Update

Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.py

@@ -2,7 +2,7 @@
 from ReversingLabs.SDK.a1000 import A1000
 
 
-VERSION = "v2.3.0"
+VERSION = "v2.3.2"
 USER_AGENT = f"ReversingLabs XSOAR A1000 {VERSION}"
 HOST = demisto.getParam('host')
 TOKEN = demisto.getParam('token')
@@ -310,9 +310,10 @@ def list_extracted_files(a1000):
     Get the list of extracted files for a given sample
     """
     hash_value = demisto.getArg('hash')
+    max_results = int(demisto.getArg("max_results"))
 
     try:
-        response = a1000.list_extracted_files_v2_aggregated(hash_value)
+        response = a1000.list_extracted_files_v2_aggregated(sample_hash=hash_value, max_results=max_results)
     except Exception as e:
         return_error(str(e))
 

Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.yml

@@ -194,6 +194,10 @@ script:
       description: The sample hash.
       name: hash
       required: true
+    - name: max_results
+      description: Maximum number of results to return.
+      required: false
+      defaultValue: 5000
     description: List files extracted from a sample.
     name: reversinglabs-a1000-list-extracted-files
     outputs:
@@ -393,7 +397,7 @@ script:
     - contextPath: ReversingLabs.a1000_ip_urls
       description: A1000 URL-s hosted on an IP address.
       type: Unknown
-  dockerimage: demisto/reversinglabs-sdk-py3:2.0.0.72317
+  dockerimage: demisto/reversinglabs-sdk-py3:2.0.0.85058
   runonce: false
   script: '-'
   subtype: python3

Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/command_examples.txt

@@ -9,7 +9,7 @@
 !reversinglabs-a1000-ip-domain-resolutions ip_address="142.250.186.142" page_size="2" max_results="2"
 !reversinglabs-a1000-ip-downloaded-files classification="MALICIOUS" page_size="2" max_results="2" ip_address="123.140.161.243" extended_results="true"
 !reversinglabs-a1000-ip-urls ip_address="142.250.186.142" page_size="2" max_results="2"
-!reversinglabs-a1000-list-extracted-files hash="a94775deb818a4d68635eeed3d16abc7f7b8bdd6"
+!reversinglabs-a1000-list-extracted-files hash="a94775deb818a4d68635eeed3d16abc7f7b8bdd6" max_results="2"
 !reversinglabs-a1000-reanalyze hash="a94775deb818a4d68635eeed3d16abc7f7b8bdd6"
 !reversinglabs-a1000-upload-sample entryId="7469@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59" comment="this_is_a_comment" tags="one_tag"
 !reversinglabs-a1000-upload-sample-and-get-results entryId="7469@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59" comment="this_is_a_comment" tags="one_tag"

Packs/ReversingLabs_A1000/ReleaseNotes/2_3_2.md

@@ -0,0 +1,4 @@
+#### Integrations
+##### ReversingLabs A1000 v2
+- Updated the Docker image to: *demisto/reversinglabs-sdk-py3:2.0.0.85058*.
+- Updated the ***reversinglabs-a1000-list-extracted-files*** command to utilize the *max_results* argument.

Packs/ReversingLabs_A1000/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "ReversingLabs A1000",
     "description": "Powerful threat detection and file analysis platform. Get detailed information on each file's status and threat capabilities.",
     "support": "partner",
-    "currentVersion": "2.3.1",
+    "currentVersion": "2.3.2",
     "author": "ReversingLabs",
     "url": "https://www.reversinglabs.com/products/malware-threat-hunting-and-investigations",
     "email": "support@reversinglabs.com",

Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py

@@ -8,7 +8,7 @@
 from ReversingLabs.SDK.helper import NotFoundError
 
 
-VERSION = "v2.4.0"
+VERSION = "v2.5.0"
 USER_AGENT = f"ReversingLabs XSOAR TitaniumCloud {VERSION}"
 
 TICLOUD_URL = demisto.params().get("base")
@@ -82,6 +82,7 @@ def classification_to_score(classification):
     score_dict = {
         "UNKNOWN": 0,
         "KNOWN": 1,
+        "NO_THREATS_FOUND": 1,
         "SUSPICIOUS": 2,
         "MALICIOUS": 3
     }
@@ -902,8 +903,8 @@ def analyze_url_output(response_json, url):
     return results
 
