text.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the query for search. Example: "https://www.malicous.com" | Text | Required | |
After | Specify a time to retrieve records created after the specified time. You can specify the time value as a timestring, either iso-8601, or free-form. Example: "2021-07-05t00:00:00z" | Text | Optional | |
Before | Specify a time to retrieve records created before the specified time. You can specify the time value as a timestring, either iso-8601, or free-form. Example: "2020-07-05t00:00:00z" | Text | Optional | |
Limit | Enter the number of results to retrieve. Example: 50 | Integer | Optional | Default value:
|
Term | Specify the terms to limit the search results. Example: "domain" | Text | Optional | Allowed values:
|
User only | Specify if you want to return samples associated with the logged-in user only. Example: $JSON[True] | Boolean | Optional | Default value:
Allowed values:
|
Example Request
[
{
"query": "https://www.malicous.com",
"after": "2021-07-05t00:00:00z",
"before": "2020-07-05t00:00:00z",
"limit": 50,
"term": "ip",
"user_only": $JSON[True]
}
]Action: Submit URL
This action submits a URL for analysis.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL | Specify the URL to submit for analysis. Example: "http://malicious.com" | Text | Required |
Example Request
[
{
"url": "http://malicious.com"
}
]Action: Get Sample
This action returns the results of sample analysis.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
ID | Specify the ID of the sample to return. Example: "000017572d2ccf59a5d854ac90f4164e" | Text | Required |
Example Request
[
{
"id_": "370e1677c55943a09efd5b83553c64ae"
}
]Action: Wait For Sample
This action waits for sample analysis to complete and returns the results.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
ID | Specify the ID of the sample to retrieve. Example: "000017572d2ccf59a5d854ac90f4164e" | Text | Required | |
Timeout in seconds | Specify the number of seconds to wait for sample analysis. Typically the analysis takes 5 minutes but may be different in your environment. Example: 50 | Integer | Optional | Default value:
|
Example Request
[
{
"id_": "370e1677c55943a09efd5b83553c64ae",
"timeout_in_seconds": 50
}
]Action: Submit File
This action submits a file for analysis.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
File path | Specify the path to a file to submit for analysis. Example: "./test.txt" | Text | Required |
Example Request
[
{
"file_path": "./test.txt"
}
]