Hatching Triage
App Vendor: Hatching
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.0.0
API Version: 1.0.0
About App
Hatching Triage is a malware sandboxing solution with high-volume malware analysis capabilities. It leverages a unique architecture, developed with scaling in mind from the start.
The Hatching Triage app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Download Sample | This action downloads a sample from Hatching Triage. |
Get Profile Details | This action retrieves profile details from Hatching Triage. |
Get Sample Details | This action retrieves the details of a sample from Hatching Triage. |
Get Sample Overview | This action retrieves the overview of a sample from Hatching Triage. |
Get Static Report | This action retrieves the static report of a sample from Hatching Triage. |
List All Profiles | This action lists all profiles from Hatching Triage. |
List Samples Submitted by User | This action lists all samples submitted by a user. |
Search | This action searches available analysis for a range of IOCs or a file characteristic analysis. This action supports all filters and queries that can be used through the web interface of Hatching Triage. |
Submit File for Analysis | This action submits a file or a URL to Hatching Triage for analysis. |
Configuration Parameters
The following configuration parameters are required for the Hatching Triage app to communicate with the Hatching Triage enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API key to access the Hatching Triage application. | Password | Required |
Action: Download Malware Sample
This action downloads malware samples from Malware Bazaar.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash Value | Enter the SHA256 hash of the malware sample that is to be downloaded. Example:"80856a0fa6e70b90xx31bea004dd61d3e2xxsd56706813654601ade6ee9f87bcd" | Text | Required |
Example Request
[
{
"hash_value": "80856a0fa6e70b90xx31bea004dd61d3e2xxsd56706813654601ade6ee9f87bcd"
}
]
Action: Get Profile Details
This action retrieves profile details from Hatching Triage.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Profile ID | Enter a profile ID to retrieve its details. Example: "237d939c-2f66-4021-af7c-62a70e796f24" | Text | Required | You can retrieve a Profile ID using Action: List All Profiles. |
Example Request
[
{
"profile_id": "237d939c-2f66-4021-af7c-62a70e796f2"
}
]Action: Get Sample Details
This action retrieves the details of a sample from Hatching Triage.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sample ID | Enter a sample ID to retrieve its details. Example: "210412-6kw3lbnywa" | Text | Required | You can retrieve a Sample ID using Action: List Samples Submitted by User. |
Example Request
[
{
"sample_id": "210412-6kw3lbnywa"
}
]Action: Get Sample Overview
This action retrieves an overview of a sample from Hatching Triage.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sample ID | Enter a sample ID to retrieve an overview of a sample. Example: "210412-6kw3lbnywa" | Text | Required | You can retrieve a Sample ID using Action: List Samples Submitted by User. |
Example Request
[
{
"sample_id": "210412-6kw3lbnywa"
}
]Action: Get Static Report
This action retrieves static report of a sample from Hatching Triage.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Sample ID | Enter a sample ID to retrieve a static report. Example: "210412-6kw3lbnywa" | Text | Required | You can retrieve a Sample ID using Action: List Samples Submitted by User . |
Example Request
[
{
"sample_id": "210412-6kw3lbnywa"
}
]Action: List All Profiles
This action lists all profiles from Hatching Triage.
Action Input Parameters
This action does not require any action input parameter.
Action: List Samples Submitted by User
This action lists the samples submitted by a user.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Extra Params | Enter the extra parameters. | Key Value | Optional | Allowed key: subset Allowed values:
|
Action: Search
This action searches available analysis for a range of IOCs or a file characteristic analysis. This action supports all filters and queries that can be used through the web interface of Hatching Triage.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query | Enter a query to search analysis for a range of IOCs or a file characteristic analysis Example: "family:emotet" | Text | Required | For more information on the supported query parameters, see Search. |
Example Request
[
{
"query": "family:emotet"
}
]Action: Submit File for Analysis
This action submits a file or a URL to Hatching Triage for analysis.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
File Type | Enter the file type of a file that you need to submit for analysis. Example: "url" | Text | Required | Allowed values:
If the file type is set to fetch, then Hatching Triage downloads the file from the specified URL. |
Interactive | If set to true, the analysis profile must be chosen manually after the static analysis has finished. Example: true | Boolean | Optional | Allowed values:
|
URL | Enter an URL that you need to use as a sample. Example: "https://www.<sampleurl>.com" | Text | Optional | |
Filepath | Enter filepath of a file that needs to be analyzed. Example: "/tmp/17034f1a-1586-4db4-be4b-c2f70aa5b0ed/samplefile.txt" | Text | Optional |
Example Request
[
{
"url": "https://www.<sampleurl>.com",
"kind": "url",
"interactive": true
}
]