About the connector
Hybrid Analysis provides a malware analysis service that allows users to automate the analysis of files and URLs for potential threats. This connector facilitates automated operations such as retrieving analysis reports, environment details, submitting files, submitting URLs, etc.
This document provides information about the Hybrid Analysis Connector, which facilitates automated interactions, with a Hybrid Analysis server using FortiSOAR™ playbooks. Add the Hybrid Analysis Connector as a step in FortiSOAR™ playbooks and perform automated operations with Hybrid Analysis.
Version information
Connector Version: 2.0.1
FortiSOAR™ Version Tested on: 7.5.0-4015
Hybrid Analysis Version Tested on: v2
Authored By: Fortinet
Certified: Yes
Release Notes for version 2.0.1
Following enhancements have been made to the Hybrid Analysis Connector in version 2.0.1:
- Renamed the Attachment ID parameter to Attachment/Indicator ID for the action Submit File.
- The action Submit File has a new parameter Network Settings.
- The action Submit URL has following new parameters:
- Network Settings
- Custom CMD Line Pass to the Analysis File
- Submit Name
- Document Password
- The action Advanced Search has following new parameters:
- Environment ID
- Start DateTime
- End DateTime
- Uses Tactic
- Uses Technique
- The action Quick Scan URL has following new parameters:
- The action Submit File now works for Indicator module as well.
- Following parameters have been removed from the actions Submit File and Submit URL:
- Do Not Share with Third Party?
- Do Not Lookup with Hash?
- Enabled TOR Analysis?
- Offline Analysis
- The parameter Properties File with VxStream Directives has been removed from the action Submit File.
- Output schemas updated for the following actions:
- Get Analysis Report
- Quick Scan URL
- Following parameters have been removed from the action Quick Scan URL:
- Do Not Share with Third Party?
- Allow Community Access?
Installing the connector
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-hybrid-analysis
Prerequisites to configuring the connector
- You must have the URL of the Hybrid Analysis server to which you will connect and perform the automated operations.
- You must have the API key used to access the Hybrid Analysis endpoint.
- The FortiSOAR™ server should have outbound connectivity to port 443 on the Hybrid Analysis server.
Minimum Permissions Required
Configuring the connector
For the procedure to configure a connector, click here
Configuration parameters
In FortiSOAR™, on the Connectors page, click the Hybrid Analysis connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter |
Description |
| Server URL |
URL of the Hybrid Analysis server to which you will connect and perform the automated operations. |
| API Key |
API key that is configured for your account to access the Hybrid Analysis endpoint. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified.
By default, this option is set to True. |
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations:
| Function |
Description |
Annotation and Category |
| Get Analysis Report for Multiple HashCodes |
Retrieves the analysis report summary from the Hybrid Analysis server for multiple MD5/SHA1/SHA256 hash codes you have specified. |
get_analysis_report_for_multiple_hashcodes
Investigation |
| Get Environment |
Retrieves all the sandbox information from the Hybrid Analysis server. |
get_environment
Investigation |
| Submit File |
Submits a file from the FortiSOAR™ Attachments/Indicators module to the Hybrid Analysis server for analysis. |
detonate_file
Investigation |
| Submit URL |
Submits a URL to the Hybrid Analysis server for analysis. |
submit_url
Investigation |
| Quick Scan URL |
Submits a URL to the Hybrid Analysis server for a Quick Scan. You can query the Hybrid Analysis server again, in a few minutes, to check the results of the scan. |
url_quick_scan
Investigation |
| Get Analysis Report |
Retrieves all the analysis details from the Hybrid Analysis server for a submitted file, based on the input parameters you specify. |
get_analysis_report
Investigation |
| Advanced Search |
Retrieves all the reports from the Hybrid Analysis server that match the input parameters you specify. |
search_query
Investigation |
| Get Files Dropped by Sample |
Retrieves all the details of the dropped file from the Hybrid Analysis server and adds the file to the FortiSOAR™ Attachments module. You specify the sample for which you want to retrieve dropped files, based on the input parameters you have specified. |
get_file
Investigation |
| Get Sample Screenshot |
