forked from phantomcyber/playbooks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ReversingLabs_TitaniumScale_File_Analysis.json
126 lines (126 loc) · 4.34 KB
/
ReversingLabs_TitaniumScale_File_Analysis.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
{
"blockly": false,
"blockly_xml": "<xml></xml>",
"category": "File Reputation",
"coa": {
"data": {
"description": "Detonates file on ReversingLabs TitaniumScale instance and retrieves report.",
"edges": [
{
"id": "port_0_to_port_2",
"sourceNode": "0",
"sourcePort": "0_out",
"targetNode": "2",
"targetPort": "2_in"
},
{
"id": "port_2_to_port_1",
"sourceNode": "2",
"sourcePort": "2_out",
"targetNode": "1",
"targetPort": "1_in"
}
],
"hash": "510444667a807c58081ee8db0fd114470cc8d8a1",
"nodes": {
"0": {
"data": {
"advanced": {
"join": []
},
"functionName": "on_start",
"id": "0",
"type": "start"
},
"errors": {},
"id": "0",
"type": "start",
"warnings": {},
"x": 1000,
"y": 419.99999999999955
},
"1": {
"data": {
"advanced": {
"join": []
},
"functionName": "on_finish",
"id": "1",
"type": "end"
},
"errors": {},
"id": "1",
"type": "end",
"warnings": {},
"x": 1000,
"y": 660
},
"2": {
"data": {
"action": "detonate file and get report",
"actionType": "generic",
"advanced": {
"customName": "titaniumscale detonate file",
"customNameId": 0,
"join": [],
"note": "Detonates file on ReversingLabs TitaniumScale instance and retrieves report."
},
"connector": "ReversingLabs TitaniumScale v2",
"connectorConfigs": [
"reversinglabs_titaniumscale_v2"
],
"connectorId": "e12f831a-9a3a-42a7-97f4-36fd6ba436e5",
"connectorVersion": "v1",
"functionId": 1,
"functionName": "titaniumscale_detonate_file",
"id": "2",
"parameters": {
"full_report": true,
"vault_id": "artifact:*.cef.vaultId"
},
"requiredParameters": [
{
"data_type": "string",
"default": "",
"field": "vault_id"
}
],
"type": "action"
},
"errors": {},
"id": "2",
"type": "action",
"warnings": {},
"x": 980,
"y": 520
}
},
"notes": ""
},
"input_spec": null,
"output_spec": [
{
"contains": [],
"datapaths": [
"detonate_file_and_get_report_1:action_result.data.*.tc_report.classification.classification"
],
"deduplicate": false,
"description": "",
"metadata": {},
"name": "Classification"
}
],
"playbook_type": "automation",
"python_version": "3",
"schema": "5.0.8",
"version": "5.5.0.108488"
},
"create_time": "2023-06-01T15:17:52.635815+00:00",
"draft_mode": false,
"labels": [
"*"
],
"tags": [
"Externally Authored Content"
]
}