VMRay
Version: 2.0.0
VMRay Threat Identifier (VTI) identifies and flags malicious behavior in an uploaded file, generating an overall severity score of malicious behavior.
Connect VMRay with LogicHub
- Navigate to Automations > Integrations.
- Search for VMRay.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- Server URL (optional): The Server URL to connect to the VMRay (Default is https://cloud.vmray.com).
- API Key: The API key to connect to the VMRay.
- After you've entered all the details, click Connect.
Actions for VMRay
Check File
Upload file and retrieve VTI score.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| File ID | Jinja-templated text containing the file Id. | Required |
| File Name | Jinja-templated text containing the file name. | Optional |
Output
A JSON object containing multiple rows of result:
- has_error: True/False
- error: message/null
- result: List of events
{
"has_error": false,
"result":{
"vmray_score":"not_suspicious"
},
"error": null
}
Release Notes
v2.0.0- Updated architecture to support IO via filesystemv1.2.0- Added optional fieldFile NameinCheck Fileaction.v1.1.1- Added documentation link in the automation library.
Updated about 1 year ago