reversinglabs · MislavReversingLabs · Jun 10, 2024 · Jun 6, 2024 · Jun 6, 2024 · Jun 6, 2024
diff --git a/Packs/ReversingLabs_A1000/.secrets-ignore b/Packs/ReversingLabs_A1000/.secrets-ignore
@@ -76,3 +76,4 @@ http://nsis.sf.net
 32::C
 123.140.161.243
 https://worldofcreatures.at
+5.0.0.24
diff --git a/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.py b/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.py
@@ -880,11 +880,11 @@ def user_tags_command(a1000: A1000):
             resp = a1000.delete_user_tags(sample_hash=sample_hash, tags=tags_list)
 
         else:
-            return_error("This action is not supported.")
+            raise Exception("This action is not supported.")
 
     except Exception as e:
         if hasattr(e, "response_object"):
-            return_error(e.response_object.content)
+            raise Exception(e.response_object.content)
         else:
             raise
 
@@ -915,7 +915,7 @@ def file_analysis_status_command(a1000: A1000):
 
     except Exception as e:
         if hasattr(e, "response_object"):
-            return_error(e.response_object.content)
+            raise Exception(e.response_object.content)
         else:
             raise
 
@@ -957,11 +957,11 @@ def pdf_report_command(a1000: A1000):
             resp = a1000.download_pdf_report(sample_hash=sample_hash)
 
         else:
-            return_error("This action is not supported.")
+            raise Exception("This action is not supported.")
 
     except Exception as e:
         if hasattr(e, "response_object"):
-            return_error(e.response_object.content)
+            raise Exception(e.response_object.content)
         else:
             raise
 
@@ -978,7 +978,8 @@ def pdf_report_output(resp, action, sample_hash):
     file_result = None
 
     if action == "CREATE REPORT":
-        markdown = markdown + f"""**Status endpoint**: {resp.get("status_endpoint")}\n **Download endpoint**: {resp.get("download_endpoint")}"""
+        markdown = (markdown + f"""**Status endpoint**: {resp.get("status_endpoint")}\n""" +
+                    f"""**Download endpoint**: {resp.get("download_endpoint")}""")
         context = resp
 
     elif action == "CHECK STATUS":
@@ -1007,7 +1008,7 @@ def static_analysis_report_command(a1000: A1000):
 
     except Exception as e:
         if hasattr(e, "response_object"):
-            return_error(e.response_object.content)
+            raise Exception(e.response_object.content)
         else:
             raise
 
@@ -1020,7 +1021,9 @@ def static_analysis_report_output(resp_json, sample_hash):
     indicators_table = tableToMarkdown("Indicators", resp_json.get("indicators"))
     tags_table = tableToMarkdown("Tags", resp_json.get("tags"))
 
-    markdown = f"""## ReversingLabs A1000 static analysis report for {sample_hash}\n **Classification**: {classification_obj.get("classification")}
+    markdown = f"## ReversingLabs A1000 static analysis report for {sample_hash}\n"
+
+    fields = f"""**Classification**: {classification_obj.get("classification")}
     **Factor**: {classification_obj.get("factor")}
     **Result**: {classification_obj.get("result")}
     **SHA-1**: {resp_json.get("sha1")}
@@ -1030,6 +1033,8 @@ def static_analysis_report_output(resp_json, sample_hash):
     **Story**: {resp_json.get("story")}\n {indicators_table} {tags_table}
     """
 
+    markdown = markdown + fields
+
     dbot_score = Common.DBotScore(
         indicator=sample_hash,
         indicator_type=DBotScoreType.FILE,
@@ -1072,11 +1077,11 @@ def dynamic_analysis_report_command(a1000: A1000):
             resp = a1000.download_dynamic_analysis_report(sample_hash=sample_hash, report_format=report_format)
 
         else:
-            return_error("This action is not supported.")
+            raise Exception("This action is not supported.")
 
