ReversingLabs A1000
App Vendor: ReversingLabs
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.1.0
API Version: 1.0.0
About App
ReversingLabs A1000 provides advanced hunting and investigations using the TitaniumCore high-speed automated static analysis engine and integrates with file reputation services to provide in-depth rich context and threat classification on over 10 billion files across all supported file types. It supports visualization, APIs for automated workflows, global and local Yara rules matching, and integration with third-party sandbox tools.
The ReversingLabs A1000 app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Submit URL for Analysis | This action submits a URL to the ReversingLabs A1000 platform for analysis. |
Check Submitted URL Status | This action checks the status of a URL submitted for analysis. |
Submit File for Analysis | This action submits a file to the ReversingLabs A1000 platform for static and dynamic analysis. |
Check Submitted File Status | This action checks the processing status of a submitted sample file. |
Reanalyze sample with TitaniumCore and TitaniumCloud | This action analyzes a sample that is previously uploaded on the ReversingLabs A1000 platform. |
Reanalyze multiple samples with TitaniumCore and TitaniumCloud | This action analyzes multiple samples that are previously uploaded on the ReversingLabs A1000 platform. |
Get User Tags for Sample | This action retrieves user tags for the requested sample. |
Create User Tags for Sample | This action adds one or more user tags to the sample, regardless of whether the sample already has any tags. |
Delete User Tags From Sample | This action deletes one or more user tags to the sample, regardless of whether the sample already has any tags. |
Create PDF Report | This action generates a PDF report of the hash of an existing sample. |
Check PDF Creation Status | This action checks the status of a PDF report to generate. This action returns the message "pdf is ready for download" when successful. |
Download PDF Report | This action downloads the PDF report of the hash of an existing sample. |
Get Analysis Report | This action retrieves a summary of the analysis report for a single sample or for multiple samples. |
Get Detailed Analysis Report | This action retrieves all or selected parts of the analysis report - including static, dynamic, and cloud analysis of a single sample or for multiple samples. |
Search for Local Sample | This action searches for samples available on the local ReversingLabs A1000 instance using advanced search capabilities. |
Configuration Parameters
The following configuration parameters are required for the ReversingLabs A1000 app to communicate with the Reversing Labs A1000 enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL to access ReversingLabs. Example: "http://a1000-dev.rl.lan" | Text | Required | |
API token | Enter the API token to authenticate with. | Text | Required | |
Verify | Choose to verify the SSL certificate or not. | Boolean | Optional |
Action: Submit URL for Analysis
This action submits a URL to the ReversingLabs A1000 platform for analysis.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL | Enter the URL to submit for analysis. Example: "https://tr.pl" | Text | Required |
Example Request
[
{
"url": "https://tr.pl"
}
]Action: Check Submitted URL Status
This action checks the status of a URL submitted for analysis.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Submission Task ID | Enter the identification number of the submission processing task. Example: "55" | Text | Required |
Example Request
[
{
"id": "55"
}
]Action: Submit File for Analysis
This action submits a file to the ReversingLabs A1000 platform for static and dynamic analysis.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
File path | Enter the file path of the sample for analysis. Example: "/tmp/84a55048-decc-4ecb-b497-32eeab6d45ec/asdf.txt" | Text | Required | |
Tags | Enter one or more user tags to assign to the uploaded sample. You can add multiple tags as a comma-separated list. A single tag must be between 2 and 40 characters long. Example: "sample_tag" | Text | Optional | |
Comment | Enter the optional comment to add to the uploaded sample. Example: "Example Comment" | Text | Optional |
Example Request
[
{
"file_path": "/tmp/84a55048-decc-4ecb-b497-32eeab6d45ec/asdf.txt"
}
]Action: Check Submitted File Status
This action checks the processing status of a submitted sample file.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash values | Enter the hash of the sample for which the user wants to check the processing status. You can add multiple tags as a comma-separated list. A single tag must be between 2 and 40 characters long. Example: "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047" | Text | Required | Supported Hash Types:
|
Example Request
[
{
"hash_values": "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047"
}
]Action: Reanalyze sample with TitaniumCore and TitaniumCloud
This action analyzes a sample that is previously uploaded on the ReversingLabs A1000 platform.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash value | Enter the hash of the sample for which the user wants to check the processing status. Example: "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047" | Text | Required | Supported Hash Types:
|
Analysis | Enter the types of analysis that the requested sample should be queued. Example: "cloud" | Text | Required | Supported Analysis:
|
Example Request
[
{
"hash_value": "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047",
"analysis": "cloud"
}
