DOCUMENT LIBRARY
1.1.0
DOCUMENT LIBRARY
1.1.0
VMRay provides a service that analyses suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
This document provides information about the VMRay connector, which facilitates automated interactions, with a VMRay Cloud Analyzer server using FortiSOAR™ playbooks. Add the VMRay connector as a step in FortiSOAR™ playbooks and perform automated operations, such as scanning and analyzing suspicious files and URLs and retrieving reports from VMRay for submitted sample files and domains.
Connector Version: 1.1.0
Authored By: Fortinet
Certified: No
Following enhancements have been made to the VMRay connector in version 1.1.0:
Added the following new operations and playbooks:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install the connector:
sudo yum install cyops-connector-vmrayFor the detailed procedure to install a connector, click here
You must have the URL of the VMRay Cloud Analyzer server to which you will connect and perform the automated operations and the API key to access that server.
To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the VMRay connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | URL of the VMRay Cloud Analyzer server to which you will connect and perform the automated operations. |
| API Key | API key configured for your account to access the VMRay Cloud Analyzer server. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is selected, i.e., set to true. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function | Description | Annotation and Category |
|---|---|---|
| Submit Sample | Scans and analyzes files that are submitted from the _Attachment_ module in FortiSOAR™ to VMRay to determine if they are suspicious. |
detonate_file Investigation |
| Submit Sample URL | Scans and analyzes files that are submitted from a web server to VMRay to determine if they are suspicious. | detonate_file Investigation |
| Submit URL | Scans and analyzes URLs that are submitted to VMRay to determine if they are suspicious. | detonate_url Investigation |
| Get Samples | Retrieves details of all samples in the system or retrieves details of samples based on the parameters you have specified. | get_samples Investigation |
| Get Submissions | Retrieves details of all submissions in the system or retrieves details of submissions based on the parameters you have specified. | get_submissions Investigation |
| Get Prescripts | Retrieves details of all prescripts in the system or retrieves details of prescripts based on the parameters you have specified. | get_prescripts Investigation |
| Get Analysis | Retrieves details of all analyses in the system or retrieves details of analyses based on the parameters you have specified. | get_analysis Investigation |
| Get Reputation Lookups | Retrieves details of all reputation lookups in the system or retrieves details of reputation lookups based on the parameters you have specified. | get_reputation_lookups Investigation |
| Get MetaDefender Analysis | Retrieves details of all MetaDefender analysis in the system or retrieves details of MetaDefender Analysis based on the parameters you have specified. | get_md_analysis Investigation |
| Get VirusTotal Analysis | Retrieves details of all VirusTotal analysis in the system or retrieves details of VirusTotal Analysis based on the parameters you have specified. | get_vt_analysis Investigation |
| Get Job Analysis | Retrieves details of all analyzer jobs in the system or retrieves details of analyzer jobs based on the parameters you have specified. | get_job Investigation |
| Get Reputation Jobs | Retrieves details of all reputation jobs in the system or retrieves details of reputation jobs based on the parameters you have specified. | get_reputation_jobs Investigation |
| Get MetaDefender Jobs | Retrieves details of all MetaDefender jobs in the system or retrieves details of MetaDefender jobs based on the parameters you have specified. | get_md_jobs Investigation |
| Get VirusTotal Jobs | Retrieves details of all VirusTotal jobs in the system or retrieves details of VirusTotal jobs based on the parameters you have specified. | get_vt_jobs Investigation |
| Get Tags | Retrieves details of all tags in the system or retrieves details of tags based on the parameters you have specified. | get_tags Investigation |
| Get System Information | Retrieves system-wide information, such as the VMRay Analyzer version of the running VMRay server. | get_system_info Investigation |
| Delete Job | Deletes the VMRay Analyzer job based on the job ID you have specified. | delete_job Investigation |
| Delete Submission | Deletes the VMRay Analyzer submission based on the submission ID you have specified. | delete_submission Investigation |
| Get Screenshots | Retrieves screenshots taken during a specific dynamic analysis. | get_screenshots Investigation |
| Get Threat Indicators | Retrieves screenshots taken during a specific dynamic analysis. | get_threat_indicators Investigation |
| Get IOCs | Retrieves Indicators of Compromise for a specified sample. | get_iocs Investigation |
| Add Tag | Adds a specified tag to the given ID of an analysis or submission. | add_tag Investigation |
| Delete Tag | Deletes the specified tag from the selected ID of the analysis or submission. | delete_tag Investigation |
| Parameter | Description |
|---|---|
| File IRI | Specify the IRI of the file present in FortiSOAR™'s Attachments module that you want to submit to VMRay for scanning and analysis. |
| Sample Type | (Optional) Select a sample type from the list of officially supported VMRay Analyzer sample types. |
| Sharable with VirusTotal and MetaDefender (MD) | (Optional) Select this option to share this file with VirusTotal and MetaDefender, i.e. send this file for submission to VirusTotal and MetaDefender. |
| Custom Jobrule | (Optional) Specify alternative jobrules for this submission by using the jobrule_entries parameter. By default, submitted files create new jobs according to the default jobrules of the sample type. |
| Reanalyze | (Optional) Select this option to create new jobs even when analyses already exist for this sample. |
| Max job | (Optional) Specify the maximum number of jobs that can be created by jobrules for this submission. In the case of an activated billing system, this parameter allows you to control the consumption of the quota of jobs. |
| Tags (Comma separated if multiple) | (Optional) Specify a comma-separated list of tags for this submission. |
The output contains the following populated JSON schema:
{
"data": {
"errors": [],
"jobs": [
{
"job_analyzer_id": "",
"job_analyzer_name": "",
"job_configuration_id": "",
"job_configuration_name": "",
"job_created": "",
"job_document_password": "",
"job_id": "",
"job_jobrule_id": "",
"job_jobrule_sampletype": "",
"job_parent_analysis_id": "",
"job_prescript_id": "",
"job_priority": "",
"job_reputation_job_id": "",
"job_sample_id": "",
"job_sample_md5": "",
"job_sample_sha1": "",
"job_sample_sha256": "",
"job_snapshot_id": "",
"job_snapshot_name": "",
"job_status": "",
"job_statuschanged": "",
"job_submission_id": "",
"job_tracking_state": "",
"job_type": "",
"job_user_email": "",
"job_user_id": "",
"job_vm_id": "",
"job_vm_name": "",
"job_vmhost_id": "",
"job_vminstance_num": "",
"job_vnc_token": ""
}
],
"md_jobs": [
{
"md_job_created": "",
"md_job_id": "",
"md_job_priority": "",
"md_job_reputation_job_id": "",
"md_job_sample_id": "",
"md_job_sample_md5": "",
"md_job_sample_sha1": "",
"md_job_sample_sha256": "",
"md_job_status": "",
"md_job_statuschanged": "",
"md_job_submission_id": "",
"md_job_user_email": "",
"md_job_user_id": ""
}
],
"reputation_jobs": [
{
"reputation_job_created": "",
"reputation_job_id": "",
"reputation_job_priority": "",
"reputation_job_sample_id": "",
"reputation_job_sample_md5": "",
"reputation_job_sample_sha1": "",
"reputation_job_sample_sha256": "",
"reputation_job_status": "",
"reputation_job_statuschanged": "",
"reputation_job_submission_id": "",
"reputation_job_user_email": "",
"reputation_job_user_id": ""
}
],
"samples": [
{
"sample_created": "",
"sample_filename": "",
"sample_filesize": "",
"sample_id": "",
"sample_is_multipart": "",
"sample_md5hash": "",
"sample_priority": "",
"sample_sha1hash": "",
"sample_sha256hash": "",
"sample_type": "",
"sample_url": "",
"sample_webif_url": "",
"submission_filename": ""
}
],
"submissions": [
{
"submission_comment": "",
"submission_created": "",
"submission_document_password": "",
"submission_filename": "",
"submission_finish_time": "",
"submission_finished": "",
"submission_has_errors": "",
"submission_id": "",
"submission_ip_id": "",
"submission_ip_ip": "",
"submission_original_filename": "",
"submission_prescript_id": "",
"submission_priority": "",
"submission_reputation_mode": "",
"submission_sample_id": "",
"submission_sample_md5": "",
"submission_sample_sha1": "",
"submission_sample_sha256": "",
"submission_shareable": "",
"submission_tags": [],
"submission_triage_error_handling": "",
"submission_type": "",
"submission_user_email": "",
"submission_user_id": "",
"submission_webif_url": ""
}
],
"vt_jobs": [
{
"vt_job_created": "",
"vt_job_id": "",
"vt_job_priority": "",
"vt_job_reputation_job_id": "",
"vt_job_sample_id": "",
"vt_job_sample_md5": "",
"vt_job_sample_sha1": "",
"vt_job_sample_sha256": "",
"vt_job_status": "",
"vt_job_statuschanged": "",
"vt_job_submission_id": "",
"vt_job_user_email": "",
"vt_job_user_id": ""
}
]
}
}Note: Only the Sample Url parameter is mandatory.
