Hybrid Analysis

Version: 1.6
Updated: Jun 14, 2023

Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology.

Actions

• File Reputation (Enrichment) - Get reputation information for a file hash.
• Domain Reputation (Enrichment) - Get reputation information for a Domain.
• IP Reputation (Enrichment) - Get reputation information for an IP address.
• URL Reputation (Enrichment) - Get reputation information for an URL.
• Scan File (Enrichment) - Submit a file to the sandbox for analysis.
• Scan URL (Enrichment) - Submit a URL to the sandbox for analysis.
• Get Report Summary (Enrichment) - Get the summary report for a sandbox execution.
• Get File Analysis Overview (Enrichment) - Return overview for the hash and related information.

Hybrid Analysis configuration

To obtain an API Key visit your profile page at the top right menu and navigate to the API key tab. Then press the 'Create API key' button as following:

Configure Hybrid Analysis in Automation Service and Cloud SOAR

Before you can use this automation integration, you must configure its authentication settings so that the product you're integrating with can communicate with Sumo Logic. For general guidance, see Configure Authentication for Automation Integrations.

How to open the integration's configuration dialog

1. Access App Central and install the integration. (You can configure at installation, or after installation with the following steps.)
2. Go to the Integrations page.
   Classic UI. In the main Sumo Logic menu, select Automation and then select Integrations in the left nav bar.
   New UI. In the main Sumo Logic menu, select Automation > Integrations. You can also click the Go To... menu at the top of the screen and select Integrations.
3. Select the installed integration.
4. Hover over the resource name and click the Edit button that appears.
   

In the configuration dialog, enter information from the product you're integrating with. When done, click TEST to test the configuration, and click SAVE to save the configuration.

• Label. The name of the resource.
• Server URL. 'https://www.hybrid-analysis.com'.
• API Key. Insert the previously copied key.
  

For information about Hybrid Analysis, see Hybrid Analysis documentation.

Category

SANDBOX

Change Log

• May 7, 2019 - First upload
• June 4, 2019 - Scan URL action updated
• July 24, 2019 - SSL verification issue fixed
• January 31, 2020 - Action updated: Get Report Summary
• June 26, 2020 - Action updated: Get Report Summary
• May 20, 2022 - Integration updated and new actions added (Domain/IP/URL Reputation)
• May 23, 2022 - integration doc updated
• November 22, 2022
  • added default URL
  • solved issue for which the integration test will throw an error if no value for timeout is provided
• April 4, 2023 (v1.5)
  • Updated integration: (Updated the integration Fields with Environmental Variables and improved error handling)
  • New Action: Get File Analysis Overview
  • Update Actions: (Domain Reputation, File Reputation, Get Report Summary, IP Reputation, Scan File, Scan URL, URL Reputation)
• June 14, 2023 (v1.6) - Integration improvement