Activating the Spectra Analyze Enrichment
Overview
The Spectra Analyze Premium Enrichment for Anomali ThreatStream allows users of Spectra Analyze to enrich observables with information such as classification, malware family names and AV scanner results.
Getting Started
Before you begin you will need the URL of your Spectra Analyze appliance and an API key. To create an API key in the Spectra Analyze interface refer to the documentation of Spectra Analyze.
Activating the Enrichment
- When logged into ThreatStream navigate to the App Store and search for ReversingLabs.
- Click on "ReversingLabs Spectra Analyze" and in the dialog box click on "I Have Credentials"
- The "Credentials" link will appear. Click on "Credentials".
- The following fields are available under Credentials:
| Field | Required? | Description |
|---|---|---|
| Spectra Analyze Token | Required | API token configured in the Spectra Analyze interface. |
| Spectra Analyze Host | Required | The URL of the Spectra Analyze Appliance |
| Verify SSL Certificate | Optional | true or false |
| ReversingLabs Sandbox Platform | Optional | One of:
|
- Once the required fields are populated. Click on Activate
- The enrichment is now active.
Verifying the Enrichment
To verify the enrichment is active click on an observable and scroll down to the the Enrichments section of the page. A new tab should be present labeled "REVERSINGLABS SPECTRA ANALYZE" and the enrichment data should automatically load. The enrichment data provided will vary depending on the observable type and may look different from the screenshot below.
