Intezer

Version: 1.1.3

Intezer is a platform built to analyze and investigate every alert like an experienced security analyst and reverse engineer.

Connect Intezer with Logichub

  1. Navigate to Automations > Integrations.
  2. Search for Intezer.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Intezer API Key: API Key for Intezer.
  4. After you've entered all the details, click Connect.

Get Latest Hash Result

This endpoint enables you to retrieve the latest available results of a previously analyze file by specifying its hash.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Hash ValueJinja-templated text containing the hash valueRequired
Should Only Get Private AnalysesJinja-templated text containing the boolean. Default is 'false'Optional
Should Only Get Composed AnalysesJinja-templated text containing the boolean. Default is 'true'Optional

Output

JSON containing the following items:

{
   "result":{
      "analysis_id":"7e812ee9-701b-4bd2-9c48-asdfasdf6afb",
      "analysis_time":"Wed, 30 Aug 2023 12:15:50 GMT",
      "analysis_url":"https://analyze.intezer.com/analyses/7e812ee9-701b-4bd2-9c48-asdfasdfasdfafb",
      "file_name":"c8ed1easdfasdfasdfd4fe98a7",
      "is_private":true,
      "sha256":"844491c8asdfasdfasdfasdfsadfa72696eb4b41bbe",
      "sub_verdict":"inconclusive",
      "verdict":"unknown"
   },
   "has_error":false,
   "error":null,
   "status":"succeeded",
   "result_url":"/analyses/7e812ee9-701b-4bd2-9c48-asdfasdasdfafb"
}

Analyze a File

This endpoint enables you to submit a file to be analyzed.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
File IdJinja-templated text containing the file id.Required
Additional FieldsJinja-templated JSON containing the additional fields to be passed on Intezer API. Example '{"code_item_type":"file","disable_dynamic_execution":"false"}'Optional

Output

JSON containing the following items:

{
   "result_url":"/analyses/7e812ee9-701b-4bd2-9c48-asdfasdfasdafb",
   "error":null,
   "has_error":false
}

Get Analysis Result

This endpoint retrieves a summary of a file analysis, the summary provides high-level analysis results.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Analysis IdJinja-templated text containing the analysis Id.Required

Output

JSON containing the following items:

{
   "result":{
      "analysis_id":"9ca16018-abb5-4d39-b16a-asdfasdfsdf992",
      "analysis_time":"Wed, 30 Aug 2023 11:45:26 GMT",
      "analysis_url":"https://analyze.intezer.com/analyses/9ca16018-abb5-4d39-b16a-asdfasdfasdf992",
      "file_name":"a8bb5f931f8b446fab071cbe6c58196f",
      "is_private":true,
      "sha256":"844491c83df1asdfasdfasdfasdfsadfasdfecdccd7955a72696eb4b41bbe",
      "sub_verdict":"inconclusive",
      "verdict":"unknown"
   },
   "has_error":false,
   "error":null,
   "status":"succeeded",
   "result_url":"/analyses/9ca16018-abb5-4d39-b16a-asdfasdf992"
}

Download PCAP

Download the PCAP file of a specific analysis.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Analysis IdJinja-templated text containing the analysis Id.Required

Output

JSON containing the following items:

{
   "fileId":"20335089f4bb4ccasdfasdfsadf06be.pcap",
   "error":null,
   "has_error":false
}

Get File Metadata

Get the root analysis sample's metadata.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Analysis IdJinja-templated text containing the analysis Id.Required

Output

JSON containing the following items:

{
   "sha1":"eff2883619ff1asdfasdfasdfsadfef634f",
   "sha256":"844491c83df175a63e2f7asdfasdfasdfasdf72696eb4b41bbe",
   "has_error":false,
   "size_in_bytes":873,
   "md5":"c47ba7e012asdfasdfasdf7daf",
   "error":null,
   "ssdeep":"12:XKNzeiilnuPf5yblaB+qjptPf5asdfasdfasdfasdfasdfasdfasfdsadfsadfKFe8sblaTsbZ1UwJuBamLuNDqDkGHSB",
   "indicators":[
      {
         "classification":"informative",
         "name":"non_executable"
      }
   ],
   "file_type":"non executable"
}

Analyze A URL

Submits a URL to be analyzed.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
URLJinja-templated text containing URL to analyze.Required

Output

JSON containing the following items:

{
  "result_url": "/url/0833e33b-2dcd-4d48-a853-8b4822675911",
  "error": null,
  "has_error": false
}

Get URL Analysis Result

This endpoint retrieves a summary of the analysis of a URL analysis, the summary provides high-level analysis results