 
-def detonate_sample_command():
-    sandbox = DynamicAnalysis(
+def create_da_object():
+    da = DynamicAnalysis(
         host=TICLOUD_URL,
         username=USERNAME,
         password=PASSWORD,
@@ -912,17 +913,26 @@ def detonate_sample_command():
         verify=VERIFY_CERTS
     )
 
+    return da
+
+
+def detonate_sample_command():
+    da = create_da_object()
+
     sha1 = demisto.getArg("sha1")
     platform = demisto.getArg("platform")
 
     try:
-        response = sandbox.detonate_sample(sample_sha1=sha1, platform=platform)
+        response = da.detonate_sample(sample_sha1=sha1, platform=platform)
     except Exception as e:
+        if hasattr(e, "response_object"):
+            return_error(f"status code: {e.response_object.status_code}, message: {e.response_object.text}")
+
         return_error(str(e))
 
     response_json = response.json()
-
     results = detonate_sample_output(response_json=response_json, sha1=sha1)
+
     return_results(results)
 
 
@@ -942,37 +952,45 @@ def detonate_sample_output(response_json, sha1):
     return results
 
 
-def dynamic_analysis_results_command():
-    sandbox = DynamicAnalysis(
-        host=TICLOUD_URL,
-        username=USERNAME,
-        password=PASSWORD,
-        user_agent=USER_AGENT,
-        proxies=PROXIES,
-        verify=VERIFY_CERTS
-    )
+def sample_dynamic_analysis_results_command():
+    da = create_da_object()
 
     sha1 = demisto.getArg("sha1")
+    analysis_id = demisto.getArg("analysis_id")
+    latest_analysis = argToBoolean(demisto.getArg("latest_analysis"))
 
     try:
-        response = sandbox.get_dynamic_analysis_results(sample_hash=sha1, latest=True)
+        response = da.get_dynamic_analysis_results(
+            sample_hash=sha1,
+            analysis_id=analysis_id if analysis_id else None,
+            latest=latest_analysis if latest_analysis else None
+        )
     except Exception as e:
+        if hasattr(e, "response_object"):
+            return_error(f"status code: {e.response_object.status_code}, message: {e.response_object.text}")
+
         return_error(str(e))
 
     response_json = response.json()
-
-    results, file_results = dynamic_analysis_results_output(response_json, sha1)
+    results, file_results = sample_dynamic_analysis_results_output(response_json, sha1)
 
     return_results([results, file_results])
 
 
-def dynamic_analysis_results_output(response_json, sha1):
+def sample_dynamic_analysis_results_output(response_json, sha1):
     classification = response_json.get("rl", {}).get("report", {}).get("classification")
-    classification = classification.upper()
     md5 = response_json.get("rl", {}).get("report", {}).get("md5")
     sha256 = response_json.get("rl", {}).get("report", {}).get("sha256")
+    last_analysis = response_json.get("rl", {}).get("report", {}).get("last_analysis")
 
-    d_bot_score = classification_to_score(classification)
+    markdown = f"""## ReversingLabs Sample Dynamic Analysis output for sample {sha1}\n **Classification**: {classification}
+    **Sample SHA1**: {sha1}
+    **Sample MD5**: {md5}
+    **Sample SHA256**: {sha256}
+    **Last analysis**: {last_analysis}\n ### Full report is returned as JSON in a downloadable file
+    """
+
+    d_bot_score = classification_to_score(classification.upper())
 
     dbot_score = Common.DBotScore(
         indicator=sha1,
@@ -992,8 +1010,8 @@ def dynamic_analysis_results_output(response_json, sha1):
 
     results = CommandResults(
         outputs_prefix='ReversingLabs',
-        outputs={'dynamic_analysis_results': response_json},
-        readable_output="Full report is returned in a downloadable file",
+        outputs={'sample_dynamic_analysis_results': response_json},
+        readable_output=markdown,
         indicator=indicator
     )
 
@@ -1006,6 +1024,118 @@ def dynamic_analysis_results_output(response_json, sha1):
     return results, file_results
 
