Privacy
Account Role Types
ReversingLabs offers two primary account roles that govern file visibility and sharing:
-
Private Account
- This is the default setting for all accounts on Spectra Analyze and Spectra Detect appliances.
- Uploads are private by default; other ReversingLabs customers can see analysis metadata but not file contents or dynamic artifacts (dropped files, PCAPs, memory dumps).
- Public instances (e.g.,
https://a1000.reversinglabs.com/
) and Spectra Intelligence accounts may differ.
-
Public Account
- Files and dynamic artifacts uploaded by this account can be downloaded and viewed by other ReversingLabs customers.
Metadata accessibility also depends on the file size:
- Files 400 MB or less: all metadata is available.
- Files larger than 400 MB and smaller than or equal to 2 GB: reduced metadata set.
- Files larger than 2 GB: only file size and source info available.
If a private file is uploaded from another public source, it will cease to be treated as private. In this case, other ReversingLabs customers will be able to download the file.
Spectra Intelligence
Files can be submitted to Spectra Intelligence using the TCA-0202 / TCA-0203 File Upload service.
Account Role | Access to file content | Access to analysis results (metadata) | Reanalyze |
---|---|---|---|
Public | Yes | Yes | Yes |
Private | No | Yes | Yes |
Spectra Analyze
Account Role | Reanalyze file | Threat intelligence | Submit for Dynamic analysis (RLCS) |
---|---|---|---|
Public | Yes | Yes | Yes |
Private (Local sample) | Yes | Yes | Yes |
Private (Cloud sample) | No | No | No |
- If a locally available file is not uploaded to Spectra Intelligence, it will only be accessible to other users of the appliance.
- Hash Lookups: If Spectra Intelligence is enabled on the appliance, Spectra Analyze will query the cloud using only the file hash to check if the file is already known to ReversingLabs, enriching the local file reputation data.
- Threat Intelligence lookups are performed by searching for a sample’s threat name rather than its hash.
- Reanalyze Option: Users have the option to manually reanalyze the file, with checkboxes to upload it to Spectra Intelligence or ReversingLabs Cloud Sandbox. These both require file to be uploaded to the cloud, if it's not already available to ReversingLabs from another source. Once uploaded to Spectra Intelligence, files will be treated according to the account role, which is private by default.
- Automatic Uploads: Administrators can enable automatic uploads for all analyzed files.
- Check the Dynamic Analysis section below for more information on ReversingLabs Cloud Sandbox
Spectra Detect
- Spectra Detect doesn't store files, so local files will only be accessible to users who have access to file ingress/egress storage locations configured on the appliance.
- Hash Lookups: If Spectra Intelligence is enabled on the appliance, Spectra Detect Workers will query the cloud using file hashes to check if the file is already known to ReversingLabs, enriching the local file reputation data.
- If Deep Cloud Analysis is enabled, samples will be automatically uploaded to the cloud for in-depth analysis. Once uploaded to Spectra Intelligence, files will be treated according to the account role, which is private by default.
Dynamic Analysis in ReversingLabs Cloud Sandbox (RLCS)
The ReversingLabs Cloud Sandbox is accessible through Spectra Analyze, or using the TCA-0207 Dynamic Analysis service. It is a dynamic analysis service that also respects the configured account role. If a sample is private, other ReversingLabs customers will only be able to access the analysis results, but not the actual file content, dropped files, PCAP files, or memory string dumps.
Account Role | Retrieve Report (without artifact links) | Retrieve Report (with artifact links) |
---|---|---|
Public account | Yes | Yes |
Private account | Yes | Sample uploader only |
File Inspection Engine
The File Inspection Engine downloads a local threat database to classify files. It does not have the capability to upload files to ReversingLabs systems.
- Hash Lookups: If the application is configured to provide additional threat details (
--with-threat-details / RL_WITH_THREAT_DETAILS
) for malicious (and suspicious, when paranoid mode is enabled) files, it will query the cloud using only the file hashes.