Third-party integrations
CAPE Sandbox
For more information about configuring this integration, see Integrations - CAPE Sandbox.
| Maximum supported file size | Submitting only distinct files | Queue limit & behavior |
|---|---|---|
| 400 MiB | Supported | Up to 60 submissions. Samples are considered queued if waiting for analysis. Running/processing samples do not count towards limit. For more information, see Queue limits and behavior. |
CAPE analysis reports are added under Dynamic Analysis > CAPE. CAPE offers two types of analysis: Behavioral and Network.
If enabled by an administrator, there is also a See Task on CAPE button at the top right of the section. This button redirects to the CAPE web interface, where it is possible to see more information about the file, and compare it to other analysis results.
Cisco Secure Malware Analytics
For more information about configuring this integration, see Integrations - Cisco Secure Malware Analytics.
| Maximum supported file size | Submitting only distinct files |
|---|---|
| 250 MiB | Not supported |
When Cisco Secure Malware Analytics finishes processing a sample, a report with the analysis results is sent to the Spectra Analyze appliance. This report can be accessed under Dynamic Analysis > Cisco Secure Malware Analytics.
Available reports from this integration include:
- Dropped files
- Indicators of compromise
- Networking
Cuckoo Sandbox
For more information about configuring this integration, see Integrations - Cuckoo Sandbox.
| Maximum supported file size | Submitting only distinct files | Queue limit & behavior |
|---|---|---|
| 400 MiB | Not supported | Up to 60 submissions. Samples are considered queued if waiting for analysis. Running/processing samples do not count towards limit. For more information, see Queue limits and behavior. |
Cuckoo reports are added under Dynamic Analysis > Cuckoo. Cuckoo offers two types of analysis: Behavioral and Network.
If enabled by an administrator, there is also a See Task on Cuckoo button at the top right of the section. This button redirects to the Cuckoo interface, where it is possible to see more information about the file, and compare it to other analysis results.
FireEye Sandbox
For more information about configuring this integration, see Integrations - FireEye Sandbox.
| Maximum supported file size | Submitting only distinct files | Queue limit & behavior |
|---|---|---|
| 100 MiB | Not supported | Up to 100 submissions. Samples are considered queued if waiting for analysis or already being processed. For more information, see Queue limits and behavior. |
If FireEye is enabled by an administrator, the Fetch profiles button retrieves a list of profiles available on the FireEye instance. Supported file types can be assigned to profiles that are used for dynamic analysis. Each file type can be assigned to only one profile.
New samples of the supported file type assigned to a profile are automatically sent for dynamic analysis.
When FireEye finishes processing a sample, a report with the analysis results is sent to the Spectra Analyze appliance. This report can be accessed under Dynamic Analysis > FireEye.
For more details on configuring and using the FireEye integration, contact ReversingLabs Support.
Joe Sandbox
For more information about configuring this integration, see Integrations - Joe Sandbox.
| Maximum supported file size | Submitting only distinct files | Queue limit & behavior |
|---|---|---|
| 400 MiB | Supported | Up to 20 submissions. Samples are considered queued if waiting for analysis. Running/processing samples do not count towards limit. On timeout, displays "Failed Upload" status message under Dynamic Analysis > Joe Sandbox. If this happens, the failed sample no longer remains in the queue. For more information, see Queue limits and behavior. |
If Joe Sandbox is enabled by an administrator, the Fetch profiles button retrieves a list of profiles available on the Joe Sandbox instance. Supported file types can be assigned to profiles that are used for dynamic analysis. Each file type can be assigned to only one profile.
New samples of the supported file type assigned to a profile are automatically sent for dynamic analysis.
Appliance administrators can check the status of the Joe Sandbox service on the System Status page, under External Services Connectivity.
Joe Sandbox analysis reports are added under Dynamic Analysis > Joe Sandbox. Clicking the section name in the sidebar opens the page with general information about Joe Sandbox, and details about the latest analysis.
If enabled by an administrator, there is also a See Task on Joe Sandbox button at the top right of the page.
Additional information is available on the following tabs:
- Behavior Analysis: contains the process tree menu obtained from the Joe Sandbox JSON report.
- Network Analysis: displays all network activity detected during dynamic analysis. The following protocols are listed: TCP, UDP, DNS, HTTP, HTTPS, FTP, ICMP, IRC and SMTP.
- Domains/IPs/URLs: shows the extracted URIs in three separate tabs as they are differentiated in the HTML report. Public and private IP addresses are not in separate tabs; instead, they have a boolean attribute Private visible in the list.
VMRay
For more information about configuring this integration, see Integrations - VMRay.
| Maximum supported file size | Submitting only distinct files |
|---|---|
| 305 MiB | Not supported |
There is no need to retrieve available profiles/environments from VMRay and assign file types to specific platforms. Samples are sent to dynamic analysis according to how the VMRay instance is configured.
When VMRay finishes processing a sample, a report with the analysis results is sent to the Spectra Analyze appliance. This report can be accessed under Dynamic Analysis > VMRay.