Hybrid Analysis
Version: 2.0.1
Hybrid Analysis is a free malware analysis service for the community.
Connect Hybrid Analysis with LogicHub
- Navigate to Automations > Integrations.
- Search for Hybrid Analysis.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- API Key: The API key to connect to the Hybrid Analysis.
- After you've entered all the details, click Connect.
Actions for Hybrid Analysis
Analyze and Wait
Analyze and wait submits a file and waits for the analysis to be completed.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Filename Column Name | Column name from parent table to lookup filename values. | Required |
| Correlation ID Column Name | Column name from parent table with the correlation ids (Default is Empty value). | Required |
| Environment ID | The environment relevant to the files being analyzed. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Successful/Failure message.
{
"has_error": true,
"analysis_result": null,
"error": "[Errno 21] Is a directory: u'/opt/files/shared/integrationsFiles/'"
}
Analyze
Analyze submits a file and immediately returns the job description, which can later be used to retrieve the report.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Filename Column Name | Column name from parent table to lookup filename values. | Required |
| Environment ID | The environment relevant to the files being analyzed. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Successful/Failure message.
{
"has_error": true,
"analysis_result": null,
"error": "[Errno 21] Is a directory: u'/opt/files/shared/integrationsFiles/'"
}
Submit URL and Wait
Submit an URL and wait for the analysis to be completed.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| URL Column Name | Column name from parent table with the URLs to analyze. | Required |
| Correlation ID Column Name | Column name from parent table with the correlation ids (Default is Empty value). | Required |
| Environment ID | The environment relevant to the files being analyzed. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Successful/Failure message.
{
"has_error": true,
"analysis_result": null,
"error": "400 Client Error: Bad Request for url: https://www.hybrid-analysis.com/api/v2/submit/url-for-analysis"
}
Submit URL
Submits an URL and returns the corresponding job description.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| URL Column Name | Column name from parent table with the URLs to analyze. | Required |
| Environment ID | The environment relevant to the files being analyzed. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Successful/Failure message.
{
"has_error": true,
"analysis_result": null,
"error": "400 Client Error: Bad Request for url: https://www.hybrid-analysis.com/api/v2/submit/url-for-analysis"
}
Get Report
Takes a job ID and fetches its report. Works with either File or URL jobs.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Job ID Column Name | Takes a job id and fetches its report. Works with either File or URL jobs. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Successful/Failure message.
{
"has_error": true,
"analysis_result": null,
"error": "404 Client Error: Not Found for url: https://www.hybrid-analysis.com/api/v2/report//state"
}
URL Quick Scan
Quickly check if there are any historical reports for a URL, returns report ids(if there are any), and a sha256 hash for the lookup.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| URL Column Name | Column name from parent table to lookup URL values. | Required |
| Scan Type | The Hybrid Analysis scan type (e.g. "lookup_ha" or "all"). | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Successful/Failure message.
{
"validation_errors": [
{
"field": "url",
"errors": [
"This value should not be blank."
]
}
],
"message": "Input data validation has failed. Please check 'validation_errors' field to get more data."
}
Get Report with sha256 hashes
Returns a list of reports, given a list of hashes as an input.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Hash(SHA256) Column Name | Column name from parent table to lookup hash values. | Required |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: Successful/Failure message.
{}
Release Notes
v2.0.1- Bug fix in actionGet Report with sha256 hashes: Resulting in more than the expected number of rows when an error is encountered.v2.0.0- Updated architecture to support IO via filesystemv1.3.9- Added documentation link in the automation library.
Updated about 1 year ago