| Parameter | Description |
|---|---|
| Sample Url | Specify the file name present on a web server to submit to VMRay for scanning and analysis. |
| Sample Type | (Optional) Select a sample type from the list of officially supported VMRay Analyzer sample types. |
| Sharable with VirusTotal and MetaDefender (MD) | (Optional) Select this option to share this file with VirusTotal and MetaDefender, i.e. send this file for submission to VirusTotal and MetaDefender. |
| Custom Jobrule | (Optional) Specify alternative jobrules for this submission by using the jobrule_entries parameter. By default, submitted files create new jobs according to the default jobrules of the sample type. |
| Reanalyze | (Optional) Select this option to create new jobs even when analyses already exist for this sample. |
| Max job | (Optional) Specify the maximum number of jobs that can be created by jobrules for this submission. In the case of an activated billing system, this parameter allows you to control the consumption of the quota of jobs. |
| Tags (Comma separated if multiple) | (Optional) Specify a comma-separated list of tags for this submission. |
The output contains the following populated JSON schema:
{
"data": {
"errors": [],
"jobs": [
{
"job_analyzer_id": "",
"job_analyzer_name": "",
"job_configuration_id": "",
"job_configuration_name": "",
"job_created": "",
"job_document_password": "",
"job_id": "",
"job_jobrule_id": "",
"job_jobrule_sampletype": "",
"job_parent_analysis_id": "",
"job_prescript_id": "",
"job_priority": "",
"job_reputation_job_id": "",
"job_sample_id": "",
"job_sample_md5": "",
"job_sample_sha1": "",
"job_sample_sha256": "",
"job_snapshot_id": "",
"job_snapshot_name": "",
"job_status": "",
"job_statuschanged": "",
"job_submission_id": "",
"job_tracking_state": "",
"job_type": "",
"job_user_email": "",
"job_user_id": "",
"job_vm_id": "",
"job_vm_name": "",
"job_vmhost_id": "",
"job_vminstance_num": "",
"job_vnc_token": ""
}
],
"md_jobs": [
{
"md_job_created": "",
"md_job_id": "",
"md_job_priority": "",
"md_job_reputation_job_id": "",
"md_job_sample_id": "",
"md_job_sample_md5": "",
"md_job_sample_sha1": "",
"md_job_sample_sha256": "",
"md_job_status": "",
"md_job_statuschanged": "",
"md_job_submission_id": "",
"md_job_user_email": "",
"md_job_user_id": ""
}
],
"reputation_jobs": [
{
"reputation_job_created": "",
"reputation_job_id": "",
"reputation_job_priority": "",
"reputation_job_sample_id": "",
"reputation_job_sample_md5": "",
"reputation_job_sample_sha1": "",
"reputation_job_sample_sha256": "",
"reputation_job_status": "",
"reputation_job_statuschanged": "",
"reputation_job_submission_id": "",
"reputation_job_user_email": "",
"reputation_job_user_id": ""
}
],
"samples": [
{
"sample_created": "",
"sample_filename": "",
"sample_filesize": "",
"sample_id": "",
"sample_is_multipart": "",
"sample_md5hash": "",
"sample_priority": "",
"sample_sha1hash": "",
"sample_sha256hash": "",
"sample_type": "",
"sample_url": "",
"sample_webif_url": "",
"submission_filename": ""
}
],
"submissions": [
{
"submission_comment": "",
"submission_created": "",
"submission_document_password": "",
"submission_filename": "",
"submission_finish_time": "",
"submission_finished": "",
"submission_has_errors": "",
"submission_id": "",
"submission_ip_id": "",
"submission_ip_ip": "",
"submission_original_filename": "",
"submission_prescript_id": "",
"submission_priority": "",
"submission_reputation_mode": "",
"submission_sample_id": "",
"submission_sample_md5": "",
"submission_sample_sha1": "",
"submission_sample_sha256": "",
"submission_shareable": "",
"submission_tags": [],
"submission_triage_error_handling": "",
"submission_type": "",
"submission_user_email": "",
"submission_user_id": "",
"submission_webif_url": ""
}
],
"vt_jobs": [
{
"vt_job_created": "",
"vt_job_id": "",
"vt_job_priority": "",
"vt_job_reputation_job_id": "",
"vt_job_sample_id": "",
"vt_job_sample_md5": "",
"vt_job_sample_sha1": "",
"vt_job_sample_sha256": "",
"vt_job_status": "",
"vt_job_statuschanged": "",
"vt_job_submission_id": "",
"vt_job_user_email": "",
"vt_job_user_id": ""
}
]
}
}| Parameter | Description |
|---|---|
| URL | Specify the URL to submit to VMRay for scanning and analysis. |
The output contains the following populated JSON schema:
{
"data": {
"errors": [],
"jobs": [
{
"job_analyzer_id": "",
"job_analyzer_name": "",
"job_configuration_id": "",
"job_configuration_name": "",
"job_created": "",
"job_document_password": "",
"job_id": "",
"job_jobrule_id": "",
"job_jobrule_sampletype": "",
"job_parent_analysis_id": "",
"job_prescript_id": "",
"job_priority": "",
"job_reputation_job_id": "",
"job_sample_id": "",
"job_sample_md5": "",
"job_sample_sha1": "",
"job_sample_sha256": "",
"job_snapshot_id": "",
"job_snapshot_name": "",
"job_status": "",
"job_statuschanged": "",
"job_submission_id": "",
"job_tracking_state": "",
"job_type": "",
"job_user_email": "",
"job_user_id": "",
"job_vm_id": "",
"job_vm_name": "",
"job_vmhost_id": "",
"job_vminstance_num": "",
"job_vnc_token": ""
}
],
"md_jobs": [
{
"md_job_created": "",
"md_job_id": "",
"md_job_priority": "",
"md_job_reputation_job_id": "",
"md_job_sample_id": "",
"md_job_sample_md5": "",
"md_job_sample_sha1": "",
"md_job_sample_sha256": "",
"md_job_status": "",
"md_job_statuschanged": "",
"md_job_submission_id": "",
"md_job_user_email": "",
"md_job_user_id": ""
}
],
"reputation_jobs": [
{
"reputation_job_created": "",
"reputation_job_id": "",
"reputation_job_priority": "",
"reputation_job_sample_id": "",
"reputation_job_sample_md5": "",
"reputation_job_sample_sha1": "",
"reputation_job_sample_sha256": "",
"reputation_job_status": "",
"reputation_job_statuschanged": "",
"reputation_job_submission_id": "",
"reputation_job_user_email": "",
"reputation_job_user_id": ""
}
],
"samples": [
{
"sample_created": "",
"sample_filename": "",
"sample_filesize": "",
"sample_id": "",
"sample_is_multipart": "",
"sample_md5hash": "",
"sample_priority": "",
"sample_sha1hash": "",
"sample_sha256hash": "",
"sample_type": "",
"sample_url": "",
"sample_webif_url": "",
"submission_filename": ""
}
],
"submissions": [
{
"submission_comment": "",
"submission_created": "",
"submission_document_password": "",
"submission_filename": "",
"submission_finish_time": "",
"submission_finished": "",
"submission_has_errors": "",
"submission_id": "",
"submission_ip_id": "",
"submission_ip_ip": "",
"submission_original_filename": "",
"submission_prescript_id": "",
"submission_priority": "",
"submission_reputation_mode": "",
"submission_sample_id": "",
"submission_sample_md5": "",
"submission_sample_sha1": "",
"submission_sample_sha256": "",
"submission_shareable": "",
"submission_tags": [],
"submission_triage_error_handling": "",
"submission_type": "",
"submission_user_email": "",
"submission_user_id": "",
"submission_webif_url": ""
}
],
"vt_jobs": [
{
"vt_job_created": "",
"vt_job_id": "",
"vt_job_priority": "",
"vt_job_reputation_job_id": "",
"vt_job_sample_id": "",
"vt_job_sample_md5": "",
"vt_job_sample_sha1": "",
"vt_job_sample_sha256": "",
"vt_job_status": "",
"vt_job_statuschanged": "",
"vt_job_submission_id": "",
"vt_job_user_email": "",
"vt_job_user_id": ""
}
]
}
}| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which sample details are retrieved from VMRay. Choose from the following options: All: Retrieves details of all samples in the system. ID: Retrieves details of samples in the system based on the sample ID you specify. Created: Retrieves details of samples in the system based on the date the samples were created. Filesize: Retrieves details of samples in the system based on the filesize (in bytes) you specify. All samples below the specified filesize are retrieved from the system. Md5: Retrieves details of samples in the system based on the MD hash you specify. Sha1: Retrieves details of samples in the system based on the SHA1 hash you specify. Sha256: Retrieves details of samples in the system based on the SHA256 hash you specify. Type: Retrieves details of samples in the system based on the type you specify. |