Retrieves screenshots of specified submitted samples that are captured during analysis from the Hybrid Analysis server. You specify the sample for which you want to retrieve screenshots based on the input parameters you have specified. You can optionally also add the screenshots to the FortiSOAR™ Attachments module. |
get_sample_screenshots
Investigation |
| Get Submission State |
Retrieves the state of a submitted file from the Hybrid Analysis server, based on the input parameters you have specified. |
get_submitted_sample_state
Investigation |
| Get Latest Analysis Reports |
Retrieves a list of reports from the Hybrid Analysis server. |
get_latest_analysis_reports
Investigation |
| Get API Quota |
Retrieves details of the API quota for the specified user account from the Hybrid Analysis server. |
get_api_quota
Investigation |
operation: Get Analysis Report for Multiple HashCodes
Input parameters
| Parameter |
Description |
| Hash Codes |
Specify the hash codes in the MD5, SHA256, or SHA1 format whose summary you want to retrieve from the Hybrid Analysis server. You can specify multiple hash codes as comma-separated values. |
Output
The output contains the following populated JSON schema:
[
{
"job_id": "",
"environment_id": "",
"environment_description": "",
"size": "",
"type": "",
"type_short": [],
"target_url": "",
"state": "",
"error_type": "",
"error_origin": "",
"submit_name": "",
"md5": "",
"sha1": "",
"sha256": "",
"sha512": "",
"ssdeep": "",
"imphash": "",
"av_detect": "",
"vx_family": "",
"url_analysis": "",
"analysis_start_time": "",
"threat_score": "",
"interesting": "",
"threat_level": "",
"verdict": "",
"certificates": [],
"domains": [],
"classification_tags": [],
"compromised_hosts": [],
"hosts": [],
"total_network_connections": "",
"total_processes": "",
"total_signatures": "",
"extracted_files": [],
"file_metadata": "",
"processes": [],
"tags": [],
"mitre_attcks": [],
"submissions": [
{
"submission_id": "",
"filename": "",
"url": "",
"created_at": ""
}
],
"network_mode": "",
"machine_learning_models": []
}
]
operation: Get Environment
Input parameters
None.
Output
The output contains the following populated JSON schema:
[
{
"id": "",
"environment_id": "",
"description": "",
"group_icon": "",
"architecture": "",
"analysis_mode": "",
"virtual_machines": [],
"total_virtual_machines": "",
"busy_virtual_machines": "",
"invalid_virtual_machines": ""
}
]
operation: Submit File
Input parameters
| Parameter |
Description |
| Attachment/Indicator ID |
Specify the ID of the file that you want to submit to the Hybrid Analysis server. The ID is used to access the file from FortiSOAR™'s Attachments or Indicators module. |
| Environment ID |
Specify the ID of the environment in which the file is to be run.
For example, 300 for Linux (Ubuntu 16.04, 64 bit) or 200 for Android Static Analysis.
Following are available environment IDs:
400: Mac Catalina 64 bit (x86)310: Linux (Ubuntu 20.04, 64 bit)300: Linux (Ubuntu 16.04, 64 bit)200: Android Static Analysis160: Windows 10 64 bit140: Windows 11 64 bit120: Windows 7 64 bit110: Windows 7 32 bit (HWP Support)100: Windows 7 32 bit
|
| Priority |
The priority value of the sample. By default, the priority is set to 0. Minimum permissible value is 0 and maximum is 100. |
| Action Script |
(Optional) Select a custom runtime action script. You can select one of the following custom runtime action scripts:
- Default
- Default Maximum Antievasion
- Default Random Files
- Default Random Theme
- Default Openie
|
| Network Settings |
(Optional) Select a network setting. You can select from one of the following options:
|
| Required Memory Dump? |
Select this option, i.e set it to false to avoid memory analysis dumps. By default, this is set to true. |
| Experimental Anti-Evasion? |
Select this option, i.e set it to true, to enable all the experimental anti-evasion options of the kernel mode monitor. By default, this is set to false. |
| Set the IN-Depth Script Logging |
Select this option, i.e set it to true, to enable the in-depth script logging engine of the kernel mode monitor. By default, this is set to false. |
| Allow Sample Tampering |
Select this option, i.e set it to true, to enable the experimental anti-evasion options of the kernel mode monitor that tampers with the input sample. By default, this is set to false. |
| Email Notification |
(Optional) Specify the email Address with the file submitted for submission. This email address is used for notification purposes. |
| Comment |
(Optional) Specify a comment to add when submitting the file. |
| Custom Date Time for the Analysis System |
(Optional) Specify a custom date and time to set for the analysis system. |
| Custom CMD Line Pass to the Analysis File |
(Optional) Specify the custom command line to pass to the analysis file. |
| Custom Run Time |
(Optional) Specify the runtime duration in seconds.
