VMRay

the vmray connector enables automated malware analysis and threat detection by integrating vmray's advanced sandboxing technology with the swimlane turbine platform vmray provides cutting edge malware analysis and detection capabilities, offering deep insights into threats by analyzing files, emails, and urls the vmray connector for swimlane turbine enables security teams to automate the ingestion and analysis of potential threats, streamlining the process of identifying and mitigating email based attacks, file based malware, and other cyber threats by integrating vmray with swimlane turbine, users can leverage automated workflows to quickly obtain detailed analysis reports, threat intelligence, and indicators of compromise (iocs), enhancing their security posture and response times prerequisites to effectively utilize the vmray connector within the swimlane turbine platform, ensure you have the following api key authentication with the necessary parameters url the endpoint url for the vmray api api key your unique authentication key to access the vmray api capabilities this connector provides the following capabilities email threat defender get analysis report get analysis results get sample by id get sample pdf get sample iocs by sample id get sample vmray threat identifiers get submission by id md5 lookup submit url submit file additional information about capabilities file upload requires a valid sample type in order for analysis to be conducted these are the possible sample types unknown custom excel document html application html application (shell link) html document jscript java archive java class msi setup macromedia flash microsoft access database microsoft publisher document pdf document powershell script and so on about email threat defender fields you can select which fields to return in the response using the fields parameter it takes a list of fields (comma delimited and in parentheses) certain fields can also be followed by a list of their subfields for example, to return only the message id, verdict, filenames of attachments and verdicts of attachment, use the following parameter fields=(email message id,email verdict,email attachments(attachment filename,attachment verdict)) the following fields and subfields are available email vmray uuid email message id email sent email received email sensor id email verdict email verdict reached email sender email recipients email subject email webif url email headers header name header value email plain body and so on in order to access the email plain body and email html body fields, the user has to have the corresponding permission configurations vmray api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x apikey api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions email threat defender integrate with vmray's email threat defender to analyze and mitigate email based security threats effectively endpoint url /rest/email method get input argument name type required description parameters fields string optional parameters for the email threat defender action input example {"parameters" {" fields" "(email message id)"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get file analysis report retrieve a detailed file analysis report from vmray using the provided unique identifier endpoint url /rest/analysis/{{id}}/archive/logs/summary json method get input argument name type required description path parameters id string required parameters for the get file analysis report action input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get file analysis results retrieve detailed file analysis results from vmray using the provided unique identifier endpoint url /rest/analysis/sample/{{id}} method get input argument name type required description path parameters id string required parameters for the get file analysis results action input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get sample by id retrieve a specific malware sample from vmray using the provided sample id endpoint url /rest/sample/{{id}} method get input argument name type required description path parameters id string required parameters for the get sample by id action input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get sample iocs by sample id retrieve indicators of compromise (iocs) for a specific sample id from vmray, using the required 'sample id' path parameter endpoint url /rest/sample/{{sample id}}/iocs method get input argument name type required description parameters all artifacts boolean optional parameters for the get sample iocs by sample id action parameters ioc severity string optional parameters for the get sample iocs by sample id action parameters ioc type string optional parameters for the get sample iocs by sample id action parameters ioc verdict string optional parameters for the get sample iocs by sample id action path parameters sample id number required parameters for the get sample iocs by sample id action input example {"parameters" {"all artifacts"\ true,"ioc severity" "","ioc type" "files","ioc verdict" "malicious"},"path parameters" {"sample id" 123}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 06 march 2025 20 11 44 gmt","content type" "application/json","content length" "144"},"reason" "ok","json body" {}} get sample pdf retrieve a pdf report for a specific sample in vmray using the provided sample id endpoint url /rest/sample/{{id}}/report method get input argument name type required description path parameters id string required parameters for the get sample pdf action input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description file object attachments file file string output field file file file file name string name of the resource status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} get sample vmray threat identifiers retrieve threat identifiers for a specific sample in vmray using the provided sample id endpoint url /rest/sample/{{sample id}}/vtis method get input argument name type required description path parameters sample id number required parameters for the get sample vmray threat identifiers action input example {"path parameters" {"sample id" 123}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 06 march 2025 20 11 44 gmt","content type" "application/json","content length" "144"},"reason" "ok","json body" {}} get submission by id retrieve detailed data for a specific submission in vmray using the provided unique submission id endpoint url /rest/submission/{{id}} method get input argument name type required description path parameters id string required parameters for the get submission by id action input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} md5 lookup retrieve a sample associated with a specified md5 hash from vmray, identified by the 'id' path parameter endpoint url /rest/sample/md5/{{id}} method get input argument name type required description path parameters id string required parameters for the md5 lookup action input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} submit file submits a file to vmray for detailed analysis, specifying submission type and reanalysis options, with required json body and file attachment endpoint url /rest/sample/submit method post input argument name type required description files array required file to be uploaded files file string optional parameter for submit file files file name string optional name of the resource submission type string optional type of the resource reanalyze boolean optional parameter for submit file input example {"json body" {"submission type" "string","reanalyze"\ false}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data errors array response data data jobs array response data data jobs job account id number response data data jobs job analyzer id number response data data jobs job analyzer name string response data data jobs job bill id number response data data jobs job bill type string response data data jobs job configuration description string response data data jobs job configuration id number response data data jobs job configuration name string response data data jobs job created string response data data jobs job document password object response data data jobs job enable custom av boolean response data data jobs job enable local av boolean response data data jobs job id number response data data jobs job jobrule id number response data data jobs job jobrule sampletype string response data data jobs job parent analysis id object response data data jobs job prescript force admin boolean response data data jobs job prescript id object response data data jobs job priority number response data data jobs job quota type string response data output example {"data" {"errors" \["string"],"jobs" \[{}],"md jobs" \["string"],"reputation jobs" \["string"],"samples" \[{}],"static jobs" \[{}],"submissions" \[{}],"vt jobs" \["string"],"whois jobs" \["string"]},"result" "string"} submit url submits a url to vmray for analysis and categorizes the content based on the sample type and url provided endpoint url /rest/sample/submit method post input argument name type required description sample url string optional url endpoint for the request sample type string optional type of the resource input example {"sample url" "string","sample type" "url"} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" {}} response headers header description example connection http response header connection content length the length of the response body in bytes 144 content security policy http response header content security policy content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt referrer policy http response header referrer policy server information about the software used by the origin server set cookie http response header set cookie strict transport security http response header strict transport security vary http response header vary x content type options http response header x content type options x frame options http response header x frame options x xss protection http response header x xss protection