Details
| Author | Nils Kuhnert, CERT-Bund |
| Version | 4.1 |
| License | AGPL-V3 |
| Website | https://github.com/BSI-CERT-Bund/cortex-analyzers |
| Requires Registration | No |
| Requires Subscription | No |
| Free Subscription Available | No |
| DataType Supported | hash, file, url |
Description
VMRay Sandbox file and URL analysis.
Configuration
| Name | Description |
| url | Define the URL of the service |
| key | Define the API key |
| certverify | Verify certificates |
| certpath | Path to certificate file, in case of self-signed etc. |
| verdict_only | If set to true, only the verdict (or the score for VMRay versions < 4.0) will be added as labels. |
| query_retry_wait | The amount of seconds to wait before trying to fetch the results. |
| recursive_sample_limit | The maximum amount of recursive samples which will be analyzed. 0 disables recursion. |
| reanalyze | If set to true, known samples will be re-analyzed on submission. This is enabled by default. |
| shareable | If set to true, the hash of the sample will be shared with VirusTotal if the TLP level is white or green. |
| archive_password | The password that will be used to extract archives. |
| archive_compound_sample | If set to true, files inside archives are treated as a single, compound sample. Otherwise, each file is treated as its own sample. |
| max_jobs | Limits the amount of jobs that can be created by jobrules for a submission. |
| enable_reputation | If set to true, reputation lookups will be performed for submitted samples and analysis artifacts (file hash and URL lookups) by the VMRay cloud reputation service and additional third party services. The user analyzer setting is used as default value for this parameter. |
| enable_whois | If set to true, domains seen during analyses are queried with external WHOIS service. The user analyzer setting is used as default value for this parameter. |
| analyzer_mode | Specifies which types of analyzers will be used for analyzing this sample. Supported strings are 'reputation', 'reputation_static', 'reputation_static_dynamic', 'static_dynamic', and 'static'. The user analyzer setting is used as default value for this parameter. |
| known_malicious | If set to true, triage will be used to pre-filter known malicious samples by results of reputation lookup (if allowed) and static analysis. The user analyzer setting is used as default value for this parameter. |
| known_benign | If set to true, triage will be used to pre-filter known benign samples by results of reputation lookup (if allowed) and static analysis. The user analyzer setting is used as default value for this parameter. |
| tags | Tags to attach to the sample. |
| timeout | Analysis timeout in seconds. |
| net_scheme_name | Name of the network schema. |