| Value | Specify the value of the parameter you selected. For example, select Created to specify the creation date of the samples for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which sample details are retrieved from VMRay. Choose from the following options: All: Retrieves details of all submissions in the system. ID: Retrieves details of submissions in the system based on the submission ID you specify. Created: Retrieves details of submissions in the system based on the date the submissions were created. Finish_Time: Retrieves details of submissions in the system based on the time VMRay completed analyses on the submission. Prescript: Retrieves details of submissions in the system based on the Prescript ID you specify. Priority: Retrieves details of submissions in the system based on the priority you specify. All submissions that are above or equal to the priority you specify are retrieved from the system. Sample: Retrieves details of submissions in the system based on the sample ID you specify. Type: Retrieves details of submissions in the system based on the type (API or WEB) you specify. Sample: Retrieves details of submissions in the system based on the user ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the samples for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which sample details are retrieved from VMRay. Choose from the following options: All: Retrieves details of all prescripts in the system. ID: Retrieves details of prescripts in the system based on the prescript ID you specify. Created: Retrieves details of prescripts in the system based on the date the prescripts were created. Filesize: Retrieves details of prescripts in the system based on the filesize (in bytes) you specify. All prescripts below the specified filesize are retrieved from the system. Md5: Retrieves details of prescripts in the system based on the MD hash you specify. Sha1: Retrieves details of prescripts in the system based on the SHA1 hash you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the samples for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which sample details are retrieved from VMRay. Choose from the following options: All: Retrieves details of all analyses in the system. ID: Retrieves details of analyses in the system based on the analyses ID you specify. Analyzer: Retrieves details of analyses in the system based on the analyzer ID you specify. Configuration: Retrieves details of analyses in the system based on the configuration ID you specify. Created: Retrieves details of analyses in the system based on the date the analyses were created. Job: Retrieves details of analyses in the system based on the job ID you specify. Jobrule: Retrieves details of analyses in the system based on the jobrule ID you specify. Job_Started: Retrieves details of analyses in the system based on the date the jobs were started. Prescript: Retrieves details of analyses in the system based on the prescript ID you specify. Result_Code: Retrieves details of analyses in the system based on the result code you specify. Sample: Retrieves details of analyses in the system based on the sample ID you specify. Size: Retrieves details of analyses in the system based on the size of the analysis archive you specify. Snapshot: Retrieves details of analyses in the system based on the snapshot ID you specify. Submission: Retrieves details of analyses in the system based on the submission ID you specify. User: Retrieves details of analyses in the system based on the User ID you specify. Vm: Retrieves details of analyses in the system based on the Virtual Machine (VM) ID you specify. Vmhost: Retrieves details of analyses in the system based on the VM Host ID you specify. Vti_Score: Retrieves details of analyses in the system that has the VTI score you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the samples for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which sample details are retrieved from VMRay. Choose from the following options: All: Retrieves details of all reputation lookups in the system. ID: Retrieves details of reputation lookup in the system based on the reputation lookup ID you specify. Created: Retrieves details of reputation lookups in the system based on the date the reputation lookup were created. Job: Retrieves details of reputation lookups in the system based on the job ID you specify. Result_Code: Retrieves details of reputation lookups in the system based on the result code you specify. Sample: Retrieves details of reputation lookups in the system based on the sample ID you specify. Severity: Retrieves details of reputation lookups in the system based on the severity you specify. All reputation lookups that are above or equal to the severity you specify are retrieved from the system. Submission: Retrieves details of reputation lookups in the system based on the submission ID you specify. User: Retrieves details of reputation lookups in the system based on the User ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the samples for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which MetaDefender analyses details are to be retrieved from VMRay. All: Retrieves details of all MetaDefender analyses in the system. ID: Retrieves details of MetaDefender analyses in the system based on the MetaDefender analysis ID you specify. Created: Retrieves details of MetaDefender analyses in the system based on the date MetaDefender analyses were created. Job: Retrieves details of MetaDefender analyses in the system based on the job ID you specify. Num_Positives: Retrieves details of MetaDefender analyses in the system, which are equal to the number you specify in Num_Positives. Num_Negatives: Retrieves details of MetaDefender analyses in the system, which are equal to the number you specify in Num_Negatives. Result_Code: Retrieves details of MetaDefender analyses in the system based on the result code you specify. Sample: Retrieves details of MetaDefender analyses in the system based on the sample ID you specify. Score: Retrieves details of MetaDefender analyses in the system with the score you specify. Submission: Retrieves details of MetaDefender analyses in the system based on the submission ID you specify. User: Retrieves details of MetaDefender analyses in the system based on the User ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the MetaDefender analyses for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | elect a parameter based on which VirusTotal analyses details are to be retrieved from VMRay. Choose from the following options: All: Retrieves details of all VirusTotal analyses in the system. ID: Retrieves details of VirusTotal analyses in the system based on the VirusTotal analysis ID you specify. Created: Retrieves details of VirusTotal analyses in the system based on the date VirusTotal analyses were created. Job: Retrieves details of VirusTotal analyses in the system based on the job ID you specify. Num_Positives: Retrieves details of VirusTotal analyses in the system, which are equal to the number you specify in Num_Positives. Num_Negatives: Retrieves details of VirusTotal analyses in the system, which are equal to the number you specify in Num_Negatives. Result_Code: Retrieves details of VirusTotal analyses in the system based on the result code you specify. Sample: Retrieves details of VirusTotal analyses in the system based on the sample ID you specify. Score: Retrieves details of VirusTotal analyses in the system with the score you specify. Submission: Retrieves details of VirusTotal analyses in the system based on the submission ID you specify. User: Retrieves details of VirusTotal analyses in the system based on the User ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the VirusTotal analyses for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which job analyses details are to be retrieved from VMRay. Choose from the following options: All: Retrieves details of all job