]Action: Reanalyze multiple samples with TitaniumCore and TitaniumCloud
This action analyzes multiple samples that are previously uploaded on the ReversingLabs A1000 platform.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash value | Enter the hash of the sample for which the user wants to check the processing status. Example: "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047" | Text | Required | Supported Hash Types:
|
Analysis | Enter the types of analysis that the requested sample should be queued. Example: "cloud" | Text | Required | Supported Values:
|
Example Request
[
{
"hash_value": "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047",
"analysis": "cloud"
}
]Action: Get User Tags for Sample
This action retrieves user tags for the requested sample.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sample hash | Enter the hash for the sample. Example: "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047" | Text | Required | Supported Hash Types:
|
Example Request
[
{
"sample_hash": "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047"
}
]Action: Create User Tags for Sample
This action adds one or more user tags to the sample, regardless of whether the sample already has any tags.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sample hash | Enter the hash for the sample. Example: | Text | Required | Supported Hash Types:
|
Tags | Enter one or more tags. You can add multiple tags as a comma-separated list. A single tag must be between 2 and 40 characters long. Example: "sample_tag" | Text | Required |
Example Request
[
{
"sample_hash": "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047",
"tags": "sample_tag"
}
]Action: Delete User Tags From Sample
This action deletes one or more user tags to the sample, regardless of whether the sample already has any tags.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sample hash | Enter the hash for the sample. Example: "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047" | Text | Required | Supported Hash Type:
|
Tags | Enter one or more user tags to assign to the uploaded sample. You can add multiple tags as a comma-separated list. A single tag must be between 2 and 40 characters long. Example: "sample_tag" | Text | Required |
Example Request
[
{
"sample_hash": "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047",
"tags": "sample_tag"
}
]Action: Create PDF Report
This action generates a PDF report of the hash of an existing sample.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash | Enter the hash for the sample. Example: "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047" | Text | Required | Supported Hash Type:
|
Example Request
[
{
"hash": "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047"
}
]Action: Check PDF Creation Status
This action checks the status of a PDF report to generate. This action returns the message "pdf is ready for download" when successful.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash | Enter the hash for the sample. Example: "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047" | Text | Required | Supported Hash Types:
|
Example Request
[
{
"hash": "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047"
}
]Action: Download PDF Report
This action downloads the PDF report of the hash of an existing sample.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash | Enter the hash for the sample. Example: "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047" | Text | Required | Supported Hash Types:
|
Example Request
[
{
"hash": "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047"
}
]Action: Get Analysis Report
This action retrieves a summary of the analysis report for a single sample or for multiple samples.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash values | Enter the hash for the sample. Example: "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047" | Text | Required | Supported Hash Types:
|
Fields | Enter the list of report fields to include in the response. Some examples are ID, sha1, sha256, sha512, md5, and category. Example: | Text | Optional |
Example Request
[
{
"hash_values": "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047",
"fields": "ID"
}
]Action: Get Detailed Analysis Report
This action retrieves all or selected parts of the analysis report - including static, dynamic, and cloud analysis of a single sample or for multiple samples.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash values | Enter the hash for the sample. Example: "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047" | Text | Required | Supported Hash Types:
|
Fields | Enter the list of report fields to include in the response. Some examples fields are ID, sha1, sha256, sha512, md5, category, file_type, file_subtype, identification_name, identification_version, file_size, extracted_file_count. Example: "file_subtype" | Text | Optional |
Example Request
[
{
"hash_values": "4a3ce8ee11e091dd7923f4d8c6e5b5e41ec7c047",
"fields": "file_subtype"
}
]Action: Search for Local Sample
This action searches for samples available on the local ReversingLabs A1000 instance using advanced search capabilities.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter the query search expression. Example: "sample_file" | Text | Required | |
Page number | Enter the page number. Example: "10" | Text | Optional | |
Records per page | Enter the records returned per page. "10" | Text | Optional | Default value:
|
Sort | Enter the sort field. Example: "firstseen" | Text | Optional | Supported fields:
|
Example Request
[
{
"query": "sample_file",
"page": "10",
"records_per_page": "10",
"sort": "firstseen"
}
]