Koodous is a collaborative platform that combines the power of online analysis tools with social interactions between the analysts over a vast repositories of APKs (Android Package Kits).
This document provides information about the Koodous connector, which facilitates automated interactions, with a Koodous server using FortiSOAR™ playbooks. Add the Koodous connector as a step in FortiSOAR™ playbooks and perform automated operations such as, submitting APK files to the Koodous server for analyzes and searching for and retrieving reports from the Koodous server.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Koodous Version Tested on: 1.0
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-koodous
For the procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the Koodous connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | URL of the Koodous server to which you will connect and perform the automated operations. |
API Token | API token that is configured for your account to access the Koodous server. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Submit APK | Uploads an APK file to the Koodous server for analyses. Note: The file that you upload to the Koodous server must be part of the FortiSOAR™ Attachments module. |
upload_apk Investigation |
Get Report | Retrieves an analyzes report from the Koodous server for a previously submitted sample, based on the SHA256 value of the APK file you have specified. | get_report Investigation |
Search APK | Searches for details of an APK file in the Koodous database, based on the name of the APK file or the SHA256, SHA1, or MD5 value of the APK file you have specified. | search_apk Investigation |
Note: You can upload those APK files to the Koodous server that are part of the FortiSOAR™ Attachments
module.
Parameter | Description |
---|---|
Attachment ID | Reference ID that is used to access the file directly from the FortiSOAR™ Attachments module. This should be the file that you want to upload to the Koodous server for analyzes. In the playbook, this defaults to the {{vars.input.records[0].file[‘@id’]}} when you have selected Attachment ID as the file reference.Important: You must specify either the Attachment ID or the Attachment IRI for the file that you want to upload to the Koodous server for analyzes. If you specify both the values, then this operation will use the Attachment ID parameter. |
Attachment IRI | IRI ID of the attachment that is used to access the file directly from the FortiSOAR™ Attachments module. This should be the file that you want to upload to the Koodous server for analyzes. In the playbook, this defaults to the {{vars.input.records[0][‘@id’]}} when you have selected Attachment IRI as the file reference. |
File SHA256 | SHA256 of the file to verify whether the file has already been submitted to the Koodous server. |
The JSON output is empty.
Following image displays a sample output:
Parameter | Description |
---|---|
APK SHA256 | The SHA256 value of the APK file, whose report you want to retrieve from the Koodous server. |
The JSON output contains the analyzes report of the APK file associated with the APK sha256 value that you have specified, retrieved from the Koodous server.
Following image displays a sample output:
Parameter | Description |
---|---|
Name/SHA256/SHA1/ MD5 | The name of the APK file or the SHA256, SHA1, or MD5 value of the APK file, whose details you want to search on the Koodous server. |
The JSON output contains the detailed analysis for the APK file associated with the APK file name or the APK SHA256, SHA1, or MD5 value that you have specified, retrieved from the Koodous server.
Following image displays a sample output:
The Sample - Koodous - 1.0.0
playbook collection comes bundled with the Koodous connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Koodous connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.
Koodous is a collaborative platform that combines the power of online analysis tools with social interactions between the analysts over a vast repositories of APKs (Android Package Kits).
This document provides information about the Koodous connector, which facilitates automated interactions, with a Koodous server using FortiSOAR™ playbooks. Add the Koodous connector as a step in FortiSOAR™ playbooks and perform automated operations such as, submitting APK files to the Koodous server for analyzes and searching for and retrieving reports from the Koodous server.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Koodous Version Tested on: 1.0
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-koodous
For the procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the Koodous connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | URL of the Koodous server to which you will connect and perform the automated operations. |
API Token | API token that is configured for your account to access the Koodous server. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Submit APK | Uploads an APK file to the Koodous server for analyses. Note: The file that you upload to the Koodous server must be part of the FortiSOAR™ Attachments module. |
upload_apk Investigation |
Get Report | Retrieves an analyzes report from the Koodous server for a previously submitted sample, based on the SHA256 value of the APK file you have specified. | get_report Investigation |
Search APK | Searches for details of an APK file in the Koodous database, based on the name of the APK file or the SHA256, SHA1, or MD5 value of the APK file you have specified. | search_apk Investigation |
Note: You can upload those APK files to the Koodous server that are part of the FortiSOAR™ Attachments
module.
Parameter | Description |
---|---|
Attachment ID | Reference ID that is used to access the file directly from the FortiSOAR™ Attachments module. This should be the file that you want to upload to the Koodous server for analyzes. In the playbook, this defaults to the {{vars.input.records[0].file[‘@id’]}} when you have selected Attachment ID as the file reference.Important: You must specify either the Attachment ID or the Attachment IRI for the file that you want to upload to the Koodous server for analyzes. If you specify both the values, then this operation will use the Attachment ID parameter. |
Attachment IRI | IRI ID of the attachment that is used to access the file directly from the FortiSOAR™ Attachments module. This should be the file that you want to upload to the Koodous server for analyzes. In the playbook, this defaults to the {{vars.input.records[0][‘@id’]}} when you have selected Attachment IRI as the file reference. |
File SHA256 | SHA256 of the file to verify whether the file has already been submitted to the Koodous server. |
The JSON output is empty.
Following image displays a sample output:
Parameter | Description |
---|---|
APK SHA256 | The SHA256 value of the APK file, whose report you want to retrieve from the Koodous server. |
The JSON output contains the analyzes report of the APK file associated with the APK sha256 value that you have specified, retrieved from the Koodous server.
Following image displays a sample output:
Parameter | Description |
---|---|
Name/SHA256/SHA1/ MD5 | The name of the APK file or the SHA256, SHA1, or MD5 value of the APK file, whose details you want to search on the Koodous server. |
The JSON output contains the detailed analysis for the APK file associated with the APK file name or the APK SHA256, SHA1, or MD5 value that you have specified, retrieved from the Koodous server.
Following image displays a sample output:
The Sample - Koodous - 1.0.0
playbook collection comes bundled with the Koodous connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Koodous connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.