analyses in the system. ID: Retrieves details of job analyses in the system based on the job ID you specify. Configuration: Retrieves details of job analyses in the system based on the configuration ID you specify. Created: Retrieves details of job analyses in the system based on the date job analyses were created. Jobrule: Retrieves details of job analyses in the system based on the jobrule ID you specify. Prescript: Retrieves details of job analyses in the system based on the prescript ID you specify. Priority: Retrieves details of job analyses in the system based on the priority you specify. All job analyses that are above or equal to the priority you specify are retrieved from the system. Sample: Retrieves details of job analyses in the system based on the sample ID you specify. Snapshot: Retrieves details of job analyses in the system based on the snapshot ID you specify. Status: Retrieves details of job analyses in the system with the status you specify. Statuschanged: Retrieves details of job analyses in the system with the Statuschanged you specify. Submission: Retrieves details of job analyses in the system based on the submission ID you specify. User: Retrieves details of job analyses in the system based on the User ID you specify. Vm: Retrieves details of job analyses in the system based on the VM ID you specify. Vmhost: Retrieves details of job analyses in the system based on the VM Host ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the job analyses for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which reputation job details are to be retrieved from VMRay. All: Retrieves details of all reputation jobs in the system. ID: Retrieves details of reputation jobs in the system based on the reputation job ID you specify. Created: Retrieves details of reputation jobs in the system based on the date reputation jobs were created. Priority: Retrieves details of reputation jobs in the system based on the priority you specify. All reputation jobs that are above or equal to the priority you specify are retrieved from the system. Sample: Retrieves details of reputation jobs in the system based on the sample ID you specify. Status: Retrieves details of reputation jobs in the system with the status you specify. Statuschanged: Retrieves details of reputation jobs in the system with the Statuschanged you specify. User: Retrieves details of reputation jobs in the system based on the User ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the reputation jobs for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which details of MetaDefender jobs are to retrieved from VMRay. Choose from the following options: All: Retrieves details of all MetaDefender jobs in the system. ID: Retrieves details of MetaDefender jobs in the system based on the MetaDefender job ID you specify. Created: Retrieves details of MetaDefender jobs in the system based on the date MetaDefender jobs were created. Priority: Retrieves details of MetaDefender jobs in the system based on the priority you specify. All MetaDefender jobs that are above or equal to the priority you specify are retrieved from the system. Sample: Retrieves details of MetaDefender jobs in the system based on the sample ID you specify. Status: Retrieves details of MetaDefender jobs in the system with the status you specify. Statuschanged: Retrieves details of MetaDefender jobs in the system with the Statuschanged you specify. User: Retrieves details of MetaDefender jobs in the system based on the User ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the MetaDefender jobs for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which details of VirusTotal jobs are to retrieved from VMRay. Choose from the following options: All: Retrieves details of all VirusTotal jobs in the system. ID: Retrieves details of VirusTotal jobs in the system based on the VirusTotal job ID you specify. Created: Retrieves details of VirusTotal jobs in the system based on the date MetaDefender jobs were created. Priority: Retrieves details of VirusTotal jobs in the system based on the priority you specify. All VirusTotal jobs that are above or equal to the priority you specify are retrieved from the system. Sample: Retrieves details of VirusTotal jobs in the system based on the sample ID you specify. Status: Retrieves details of VirusTotal jobs in the system with the status you specify. Statuschanged: Retrieves details of VirusTotal jobs in the system with the Statuschanged you specify. User: Retrieves details of VirusTotal jobs in the system based on the User ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the VirusTotal jobs for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which tag details are to be retrieved from VMRay. Choose from the following options: All: Retrieves details of all tags in the system. Name: Retrieves details of tags in the system based on the name of the tag you specify. |
| Value | Specify the value of the parameter you select. For example, select Name to specify the name of the tag for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
None.
The output contains the following populated JSON schema:
{
"data": {
"api_items_per_request": "",
"file_param_http_scheme_enabled": "",
"max_api_items": "",
"version": "",
"version_major": "",
"version_minor": "",
"version_revision": "",
"webif_alias": "",
"webif_base_url": "",
"webif_max_sample_size": "",
"webif_max_upload_size": ""
}
}| Parameter | Description |
|---|---|
| Parameters | Select ID as the parameter for the job to be deleted from VMRay. |
| Value | Specify the ID of the job that you want to delete from the VMRay. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select ID as the parameter for the submission to be deleted from VMRay. |
| Value | Specify the ID of the submission that you want to delete from the VMRay. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Analysis ID | Specify the ID of the analysis from which to retrieve the screenshots. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Sample ID | Specify the ID of the sample from which to retrieve the threat indicators. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Sample ID | Specify the ID of the sample to retrieve the Indicators of Compromise (IOCs). |
| All Artifacts | (Optional) Select this option to return all artifacts or only Indicators of Compromise (IOCs). |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Input Type | Select an input type (Analysis ID or Submission ID) to add the provided tag. Select one from the following options:
|
| Tag | Specify the tag that you want to add for the provided input. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Input Type | Select an input type (Analysis ID or Submission ID) from which to delete the provided tag. Select one from the following options:
|
| Tag | Specify the tag that you want to delete for the provided input. |
The output contains a non-dictionary value.
The Sample-VMRay-1.1.0 playbook collection comes bundled with the VMRay connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the VMRay connector.
Delete Job
Delete Submission
Get Analysis
Get Jobs
Get MetaDefender Analysis
Get MetaDefender Jobs
Get Prescripts
Get Reputation Jobs
Get Reputation Lookups
Get Samples
Get Submissions
Get System Information
Get Tags
Get VirusTotal Analysis
Get VirusTotal Jobs
Submit Sample
Submit Sample Url
Submit URL
Get Screenshots
Get Threat Indicators
Get IOCs
Add Tag
Delete Tag
NOTE
If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
VMRay provides a service that analyses suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
This document provides information about the VMRay connector, which facilitates automated interactions, with a VMRay Cloud Analyzer server using FortiSOAR™ playbooks. Add the VMRay connector as a step in FortiSOAR™ playbooks and perform automated operations, such as scanning and analyzing suspicious files and URLs and retrieving reports from VMRay for submitted sample files and domains.
