Logic App Connectors
Overview
ReversingLabs has extended Microsoft Sentinel's security capabilities with Logic App connectors for two of our key products: Spectra Intelligence and Spectra Analyze. These integrations empower Security Operations Center (SOC) teams to streamline their threat detection and response workflows within Microsoft's cloud-native SIEM platform. Through these connectors, security analysts can automatically leverage ReversingLabs' advanced file analysis and threat intelligence capabilities, reducing manual investigation time and accelerating incident response.
This document provides an overview of the capabilities and describes how to set up and configure these connectors for use in Logic app workflows.
Spectra Intelligence Connector
The Spectra Intelligence (formerly TitaniumCloud) Connector integrates ReversingLabs' advanced threat intelligence into Microsoft Sentinel via Logic Apps. It allows security analysts to enrich incidents and alerts with automated reputation lookups and detailed file analysis. This helps SOC teams detect threats proactively and streamline investigation processes, saving time on manual data gathering.
Key Capabilities
- File Reputation Lookups: Automatically query the reputation of files and hashes in real-time.
- Threat Intelligence Enrichment: Add actionable insights from ReversingLabs to Microsoft Sentinel incidents.
- Automated Workflow Integration: Use the connector within Logic Apps to trigger alerts or incident responses without human intervention.
Authorizing the Spectra Intelligence Connector
To authorize the Spectra Intelligence connector, provide the following parameters:
- Connection Name: a friendly name for the connection
- Username: the username used to authenticate to Spectra Intelligence
- Password: the password used to authenticate to Spectra Intelligence
Spectra Analyze Connector
The ReversingLabs Spectra Analyze Connector offers advanced file analysis capabilities directly within Microsoft Sentinel through Logic Apps. This integration helps SOC teams automate the process of analyzing suspicious files, enabling quick insights into malware behavior, classifications, and dynamic analysis reports. Using Spectra Analyze ensures that analysts can respond faster to security incidents by minimizing manual analysis time and enriching alerts with comprehensive malware insights.
Key Capabilities
- Dynamic File Analysis: Automatically trigger sandbox analysis and retrieve detailed reports on malware behavior.
- File Classification: Query file hashes to receive immediate classification results, including malware families or threat indicators.
- Actionable Reports: Leverage detailed reports to include insights like MITRE ATT&CK techniques observed during the analysis.
Authorizing the Spectra Analyze Connector
To authorize the Spectra Analyze connector, provide the following parameters:
- Connection Name: a friendly name for the connection
- Token: the API token used to authenticate to the Spectra Analyze API, in the format
Token <your token value> - A1000 Host URL: the URL of the Spectra Analyze appliance, in the format
https://<hostname>
The API token MUST be in the following format: Token <your token value>
Additional Resources
Check out the following Microsoft Learn pages on our connectors: