Skip to main content

ReversingLabs TitaniumCloud Content Pack Setup

Overview

This document describes how to setup and configure the ReversingLabs TitaniumCloud content pack for Palo Alto Cortex XSOAR.

The content pack contains the following XSOAR content:

  • 1 integration
  • 4 example playbooks

Prerequisites

To use the content pack, you must meet the following prerequisites:

  1. Have a ReversingLabs Spectra Intelligence (formerly TitaniumCloud) username and password.

Installation

To install the content pack:

  1. From the XSOAR menu, select "Marketplace":

Cortex XSOAR menu showing Marketplace option

  1. Next, enter "ReversingLabs" in the search bar and press the Enter key to search
  2. Select the "ReversingLabs TitaniumCloud" content pack

Marketplace search results showing ReversingLabs TitaniumCloud content pack

  1. Click "Install"

ReversingLabs TitaniumCloud content pack with Install button highlighted

  1. After the installation is completed, open the XSOAR menu and click "Settings"

Cortex XSOAR menu with Settings option

  1. From the Integrations menu, enter "ReversingLabs" in the search box, then hit the Enter key to search for integrations.
  2. Look for the ReversingLabs TitaniumCloud integration, then click "Add instance"

Cortex XSOAR Integrations search showing ReversingLabs TitaniumCloud and Add instance

  1. In the instance settings window, fill out the following required fields:
  • Name: provide a friendly name for the instance
  • ReversingLabs TitaniumCloud URL: leave this value as the default (https://data.reversinglabs.com)
  • Credentials: enter your Spectra Intelligence (formerly TitaniumCloud) username
  • Password: enter your Spectra Intelligence (formerly TitaniumCloud) password

Cortex XSOAR TitaniumCloud integration instance configuration form

  1. Click the "Test" button to validate the instance

Cortex XSOAR integration Test button for validating TitaniumCloud connection

The ReversingLabs TitaniumCloud integration is now ready to be used!

Playbooks

The content pack comes with 4 example playbooks that can be used to enrich XSOAR incidents.

Manually Call a Playbook

Playbooks can be run manually to provide enrich as needed. In this example, a security incident has been created that contains a SHA1 file hash indicator. A ReversingLabs playbook will provide additional context for the file hash.

NOTE

This playbook currently requires the indicator value to be in the "File SHA1" field.

Cortex XSOAR incident view with File SHA1 indicator field required for playbook

  1. From the incident view, click the "Work Plan" tab.
  2. Enter "ReversingLabs" in the playbook search.

Cortex XSOAR Work Plan tab with ReversingLabs playbook search results

  1. Navigate to the "War Room" tab to view the output of the playbook.

Cortex XSOAR War Room tab showing ReversingLabs playbook execution results