NOTE: Time should be between 30 to 360 sec.
|
| Submit Name |
(Optional) Specify the name of the submitted file. The Submission Name field is used for file type detection and analysis. |
| Document Password |
(Optional) Specify the password of the document to fill in Adobe or Office password prompts. |
| Environment Variable (Format name=value) |
(Optional) Specify the system environment value. You must provide this value in the name=value format. |
Output
The output contains the following populated JSON schema:
{
"job_id": "",
"environment_id": "",
"submission_id": "",
"sha256": ""
}
operation: Submit URL
Input parameters
| Parameter |
Description |
| URL |
Specify the URL that you want to submit to the Hybrid Analysis server. |
| Environment ID |
Specify the ID of the environment in which the URL is to be run.
For example, 300 for Linux (Ubuntu 16.04, 64 bit) or 200 for Android Static Analysis.
Following are available environment IDs:
400: Mac Catalina 64 bit (x86)310: Linux (Ubuntu 20.04, 64 bit)300: Linux (Ubuntu 16.04, 64 bit)200: Android Static Analysis160: Windows 10 64 bit140: Windows 11 64 bit120: Windows 7 64 bit110: Windows 7 32 bit (HWP Support)100: Windows 7 32 bit
|
| Priority |
(Optional) Specify the priority value of the sample URL. By default, all URL samples are set to run with the highest priority i.e., 100. Minimum permissible value is 1 and maximum is 100. |
| Action Script |
(Optional) Select a custom runtime action script. You can select one of the following custom runtime action scripts:
- Default
- Default Maximum Antievasion
- Default Random Files
- Default Random Theme
- Default Openie
|
| Required Memory Dump? |
Select this option, i.e set it to false to avoid memory analysis dumps. By default, this is set to true. |
| Experimental Anti-Evasion? |
Select this option, i.e set it to true, to enable all the experimental anti-evasion options of the kernel mode monitor. By default, this is set to false. |
| Set the IN-Depth Script Logging |
Select this option, i.e set it to true, to enable the in-depth script logging engine of the kernel mode monitor. By default, this is set to false. |
| Allow Sample Tampering |
Select this option, i.e set it to true, to enable the experimental anti-evasion options of the kernel mode monitor that tampers with the input sample. By default, this is set to false. |
| Network Settings |
(Optional) Select a network setting. You can select from one of the following options:
|
| Email Notification |
(Optional) Specify the email Address with the URL submitted for submission. This email address is used for notification purposes. |
| Comment |
(Optional) Specify a comment to add when submitting the file. |
| Custom Date Time for the Analysis System |
(Optional) Specify a custom date and time to set for the analysis system. |
| Custom CMD Line Pass to the Analysis File |
(Optional) Specify the custom command line to pass to the analysis file. |
| Custom Run Time |
(Optional) Specify the runtime duration in seconds.
NOTE: Time should be between 30 to 360 sec.
|
| Submit Name |
(Optional) Specify the name of the submitted file. The Submission Name field is used for file type detection and analysis. |
| Document Password |
(Optional) Specify the password of the document to fill in Adobe or Office password prompts. |
| Environment Variable (Format name=value) |
(Optional) Specify the system environment value. You must provide this value in the name=value format. |
Output
The output contains the following populated JSON schema:
{
"submission_type": "",
"job_id": "",
"submission_id": "",
"environment_id": "",
"sha256": ""
}
operation: Quick Scan URL
Input parameters
| Parameter |
Description |
| URL |
Specify the URL that you want to scan in Hybrid Analysis server for analyzes. |
| Comment |
(Optional) Specify a comment that you want to add when submitting the file. |
| Submit Name |
(Optional) Specify the name of the submitted file. The Submission Name field is used for file type detection and analysis. |
Output
The output contains the following populated JSON schema:
{
"id": "",
"sha256": "",
"reports": [],
"finished": "",
"scanners": [
{
"name": "",
"total": "",
"status": "",
"percent": "",
"progress": "",
"positives": "",
"error_message": "",
"anti_virus_results": []
}
],
"whitelist": [],
"scanners_v2": {
"bfore_ai": {
"name": "",
"status": "",
"percent": "",
"progress": "",
"error_message": ""
},
"clean_dns": {
"name": "",
"status": "",
"reports": [],
"progress": "",
"error_message": "",
"reports_count": ""
},
"urlscan_io": {
"name": "",
"status": "",
"percent": "",
"progress": "",
"error_message": ""
},
"virustotal": "",
"metadefender": "",
"scam_adviser": {
"name": "",
"status": "",
"percent": "",
"progress": "",
"error_message": ""
},
"crowdstrike_ml": ""
},
"submission_type": ""
}
operation: Get Analysis Report
Input parameters
| Parameter |
Description |
| Job ID |
Specify the ID of the file for which to retrieve the report from the Hybrid Analysis server. You can get the job ID when you submit a sample file.
