VMRay Analyzer
App Vendor: VMRay
App Category: Forensics & Malware Analysis
Connector Version: 1.2.0
API version: 1.1.0
About App
The VMRay Analyzer app offers a smart threat analysis and detection platform to solve some of the toughest malware challenges faced by organizations. It empowers security teams to handle increasing volumes and diversity of threats with precision. VMRay Analyzer offers accurate analysis based on samples and rules to enable security teams to get better visibility into the malware behaviour, reduce attacker dwell time, and scale up security.
The VMRay Analyzer app in the Orchestrate application performs the following actions:
Action | Description |
|---|---|
Create Sample Relation | This action creates a sample relation between two samples, identified as a parent and child. |
Create YARA Ruleset | This action creates a YARA ruleset. YARA rules are a set of powerful rules to identify malware. |
Get all YARA Rulesets | This action retrieves all the YARA rulesets. |
Get Virustotal Analysis | This action retrieves all or specific Virustotal analysis in the system. |
Get Reputation Lookup Analysis | This action retrieves all or specific reputation analysis in the system. |
Get Static and Dynamic Analysis | This action retrieves all or specific dynamic and static analysis in the system. |
Get Sample Mitre Attack Techniques | This action retrieves the mitre attack techniques in a sample. |
Get Sample VMRay Threat Identifiers | This action retrieves the VMRay threat identifiers in a sample. |
Get Sample Report | This action retrieves the report of a sample in JSON format. |
Get Sample IOCs in STIX format | This action retrieves the indicators of compromise of a sample in STIX format. |
Get Sample IOCs in CSV format | This action retrieves the indicators of compromise of a sample in CSV format. |
Get Sample IOCs | This action retrieves the indicators of compromise of a sample in the default JSON format. |
Get Submission | This action retrieves details about all the samples submitted for analysis. |
Get Sample Metadata | This action retrieves metadata of the sample submitted. |
Submit a Sample | This action submits a sample for analysis. |
Get Submission Data by Submission ID | This action retrieves all the submission IDs. |
Generic Action | This generic action transcends the actions implemented by making a request to any endpoint. |
Configuration Parameters
The following configuration parameters are required for the VMRay Analyzer app to communicate with the VMRay Analyzer enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL of the VMRay Analyzer application. | Text | Required | |
API Key | Enter the API key for authentication of the VMRay Analyzer application. | Password | Required | |
Verify | Choose to perform or skip the SSL certificate verification. | Boolean | Optional | Default value: True |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with the VM analyzer. | Integer | Optional | Allowed values: 15-120 secs Default value: 15 secs |
Action: Create Sample Relation
This action creates a sample relation between two samples (identified as parent and child samples) that may be related to each other. The parent sample is identified by the submission_id and the child sample by its sample_id.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Relation | Enter the type of relation to be used between the parent and the child samples. Example: "Downloaded file" | Text | Required | Allowed values:
|
Sample ID | Enter the ID of the child sample. | Integer | Required | |
Submission ID | Enter the ID of the parent sample. | Integer | Required |
Example Request
[
{
"relation": "Downloaded File",
"sample_id": 35167,
"submission_id": 6307
}
]Action: Get All YARA Rulesets
This action retrieves all the YARA rulesets.
Action Input Parameters
This action does not require any input parameters.
Action: Get Virustotal Analysis
This action retrieves all or specific Virustotal analysis in the system. The Virustotal analysis is based on suspicious files and URLs to detect types of malware.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Virustotal Analysis ID | Enter the ID of Virustotal analysis to be queried. | Integer | Optional |
Example Request
[
{
"virustotal_analysis_id": 9854123
}
]Action: Get Reputation Lookup Analysis
This action retrieves all or specific reputation analysis in the system. This reputation analysis helps in identifying known good or bad files.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Reputation lookup ID | Enter the ID of the reputation analysis to be queried. | Integer | Optional |
Example Request
[
{
"reputation_lookup_id": 876111
}
]Action: Get Static and Dynamic Analysis
This action retrieves static and dynamic analysis in the system. Static analysis helps in detecting active elements that could mean a threat is near. The dynamic analysis helps in digging deep to reveal and block any suspicious malware behavior.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Analysis ID | Enter the ID of the analysis to be queried for static and dynamic analysis. | Integer | Optional |
Example Request
[
{
"analysis_id": 3516
}
]Action: Get Sample MITRE Attack Techniques
This action retrieves the mitre attack techniques in a sample. Mitre attack techniques is a knowledge base of tactics and techniques based on real world observations of security threats.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sample ID | Enter the ID of the sample to be queried for mitre attack techniques. | Integer | Required |
Example Request
[
{
"sample_id": 35167
}
]Action: Get Sample VMRay Threat Identifiers
This action retrieves the VMRay threat identifiers of a sample.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sample ID | Enter the ID of the sample to be queried for threat identifiers. | Integer | Required |
Example Request
[
{
"sample_id": 764254
}
]Action: Get Sample Report
This action retrieves the report of a sample in PDF format.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sample ID | Enter the ID of the sample for which the report must be retrieved. | Integer | Required | |
Save as File | Select true to save the response as a file. | Boolean | Optional | The default value is false. |
Example Request
[
{
"sample_id": 35167
}
]Action: Get Sample IOCs in STIX Format
This action retrieves the indicators of compromise of a sample in STIX format.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sample ID | Enter the ID of the sample to be queried for IOCs. | Integer | Required |
Example Request
[
{
"sample_id": 676365
}
]Action: Get Sample IOCs in CSV Format
This action retrieves the indicators of compromise of a sample in CSV format.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sample ID | Enter the ID of the sample to be queried for IOCs. | Integer | Required |
Example Request
[
{
"sample_id": 676365
}
]Action: Get Sample IOCs
This action retrieves the indicators of compromise of a sample in default JSON format.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sample ID | Enter the ID of the sample to be queried for IOCs. | Integer | Required |
Example Request
[
{
"sample_id": 676365
}
]Action: Get Submission
This action retrieves all the submission details.
Action Input Parameters
This action does not require any input parameters.
Action: Get Sample Metadata
This action retrieves the metadata of a sample using the sample ID, such as sample_score, sample_highest_vti_score, sample_last_reputation_severity, sample_last_md_score, or sample_last_vt_score.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sample ID | Enter the ID of the sample to be queried for retrieving the metadata. | Integer | Optional |
Example Request
[
{
"sample_id": 676365
}
]Action: Submit a Sample
This action submits a sample file for analysis.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
File path | Enter the sample type to be submitted. | Text | Required | Allowed values:
Default value: File |
Value | Enter the file path (if the type is a file) or the URL (if the type is a URL). | Text | Required |
Example Request
[
{
"filepath": "/tmp/examplefilepath/examplefile.txt"
}
]Action: Get Submission Data by Submission ID
This action retrieves all the submission IDs.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Submission ID | Enter the submission ID to get the submission data. Example: 3861706 | Text | Required |
|
Action: Generic Action
This generic action transcends the actions implemented by making a request to any endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make. Example: GET | Text | Required | |
Endpoint | Enter the endpoint to make the request. Example: /api/vulnerabilities/{cve_id}/affected-projects. | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Save as File | Select true to save the response as a file. | Boolean | Optional | The default value is false. |