Intezer Analyze 2.1.0
App Vendor: Intezer
App Category: Forensics & Malware Analysis
Connector version: 2.1.0
API Version: v2
About App
Intezer Analyze app allows security teams to integrate with the Intezer Analyze enterprise application and automates alert triage, incident response, and threat hunting by analyzing potential threats. In Orchestrate, Intezer detects threat mutations by identifying any reused code or techniques, helping you streamline the workload and stay ahead of attackers.
Intezer Analyze app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Get Analysis | This action retrieves the requested analysis. |
Get Sub-Analysis | This action retrieves a list of sub-analysis. |
Get Sub-Analysis Metadata | This action retrieves the details of sub-analysis metadata. |
Get Sub-Analysis Related Samples | This action retrieves a list of sub-analysis-related account samples. |
Get Sub-Analysis Relations | This action retrieves details of sub-analysis metadata using the ID of analysis, sub-analysis, and family from the Intezer Analyze application. |
Get Sub-Analysis Reuse Code | This action retrieves details of the sub-analysis reuse code. |
Search Analysis | This action searches for an analysis using the hash value from the Intezer Analyze application. |
Submit File | This action submits a file for analysis. |
Submit Hash | This action submits a hash value for analysis. |
Submit URL | This action submits a URL for analysis. |
Get URL Analysis Result | This action retrieves the analysis result of a URL. |
Configuration Parameters
The following configuration parameters are required for the Intezer Analyze app to communicate with the Intezer Analyze enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API key. Example: 129076d7-a5f3-40g9-b0xz-op020b3265zz | Password | Required |
Action: Get Analysis
This action retrieves the requested analysis.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Analysis ID | Enter the analysis ID or an analysis endpoint. Example: Endpoint: "/analyses/cb9cb4ab-d6bd-45f7-9c9e-739973579c10 or cb9cb4ab-d6bd-45f7-9c9e-739973579c10" ID: "cb9cb4ab-d6bd-45f7-9c9e-739973579c10" | Text | Required | A unique identifier assigned to the results of this analysis. You can use this identifier in other endpoints to retrieve more details about the analysis. Note: Analysis ID is a part of the request. |
Example Request
[
{
"analysis_id": "cb9cb4ab-d6bd-45f7-9c9e-739973579c10"
}
]Action: Get Sub-Analysis
This action retrieves a list of sub-analysis.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Analysis ID | Enter the analysis ID or an analysis endpoint. Example: Endpoint:"/analyses/cb9cb4ab-d6bd-45f7-9c9e-739973579c10 or cb9cb4ab-d6bd-45f7-9c9e-739973579c10" ID:"cb9cb4ab-d6bd-45f7-9c9e-739973579c10" | Text | Required |
Example Request
[
{
"analysis_id": "cb9cb4ab-d6bd-45f7-9c9e-739973579c10"
}
]Action: Get Sub-Analysis Metadata
This action retrieves the details of sub-analysis metadata.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Analysis ID | Enter the analysis ID or an analysis endpoint. Example: Endpoint:"/analyses/cb9cb4ab-d6bd-45f7-9c9e-739973579c10 or cb9cb4ab-d6bd-45f7-9c9e-739973579c10" ID:"cb9cb4ab-d6bd-45f7-9c9e-739973579c10" | Text | Required | |
Sub-Analysis ID | Enter the sub-analysis ID. Example: "4cde97da-4b56-44e4-9b79-08717b1f335d" | Text | Required | A unique identifier assigned to the results of each child file. |
Example Request
[
{
"analysis_id": "cb9cb4ab-d6bd-45f7-9c9e-739973579c10",
"sub_analysis_id": "4cde97da-4b56-44e4-9b79-08717b1f335d"
}
]Action: Get Sub-Analysis Relations
This action retrieves the details of sub-analysis metadata using the ID of analysis, sub-analysis, and family from the Intezer Analyze application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Analysis ID | Enter the analysis ID or an analysis endpoint. Example: Endpoint:"/analyses/cb9cb4ab-d6bd-45f7-9c9e-739973579c10 or cb9cb4ab-d6bd-45f7-9c9e-739973579c10" ID:"cb9cb4ab-d6bd-45f7-9c9e-739973579c10" | Text | Required | |
Sub-Analysis ID | Enter the sub-analysis ID. Example: "4cde97da-4b56-44e4-9b79-08717b1f335d" | Text | Required | |
Family ID | Enter the family ID. Example: "f547e65e-3160-4f50-8f12-781679173ba4" | Text | Required | A UUID identifier of the family. The family ID can be used to extract additional information from Intezer Analyze, such as related samples. |
Example Request
[
{
"family_id": "f547e65e-3160-4f50-8f12-781679173ba4",
"analysis_id": "cb9cb4ab-d6bd-45f7-9c9e-739973579c10",
"sub_analysis_id": "4cde97da-4b56-44e4-9b79-08717b1f335d"
}
]Action: Get Sub-Analysis Reuse Code
This action retrieves details of the sub-analysis reuse code.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Analysis ID | Enter the analysis ID or an analysis endpoint. Example: Endpoint:"/analyses/cb9cb4ab-d6bd-45f7-9c9e-739973579c10 or cb9cb4ab-d6bd-45f7-9c9e-739973579c10" ID:"cb9cb4ab-d6bd-45f7-9c9e-739973579c10" | Text | Required | |
Sub-Analysis ID | Enter the sub-analysis ID. Example: "4cde97da-4b56-44e4-9b79-08717b1f335d" | Text | Required |
Example Request
[
{
"analysis_id": "/analyses/cb9cb4ab-d6bd-45f7-9c9e-739973579c10",
"sub_analysis_id": "4cde97da-4b56-44e4-9b79-08717b1f335d"
}
]Action: Search Analysis
This action searches for an analysis using the hash value from the Intezer Analyze application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash value | Enter the hash value. Example: "275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f" | Text | Required |
Example Request
[
{
"hash_value": "275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f"
}
]Action: Submit File
This action submits a file for analysis.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
File path | Enter a full file path to a file. Example: "/tmp/1234123412341234/eicar.txt" | Text | Required | |
Code item type | Enter the type of binary file uploaded. It can be either file or memory_module. | Text | Optional | Default value: File |
Disable dynamic execution | Choose to disable or enable the dynamic execution process. | Boolean | Optional | Default value: False |
Disable static extraction | Choose to disable or enable the static extraction process. | Boolean | Optional | Default value: False |
Example Request
[
{
"file_path": "/tmp/300da754-0444-476b-aacf-bf1b9690f321/eicar.txt",
"code_item_type": "file",
"disable_dynamic_execution": true,
"disable_static_extraction": true
}
]Action: Submit Hash
This action submits a hash value for analysis.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash value | Enter a hash value. Example: "275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f" | Text | Required |
Example Request
[
{
"hash_value": "275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f"
}
]Action: Submit URL
This action submits a URL for analysis.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
URL | Enter a URL that you need to analyze. Example: "https://intezer.com" | Text | Required |
Example Request
[
{
"url": "https://intezer.com"
}
]Action: Get URL Analysis Result
This action retrieves the analysis result of a URL.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Analysis ID | Enter an analysis ID to retrieve the analysis result of a URL. Example: "0833e33b-2dcd-4d48-a853-8b4822675911" | Text | Required | You can retrieve an analysis ID from the response of the action Submit URL. |
Example Request
[
{
"analysis_id": "0833e33b-2dcd-4d48-a853-8b4822675911"
}
]