 
+def detonate_url_command():
+    da = create_da_object()
+
+    url = demisto.getArg("url")
+    platform = demisto.getArg("platform")
+
+    try:
+        response = da.detonate_url(url_string=url, platform=platform)
+    except Exception as e:
+        if hasattr(e, "response_object"):
+            return_error(f"status code: {e.response_object.status_code}, message: {e.response_object.text}")
+
+        return_error(str(e))
+
+    response_json = response.json()
+    results = detonate_url_output(response_json=response_json, url=url)
+
+    return_results(results)
+
+
+def detonate_url_output(response_json, url):
+    report_base = response_json.get("rl", {})
+
+    markdown = f"""## ReversingLabs submit URL {url} for Dynamic Analysis\n **Status**: {report_base.get("status")}
+    **Requested UR**: {report_base.get("url")}
+    **URL SHA1**: {report_base.get("sha1")}
+    **URL BASE64**: {report_base.get("url_base64")}
+    **Analysis ID**: {report_base.get("analysis_id")}
+    """
+
+    results = CommandResults(
+        outputs_prefix="ReversingLabs",
+        outputs={"detonate_url_dynamic": response_json},
+        readable_output=markdown
+    )
+
+    return results
+
+
+def url_dynamic_analysis_results_command():
+    da = create_da_object()
+
+    sha1 = demisto.getArg("sha1")
+    url = demisto.getArg("url")
+    analysis_id = demisto.getArg("analysis_id")
+    latest_analysis = argToBoolean(demisto.getArg("latest_analysis"))
+
+    try:
+        response = da.get_dynamic_analysis_results(
+            url_sha1=sha1 if sha1 else None,
+            url=url if url else None,
+            analysis_id=analysis_id if analysis_id else None,
+            latest=latest_analysis if latest_analysis else None
+        )
+
+    except Exception as e:
+        if hasattr(e, "response_object"):
+            return_error(f"status code: {e.response_object.status_code}, message: {e.response_object.text}")
+
+        return_error(str(e))
+
+    response_json = response.json()
+    results, file_results = url_dynamic_analysis_results_output(response_json=response_json, passed_url=url)
+
+    return_results([results, file_results])
+
+
+def url_dynamic_analysis_results_output(response_json, passed_url=None):
+    url = response_json.get("rl", {}).get("report", {}).get("url", passed_url)
+    classification = response_json.get("rl", {}).get("report", {}).get("classification")
+    url_base64 = response_json.get("rl", {}).get("report", {}).get("url_base54")
+    sha1 = response_json.get("rl", {}).get("report", {}).get("sha1")
+    last_analysis = response_json.get("rl", {}).get("report", {}).get("last_analysis")
+
+    markdown = f"""## ReversingLabs URL Dynamic Analysis output for URL {url}\n **Classification**: {classification}
+    **URL SHA1**: {sha1}
+    **URL BASE64**: {url_base64}
+    **Last analysis**: {last_analysis}\n ### Full report is returned as JSON in a downloadable file
+    """
+
+    d_bot_score = classification_to_score(classification.upper())
+
+    dbot_score = Common.DBotScore(
+        indicator=url,
+        indicator_type=DBotScoreType.URL,
+        integration_name="ReversingLabs TitaniumCloud v2",
+        malicious_description=classification,
+        score=d_bot_score,
+        reliability=RELIABILITY
+    )
+
+    indicator = Common.URL(
+        url=url,
+        dbot_score=dbot_score
+    )
+
+    results = CommandResults(
+        outputs_prefix="ReversingLabs",
+        outputs={"url_dynamic_analysis_results": response_json},
+        readable_output=markdown,
+        indicator=indicator
+    )
+
+    file_results = fileResult(
+        f"Dynamic analysis report file for URL {url}",
+        json.dumps(response_json, indent=4),
+        file_type=EntryType.ENTRY_INFO_FILE
+    )
+
+    return results, file_results
+
+
 def certificate_analytics_command():
     cert_analytics = CertificateAnalytics(
         host=TICLOUD_URL,
@@ -2304,11 +2434,17 @@ def main():
     elif command == "reversinglabs-titaniumcloud-analyze-url":
         analyze_url_command()
 
-    elif command == "reversinglabs-titaniumcloud-submit-for-dynamic-analysis":
+    elif command == "reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis":
         detonate_sample_command()
 
-    elif command == "reversinglabs-titaniumcloud-get-dynamic-analysis-results":
-        dynamic_analysis_results_command()
+    elif command == "reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results":
+        sample_dynamic_analysis_results_command()
+
+    elif command == "reversinglabs-titaniumcloud-submit-url-for-dynamic-analysis":
+        detonate_url_command()
+
+    elif command == "reversinglabs-titaniumcloud-get-url-dynamic-analysis-results":
+        url_dynamic_analysis_results_command()
 
     elif command == "reversinglabs-titaniumcloud-certificate-analytics":
         certificate_analytics_command()