Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

Koodous is a collaborative platform that combines the power of online analysis tools with social interactions between the analysts over a vast repositories of APKs (Android Package Kits).

This document provides information about the Koodous connector, which facilitates automated interactions, with a Koodous server using FortiSOAR™ playbooks. Add the Koodous connector as a step in FortiSOAR™ playbooks and perform automated operations such as, submitting APK files to the Koodous server for analyzes and searching for and retrieving reports from the Koodous server.

 

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.11.0-1161

Koodous Version Tested on: 1.0

 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-koodous

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

  • You must have the URL of the Koodous server to which you will connect and perform the automated operations.
  • You must have the API token configured for your account to access the Koodous server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Koodous connector and click Configure to configure the following parameters:

Parameter Description
Server URL URL of the Koodous server to which you will connect and perform the automated operations.
API Token API token that is configured for your account to access the Koodous server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Submit APK Uploads an APK file to the Koodous server for analyses.
Note: The file that you upload to the Koodous server must be part of the FortiSOAR™ Attachmentsmodule.
upload_apk
Investigation
Get Report Retrieves an analyzes report from the Koodous server for a previously submitted sample, based on the SHA256 value of the APK file you have specified. get_report
Investigation
Search APK Searches for details of an APK file in the Koodous database, based on the name of the APK file or the SHA256, SHA1, or MD5 value of the APK file you have specified. search_apk
Investigation

 

operation: Submit APK

Input parameters

Note: You can upload those APK files to the Koodous server that are part of the FortiSOAR™ Attachmentsmodule.

 

Parameter Description
Attachment ID Reference ID that is used to access the file directly from the FortiSOAR™ Attachments module. This should be the file that you want to upload to the Koodous server for analyzes.
In the playbook, this defaults to the {{vars.input.records[0].file[‘@id’]}} when you have selected Attachment ID as the file reference.
Important: You must specify either the Attachment ID or the Attachment IRI for the file that you want to upload to the Koodous server for analyzes. If you specify both the values, then this operation will use the Attachment ID parameter.
Attachment IRI IRI ID of the attachment that is used to access the file directly from the FortiSOAR™ Attachments module. This should be the file that you want to upload to the Koodous server for analyzes.
In the playbook, this defaults to the {{vars.input.records[0][‘@id’]}} when you have selected Attachment IRI as the file reference.
File SHA256 SHA256 of the file to verify whether the file has already been submitted to the Koodous server.

 

Output

The JSON output is empty.

Following image displays a sample output:

Sample output of the Submit APK operation

operation: Get Report

Input parameters

Parameter Description
APK SHA256 The SHA256 value of the APK file, whose report you want to retrieve from the Koodous server.

 

Output

The JSON output contains the analyzes report of the APK file associated with the APK sha256 value that you have specified, retrieved from the Koodous server.

Following image displays a sample output:

Sample output of the Get Report operation

operation: Search APK

Input parameters

Parameter Description
Name/SHA256/SHA1/ MD5 The name of the APK file or the SHA256, SHA1, or MD5 value of the APK file, whose details you want to search on the Koodous server.

 

Output

The JSON output contains the detailed analysis for the APK file associated with the APK file name or the APK SHA256, SHA1, or MD5 value that you have specified, retrieved from the Koodous server.

Following image displays a sample output:

Sample output of the Search APK operation

Included playbooks

The Sample - Koodous - 1.0.0 playbook collection comes bundled with the Koodous connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Koodous connector.

  • Get Report
  • Search APK
  • Submit APK

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

Koodous is a collaborative platform that combines the power of online analysis tools with social interactions between the analysts over a vast repositories of APKs (Android Package Kits).

This document provides information about the Koodous connector, which facilitates automated interactions, with a Koodous server using FortiSOAR™ playbooks. Add the Koodous connector as a step in FortiSOAR™ playbooks and perform automated operations such as, submitting APK files to the Koodous server for analyzes and searching for and retrieving reports from the Koodous server.

 

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.11.0-1161

Koodous Version Tested on: 1.0

 

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-koodous

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Koodous connector and click Configure to configure the following parameters:

Parameter Description
Server URL URL of the Koodous server to which you will connect and perform the automated operations.
API Token API token that is configured for your account to access the Koodous server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Submit APK Uploads an APK file to the Koodous server for analyses.
Note: The file that you upload to the Koodous server must be part of the FortiSOAR™ Attachmentsmodule.
upload_apk
Investigation
Get Report Retrieves an analyzes report from the Koodous server for a previously submitted sample, based on the SHA256 value of the APK file you have specified. get_report
Investigation
Search APK Searches for details of an APK file in the Koodous database, based on the name of the APK file or the SHA256, SHA1, or MD5 value of the APK file you have specified. search_apk
Investigation

 

operation: Submit APK

Input parameters

Note: You can upload those APK files to the Koodous server that are part of the FortiSOAR™ Attachmentsmodule.

 

Parameter Description
Attachment ID Reference ID that is used to access the file directly from the FortiSOAR™ Attachments module. This should be the file that you want to upload to the Koodous server for analyzes.
In the playbook, this defaults to the {{vars.input.records[0].file[‘@id’]}} when you have selected Attachment ID as the file reference.
Important: You must specify either the Attachment ID or the Attachment IRI for the file that you want to upload to the Koodous server for analyzes. If you specify both the values, then this operation will use the Attachment ID parameter.
Attachment IRI IRI ID of the attachment that is used to access the file directly from the FortiSOAR™ Attachments module. This should be the file that you want to upload to the Koodous server for analyzes.
In the playbook, this defaults to the {{vars.input.records[0][‘@id’]}} when you have selected Attachment IRI as the file reference.
File SHA256 SHA256 of the file to verify whether the file has already been submitted to the Koodous server.

 

Output

The JSON output is empty.

Following image displays a sample output:

Sample output of the Submit APK operation

operation: Get Report

Input parameters

Parameter Description
APK SHA256 The SHA256 value of the APK file, whose report you want to retrieve from the Koodous server.

 

Output

The JSON output contains the analyzes report of the APK file associated with the APK sha256 value that you have specified, retrieved from the Koodous server.

Following image displays a sample output:

Sample output of the Get Report operation

operation: Search APK

Input parameters

Parameter Description
Name/SHA256/SHA1/ MD5 The name of the APK file or the SHA256, SHA1, or MD5 value of the APK file, whose details you want to search on the Koodous server.

 

Output

The JSON output contains the detailed analysis for the APK file associated with the APK file name or the APK SHA256, SHA1, or MD5 value that you have specified, retrieved from the Koodous server.

Following image displays a sample output:

Sample output of the Search APK operation

Included playbooks

The Sample - Koodous - 1.0.0 playbook collection comes bundled with the Koodous connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Koodous connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.