VMRay
VMRay
Author: Nils Kuhnert, CERT-Bund
License: AGPL-V3
Version: 4.1
Supported observables types:
- hash
- file
- url
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
VMRay Sandbox file and URL analysis.
Configuration
url |
Define the URL of the service |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
True |
key |
Define the API key |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
True |
certverify |
Verify certificates |
Default value if not configured |
True |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
False |
certpath |
Path to certificate file, in case of self-signed etc. |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
False |
verdict_only |
If set to true, only the verdict (or the score for VMRay versions < 4.0) will be added as labels. |
Default value if not configured |
False |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
False |
query_retry_wait |
The amount of seconds to wait before trying to fetch the results. |
Default value if not configured |
10 |
Type of the configuration item |
number |
The configuration item can contain multiple values |
False |
Is required |
False |
recursive_sample_limit |
The maximum amount of recursive samples which will be analyzed. 0 disables recursion. |
Default value if not configured |
10 |
Type of the configuration item |
number |
The configuration item can contain multiple values |
False |
Is required |
False |
reanalyze |
If set to true, known samples will be re-analyzed on submission. This is enabled by default. |
Default value if not configured |
True |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
False |
shareable |
If set to true, the hash of the sample will be shared with VirusTotal if the TLP level is white or green. |
Default value if not configured |
False |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
False |
archive_password |
The password that will be used to extract archives. |
Default value if not configured |
malware |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
True |
archive_compound_sample |
If set to true, files inside archives are treated as a single, compound sample. Otherwise, each file is treated as its own sample. |
Default value if not configured |
False |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
True |
max_jobs |
Limits the amount of jobs that can be created by jobrules for a submission. |
Default value if not configured |
N/A |
Type of the configuration item |
number |
The configuration item can contain multiple values |
False |
Is required |
False |
enable_reputation |
If set to true, reputation lookups will be performed for submitted samples and analysis artifacts (file hash and URL lookups) by the VMRay cloud reputation service and additional third party services. The user analyzer setting is used as default value for this parameter. |
Default value if not configured |
N/A |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
False |
enable_whois |
If set to true, domains seen during analyses are queried with external WHOIS service. The user analyzer setting is used as default value for this parameter. |
Default value if not configured |
N/A |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
False |
analyzer_mode |
Specifies which types of analyzers will be used for analyzing this sample. Supported strings are 'reputation', 'reputation_static', 'reputation_static_dynamic', 'static_dynamic', and 'static'. The user analyzer setting is used as default value for this parameter. |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
False |
known_malicious |
If set to true, triage will be used to pre-filter known malicious samples by results of reputation lookup (if allowed) and static analysis. The user analyzer setting is used as default value for this parameter. |
Default value if not configured |
N/A |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
False |
known_benign |
If set to true, triage will be used to pre-filter known benign samples by results of reputation lookup (if allowed) and static analysis. The user analyzer setting is used as default value for this parameter. |
Default value if not configured |
N/A |
Type of the configuration item |
boolean |
The configuration item can contain multiple values |
False |
Is required |
False |
tags |
Tags to attach to the sample. |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
True |
Is required |
False |
timeout |
Analysis timeout in seconds. |
Default value if not configured |
N/A |
Type of the configuration item |
number |
The configuration item can contain multiple values |
False |
Is required |
False |
net_scheme_name |
Name of the network schema. |
Default value if not configured |
N/A |
Type of the configuration item |
string |
The configuration item can contain multiple values |
False |
Is required |
False |
Templates samples for TheHive
No template samples to display.