Connector Version: 1.1.0
Authored By: Fortinet
Certified: No
Following enhancements have been made to the VMRay connector in version 1.1.0:
Added the following new operations and playbooks:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install the connector:
sudo yum install cyops-connector-vmrayFor the detailed procedure to install a connector, click here
You must have the URL of the VMRay Cloud Analyzer server to which you will connect and perform the automated operations and the API key to access that server.
To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the VMRay connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | URL of the VMRay Cloud Analyzer server to which you will connect and perform the automated operations. |
| API Key | API key configured for your account to access the VMRay Cloud Analyzer server. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is selected, i.e., set to true. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function | Description | Annotation and Category |
|---|---|---|
| Submit Sample | Scans and analyzes files that are submitted from the _Attachment_ module in FortiSOAR™ to VMRay to determine if they are suspicious. |
detonate_file Investigation |
| Submit Sample URL | Scans and analyzes files that are submitted from a web server to VMRay to determine if they are suspicious. | detonate_file Investigation |
| Submit URL | Scans and analyzes URLs that are submitted to VMRay to determine if they are suspicious. | detonate_url Investigation |
| Get Samples | Retrieves details of all samples in the system or retrieves details of samples based on the parameters you have specified. | get_samples Investigation |
| Get Submissions | Retrieves details of all submissions in the system or retrieves details of submissions based on the parameters you have specified. | get_submissions Investigation |
| Get Prescripts | Retrieves details of all prescripts in the system or retrieves details of prescripts based on the parameters you have specified. | get_prescripts Investigation |
| Get Analysis | Retrieves details of all analyses in the system or retrieves details of analyses based on the parameters you have specified. | get_analysis Investigation |
| Get Reputation Lookups | Retrieves details of all reputation lookups in the system or retrieves details of reputation lookups based on the parameters you have specified. | get_reputation_lookups Investigation |
| Get MetaDefender Analysis | Retrieves details of all MetaDefender analysis in the system or retrieves details of MetaDefender Analysis based on the parameters you have specified. | get_md_analysis Investigation |
| Get VirusTotal Analysis | Retrieves details of all VirusTotal analysis in the system or retrieves details of VirusTotal Analysis based on the parameters you have specified. | get_vt_analysis Investigation |
| Get Job Analysis | Retrieves details of all analyzer jobs in the system or retrieves details of analyzer jobs based on the parameters you have specified. | get_job Investigation |
| Get Reputation Jobs | Retrieves details of all reputation jobs in the system or retrieves details of reputation jobs based on the parameters you have specified. | get_reputation_jobs Investigation |
| Get MetaDefender Jobs | Retrieves details of all MetaDefender jobs in the system or retrieves details of MetaDefender jobs based on the parameters you have specified. | get_md_jobs Investigation |
| Get VirusTotal Jobs | Retrieves details of all VirusTotal jobs in the system or retrieves details of VirusTotal jobs based on the parameters you have specified. | get_vt_jobs Investigation |
| Get Tags | Retrieves details of all tags in the system or retrieves details of tags based on the parameters you have specified. | get_tags Investigation |
| Get System Information | Retrieves system-wide information, such as the VMRay Analyzer version of the running VMRay server. | get_system_info Investigation |
| Delete Job | Deletes the VMRay Analyzer job based on the job ID you have specified. | delete_job Investigation |
| Delete Submission | Deletes the VMRay Analyzer submission based on the submission ID you have specified. | delete_submission Investigation |
| Get Screenshots | Retrieves screenshots taken during a specific dynamic analysis. | get_screenshots Investigation |
| Get Threat Indicators | Retrieves screenshots taken during a specific dynamic analysis. | get_threat_indicators Investigation |
| Get IOCs | Retrieves Indicators of Compromise for a specified sample. | get_iocs Investigation |
| Add Tag | Adds a specified tag to the given ID of an analysis or submission. | add_tag Investigation |
| Delete Tag | Deletes the specified tag from the selected ID of the analysis or submission. | delete_tag Investigation |
| Parameter | Description |
|---|---|
| File IRI | Specify the IRI of the file present in FortiSOAR™'s Attachments module that you want to submit to VMRay for scanning and analysis. |
| Sample Type | (Optional) Select a sample type from the list of officially supported VMRay Analyzer sample types. |
| Sharable with VirusTotal and MetaDefender (MD) | (Optional) Select this option to share this file with VirusTotal and MetaDefender, i.e. send this file for submission to VirusTotal and MetaDefender. |
| Custom Jobrule | (Optional) Specify alternative jobrules for this submission by using the jobrule_entries parameter. By default, submitted files create new jobs according to the default jobrules of the sample type. |
| Reanalyze | (Optional) Select this option to create new jobs even when analyses already exist for this sample. |
| Max job | (Optional) Specify the maximum number of jobs that can be created by jobrules for this submission. In the case of an activated billing system, this parameter allows you to control the consumption of the quota of jobs. |
| Tags (Comma separated if multiple) | (Optional) Specify a comma-separated list of tags for this submission. |
The output contains the following populated JSON schema:
{
"data": {
"errors": [],
"jobs": [
{
"job_analyzer_id": "",
"job_analyzer_name": "",
"job_configuration_id": "",
"job_configuration_name": "",
"job_created": "",
"job_document_password": "",
"job_id": "",
"job_jobrule_id": "",
"job_jobrule_sampletype": "",
"job_parent_analysis_id": "",
"job_prescript_id": "",
"job_priority": "",
"job_reputation_job_id": "",
"job_sample_id": "",
"job_sample_md5": "",
"job_sample_sha1": "",
"job_sample_sha256": "",
"job_snapshot_id": "",
"job_snapshot_name": "",
"job_status": "",
"job_statuschanged": "",
"job_submission_id": "",
"job_tracking_state": "",
"job_type": "",
"job_user_email": "",
"job_user_id": "",
"job_vm_id": "",
"job_vm_name": "",
"job_vmhost_id": "",
"job_vminstance_num": "",
"job_vnc_token": ""
}
],
"md_jobs": [
{
"md_job_created": "",
"md_job_id": "",
"md_job_priority": "",
"md_job_reputation_job_id": "",
"md_job_sample_id": "",
"md_job_sample_md5": "",
"md_job_sample_sha1": "",
"md_job_sample_sha256": "",
"md_job_status": "",
"md_job_statuschanged": "",
"md_job_submission_id": "",
"md_job_user_email": "",
"md_job_user_id": ""
}
],
"reputation_jobs": [
{
"reputation_job_created": "",
"reputation_job_id": "",
"reputation_job_priority": "",
"reputation_job_sample_id": "",
"reputation_job_sample_md5": "",
"reputation_job_sample_sha1": "",
"reputation_job_sample_sha256": "",
"reputation_job_status": "",
"reputation_job_statuschanged": "",
"reputation_job_submission_id": "",
"reputation_job_user_email": "",
"reputation_job_user_id": ""
}
],
"samples": [
{
"sample_created": "",
"sample_filename": "",
"sample_filesize": "",
"sample_id": "",
"sample_is_multipart": "",
"sample_md5hash": "",
"sample_priority": "",
"sample_sha1hash": "",
"sample_sha256hash": "",
"sample_type": "",
"sample_url": "",
"sample_webif_url": "",
"submission_filename": ""
}
],
"submissions": [
{
"submission_comment": "",
"submission_created": "",
"submission_document_password": "",
"submission_filename": "",
"submission_finish_time": "",
"submission_finished": "",
"submission_has_errors": "",
"submission_id": "",
"submission_ip_id": "",
"submission_ip_ip": "",
"submission_original_filename": "",
"submission_prescript_id": "",
"submission_priority": "",
"submission_reputation_mode": "",
"submission_sample_id": "",
"submission_sample_md5": "",
"submission_sample_sha1": "",
"submission_sample_sha256": "",
"submission_shareable": "",
"submission_tags": [],
"submission_triage_error_handling": "",
"submission_type": "",
"submission_user_email": "",
"submission_user_id": "",
"submission_webif_url": ""
}
],
"vt_jobs": [
{
"vt_job_created": "",
"vt_job_id": "",
"vt_job_priority": "",
"vt_job_reputation_job_id": "",
"vt_job_sample_id": "",
"vt_job_sample_md5": "",
"vt_job_sample_sha1": "",
"vt_job_sample_sha256": "",
"vt_job_status": "",
"vt_job_statuschanged": "",
"vt_job_submission_id": "",
"vt_job_user_email": "",
"vt_job_user_id": ""
}
]
}
}Note: Only the Sample Url parameter is mandatory.