NOTE: If you specify the Job ID you do not require to specify File SHA256 or the environment ID.
|
| File SHA256 |
Specify the SHA256 value of the file for which you want to retrieve a report from the Hybrid Analysis server. You can get the SHA256 value when you submit a sample file.
NOTE: If you specify File SHA256, then you must specify the Environment ID.
|
| Environment ID |
Specify the ID of the environment on which the submitted file is to be run, whose report you want to retrieve from the Hybrid Analysis server. You can get the Environment ID when you submit a sample file.
NOTE: If you specify Environment ID, then you must specify the File SHA256 hash code.
|
Output
The output contains the following populated JSON schema:
{
"md5": "",
"sha1": "",
"size": "",
"tags": [],
"type": "",
"hosts": [],
"state": "",
"job_id": "",
"sha256": "",
"sha512": "",
"ssdeep": "",
"domains": [],
"imphash": "",
"verdict": "",
"av_detect": "",
"processes": [
{
"pid": "",
"uid": "",
"icon": "",
"name": "",
"sha256": "",
"handles": [],
"modules": [],
"mutants": [],
"streams": [],
"av_label": "",
"av_total": "",
"registry": [],
"parentuid": "",
"amsi_calls": [],
"av_matched": "",
"command_line": "",
"script_calls": [],
"created_files": [],
"file_accesses": [],
"process_flags": [],
"normalized_path": ""
}
],
"subsystem": "",
"vx_family": "",
"entrypoint": "",
"error_type": "",
"image_base": "",
"signatures": [
{
"name": "",
"type": "",
"origin": "",
"attck_id": "",
"capec_id": "",
"category": "",
"relevance": "",
"identifier": "",
"description": "",
"threat_level": "",
"attck_id_wiki": "",
"threat_level_human": ""
}
],
"target_url": "",
"type_short": [],
"interesting": "",
"submissions": [
{
"url": "",
"filename": "",
"created_at": "",
"submission_id": ""
}
],
"submit_name": "",
"certificates": [],
"error_origin": "",
"mitre_attcks": [
{
"parent": "",
"tactic": "",
"attck_id": "",
"technique": "",
"attck_id_wiki": "",
"malicious_identifiers": [],
"suspicious_identifiers": [],
"informative_identifiers": [],
"malicious_identifiers_count": "",
"suspicious_identifiers_count": "",
"informative_identifiers_count": ""
}
],
"network_mode": "",
"threat_level": "",
"threat_score": "",
"url_analysis": "",
"file_metadata": "",
"crowdstrike_ai": {
"analysis_related_urls": [],
"executable_process_memory_analysis": []
},
"environment_id": "",
"extracted_files": [],
"total_processes": "",
"major_os_version": "",
"minor_os_version": "",
"total_signatures": "",
"compromised_hosts": [],
"entrypoint_section": "",
"analysis_start_time": "",
"classification_tags": [],
"dll_characteristics": [],
"is_certificates_valid": "",
"environment_description": "",
"machine_learning_models": [],
"total_network_connections": "",
"image_file_characteristics": [],
"certificates_validation_message": ""
}
operation: Advanced Search
Input parameters
| Parameter |
Description |
| File Name |
Specify the name of the file based on which you want to search for a report on the Hybrid Analysis server. |
| File Type |
Specify the type of the file based on which you want to search for a report on the Hybrid Analysis server. |
| File Type Description |
Specify the description of the file type based on which you want to search for a report on the Hybrid Analysis server. |
| Environment ID |
Specify the ID of the environment based on which you want to search for a report on the Hybrid Analysis. |
| Verdict |
Select the verdict of the Hybrid Analysis server after scanning the submitted file. You can select one of the following options:
- Whitelisted
- No Verdict
- No Specific Threat
- Suspicious
- Malicious
|
| AV Multiscan range |
Specify the AV Multiscan range of the file based on which you want to search for a report on the Hybrid Analysis server. |
| AV Family Substring |
Specify the AV Family Substring of the file type based on which you want to search for a report on the Hybrid Analysis server. |
| Hash Tag |
Specify the hash tag of the file based on which you want to search for a report on the Hybrid Analysis server. |
| Port |
Specify the port of the file based on which you want to search for a report on the Hybrid Analysis server. |
| Host |
Specify the host of the file based on which you want to search for a report on the Hybrid Analysis server. |
| Domain |
Specify the domain of the file based on which you want to search for a report on the Hybrid Analysis server. |
