Cuckoo

Cuckoo is an open-source automated malware analysis system. It's used to automatically run and analyze files and collect comprehensive analysis results that outline what the malware does while running inside an isolated operating system.

Integration with LogicHub

Connecting with Cuckoo

To connect to Cuckoo following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • Server URL: The URL of your Cuckoo instance.

Actions with Cuckoo

Analyze and Wait

Analyze and wait submits a file and waits for the analysis to be completed.

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • Column Name: Select the column name from parent table to lookup value for.

Output of Action
JSON containing the following items:

  • result: Completes the analysis of the file.
{
   "has_error": true,
   "error": "No result available as File ID is empty."
}

Analyze

Submits a file for analysis.

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • Column Name: Select the column name from parent table to lookup value for.

Output of Action
JSON containing the following items:

  • result: Analyzes the file.
{
   "has_error": true,
   "error": "No result available as File ID is empty."
}

Did this page help you?