     except Exception as e:
         if hasattr(e, "response_object"):
-            return_error(e.response_object.content)
+            raise Exception(e.response_object.content)
         else:
             raise
 
@@ -1098,7 +1103,8 @@ def dynamic_analysis_report_output(resp, action, sample_hash, report_format):
     file_result = None
 
     if action == "CREATE REPORT":
-        markdown = markdown + f"""**Status endpoint**: {resp.get("status_endpoint")}\n **Download endpoint**: {resp.get("download_endpoint")}"""
+        markdown = (markdown + f"""**Status endpoint**: {resp.get("status_endpoint")}\n""" +
+                    f"""**Download endpoint**: {resp.get("download_endpoint")}""")
         context = resp
 
     elif action == "CHECK STATUS":
@@ -1160,11 +1166,11 @@ def sample_classification_command(a1000: A1000):
             resp = a1000.delete_classification(sample_hash=sample_hash, system=system)
 
         else:
-            return_error("This action is not supported.")
+            raise Exception("This action is not supported.")
 
     except Exception as e:
         if hasattr(e, "response_object"):
-            return_error(e.response_object.content)
+            raise Exception(e.response_object.content)
         else:
             raise
 
@@ -1242,9 +1248,7 @@ def yara_command(a1000: A1000):
     action = demisto.getArg("action")
     ruleset_name = demisto.getArg("ruleset_name")
     ruleset_content = demisto.getArg("ruleset_content")
-    publish = demisto.getArg("publish")
-    if publish:
-        publish = argToBoolean(publish)
+    publish = argToBoolean(demisto.args().get("publish", False))
     sync_time = demisto.getArg("sync_time")
 
     if action == "GET RULESETS":
@@ -1275,7 +1279,7 @@ def yara_command(a1000: A1000):
         resp = a1000.update_yara_ruleset_synchronization_time(sync_time=sync_time)
 
     else:
-        return_error("This action is not supported.")
+        raise Exception("This action is not supported.")
 
     results = yara_output(resp_json=resp.json(), action=action)
     return results
@@ -1313,7 +1317,7 @@ def yara_retro_command(a1000: A1000):
         resp = a1000.get_yara_cloud_retro_scan_status(ruleset_name=ruleset_name)
 
     else:
-        return_error("This action is not supported.")
+        raise Exception("This action is not supported.")
 
     results = yara_retro_output(resp_json=resp.json(), action=action)
     return results
@@ -1338,15 +1342,15 @@ def list_containers_command(a1000: A1000):
     hash_list = sample_hashes.split(",")
 
     if not len(hash_list) > 0:
-        return_error("Please enter at least one sample hash or check the formatting. "
-                     "The hashes should be comma-separated with no whitespaces")
+        raise Exception("Please enter at least one sample hash or check the formatting. "
+                        "The hashes should be comma-separated with no whitespaces")
 
     try:
         resp = a1000.list_containers_for_hashes(sample_hashes=hash_list)
 
     except Exception as e:
         if hasattr(e, "response_object"):
-            return_error(e.response_object.content)
+            raise Exception(e.response_object.content)
         else:
             raise
 
@@ -1375,9 +1379,7 @@ def upload_from_url_command(a1000: A1000):
     archive_password = demisto.getArg("archive_password")
     sandbox_platform = demisto.getArg("sandbox_platform")
     task_id = demisto.getArg("task_id")
-    retry = demisto.getArg("retry")
-    if retry:
-        retry = argToBoolean(retry)
+    retry = argToBoolean(demisto.args().get("retry", False))
 
     if action == "UPLOAD":
         resp = a1000.upload_sample_from_url(
@@ -1403,7 +1405,7 @@ def upload_from_url_command(a1000: A1000):
         resp = a1000.check_submitted_url_status(task_id=task_id)
 
     else:
-        return_error("This action is not supported.")
+        raise Exception("This action is not supported.")
 
