Lastline Analyst

the lastline analyst connector enables automated malware analysis and threat intelligence gathering directly within security workflows lastline analyst is a renowned platform for advanced malware analysis, providing detailed insights into emerging threats the lastline analyst connector for swimlane turbine enables users to automate the creation of indicators of compromise (iocs), retrieve ioc metadata, analyze files and urls, and track detailed analysis results this integration empowers security teams to enhance their threat detection and response capabilities, streamline analysis workflows, and rapidly identify and mitigate potential security risks within their digital environment prerequisites to effectively utilize the lastline analyst connector with turbine, ensure you have the following prerequisites http basic authentication with these parameters url the endpoint url for the lastline analyst api api key your unique api key provided by lastline analyst for authentication api token a token paired with your api key to establish a secure connection capabilities the vmware lastline analyst connector has the following capabilities submit url submit file get url results get file results get ioc create ioc configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username api key string required password api token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create ioc from result generates an indicator of compromise (ioc) from a specified result using the provided data body in lastline analyst endpoint url /analysis/ioc/create ioc from result method post input argument name type required description data body object required response data data body uuid string required response data data body report uuid string required response data data body report version string required response data input example {"data body" {"uuid" "uuid","report uuid" "report uuid","report version" "report version"}} output parameter type description status code number http status code of the response reason string response reason phrase success number whether the operation was successful error code number error message if any error string error message if any output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 17 12 33 gmt","content type" "application/json; charset=utf 8","content length" "65","strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google","alt svc" "h3=\\" 443\\"; ma=2592000,h3 29=\\" 443\\"; ma=2592000"},"reason" "ok","json body" {"success" 0,"error code" 122,"error" "missing credentials"}} get ioc metadata retrieve metadata for a specified indicator of compromise (ioc) in lastline analyst using the unique ioc uuid endpoint url analysis/ioc/get ioc metadata method get input argument name type required description parameters ioc uuid string required parameters for the get ioc metadata action input example {"parameters" {"ioc uuid" "ca46fd1072644e7cb1ff0b1633c6b537"}} output parameter type description status code number http status code of the response reason string response reason phrase success number whether the operation was successful error code number error message if any error string error message if any output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 15 12 14 gmt","content type" "application/json; charset=utf 8","content length" "65","strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google","alt svc" "h3=\\" 443\\"; ma=2592000,h3 29=\\" 443\\"; ma=2592000"},"reason" "ok","json body" {"success" 0,"error code" 122,"error" "missing credentials"}} get results retrieve detailed analysis results from lastline analyst using the provided unique identifier (uuid) endpoint url /analysis/get method get input argument name type required description parameters uuid string required parameters for the get results action input example {"parameters" {"uuid" "ca46fd1072644e7cb1ff0b1633c6b537"}} output parameter type description status code number http status code of the response reason string response reason phrase success number whether the operation was successful error code number error message if any error string error message if any output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 18 24 24 gmt","content type" "application/json; charset=utf 8","content length" "65","strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google","alt svc" "h3=\\" 443\\"; ma=2592000,h3 29=\\" 443\\"; ma=2592000"},"reason" "ok","json body" {"success" 0,"error code" 122,"error" "missing credentials"}} submit file submits a file to lastline analyst for analysis, providing a unique identifier for submission tracking endpoint url /analysis/submit/file method post input argument name type required description data body object required response data data body md5 string optional response data data body sha1 string optional response data data body sha256 string optional response data input example {"data body" {"md5" "ca46fd1072644e7cb1ff0b1633c6b537","sha1" "ca46fd1072644e7cb1ff0b1633c6b537","sha256" "ca46fd1072644e7cb1ff0b1633c6b537"}} output parameter type description status code number http status code of the response reason string response reason phrase success number whether the operation was successful error code number error message if any error string error message if any output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 20 40 17 gmt","content type" "application/json; charset=utf 8","content length" "65","strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google","alt svc" "h3=\\" 443\\"; ma=2592000,h3 29=\\" 443\\"; ma=2592000"},"reason" "ok","json body" {"success" 0,"error code" 122,"error" "missing credentials"}} submit url submit a url to lastline analyst for threat analysis and obtain a comprehensive report on detected security risks endpoint url /analysis/submit/url method post input argument name type required description data body object required response data data body url string required response data input example {"data body" {"url" "https //www google com"}} output parameter type description status code number http status code of the response reason string response reason phrase success number whether the operation was successful error code number error message if any error string error message if any output example {"status code" 200,"response headers" {"date" "tue, 20 jun 2023 17 53 14 gmt","content type" "application/json; charset=utf 8","content length" "65","strict transport security" "max age=15724800; includesubdomains","server" "ingress nginx","via" "1 1 google","alt svc" "h3=\\" 443\\"; ma=2592000,h3 29=\\" 443\\"; ma=2592000"},"reason" "ok","json body" {"success" 0,"error code" 122,"error" "missing credentials"}} response headers header description example alt svc http response header alt svc h3=" 443 "; ma=2592000,h3 29=" 443 "; ma=2592000 content length the length of the response body in bytes 65 content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated tue, 20 jun 2023 18 24 24 gmt server information about the software used by the origin server ingress nginx strict transport security http response header strict transport security max age=15724800; includesubdomains via http response header via 1 1 google