Detonate File - VMRay

Detonates a file with VMRay.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • GenericPolling

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

  • vmray-get-submission
  • vmray-upload-sample
  • vmray-get-sample
  • vmray-get-analysis-by-sample
  • vmray-get-threat-indicators
  • vmray-get-iocs

Playbook Inputs


NameDescriptionDefault ValueRequired
FileThe file to detonate.${File}Optional
intervalThe frequency in which to poll for results.1Optional
timeoutThe amount of time to wait before giving up waiting for results.10Optional
document_passwordThe field to fill if the file is a password-protected document.-Optional
archive_passwordThe field to fill if the file is a password-protected archive.-Optional
sample_typeThe sample type.-Optional
shareableWhether to make the file shareable.-Optional
reanalyzeWhether VMRay should re-analyze the file.-Optional
max_jobsThe maximum jobs to create in VMRay.-Optional
tagsThe tags of the file (comma-separated).-Optional

Playbook Outputs


PathDescriptionType
VMRay.Job.JobIDThe ID of a new job.number
VMRay.Job.SampleIDThe ID of sample.number
VMRay.Job.CreatedThe timestamp of the created job.date
VMRay.Job.VMNameThe name of virtual machine.string
VMRay.Job.VMIDThe ID of virtual machine.number
VMRay.Sample.SampleIDThe sample ID of the task.number
VMRay.Sample.CreatedThe timestamp of the created sample.date
VMRay.Submission.SubmissionIDThe submission ID.number
VMRay.Submission.HadErrorsWhether there are any errors in the submission.unknown
VMRay.Submission.IsFinishedThe status of submission. Can be, "true" or "false".boolean
VMRay.Submission.MD5The MD5 hash of the sample in submission.string
VMRay.Submission.SHA1The SHA1 hash of the sample in submission.string
VMRay.Submission.SHA256The SHA256 hash of the sample in submission.string
VMRay.Submission.SeverityThe severity of the sample in submission. Can be, "Malicious", "Suspicious", "Good", "Blacklisted", "Whitelested", or "Unknown".string
VMRay.Submission.SSDeepThe SSDeep of the sample in submission.string
VMRay.Submission.SampleIDThe ID of the sample in submission.number
VMRay.Sample.FileNameThe file name of the sample.string
VMRay.Sample.MD5The MD5 hash of the sample.string
VMRay.Sample.SHA1The SHA1 hash of the sample.string
VMRay.Sample.SHA256The SHA256 hash of the sample.string
VMRay.Sample.SSDeepThe SSDeep of the sample.string
VMRay.Sample.SeverityThe severity of the sample in submission. Can be, "Malicious", "Suspicious", "Good", "Blacklisted", "Whitelested", or "Unknown".string
VMRay.Sample.TypeThe file type.string
VMRay.Sample.ClassificationsThe classifications of the sample.string
VMRay.Sample.IOC.URL.AnalysisIDThe IDs of the other analyses that contain the given URL.unknown
VMRay.Sample.IOC.URL.URLThe URL.unknown
VMRay.Sample.IOC.URL.OperationThe operation of the specified URL.unknown
VMRay.Sample.IOC.URL.IDThe ID of the URL.unknown
VMRay.Sample.IOC.URL.TypeThe type of the URL.unknown
VMRay.Sample.IOC.Domain.AnalysisIDThe IDs of the other analyses that contain the given domain.unknown
VMRay.Sample.IOC.Domain.DomainThe domain.unknown
VMRay.Sample.IOC.Domain.IDThe ID of the domain.unknown
VMRay.Sample.IOC.Domain.TypeThe type of the domain.unknown
VMRay.Sample.IOC.IP.AnalysisIDThe IDs of the other analyses that contain the given IP address.unknown
VMRay.Sample.IOC.IP.IPThe IP address.unknown
VMRay.Sample.IOC.IP.OperationThe operation of the given IP address.unknown
VMRay.Sample.IOC.IP.IDThe ID of the IP address.unknown
VMRay.Sample.IOC.IP.TypeThe type of the IP address.unknown
VMRay.Sample.IOC.Mutex.AnalysisIDThe IDs of the other analyses that contain the given IP address.unknown
VMRay.Sample.IOC.Mutex.NameThe name of the mutex.unknown
VMRay.Sample.IOC.Mutex.OperationThe operation of the given mutex.unknown
VMRay.Sample.IOC.Mutex.IDThe ID of the mutex.unknown
VMRay.Sample.IOC.Mutex.TypeThe type of the mutex.unknown
VMRay.Sample.IOC.File.AnalysisIDThe IDs of the other analyses that contain the given file.unknown
VMRay.Sample.IOC.File.NameThe name of the file.unknown
VMRay.Sample.IOC.File.OperationThe operation of the given file.unknown
VMRay.Sample.IOC.File.IDThe ID of the file.unknown
VMRay.Sample.IOC.File.TypeThe type of the file.unknown
VMRay.Sample.IOC.File.Hashes.MD5The MD5 hash of the given file.unknown
VMRay.Sample.IOC.File.Hashes.SSDeepThe SSDeep of the given file.unknown
VMRay.Sample.IOC.File.Hashes.SHA256The SHA256 hash of the given file.unknown
VMRay.Sample.IOC.File.Hashes.SHA1The SHA1 hash of the given file.unknown
VMRay.ThreatIndicator.AnalysisIDThe list of the connected analysis IDs.unknown
VMRay.ThreatIndicator.CategoryThe category of the threat indicators.unknown
VMRay.ThreatIndicator.ClassificationThe classifications of the threat indicators.unknown
VMRay.ThreatIndicator.IDThe ID of the a threat indicator.unknown
VMRay.ThreatIndicator.OperationThe operation that the indicators caused.unknown

Playbook Image


VMRay-Detonate-File