Intezer - Analyze by hash

Analyzes the given file hash on Intezer Analyze and enriches the file reputation. Supports SHA256, SHA1, and MD5 hashes.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • GenericPolling

Integrations

  • Intezer v2

Scripts

This playbook does not use any scripts.

Commands

  • intezer-get-analysis-result
  • intezer-analyze-by-hash

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
IntervalHow often the polling command should run (in minutes).1-Required
TimeoutThe amount of time to wait before a timeout occurs (in minutes).10-Required
hashThe file hash of the file.SHA256FileOptional

Playbook Outputs


PathDescriptionType
File.SHA256The SHA256 hash of the file.string
File.MaliciousThe description of the malicious file.unknown
File.TypeThe file type. For example, "PE".string
File.SizeThe file size.number
File.MD5The MD5 hash of the file.string
File.NameThe file name.string
File.SHA1The SHA1 hash of the file.string
FileThe file object.unknown
File.Malicious.VendorThe vendor that made the decision tha the file is malicious.string
DBotScoreThe DBotScore object.unknown
DBotScore.IndicatorThe indicator that was tested.string
DBotScore.TypeThe indicator type.string
DBotScore.VendorVendor used to calculate the score.string
DBotScore.ScoreThe actual score.number

Playbook Image


Intezer_Analyze_by_hash