| Parameter | Description |
|---|---|
| Sample Url | Specify the file name present on a web server to submit to VMRay for scanning and analysis. |
| Sample Type | (Optional) Select a sample type from the list of officially supported VMRay Analyzer sample types. |
| Sharable with VirusTotal and MetaDefender (MD) | (Optional) Select this option to share this file with VirusTotal and MetaDefender, i.e. send this file for submission to VirusTotal and MetaDefender. |
| Custom Jobrule | (Optional) Specify alternative jobrules for this submission by using the jobrule_entries parameter. By default, submitted files create new jobs according to the default jobrules of the sample type. |
| Reanalyze | (Optional) Select this option to create new jobs even when analyses already exist for this sample. |
| Max job | (Optional) Specify the maximum number of jobs that can be created by jobrules for this submission. In the case of an activated billing system, this parameter allows you to control the consumption of the quota of jobs. |
| Tags (Comma separated if multiple) | (Optional) Specify a comma-separated list of tags for this submission. |
The output contains the following populated JSON schema:
{
"data": {
"errors": [],
"jobs": [
{
"job_analyzer_id": "",
"job_analyzer_name": "",
"job_configuration_id": "",
"job_configuration_name": "",
"job_created": "",
"job_document_password": "",
"job_id": "",
"job_jobrule_id": "",
"job_jobrule_sampletype": "",
"job_parent_analysis_id": "",
"job_prescript_id": "",
"job_priority": "",
"job_reputation_job_id": "",
"job_sample_id": "",
"job_sample_md5": "",
"job_sample_sha1": "",
"job_sample_sha256": "",
"job_snapshot_id": "",
"job_snapshot_name": "",
"job_status": "",
"job_statuschanged": "",
"job_submission_id": "",
"job_tracking_state": "",
"job_type": "",
"job_user_email": "",
"job_user_id": "",
"job_vm_id": "",
"job_vm_name": "",
"job_vmhost_id": "",
"job_vminstance_num": "",
"job_vnc_token": ""
}
],
"md_jobs": [
{
"md_job_created": "",
"md_job_id": "",
"md_job_priority": "",
"md_job_reputation_job_id": "",
"md_job_sample_id": "",
"md_job_sample_md5": "",
"md_job_sample_sha1": "",
"md_job_sample_sha256": "",
"md_job_status": "",
"md_job_statuschanged": "",
"md_job_submission_id": "",
"md_job_user_email": "",
"md_job_user_id": ""
}
],
"reputation_jobs": [
{
"reputation_job_created": "",
"reputation_job_id": "",
"reputation_job_priority": "",
"reputation_job_sample_id": "",
"reputation_job_sample_md5": "",
"reputation_job_sample_sha1": "",
"reputation_job_sample_sha256": "",
"reputation_job_status": "",
"reputation_job_statuschanged": "",
"reputation_job_submission_id": "",
"reputation_job_user_email": "",
"reputation_job_user_id": ""
}
],
"samples": [
{
"sample_created": "",
"sample_filename": "",
"sample_filesize": "",
"sample_id": "",
"sample_is_multipart": "",
"sample_md5hash": "",
"sample_priority": "",
"sample_sha1hash": "",
"sample_sha256hash": "",
"sample_type": "",
"sample_url": "",
"sample_webif_url": "",
"submission_filename": ""
}
],
"submissions": [
{
"submission_comment": "",
"submission_created": "",
"submission_document_password": "",
"submission_filename": "",
"submission_finish_time": "",
"submission_finished": "",
"submission_has_errors": "",
"submission_id": "",
"submission_ip_id": "",
"submission_ip_ip": "",
"submission_original_filename": "",
"submission_prescript_id": "",
"submission_priority": "",
"submission_reputation_mode": "",
"submission_sample_id": "",
"submission_sample_md5": "",
"submission_sample_sha1": "",
"submission_sample_sha256": "",
"submission_shareable": "",
"submission_tags": [],
"submission_triage_error_handling": "",
"submission_type": "",
"submission_user_email": "",
"submission_user_id": "",
"submission_webif_url": ""
}
],
"vt_jobs": [
{
"vt_job_created": "",
"vt_job_id": "",
"vt_job_priority": "",
"vt_job_reputation_job_id": "",
"vt_job_sample_id": "",
"vt_job_sample_md5": "",
"vt_job_sample_sha1": "",
"vt_job_sample_sha256": "",
"vt_job_status": "",
"vt_job_statuschanged": "",
"vt_job_submission_id": "",
"vt_job_user_email": "",
"vt_job_user_id": ""
}
]
}
}| Parameter | Description |
|---|---|
| URL | Specify the URL to submit to VMRay for scanning and analysis. |
The output contains the following populated JSON schema:
{
"data": {
"errors": [],
"jobs": [
{
"job_analyzer_id": "",
"job_analyzer_name": "",
"job_configuration_id": "",
"job_configuration_name": "",
"job_created": "",
"job_document_password": "",
"job_id": "",
"job_jobrule_id": "",
"job_jobrule_sampletype": "",
"job_parent_analysis_id": "",
"job_prescript_id": "",
"job_priority": "",
"job_reputation_job_id": "",
"job_sample_id": "",
"job_sample_md5": "",
"job_sample_sha1": "",
"job_sample_sha256": "",
"job_snapshot_id": "",
"job_snapshot_name": "",
"job_status": "",
"job_statuschanged": "",
"job_submission_id": "",
"job_tracking_state": "",
"job_type": "",
"job_user_email": "",
"job_user_id": "",
"job_vm_id": "",
"job_vm_name": "",
"job_vmhost_id": "",
"job_vminstance_num": "",
"job_vnc_token": ""
}
],
"md_jobs": [
{
"md_job_created": "",
"md_job_id": "",
"md_job_priority": "",
"md_job_reputation_job_id": "",
"md_job_sample_id": "",
"md_job_sample_md5": "",
"md_job_sample_sha1": "",
"md_job_sample_sha256": "",
"md_job_status": "",
"md_job_statuschanged": "",
"md_job_submission_id": "",
"md_job_user_email": "",
"md_job_user_id": ""
}
],
"reputation_jobs": [
{
"reputation_job_created": "",
"reputation_job_id": "",
"reputation_job_priority": "",
"reputation_job_sample_id": "",
"reputation_job_sample_md5": "",
"reputation_job_sample_sha1": "",
"reputation_job_sample_sha256": "",
"reputation_job_status": "",
"reputation_job_statuschanged": "",
"reputation_job_submission_id": "",
"reputation_job_user_email": "",
"reputation_job_user_id": ""
}
],
"samples": [
{
"sample_created": "",
"sample_filename": "",
"sample_filesize": "",
"sample_id": "",
"sample_is_multipart": "",
"sample_md5hash": "",
"sample_priority": "",
"sample_sha1hash": "",
"sample_sha256hash": "",
"sample_type": "",
"sample_url": "",
"sample_webif_url": "",
"submission_filename": ""
}
],
"submissions": [
{
"submission_comment": "",
"submission_created": "",
"submission_document_password": "",
"submission_filename": "",
"submission_finish_time": "",
"submission_finished": "",
"submission_has_errors": "",
"submission_id": "",
"submission_ip_id": "",
"submission_ip_ip": "",
"submission_original_filename": "",
"submission_prescript_id": "",
"submission_priority": "",
"submission_reputation_mode": "",
"submission_sample_id": "",
"submission_sample_md5": "",
"submission_sample_sha1": "",
"submission_sample_sha256": "",
"submission_shareable": "",
"submission_tags": [],
"submission_triage_error_handling": "",
"submission_type": "",
"submission_user_email": "",
"submission_user_id": "",
"submission_webif_url": ""
}
],
"vt_jobs": [
{
"vt_job_created": "",
"vt_job_id": "",
"vt_job_priority": "",
"vt_job_reputation_job_id": "",
"vt_job_sample_id": "",
"vt_job_sample_md5": "",
"vt_job_sample_sha1": "",
"vt_job_sample_sha256": "",
"vt_job_status": "",
"vt_job_statuschanged": "",
"vt_job_submission_id": "",
"vt_job_user_email": "",
"vt_job_user_id": ""
}
]
}
}| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which sample details are retrieved from VMRay. Choose from the following options: All: Retrieves details of all samples in the system. ID: Retrieves details of samples in the system based on the sample ID you specify. Created: Retrieves details of samples in the system based on the date the samples were created. Filesize: Retrieves details of samples in the system based on the filesize (in bytes) you specify. All samples below the specified filesize are retrieved from the system. Md5: Retrieves details of samples in the system based on the MD hash you specify. Sha1: Retrieves details of samples in the system based on the SHA1 hash you specify. Sha256: Retrieves details of samples in the system based on the SHA256 hash you specify. Type: Retrieves details of samples in the system based on the type you specify. |
