Skip to main content

ReversingLabs TitaniumCloud Content Pack Setup

Overview

This document describes how to setup and configure the ReversingLabs TitaniumCloud content pack for Palo Alto Cortex XSOAR.

The content pack contains the following XSOAR content:

  • 1 integration
  • 4 example playbooks

Prerequisites

To use the content pack, you must meet the following prerequisites:

  1. Have a ReversingLabs Spectra Intelligence (formerly TitaniumCloud) username and password.

Installation

To install the content pack:

  1. From the XSOAR menu, select "Marketplace":

  1. Next, enter "ReversingLabs" in the search bar and press the Enter key to search
  2. Select the "ReversingLabs TitaniumCloud" content pack

  1. Click "Install"

  1. After the installation is completed, open the XSOAR menu and click "Settings"

  1. From the Integrations menu, enter "ReversingLabs" in the search box, then hit the Enter key to search for integrations.
  2. Look for the ReversingLabs TitaniumCloud integration, then click "Add instance"

  1. In the instance settings window, fill out the following required fields:
  • Name: provide a friendly name for the instance
  • ReversingLabs TitaniumCloud URL: leave this value as the default (https://data.reversinglabs.com)
  • Credentials: enter your Spectra Intelligence (formerly TitaniumCloud) username
  • Password: enter your Spectra Intelligence (formerly TitaniumCloud) password

  1. Click the "Test" button to validate the instance

The ReversingLabs TitaniumCloud integration is now ready to be used!

Playbooks

The content pack comes with 4 example playbooks that can be used to enrich XSOAR incidents.

Manually Call a Playbook

Playbooks can be run manually to provide enrich as needed. In this example, a security incident has been created that contains a SHA1 file hash indicator. A ReversingLabs playbook will provide additional context for the file hash.

NOTE

This playbook currently requires the indicator value to be in the "File SHA1" field.

  1. From the incident view, click the "Work Plan" tab.
  2. Enter "ReversingLabs" in the playbook search.

alt text

  1. Navigate to the "War Room" tab to view the output of the playbook.

alt text