Skip to content

Cylance#

README

Cylance hashlookup#

Cylance hash lookup enables you to query possible infected clients of yours using a SHA256 hash. The response includes information about the matching sample(s) along with information about affected clients.

FAQ#

Q: Why only SHA256#

Sadly, although the response data contains an MD5 hash, the API only allows you to query with a SHA256

Cylance#

Author: Mikael Keri
License: AGPL-V3
Version: 1.0
Supported observables types:
- hash
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://www.blackberry.com/

Description#

Search for a specific hash, if there is a match, coresponding client information

Configuration#

ten_id Tenant ID
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
app_id App ID
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
app_secret App Secret
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
region Portal region, : NA, US, APN, JP, APS, AU, EU, GOV, SA, SP
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

Cylance Lookup sample Information full report

Cylance Lookup sample, client information full report

screenshot


Last update: October 21, 2022 15:12:19