     results = upload_from_url_output(resp_json=resp.json(), action=action)
     return results

diff --git a/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.yml b/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.yml
@@ -458,6 +458,30 @@ script:
         default: true
         required: true
     outputs:
+      - contextPath: File.SHA256
+        description: The SHA256 hash of the file.
+        type: String
+      - contextPath: File.SHA1
+        description: The SHA1 hash of the file.
+        type: String
+      - contextPath: File.MD5
+        description: MD5 hash of the file.
+        type: String
+      - contextPath: DBotScore.Score
+        description: The actual score.
+        type: Number
+      - contextPath: DBotScore.Type
+        description: The indicator type.
+        type: String
+      - contextPath: DBotScore.Indicator
+        description: The indicator that was tested.
+        type: String
+      - contextPath: DBotScore.Vendor
+        description: The vendor used to calculate the score.
+        type: String
+      - contextPath: DBotScore.Reliability
+        description: Reliability of the source providing the intelligence data.
+        type: String
       - contextPath: ReversingLabs.a1000_static_analysis_report
         description: The static analysis report.
         type: Unknown
@@ -537,6 +561,30 @@ script:
       - name: threat_name
         description: If specified, must be an alphanumeric string not longer than 32 characters. If not specified, the default value is 'Generic'.
     outputs:
+      - contextPath: File.SHA256
+        description: The SHA256 hash of the file.
+        type: String
+      - contextPath: File.SHA1
+        description: The SHA1 hash of the file.
+        type: String
+      - contextPath: File.MD5
+        description: MD5 hash of the file.
+        type: String
+      - contextPath: DBotScore.Score
+        description: The actual score.
+        type: Number
+      - contextPath: DBotScore.Type
+        description: The indicator type.
+        type: String
+      - contextPath: DBotScore.Indicator
+        description: The indicator that was tested.
+        type: String
+      - contextPath: DBotScore.Vendor
+        description: The vendor used to calculate the score.
+        type: String
+      - contextPath: DBotScore.Reliability
+        description: Reliability of the source providing the intelligence data.
+        type: String
       - contextPath: ReversingLabs.a1000_sample_classification
         description: Sample classification actions.
         type: Unknown
@@ -638,6 +686,30 @@ script:
       - name: retry
         description: Utilize the retry mechanism for fetching the report. Used in GET REPORT and UPLOAD AND GET REPORT.
     outputs:
+      - contextPath: File.SHA256
+        description: The SHA256 hash of the file.
+        type: String
+      - contextPath: File.SHA1
+        description: The SHA1 hash of the file.
+        type: String
+      - contextPath: File.MD5
+        description: MD5 hash of the file.
+        type: String
+      - contextPath: DBotScore.Score
+        description: The actual score.
+        type: Number
+      - contextPath: DBotScore.Type
+        description: The indicator type.
+        type: String
+      - contextPath: DBotScore.Indicator
+        description: The indicator that was tested.
+        type: String
+      - contextPath: DBotScore.Vendor
+        description: The vendor used to calculate the score.
+        type: String
+      - contextPath: DBotScore.Reliability
+        description: Reliability of the source providing the intelligence data.
+        type: String
       - contextPath: ReversingLabs.a1000_upload_from_url_actions
         description: Actions for uploading a sample from a URL and fetching the analysis results.
         type: Unknown

diff --git a/Packs/ReversingLabs_A1000/ReleaseNotes/2_4_0.md b/Packs/ReversingLabs_A1000/ReleaseNotes/2_4_0.md
@@ -2,14 +2,14 @@
 ##### ReversingLabs A1000 v2
 - Updated the Docker image to: *demisto/reversinglabs-sdk-py3:2.0.0.96712*.
 
