Hybrid Analysis

Hybrid Analysis is a free malware analysis service for the community.

Integration with LogicHub

Connecting with Hybrid Analysis

To connect to Hybrid Analysis following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • API Key: The API key to connect to the Hybrid Analysis.

Actions with Hybrid Analysis

Analyze and Wait

Analyze and wait submits a file and waits for the analysis to be completed.

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • Filename Column Name: Column name from parent table to lookup filename values.
  • Correlation ID Column Name: Column name from parent table with the correlation ids (Default is Empty value).
  • Environment ID: The environment relevant to the files being analyzed.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: Successful/Failure message.
{
   "has_error": true,
   "analysis_result": null,
   "error": "[Errno 21] Is a directory: u'/opt/files/shared/integrationsFiles/'"
}

Analyze

Analyze submits a file and immediately returns the job description, which can later be used to retrieve the report.

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • Filename Column Name: Column name from parent table to lookup filename values.
  • Environment ID: The environment relevant to the files being analyzed.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: Successful/Failure message.
{
   "has_error": true,
   "analysis_result": null,
   "error": "[Errno 21] Is a directory: u'/opt/files/shared/integrationsFiles/'"
}

Submit URL and Wait

Submit an URL and wait for the analysis to be completed.

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • URL Column Name: Column name from parent table with the URLs to analyze.
  • Correlation ID Column Name: Column name from parent table with the correlation ids (Default is Empty value).
  • Environment ID: The environment relevant to the files being analyzed.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: Successful/Failure message.
{
   "has_error": true,
   "analysis_result": null,
   "error": "400 Client Error: Bad Request for url: https://www.hybrid-analysis.com/api/v2/submit/url-for-analysis"
}

Submit URL

Submits an URL and returns the corresponding job description.

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • URL Column Name: Column name from parent table with the URLs to analyze.
  • Environment ID: The environment relevant to the files being analyzed.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: Successful/Failure message.
{
   "has_error": true,
   "analysis_result": null,
   "error": "400 Client Error: Bad Request for url: https://www.hybrid-analysis.com/api/v2/submit/url-for-analysis"
}

Get Report

Takes a job ID and fetches its report. Works with either File or URL jobs.

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • Job ID Column Name: Takes a job id and fetches its report. Works with either File or URL jobs.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: Successful/Failure message.
{
   "has_error": true,
   "analysis_result": null,
   "error": "404 Client Error: Not Found for url: https://www.hybrid-analysis.com/api/v2/report//state"
}

URL Quick Scan

Quickly check if there are any historical reports for a URL, returns report ids(if there are any), and a sha256 hash for the lookup.

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • URL Column Name: Column name from parent table to lookup URL values.
  • Scan Type: The Hybrid Analysis scan type (e.g. "lookup_ha" or "all").

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: Successful/Failure message.
{
   "validation_errors": [
      {
         "field": "url",
         "errors": [
            "This value should not be blank."
         ]
      }
   ],
   "message": "Input data validation has failed. Please check 'validation_errors' field to get more data."
}

Get Report with sha256 hashes

Returns a list of reports, given a list of hashes as an input.

Inputs to this Action

  • Connections: Choose a connection that you have created.
  • Hash(SHA256) Column Name: Column name from parent table to lookup hash values.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: Successful/Failure message.
{}

Did this page help you?