ReversingLabs A1000 Content Pack Setup
Overview
This document describes how to setup and configure the ReversingLabs A1000 content pack for Palo Alto Cortex XSOAR.
The content pack contains the following XSOAR content:
- 1 integration
- 2 example playbooks
Prerequisites
To use the content pack, you must meet the following prerequisites:
- Have a ReversingLabs Spectra Analyze (formerly A1000) API Token.
Installation
To install the content pack:
- From the XSOAR menu, select "Marketplace":
- Next, enter "ReversingLabs" in the search bar and press the Enter key to search
- Select the "ReversingLabs A1000" content pack
- Click "Install"
- After the installation is completed, open the XSOAR menu and click "Settings"
- From the Integrations menu, enter "ReversingLabs" in the search box, then hit the Enter key to search for integrations.
- Look for the ReversingLabs A1000 integration, then click "Add instance"
- In the instance settings window, fill out the following required fields:
- Name: provide a friendly name for the instance
- ReversingLabs A1000 instance URL: enter the URL of your A1000 instance
- API Token: enter your Spectra Analyze (formerly A1000) API token
- Click the "Test" button to validate the instance
The ReversingLabs TitaniumCloud integration is now ready to be used!
Playbooks
The content pack comes with 2 example playbooks that can be used to enrich XSOAR incidents.
Example: Detonate File - ReversingLabs A1000
This playbook looks for a file object and uploads the sample to the A1000 for analysis. In this example, an incident with a file attachment has been generated.
- From the incident view, click the "Work Plan" tab.
- Enter "ReversingLabs" in the playbook search.
- Select the "Detonate File - ReversingLabs A1000" playbook.
- The playbook will take some time to upload the file and wait for the analysis results.
Timeout Errors
If the playbook fails due to a timeout error, try running the playbook again.
- Once the playbook is completed, verify the sample was uploaded to the A1000.
- Navigate to the "War Room" tab to view the output of the playbook.