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Analysis IdJinja-templated text containing the analysis Id.Required

Output

JSON containing the following items:

{
  "result": {
    "analysis_id": "0833e33b-2dcd-4d48-a853-8b4822675911",
    "analysis_time": "Wed, 17 Oct 2018 15:16:45 GMT",
    "analysis_url": "https://analyze.intezer.com/url/0833e33b-2dcd-4d48-a853-8b4822675911",
    "api_void_risk_score": 0,
    "domain_info": {
      "creation_date": "1997-08-13 04:00:00.000000",
      "domain_name": "string",
      "registrar": "TUCOWS, INC."
    },
    "downloaded_file": {
      "analysis_id": "string",
      "analysis_summary": {
        "verdict_description": "string",
        "verdict_name": "malicious",
        "verdict_type": "malicious"
      },
      "sha256": "string"
    },
    "indicators": [
      {
        "classification": "string",
        "text": "string"
      }
    ],
    "ip": "string",
    "redirect_chain": [
      {
        "response_status": 0,
        "url": "string"
      }
    ],
    "scanned_url": "https://www.intezer.com",
    "submitted_url": "www.intezer.com",
    "summary": {
      "main_connection_gene_count": 0,
      "main_connection_gene_percentage": 0,
      "title": "string",
      "verdict_name": "phishing",
      "verdict_type": "malicious"
    }
  },
  "result_url": "/analyses/0833e33b-2dcd-4d48-a853-8b4822675911",
  "status": "succeeded",
  "error": null,
  "has_error": false
}

Get Quota Usage

Get information about quota usage

Input Field

Choose a connection that you have previously created.

Output

JSON containing the following items:

{
  "result": {
    "file_scans": {
      "quota": 500,
      "type": "monthly",
      "usage": 5
    },
    "endpoint_scans": {
      "quota": 50,
      "type": "monthly",
      "usage": 1
    }
  },
  "error": null,
  "has_error": false
}

Get Family Artifacts

Generate artifacts by family report

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Family IdJinja-templated text containing the family Id.Required
First SeenJinja-templated text containing the first seen filtering artifacts in range of first_seen until current timestamp. Example: '1652083866'Optional

Output

JSON containing the following items:

{
  "result_url": "/families/0833e33b-2dcd-4d48-a853-8b4822675911/artifacts",
  "status": "string",
  "error": null,
  "has_error": false
}

Get An Artifacts By Family Report

This endpoint retrieves an artifacts by family report with distribution metadata

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Family IdJinja-templated text containing the family Id.Required

Output

JSON containing the following items:

{
  "result": {
    "artifacts": [
      {
        "artifact_type": "string",
        "artifact_value": "string",
        "effectiveness": "string",
        "first_seen": 0
      }
    ]
  },
  "result_url": "/analyses/0833e33b-2dcd-4d48-a853-8b4822675911",
  "status": "succeeded",
  "error": null,
  "has_error": false
}

Get Code Reuse

Get code reuse findings for the root analysis

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Analysis IdJinja-templated text containing the analysis Id.Required

Output

JSON containing the following items:

{
  "common_gene_count": 399,
  "gene_count": 396,
  "gene_type": "native_windows",
  "unique_gene_count": 23,
  "families": [
    {
      "family_id": "f547e65e-3160-4f50-8f12-781679173ba4,",
      "family_name": "Longhorn,",
      "family_type": "malware,",
      "reused_gene_count": 220
    },
    {
      "family_id": "0d4b51b7-c4cf-4969-adf6-1291f1a507ea,",
      "family_name": "Plexor,",
      "family_type": "malware,",
      "reused_gene_count": 4
    },
    {
      "family_id": "94c0fcf1-b017-46af-a01e-9c2791f27c7b,",
      "family_name": "The Qt Company Ltd,",
      "family_type": "library,",
      "reused_gene_count": 72
    },
    {
      "family_id": "d803322d-e659-44fd-a198-bc8b42397b04,",
      "family_name": "Microsoft Visual C/C++ Libraries,",
      "family_type": "library,",
      "reused_gene_count": 63
    }
  ],
  "error": null,
  "has_error": false
}

Release Notes

  • v1.1.3 - Updated the description of Analyze a File.
  • v1.1.1 - Added 6 new actions: Analyze A URL,Get URL Analysis Result,Get Quota Usage,Get Family Artifacts,Get An Artifacts By Family Report and Get Code Reuse.
  • v1.0.1 - Introduced integration with actions: Get Latest Hash Result, Analyze a File, Get Analysis Result, Download PCAP and Get File Metadata.

© Devo Technology Inc. All Rights Reserved.