-Added new commands:
-- ***reversinglabs-a1000-user-tags***  
-- ***reversinglabs-a1000-file-analysis-status***  
-- ***reversinglabs-a1000-pdf-report***
-- ***reversinglabs-a1000-static-analysis-report***
-- ***reversinglabs-a1000-dynamic-analysis-report***
-- ***reversinglabs-a1000-sample-classification***
-- ***reversinglabs-a1000-yara***
-- ***reversinglabs-a1000-yara-retro***
-- ***reversinglabs-a1000-list-containers***
-- ***reversinglabs-a1000-upload-from-url-actions***
+- Added new commands:
+  - ***reversinglabs-a1000-user-tags***  
+  - ***reversinglabs-a1000-file-analysis-status***  
+  - ***reversinglabs-a1000-pdf-report***
+  - ***reversinglabs-a1000-static-analysis-report***
+  - ***reversinglabs-a1000-dynamic-analysis-report***
+  - ***reversinglabs-a1000-sample-classification***
+  - ***reversinglabs-a1000-yara***
+  - ***reversinglabs-a1000-yara-retro***
+  - ***reversinglabs-a1000-list-containers***
+  - ***reversinglabs-a1000-upload-from-url-actions***
diff --git a/Packs/ReversingLabs_TitaniumScale/.secrets-ignore b/Packs/ReversingLabs_TitaniumScale/.secrets-ignore
@@ -14,3 +14,4 @@ t@0.0.0.99
 38.229.82.25
 116.202.120.166
 Win32.Ransomware.Tox
+5.0.1.26
diff --git a/...s/ReversingLabs_TitaniumScale/Integrations/ReversingLabsTitaniumScale/README.md b/...s/ReversingLabs_TitaniumScale/Integrations/ReversingLabsTitaniumScale/README.md
@@ -1,4 +1,23 @@
-ReversingLabs advanced file decomposition appliance.
+## Overview
+This integration supports using ReversingLabs Advanced File Analysis to 'detonate file' on the TitaniumScale Advanced Malware
+Analysis Appliance.
+
+The ReversingLabs TitaniumScale Appliance is powered by TitaniumCore, the malware analysis engine that performs 
+automated static analysis using the Active File Decomposition technology.
+
+TitaniumCore unpacks and recursively analyzes files without executing them, and extracts internal threat indicators to 
+classify files and determine their threat level. TitaniumCore is capable of identifying thousands of file format 
+families. It recursively unpacks hundreds of file format families, and fully repairs extracted files to enable further 
+analysis.
+
+* * *
+## Prerequisites
+
+You need to obtain the following:
+
+*   TitaniumScale instance
+*   TitaniumScale API Token
+
 
 ## Configure ReversingLabs TitaniumScale on Cortex XSOAR
 

diff --git a/Packs/ReversingLabs_TitaniumScale/ReleaseNotes/1_2_0.md b/Packs/ReversingLabs_TitaniumScale/ReleaseNotes/1_2_0.md
@@ -2,9 +2,9 @@
 ##### ReversingLabs TitaniumScale
 - Updated the Docker image to *demisto/reversinglabs-sdk-py3:2.0.0.96712*.
 
-Added new commands:
-- ***reversinglabs-titaniumscale-list-processing-tasks***  
-- ***reversinglabs-titaniumscale-get-processing-task-info***  
-- ***reversinglabs-titaniumscale-delete-processing-task***
-- ***reversinglabs-titaniumscale-delete-multiple-tasks***
-- ***reversinglabs-titaniumscale-get-yara-id***
+- Added new commands:
+  - ***reversinglabs-titaniumscale-list-processing-tasks***  
+  - ***reversinglabs-titaniumscale-get-processing-task-info***  
+  - ***reversinglabs-titaniumscale-delete-processing-task***
+  - ***reversinglabs-titaniumscale-delete-multiple-tasks***
+  - ***reversinglabs-titaniumscale-get-yara-id***
-Original file line number
+Diff line change
@@ Expand Up / @@ -76,3 +76,4 @@ http://nsis.sf.net @@
 ::C
 .140.161.243
     https://worldofcreatures.at
+.0.0.24