VMRay

the vmray connector enables automated malware analysis and threat detection by integrating vmray's advanced sandboxing technology with the swimlane turbine platform vmray provides cutting edge malware analysis and detection capabilities, offering deep insights into threats by analyzing files, emails, and urls the vmray connector for swimlane turbine enables security teams to automate the ingestion and analysis of potential threats, streamlining the process of identifying and mitigating email based attacks, file based malware, and other cyber threats by integrating vmray with swimlane turbine, users can leverage automated workflows to quickly obtain detailed analysis reports, threat intelligence, and indicators of compromise (iocs), enhancing their security posture and response times prerequisites to effectively utilize the vmray connector within the swimlane turbine platform, ensure you have the following api key authentication with the necessary parameters url the endpoint url for the vmray api api key your unique authentication key to access the vmray api capabilities this connector provides the following capabilities email threat defender get analysis report get analysis results get sample by id get sample pdf get sample iocs by sample id get sample vmray threat identifiers get submission by id md5 lookup submit url submit file additional information about capabilities file upload requires a valid sample type in order for analysis to be conducted these are the possible sample types unknown custom excel document html application html application (shell link) html document jscript java archive java class msi setup macromedia flash microsoft access database microsoft publisher document pdf document powershell script and so on about email threat defender fields you can select which fields to return in the response using the fields parameter it takes a list of fields (comma delimited and in parentheses) certain fields can also be followed by a list of their subfields for example, to return only the message id, verdict, filenames of attachments and verdicts of attachment, use the following parameter fields=(email message id,email verdict,email attachments(attachment filename,attachment verdict)) the following fields and subfields are available email vmray uuid email message id email sent email received email sensor id email verdict email verdict reached email sender email recipients email subject email webif url email headers header name header value email plain body and so on in order to access the email plain body and email html body fields, the user has to have the corresponding permission configurations vmray api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x apikey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions email threat defender integrate with vmray's email threat defender to analyze and mitigate email based security threats effectively endpoint url /rest/email method get input argument name type required description fields string optional parameter for email threat defender output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get file analysis report retrieve a detailed file analysis report from vmray using the provided unique identifier endpoint url /rest/analysis/{{id}}/archive/logs/summary json method get input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get file analysis results retrieve detailed file analysis results from vmray using the provided unique identifier endpoint url /rest/analysis/sample/{{id}} method get input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get sample by id retrieve a specific malware sample from vmray using the provided sample id endpoint url /rest/sample/{{id}} method get input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get sample iocs by sample id retrieve indicators of compromise (iocs) for a specific sample id from vmray, using the required 'sample id' path parameter endpoint url /rest/sample/{{sample id}}/iocs method get input argument name type required description all artifacts boolean optional parameter for get sample iocs by sample id ioc severity string optional parameter for get sample iocs by sample id ioc type string optional type of the resource ioc verdict string optional parameter for get sample iocs by sample id sample id number required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "mon, 06 march 2025 20 11 44 gmt", "content type" "application/json", "content length" "144" }, "reason" "ok", "json body" {} } ] get sample pdf retrieve a pdf report for a specific sample in vmray using the provided sample id endpoint url /rest/sample/{{id}}/report method get input argument name type required description id string required unique identifier output parameter type description file object attachments file string output field file file name string name of the resource status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] get sample vmray threat identifiers retrieve threat identifiers for a specific sample in vmray using the provided sample id endpoint url /rest/sample/{{sample id}}/vtis method get input argument name type required description sample id number required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "date" "mon, 06 march 2025 20 11 44 gmt", "content type" "application/json", "content length" "144" }, "reason" "ok", "json body" {} } ] get submission by id retrieve detailed data for a specific submission in vmray using the provided unique submission id endpoint url /rest/submission/{{id}} method get input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] md5 lookup retrieve a sample associated with a specified md5 hash from vmray, identified by the 'id' path parameter endpoint url /rest/sample/md5/{{id}} method get input argument name type required description id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] submit file submits a file to vmray for detailed analysis, specifying submission type and reanalysis options, with required json body and file attachment endpoint url /rest/sample/submit method post input argument name type required description files array required file to be uploaded file string optional parameter for submit file file name string optional name of the resource submission type string required type of the resource reanalyze boolean required parameter for submit file output parameter type description status code number http status code of the response reason string response reason phrase data object response data errors array error message if any jobs array output field jobs job account id number unique identifier job analyzer id number unique identifier job analyzer name string name of the resource job bill id number unique identifier job bill type string type of the resource job configuration description string output field job configuration description job configuration id number unique identifier job configuration name string name of the resource job created string output field job created job document password object output field job document password job enable custom av boolean output field job enable custom av job enable local av boolean output field job enable local av job id number unique identifier job jobrule id number unique identifier job jobrule sampletype string type of the resource job parent analysis id object unique identifier job prescript force admin boolean output field job prescript force admin job prescript id object unique identifier job priority number output field job priority job quota type string type of the resource example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" {}, "result" "string" } } ] submit url submits a url to vmray for analysis and categorizes the content based on the sample type and url provided endpoint url /rest/sample/submit method post input argument name type required description sample url string required url endpoint for the request sample type string required type of the resource output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" {} } ] response headers header description example connection http response header connection content length the length of the response body in bytes 144 content security policy http response header content security policy content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt referrer policy http response header referrer policy server information about the software used by the origin server set cookie http response header set cookie strict transport security http response header strict transport security vary http response header vary x content type options http response header x content type options x frame options http response header x frame options x xss protection http response header x xss protection