| HTTP Request Substring |
Specify the HTTP Request Substring of the file based on which you want to search for a report on the Hybrid Analysis server. |
| Similar Samples |
Specify the samples that are similar to the submitted file that you want to search for a report on the Hybrid Analysis server. For example, files having a similar SHA value. |
| Sample Context |
Specify the samples that have a similar context to the submitted file that you want to search for a report on the Hybrid Analysis server. |
| Start DateTime |
Select the DateTime using which you want to filter the result set to only include only those items that have been created after the specified timestamp. |
| End DateTime |
Select the DateTime using which you want to filter the result set to only include only those items that have been created before the specified timestamp. |
| IMP Hash |
Specify the IMP Hash of the file based on which you want to search for a report on the Hybrid Analysis server. |
| SS Deep |
Specify the SS Deep of the file based on which you want to search for a report on the Hybrid Analysis server. |
| Authenti Hash |
Specify the authentication hash of the file based on which you want to search for a report on the Hybrid Analysis server. |
| Uses Tactic |
Specify the MITRE ATT&CK® tactic of the file based on which you want to search for a report on the Hybrid Analysis server. |
| Uses Technique |
Specify the MITRE ATT&CK® technique of the file based on which you want to search for a report on the Hybrid Analysis server. |
Output
The output contains the following populated JSON schema:
{
"count": "",
"result": [
{
"vx_family": "",
"verdict": "",
"submit_name": "",
"type_short": "",
"job_id": "",
"analysis_start_time": "",
"environment_description": "",
"threat_score": "",
"av_detect": "",
"sha256": "",
"environment_id": "",
"size": "",
"type": ""
}
],
"search_terms": [
{
"id": "",
"value": ""
}
]
}
operation: Get Files Dropped by Sample
Input parameters
| Parameter |
Description |
| Job ID |
Specify the ID of the file for which you want to retrieve details of the dropped file from the Hybrid Analysis server. You can get the job ID when you submit a sample file.
NOTE: If you specify the Job ID you do not require to specify File SHA256 or the environment ID.
|
| File SHA256 |
Specify the SHA256 value of the file for which you want to retrieve details of the dropped file from the Hybrid Analysis server. You can get the SHA256 value when you submit a sample file.
NOTE: If you specify File SHA256, then you must specify the Environment ID.
|
| Environment ID |
Specify the ID of the environment on which the submitted file is to be run, whose details of the dropped file you want to retrieve from the Hybrid Analysis server. You can get the Environment ID when you submit a sample file.
NOTE: If you specify Environment ID, then you must specify the File SHA256.
|
Output
The output contains the following populated JSON schema:
{
"id": "",
"@id": "",
"file": {
"id": "",
"@id": "",
"size": "",
"uuid": "",
"@type": "",
"assignee": "",
"filename": "",
"metadata": [],
"mimeType": "",
"thumbnail": "",
"uploadDate": ""
},
"name": "",
"type": "",
"uuid": "",
"@type": "",
"@context": "",
"assignee": "",
"createDate": "",
"createUser": {
"id": "",
"@id": "",
"name": "",
"uuid": "",
"@type": "",
"avatar": "",
"userId": "",
"userType": "",
"createDate": "",
"createUser": "",
"modifyDate": "",
"modifyUser": ""
},
"modifyDate": "",
"modifyUser": {
"id": "",
"@id": "",
"name": "",
"uuid": "",
"@type": "",
"avatar": "",
"userId": "",
"userType": "",
"createDate": "",
"createUser": "",
"modifyDate": "",
"modifyUser": ""
},
"recordTags": [],
"description": ""
}
operation: Get Sample Screenshot
Input parameters
| Parameter |
Description |
| Job ID |
Specify the ID of the file for which you want to retrieve screenshots that are captured during analysis from the Hybrid Analysis server. You can get the job ID when you submit a sample file. NOTE: If you specify the Job ID you do not require to specify File SHA256 or the environment ID. |
| File SHA256 |
Specify the SHA256 value of the file for which you want to retrieve screenshots that are captured during analysis from the Hybrid Analysis server. You can get the SHA256 value when you submit a sample file.
