Intezer
Version: 1.1.3
Intezer is a platform built to analyze and investigate every alert like an experienced security analyst and reverse engineer.
Connect Intezer with Logichub
- Navigate to Automations > Integrations.
- Search for Intezer.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Intezer API Key: API Key for Intezer.
- After you've entered all the details, click Connect.
Get Latest Hash Result
This endpoint enables you to retrieve the latest available results of a previously analyze file by specifying its hash.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Hash Value | Jinja-templated text containing the hash value | Required |
Should Only Get Private Analyses | Jinja-templated text containing the boolean. Default is 'false' | Optional |
Should Only Get Composed Analyses | Jinja-templated text containing the boolean. Default is 'true' | Optional |
Output
JSON containing the following items:
{
"result":{
"analysis_id":"7e812ee9-701b-4bd2-9c48-asdfasdf6afb",
"analysis_time":"Wed, 30 Aug 2023 12:15:50 GMT",
"analysis_url":"https://analyze.intezer.com/analyses/7e812ee9-701b-4bd2-9c48-asdfasdfasdfafb",
"file_name":"c8ed1easdfasdfasdfd4fe98a7",
"is_private":true,
"sha256":"844491c8asdfasdfasdfasdfsadfa72696eb4b41bbe",
"sub_verdict":"inconclusive",
"verdict":"unknown"
},
"has_error":false,
"error":null,
"status":"succeeded",
"result_url":"/analyses/7e812ee9-701b-4bd2-9c48-asdfasdasdfafb"
}
Analyze a File
This endpoint enables you to submit a file to be analyzed.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
File Id | Jinja-templated text containing the file id. | Required |
Additional Fields | Jinja-templated JSON containing the additional fields to be passed on Intezer API. Example '{"code_item_type":"file","disable_dynamic_execution":"false"}' | Optional |
Output
JSON containing the following items:
{
"result_url":"/analyses/7e812ee9-701b-4bd2-9c48-asdfasdfasdafb",
"error":null,
"has_error":false
}
Get Analysis Result
This endpoint retrieves a summary of a file analysis, the summary provides high-level analysis results.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Analysis Id | Jinja-templated text containing the analysis Id. | Required |
Output
JSON containing the following items:
{
"result":{
"analysis_id":"9ca16018-abb5-4d39-b16a-asdfasdfsdf992",
"analysis_time":"Wed, 30 Aug 2023 11:45:26 GMT",
"analysis_url":"https://analyze.intezer.com/analyses/9ca16018-abb5-4d39-b16a-asdfasdfasdf992",
"file_name":"a8bb5f931f8b446fab071cbe6c58196f",
"is_private":true,
"sha256":"844491c83df1asdfasdfasdfasdfsadfasdfecdccd7955a72696eb4b41bbe",
"sub_verdict":"inconclusive",
"verdict":"unknown"
},
"has_error":false,
"error":null,
"status":"succeeded",
"result_url":"/analyses/9ca16018-abb5-4d39-b16a-asdfasdf992"
}
Download PCAP
Download the PCAP file of a specific analysis.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Analysis Id | Jinja-templated text containing the analysis Id. | Required |
Output
JSON containing the following items:
{
"fileId":"20335089f4bb4ccasdfasdfsadf06be.pcap",
"error":null,
"has_error":false
}
Get File Metadata
Get the root analysis sample's metadata.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Analysis Id | Jinja-templated text containing the analysis Id. | Required |
Output
JSON containing the following items:
{
"sha1":"eff2883619ff1asdfasdfasdfsadfef634f",
"sha256":"844491c83df175a63e2f7asdfasdfasdfasdf72696eb4b41bbe",
"has_error":false,
"size_in_bytes":873,
"md5":"c47ba7e012asdfasdfasdf7daf",
"error":null,
"ssdeep":"12:XKNzeiilnuPf5yblaB+qjptPf5asdfasdfasdfasdfasdfasdfasfdsadfsadfKFe8sblaTsbZ1UwJuBamLuNDqDkGHSB",
"indicators":[
{
"classification":"informative",
"name":"non_executable"
}
],
"file_type":"non executable"
}
Analyze A URL
Submits a URL to be analyzed.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
URL | Jinja-templated text containing URL to analyze. | Required |
Output
JSON containing the following items:
{
"result_url": "/url/0833e33b-2dcd-4d48-a853-8b4822675911",
"error": null,
"has_error": false
}
Get URL Analysis Result
This endpoint retrieves a summary of the analysis of a URL analysis, the summary provides high-level analysis results
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Analysis Id | Jinja-templated text containing the analysis Id. | Required |
Output
JSON containing the following items:
{
"result": {
"analysis_id": "0833e33b-2dcd-4d48-a853-8b4822675911",
"analysis_time": "Wed, 17 Oct 2018 15:16:45 GMT",
"analysis_url": "https://analyze.intezer.com/url/0833e33b-2dcd-4d48-a853-8b4822675911",
"api_void_risk_score": 0,
"domain_info": {
"creation_date": "1997-08-13 04:00:00.000000",
"domain_name": "string",
"registrar": "TUCOWS, INC."