| Value | Specify the value of the parameter you selected. For example, select Created to specify the creation date of the samples for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which sample details are retrieved from VMRay. Choose from the following options: All: Retrieves details of all submissions in the system. ID: Retrieves details of submissions in the system based on the submission ID you specify. Created: Retrieves details of submissions in the system based on the date the submissions were created. Finish_Time: Retrieves details of submissions in the system based on the time VMRay completed analyses on the submission. Prescript: Retrieves details of submissions in the system based on the Prescript ID you specify. Priority: Retrieves details of submissions in the system based on the priority you specify. All submissions that are above or equal to the priority you specify are retrieved from the system. Sample: Retrieves details of submissions in the system based on the sample ID you specify. Type: Retrieves details of submissions in the system based on the type (API or WEB) you specify. Sample: Retrieves details of submissions in the system based on the user ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the samples for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which sample details are retrieved from VMRay. Choose from the following options: All: Retrieves details of all prescripts in the system. ID: Retrieves details of prescripts in the system based on the prescript ID you specify. Created: Retrieves details of prescripts in the system based on the date the prescripts were created. Filesize: Retrieves details of prescripts in the system based on the filesize (in bytes) you specify. All prescripts below the specified filesize are retrieved from the system. Md5: Retrieves details of prescripts in the system based on the MD hash you specify. Sha1: Retrieves details of prescripts in the system based on the SHA1 hash you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the samples for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which sample details are retrieved from VMRay. Choose from the following options: All: Retrieves details of all analyses in the system. ID: Retrieves details of analyses in the system based on the analyses ID you specify. Analyzer: Retrieves details of analyses in the system based on the analyzer ID you specify. Configuration: Retrieves details of analyses in the system based on the configuration ID you specify. Created: Retrieves details of analyses in the system based on the date the analyses were created. Job: Retrieves details of analyses in the system based on the job ID you specify. Jobrule: Retrieves details of analyses in the system based on the jobrule ID you specify. Job_Started: Retrieves details of analyses in the system based on the date the jobs were started. Prescript: Retrieves details of analyses in the system based on the prescript ID you specify. Result_Code: Retrieves details of analyses in the system based on the result code you specify. Sample: Retrieves details of analyses in the system based on the sample ID you specify. Size: Retrieves details of analyses in the system based on the size of the analysis archive you specify. Snapshot: Retrieves details of analyses in the system based on the snapshot ID you specify. Submission: Retrieves details of analyses in the system based on the submission ID you specify. User: Retrieves details of analyses in the system based on the User ID you specify. Vm: Retrieves details of analyses in the system based on the Virtual Machine (VM) ID you specify. Vmhost: Retrieves details of analyses in the system based on the VM Host ID you specify. Vti_Score: Retrieves details of analyses in the system that has the VTI score you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the samples for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which sample details are retrieved from VMRay. Choose from the following options: All: Retrieves details of all reputation lookups in the system. ID: Retrieves details of reputation lookup in the system based on the reputation lookup ID you specify. Created: Retrieves details of reputation lookups in the system based on the date the reputation lookup were created. Job: Retrieves details of reputation lookups in the system based on the job ID you specify. Result_Code: Retrieves details of reputation lookups in the system based on the result code you specify. Sample: Retrieves details of reputation lookups in the system based on the sample ID you specify. Severity: Retrieves details of reputation lookups in the system based on the severity you specify. All reputation lookups that are above or equal to the severity you specify are retrieved from the system. Submission: Retrieves details of reputation lookups in the system based on the submission ID you specify. User: Retrieves details of reputation lookups in the system based on the User ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the samples for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which MetaDefender analyses details are to be retrieved from VMRay. All: Retrieves details of all MetaDefender analyses in the system. ID: Retrieves details of MetaDefender analyses in the system based on the MetaDefender analysis ID you specify. Created: Retrieves details of MetaDefender analyses in the system based on the date MetaDefender analyses were created. Job: Retrieves details of MetaDefender analyses in the system based on the job ID you specify. Num_Positives: Retrieves details of MetaDefender analyses in the system, which are equal to the number you specify in Num_Positives. Num_Negatives: Retrieves details of MetaDefender analyses in the system, which are equal to the number you specify in Num_Negatives. Result_Code: Retrieves details of MetaDefender analyses in the system based on the result code you specify. Sample: Retrieves details of MetaDefender analyses in the system based on the sample ID you specify. Score: Retrieves details of MetaDefender analyses in the system with the score you specify. Submission: Retrieves details of MetaDefender analyses in the system based on the submission ID you specify. User: Retrieves details of MetaDefender analyses in the system based on the User ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the MetaDefender analyses for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | elect a parameter based on which VirusTotal analyses details are to be retrieved from VMRay. Choose from the following options: All: Retrieves details of all VirusTotal analyses in the system. ID: Retrieves details of VirusTotal analyses in the system based on the VirusTotal analysis ID you specify. Created: Retrieves details of VirusTotal analyses in the system based on the date VirusTotal analyses were created. Job: Retrieves details of VirusTotal analyses in the system based on the job ID you specify. Num_Positives: Retrieves details of VirusTotal analyses in the system, which are equal to the number you specify in Num_Positives. Num_Negatives: Retrieves details of VirusTotal analyses in the system, which are equal to the number you specify in Num_Negatives. Result_Code: Retrieves details of VirusTotal analyses in the system based on the result code you specify. Sample: Retrieves details of VirusTotal analyses in the system based on the sample ID you specify. Score: Retrieves details of VirusTotal analyses in the system with the score you specify. Submission: Retrieves details of VirusTotal analyses in the system based on the submission ID you specify. User: Retrieves details of VirusTotal analyses in the system based on the User ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the VirusTotal analyses for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which