Skip to content

SophosIntelix#

SophosIntelix_Submit_Dynamic#

Author: SOL
License: AGPL-V3
Version: 0.1
Supported observables types:
- file
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

Detonate your suspicious file in SophosLabs Sandbox and find what behaviours the file has. For more information or to sign up for SophosLabs Intelix (with a free tier) see https://www.sophos.com/en-us/labs/intelix.aspx

Configuration#

clientID Client ID for Sophos Labs Intelix
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
clientSecret Client Secret for Sophos Labs Intelix
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
polling_interval Define time interval between two requests attempts for the report
Default value if not configured 60
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

SophosIntelix_Submit_Static#

Author: SOL
License: AGPL-V3
Version: 0.1
Supported observables types:
- file
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

Use SophosLabs machine learning to understand the characteristics of your suspicious file allowing you to see if the file is similar to known malware. For more information or to sign up for SophosLabs Intelix (with a free tier) see https://www.sophos.com/en-us/labs/intelix.aspx

Configuration#

clientID Client ID for Sophos Labs Intelix
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
clientSecret Client Secret for Sophos Labs Intelix
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
polling_interval Define time interval between two requests attempts for the report
Default value if not configured 60
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.

SophosIntelix_GetReport#

Author: SOL
License: AGPL-V3
Version: 0.3
Supported observables types:
- hash
- domain
- fqdn
- url
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A

Description#

Fast and easy way to find out if the file is known Good, PUA (Potentially Unwanted Application), or, Malware. For more information or to sign up for SophosLabs Intelix (with a free tier) see https://www.sophos.com/en-us/labs/intelix.aspx

Configuration#

clientID Client ID for Sophos Labs Intelix
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
clientSecret Client Secret for Sophos Labs Intelix
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
polling_interval Define time interval between two requests attempts for the report
Default value if not configured 60
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

No template samples to display.