},
"downloaded_file": {
"analysis_id": "string",
"analysis_summary": {
"verdict_description": "string",
"verdict_name": "malicious",
"verdict_type": "malicious"
},
"sha256": "string"
},
"indicators": [
{
"classification": "string",
"text": "string"
}
],
"ip": "string",
"redirect_chain": [
{
"response_status": 0,
"url": "string"
}
],
"scanned_url": "https://www.intezer.com",
"submitted_url": "www.intezer.com",
"summary": {
"main_connection_gene_count": 0,
"main_connection_gene_percentage": 0,
"title": "string",
"verdict_name": "phishing",
"verdict_type": "malicious"
}
},
"result_url": "/analyses/0833e33b-2dcd-4d48-a853-8b4822675911",
"status": "succeeded",
"error": null,
"has_error": false
}
Get Quota Usage
Get information about quota usage
Input Field
Choose a connection that you have previously created.
Output
JSON containing the following items:
{
"result": {
"file_scans": {
"quota": 500,
"type": "monthly",
"usage": 5
},
"endpoint_scans": {
"quota": 50,
"type": "monthly",
"usage": 1
}
},
"error": null,
"has_error": false
}
Get Family Artifacts
Generate artifacts by family report
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Family Id | Jinja-templated text containing the family Id. | Required |
First Seen | Jinja-templated text containing the first seen filtering artifacts in range of first_seen until current timestamp. Example: '1652083866' | Optional |
Output
JSON containing the following items:
{
"result_url": "/families/0833e33b-2dcd-4d48-a853-8b4822675911/artifacts",
"status": "string",
"error": null,
"has_error": false
}
Get An Artifacts By Family Report
This endpoint retrieves an artifacts by family report with distribution metadata
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Family Id | Jinja-templated text containing the family Id. | Required |
Output
JSON containing the following items:
{
"result": {
"artifacts": [
{
"artifact_type": "string",
"artifact_value": "string",
"effectiveness": "string",
"first_seen": 0
}
]
},
"result_url": "/analyses/0833e33b-2dcd-4d48-a853-8b4822675911",
"status": "succeeded",
"error": null,
"has_error": false
}
Get Code Reuse
Get code reuse findings for the root analysis
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Analysis Id | Jinja-templated text containing the analysis Id. | Required |
Output
JSON containing the following items:
{
"common_gene_count": 399,
"gene_count": 396,
"gene_type": "native_windows",
"unique_gene_count": 23,
"families": [
{
"family_id": "f547e65e-3160-4f50-8f12-781679173ba4,",
"family_name": "Longhorn,",
"family_type": "malware,",
"reused_gene_count": 220
},
{
"family_id": "0d4b51b7-c4cf-4969-adf6-1291f1a507ea,",
"family_name": "Plexor,",
"family_type": "malware,",
"reused_gene_count": 4
},
{
"family_id": "94c0fcf1-b017-46af-a01e-9c2791f27c7b,",
"family_name": "The Qt Company Ltd,",
"family_type": "library,",
"reused_gene_count": 72
},
{
"family_id": "d803322d-e659-44fd-a198-bc8b42397b04,",
"family_name": "Microsoft Visual C/C++ Libraries,",
"family_type": "library,",
"reused_gene_count": 63
}
],
"error": null,
"has_error": false
}
Release Notes
v1.1.3
- Updated the description ofAnalyze a File
.v1.1.1
- Added 6 new actions:Analyze A URL
,Get URL Analysis Result
,Get Quota Usage
,Get Family Artifacts
,Get An Artifacts By Family Report
andGet Code Reuse
.v1.0.1
- Introduced integration with actions:Get Latest Hash Result
,Analyze a File
,Get Analysis Result
,Download PCAP
andGet File Metadata
.
Updated 9 months ago