job analyses details are to be retrieved from VMRay. Choose from the following options: All: Retrieves details of all job analyses in the system. ID: Retrieves details of job analyses in the system based on the job ID you specify. Configuration: Retrieves details of job analyses in the system based on the configuration ID you specify. Created: Retrieves details of job analyses in the system based on the date job analyses were created. Jobrule: Retrieves details of job analyses in the system based on the jobrule ID you specify. Prescript: Retrieves details of job analyses in the system based on the prescript ID you specify. Priority: Retrieves details of job analyses in the system based on the priority you specify. All job analyses that are above or equal to the priority you specify are retrieved from the system. Sample: Retrieves details of job analyses in the system based on the sample ID you specify. Snapshot: Retrieves details of job analyses in the system based on the snapshot ID you specify. Status: Retrieves details of job analyses in the system with the status you specify. Statuschanged: Retrieves details of job analyses in the system with the Statuschanged you specify. Submission: Retrieves details of job analyses in the system based on the submission ID you specify. User: Retrieves details of job analyses in the system based on the User ID you specify. Vm: Retrieves details of job analyses in the system based on the VM ID you specify. Vmhost: Retrieves details of job analyses in the system based on the VM Host ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the job analyses for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which reputation job details are to be retrieved from VMRay. All: Retrieves details of all reputation jobs in the system. ID: Retrieves details of reputation jobs in the system based on the reputation job ID you specify. Created: Retrieves details of reputation jobs in the system based on the date reputation jobs were created. Priority: Retrieves details of reputation jobs in the system based on the priority you specify. All reputation jobs that are above or equal to the priority you specify are retrieved from the system. Sample: Retrieves details of reputation jobs in the system based on the sample ID you specify. Status: Retrieves details of reputation jobs in the system with the status you specify. Statuschanged: Retrieves details of reputation jobs in the system with the Statuschanged you specify. User: Retrieves details of reputation jobs in the system based on the User ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the reputation jobs for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which details of MetaDefender jobs are to retrieved from VMRay. Choose from the following options: All: Retrieves details of all MetaDefender jobs in the system. ID: Retrieves details of MetaDefender jobs in the system based on the MetaDefender job ID you specify. Created: Retrieves details of MetaDefender jobs in the system based on the date MetaDefender jobs were created. Priority: Retrieves details of MetaDefender jobs in the system based on the priority you specify. All MetaDefender jobs that are above or equal to the priority you specify are retrieved from the system. Sample: Retrieves details of MetaDefender jobs in the system based on the sample ID you specify. Status: Retrieves details of MetaDefender jobs in the system with the status you specify. Statuschanged: Retrieves details of MetaDefender jobs in the system with the Statuschanged you specify. User: Retrieves details of MetaDefender jobs in the system based on the User ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the MetaDefender jobs for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which details of VirusTotal jobs are to retrieved from VMRay. Choose from the following options: All: Retrieves details of all VirusTotal jobs in the system. ID: Retrieves details of VirusTotal jobs in the system based on the VirusTotal job ID you specify. Created: Retrieves details of VirusTotal jobs in the system based on the date MetaDefender jobs were created. Priority: Retrieves details of VirusTotal jobs in the system based on the priority you specify. All VirusTotal jobs that are above or equal to the priority you specify are retrieved from the system. Sample: Retrieves details of VirusTotal jobs in the system based on the sample ID you specify. Status: Retrieves details of VirusTotal jobs in the system with the status you specify. Statuschanged: Retrieves details of VirusTotal jobs in the system with the Statuschanged you specify. User: Retrieves details of VirusTotal jobs in the system based on the User ID you specify. |
| Value | Specify the value of the parameter you select. For example, select Created to specify the creation date of the VirusTotal jobs for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select a parameter based on which tag details are to be retrieved from VMRay. Choose from the following options: All: Retrieves details of all tags in the system. Name: Retrieves details of tags in the system based on the name of the tag you specify. |
| Value | Specify the value of the parameter you select. For example, select Name to specify the name of the tag for which you want to retrieve details from VMRay. Note: If you specify All then you do not have to specify a value. |
No output schema is available at this time.
None.
The output contains the following populated JSON schema:
{
"data": {
"api_items_per_request": "",
"file_param_http_scheme_enabled": "",
"max_api_items": "",
"version": "",
"version_major": "",
"version_minor": "",
"version_revision": "",
"webif_alias": "",
"webif_base_url": "",
"webif_max_sample_size": "",
"webif_max_upload_size": ""
}
}| Parameter | Description |
|---|---|
| Parameters | Select ID as the parameter for the job to be deleted from VMRay. |
| Value | Specify the ID of the job that you want to delete from the VMRay. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Parameters | Select ID as the parameter for the submission to be deleted from VMRay. |
| Value | Specify the ID of the submission that you want to delete from the VMRay. |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Analysis ID | Specify the ID of the analysis from which to retrieve the screenshots. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Sample ID | Specify the ID of the sample from which to retrieve the threat indicators. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Sample ID | Specify the ID of the sample to retrieve the Indicators of Compromise (IOCs). |
| All Artifacts | (Optional) Select this option to return all artifacts or only Indicators of Compromise (IOCs). |
No output schema is available at this time.
| Parameter | Description |
|---|---|
| Input Type | Select an input type (Analysis ID or Submission ID) to add the provided tag. Select one from the following options:
|
| Tag | Specify the tag that you want to add for the provided input. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Input Type | Select an input type (Analysis ID or Submission ID) from which to delete the provided tag. Select one from the following options:
|
| Tag | Specify the tag that you want to delete for the provided input. |
The output contains a non-dictionary value.
The Sample-VMRay-1.1.0 playbook collection comes bundled with the VMRay connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the VMRay connector.
Delete Job
Delete Submission
Get Analysis
Get Jobs
Get MetaDefender Analysis
Get MetaDefender Jobs
Get Prescripts
Get Reputation Jobs
Get Reputation Lookups
Get Samples
Get Submissions
Get System Information
Get Tags
Get VirusTotal Analysis
Get VirusTotal Jobs
Submit Sample
Submit Sample Url
Submit URL
Get Screenshots
Get Threat Indicators
Get IOCs
Add Tag
Delete Tag
NOTE
If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.