Privacy & Data Sharing
Account Role Types
ReversingLabs offers two primary account roles that govern file visibility and sharing:
-
Private Account
- This is the default setting for all accounts on Spectra Analyze and Spectra Detect appliances.
- Uploads are private by default; other ReversingLabs customers can see analysis metadata but not file contents or dynamic artifacts (dropped files, PCAPs, memory dumps).
- Public instances (e.g.,
https://a1000.reversinglabs.com/) and Spectra Intelligence accounts may differ.
-
Public Account
- Files and dynamic artifacts uploaded by this account can be downloaded and viewed by other ReversingLabs customers.
Metadata accessibility also depends on the file size:
- Files 400 MB or less: all metadata is available.
- Files larger than 400 MB and smaller than or equal to 2 GB: reduced metadata set.
- Files larger than 2 GB: only file size and source info available.
If a private file is uploaded from another public source, it will cease to be treated as private. In this case, other ReversingLabs customers will be able to download the file.
Spectra Intelligence
Files
Files can be submitted to Spectra Intelligence using the TCA-0202 / TCA-0203 File Upload service.
| Account Role | Access to file content | Access to analysis results (metadata) | Reanalyze |
|---|---|---|---|
| Public | Yes | Yes | Yes |
| Private | No | Yes | Yes |
URLs
URLs can be submitted to Spectra Intelligence using the TCA-0404 Analyze URL service.
Data Handling and Privacy Considerations
- Public Resource Requirement: TCA-0404 Analyze URL can only access and analyze publicly reachable online resources.
- Public Data Treatment: All submitted URLs and downloaded files are treated as public and will be visible and accessible to all Spectra Intelligence users.
- URL Normalization: URL normalization is performed during request submission, which may automatically remove or convert duplicate and empty elements in the URL.
To protect potentially sensitive information when using URL analysis services:
- Remove Personal Identifiers: Strip any personal identifiers, session tokens, or user-specific parameters from URLs before submission
- Avoid Internal URLs: Do not submit URLs containing internal network addresses, private IP ranges, or intranet resources
- Review URL Parameters: Remove or sanitize query parameters that may contain sensitive data such as:
- User IDs or account numbers
- Authentication tokens or session identifiers
- Personal information (names, emails, phone numbers)
- Proprietary or confidential data
- Use Generic Examples: When possible, use generic or anonymized versions of URLs for analysis
- Organizational Policy: Ensure URL submissions comply with your organization's data privacy and security policies
Spectra Analyze
| Account Role | Reanalyze file | Threat intelligence | Submit for Dynamic analysis (RLCS) |
|---|---|---|---|
| Public | Yes | Yes | Yes |
| Private (Local sample) | Yes | Yes | Yes |
| Private (Cloud sample) | No | No | No |
- If a locally available file is not uploaded to Spectra Intelligence, it will only be accessible to other users of the appliance.
- Hash Lookups: If Spectra Intelligence is enabled on the appliance, Spectra Analyze will query the cloud using only the file hash to check if the file is already known to ReversingLabs, enriching the local file reputation data.
- Threat Intelligence lookups are performed by searching for a sample’s threat name rather than its hash.
- Reanalyze Option: Users have the option to manually reanalyze the file, with checkboxes to upload it to Spectra Intelligence or ReversingLabs Cloud Sandbox. These both require file to be uploaded to the cloud, if it's not already available to ReversingLabs from another source. Once uploaded to Spectra Intelligence, files will be treated according to the account role, which is private by default.
- Automatic Uploads: Administrators can enable automatic uploads for all analyzed files.
- Check the Dynamic Analysis section below for more information on ReversingLabs Cloud Sandbox
Spectra Detect
- Spectra Detect doesn't store files, so local files will only be accessible to users who have access to file ingress/egress storage locations configured on the appliance.
- Hash Lookups: If Spectra Intelligence is enabled on the appliance, Spectra Detect Workers will query the cloud using file hashes to check if the file is already known to ReversingLabs, enriching the local file reputation data.
- If Deep Cloud Analysis is enabled, samples will be automatically uploaded to the cloud for in-depth analysis. Once uploaded to Spectra Intelligence, files will be treated according to the account role, which is private by default.
Dynamic Analysis in ReversingLabs Cloud Sandbox (RLCS)
The ReversingLabs Cloud Sandbox is accessible through Spectra Analyze, or using the TCA-0207 Dynamic Analysis service. It is a dynamic analysis service that also respects the configured account role. If a sample is private, other ReversingLabs customers will only be able to access the analysis results, but not the actual file content, dropped files, PCAP files, or memory string dumps.
| Account Role | Retrieve Report (without artifact links) | Retrieve Report (with artifact links) |
|---|---|---|
| Public account | Yes | Yes |
| Private account | Yes | Sample uploader only |
File Inspection Engine
The File Inspection Engine downloads a local threat database to classify files. It does not have the capability to upload files to ReversingLabs systems.
- Cloud Hash Lookups: If the application is configured to provide additional threat details (
--with-threat-details / RL_WITH_THREAT_DETAILS) for malicious (and suspicious, when paranoid mode is enabled) files, it will query the cloud using only the file hashes.