Hybrid Analysis

Version: 1.6
Updated: Jun 14, 2023

Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology.

Actions

• File Reputation (Enrichment) - Get reputation information for a file hash.
• Domain Reputation (Enrichment) - Get reputation information for a Domain.
• IP Reputation (Enrichment) - Get reputation information for an IP address.
• URL Reputation (Enrichment) - Get reputation information for an URL.
• Scan File (Enrichment) - Submit a file to the sandbox for analysis.
• Scan URL (Enrichment) - Submit a URL to the sandbox for analysis.
• Get Report Summary (Enrichment) - Get the summary report for a sandbox execution.
• Get File Analysis Overview (Enrichment) - Return overview for the hash and related information.

Hybrid Analysis configuration

To obtain an API Key visit your profile page at the top right menu and navigate to the API key tab. Then press the 'Create API key' button as following:

Configure Hybrid Analysis in Automation Service and Cloud SOAR

Before you can use the integration, you must configure it so that the vendor can communicate with Sumo Logic. For general guidance, see Configure Authentication for Integrations.

1. Access App Central and install the integration.
2. Select the installed integration in the Integrations page.
   Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
   New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations.
3. Select the integration.
4. Hover over the resource name and click the Edit button that appears.
   
5. In the Add Resource dialog, enter the authentication needed by the resource. When done, click TEST to test the configuration, and click SAVE to save the configuration.

• Label. The name of the resource.
• Server URL. 'https://www.hybrid-analysis.com'.
• API Key. Insert the previously copied key.
  

For information about Hybrid Analysis, see Hybrid Analysis documentation.

Category

SANDBOX

Change Log

• May 7, 2019 - First upload
• June 4, 2019 - Scan URL action updated
• July 24, 2019 - SSL verification issue fixed
• January 31, 2020 - Action updated: Get Report Summary
• June 26, 2020 - Action updated: Get Report Summary
• May 20, 2022 - Integration updated and new actions added (Domain/IP/URL Reputation)
• May 23, 2022 - integration doc updated
• November 22, 2022
  • added default URL
  • solved issue for which the integration test will throw an error if no value for timeout is provided
• April 4, 2023 (v1.5)
  • Updated integration: (Updated the integration Fields with Environmental Variables and improved error handling)
  • New Action: Get File Analysis Overview
  • Update Actions: (Domain Reputation, File Reputation, Get Report Summary, IP Reputation, Scan File, Scan URL, URL Reputation)
• June 14, 2023 (v1.6) - Integration improvement