Skip to main content

ReversingLabs A1000 Content Pack Setup

Overview

This document describes how to setup and configure the ReversingLabs A1000 content pack for Palo Alto Cortex XSOAR.

The content pack contains the following XSOAR content:

  • 1 integration
  • 2 example playbooks

Prerequisites

To use the content pack, you must meet the following prerequisites:

  1. Have a ReversingLabs Spectra Analyze (formerly A1000) API Token.

Installation

To install the content pack:

  1. From the XSOAR menu, select "Marketplace":

Cortex XSOAR menu showing Marketplace option

  1. Next, enter "ReversingLabs" in the search bar and press the Enter key to search
  2. Select the "ReversingLabs A1000" content pack

Marketplace search results showing ReversingLabs A1000 content pack

  1. Click "Install"

ReversingLabs A1000 content pack with Install button highlighted

  1. After the installation is completed, open the XSOAR menu and click "Settings"

Cortex XSOAR menu with Settings option

  1. From the Integrations menu, enter "ReversingLabs" in the search box, then hit the Enter key to search for integrations.
  2. Look for the ReversingLabs A1000 integration, then click "Add instance"

Cortex XSOAR Integrations search showing ReversingLabs A1000 and Add instance button

  1. In the instance settings window, fill out the following required fields:
  • Name: provide a friendly name for the instance
  • ReversingLabs A1000 instance URL: enter the URL of your A1000 instance
  • API Token: enter your Spectra Analyze (formerly A1000) API token

Cortex XSOAR A1000 integration instance configuration form

  1. Click the "Test" button to validate the instance

Cortex XSOAR integration Test button for validating A1000 connection

The ReversingLabs TitaniumCloud integration is now ready to be used!

Playbooks

The content pack comes with 2 example playbooks that can be used to enrich XSOAR incidents.

Example: Detonate File - ReversingLabs A1000

This playbook looks for a file object and uploads the sample to the A1000 for analysis. In this example, an incident with a file attachment has been generated.

Cortex XSOAR incident view with file attachment ready for analysis

  1. From the incident view, click the "Work Plan" tab.
  2. Enter "ReversingLabs" in the playbook search.
  3. Select the "Detonate File - ReversingLabs A1000" playbook.
  4. The playbook will take some time to upload the file and wait for the analysis results.
Timeout Errors

If the playbook fails due to a timeout error, try running the playbook again.

Cortex XSOAR Work Plan showing Detonate File ReversingLabs A1000 playbook

  1. Once the playbook is completed, verify the sample was uploaded to the A1000.

Cortex XSOAR playbook execution results showing file upload confirmation

  1. Navigate to the "War Room" tab to view the output of the playbook.

Cortex XSOAR War Room tab showing playbook execution output and analysis results