Skip to main content

ReversingLabs A1000 Content Pack Setup

Overview

This document describes how to setup and configure the ReversingLabs A1000 content pack for Palo Alto Cortex XSOAR.

The content pack contains the following XSOAR content:

  • 1 integration
  • 2 example playbooks

Prerequisites

To use the content pack, you must meet the following prerequisites:

  1. Have a ReversingLabs Spectra Analyze (formerly A1000) API Token.

Installation

To install the content pack:

  1. From the XSOAR menu, select "Marketplace":

  1. Next, enter "ReversingLabs" in the search bar and press the Enter key to search
  2. Select the "ReversingLabs A1000" content pack

alt text

  1. Click "Install"

alt text

  1. After the installation is completed, open the XSOAR menu and click "Settings"

  1. From the Integrations menu, enter "ReversingLabs" in the search box, then hit the Enter key to search for integrations.
  2. Look for the ReversingLabs A1000 integration, then click "Add instance"

alt text

  1. In the instance settings window, fill out the following required fields:
  • Name: provide a friendly name for the instance
  • ReversingLabs A1000 instance URL: enter the URL of your A1000 instance
  • API Token: enter your Spectra Analyze (formerly A1000) API token

alt text

  1. Click the "Test" button to validate the instance

alt text

The ReversingLabs TitaniumCloud integration is now ready to be used!

Playbooks

The content pack comes with 2 example playbooks that can be used to enrich XSOAR incidents.

Example: Detonate File - ReversingLabs A1000

This playbook looks for a file object and uploads the sample to the A1000 for analysis. In this example, an incident with a file attachment has been generated.

alt text

  1. From the incident view, click the "Work Plan" tab.
  2. Enter "ReversingLabs" in the playbook search.
  3. Select the "Detonate File - ReversingLabs A1000" playbook.
  4. The playbook will take some time to upload the file and wait for the analysis results.
Timeout Errors

If the playbook fails due to a timeout error, try running the playbook again.

alt text

  1. Once the playbook is completed, verify the sample was uploaded to the A1000.

alt text

  1. Navigate to the "War Room" tab to view the output of the playbook.

alt text