NOTE: If you specify File SHA256, then you must specify the Environment ID.
|
| Environment ID |
The ID of the environment on which the submitted file is to be run, whose screenshots you want to retrieve from the Hybrid Analysis server. You can get the Environment ID when you submit a sample file.
NOTE: If you specify Environment ID, then you must specify the File SHA256.
|
| Attach Screenshots to FortiSOAR |
If you select this option, i.e. set it to True, then the sample screenshots are added to the FortiSOAR™ Attachments module. By default, this is set to false. |
Output
The output contains the following populated JSON schema:
[
{
"name": "",
"image": "",
"date": ""
}
]
operation: Get Submission State
Input parameters
| Parameter |
Description |
| Job ID |
Specify the ID of the submitted file for which you want to retrieve the state information from the Hybrid Analysis server. You can get the job ID when you submit a sample file.
NOTE: If you specify the Job ID you do not require to specify File SHA256 or the environment ID.
|
| File SHA256 |
Specify the SHA256 value of the submitted file for which you want to retrieve the state information from the Hybrid Analysis server. You can get the SHA256 value when you submit a sample file.
NOTE: If you specify File SHA256, then you must specify the Environment ID.
|
| Environment ID |
Specify the ID of the environment on which the submitted file is to be run, whose state information you want to retrieve from the Hybrid Analysis server. You can get the Environment ID when you submit a sample file.
NOTE: If you specify Environment ID, then you must specify the File SHA256.
|
Output
The output contains the following populated JSON schema:
{
"state": "",
"error_type": "",
"error_origin": "",
"error": "",
"related_reports": []
}
operation: Get Latest Analysis Reports
Input parameters
None.
Output
The output contains the following populated JSON schema:
{
"count": "",
"status": "",
"data": [
{
"job_id": "",
"md5": "",
"sha1": "",
"sha256": "",
"interesting": "",
"analysis_start_time": "",
"threat_score": "",
"threat_level": "",
"threat_level_human": "",
"av_detect": "",
"unknown": "",
"submit_name": "",
"url_analysis": "",
"size": "",
"type": "",
"environment_id": "",
"environment_description": "",
"shared_analysis": "",
"reliable": "",
"report_url": "",
"vt_detect": "",
"ms_detect": "",
"processes": [
{
"uid": "",
"name": "",
"normalized_path": "",
"command_line": "",
"sha256": ""
}
],
"ssdeep": ""
}
]
}
operation: Get API Quota
Input parameters
None.
Output
The output contains the following populated JSON schema:
{
"detonation": {
"total": "",
"apikey": {
"quota": {
"hour": "",
"day": "",
"week": "",
"month": "",
"year": "",
"omega": ""
},
"used": {
"hour": "",
"day": "",
"week": "",
"month": "",
"year": "",
"omega": ""
},
"available": {
"hour": "",
"day": "",
"week": "",
"month": "",
"year": "",
"omega": ""
},
"quota_reached": ""
},
"quota_reached": ""
},
"quick_scan": {
"total": "",
"apikey": "",
"quota_reached": ""
}
}
Included playbooks
The Sample - hybrid-analysis - 2.0.1 playbook collection comes bundled with the Hybrid Analysis connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Hybrid Analysis connector.
- Advanced Search
- Get API Quota
- Get Analysis Report
- Get Analysis Report for Multiple Hashcodes
- Get Environment
- Get Files Dropped by Sample
- Get Latest Analysis Reports
- Get Sample Screenshot
- Get Submission State
- Quick Scan URL
- Submit File
- Submit URL
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
