MalShare¶
Overview¶
This integration provides tools to interact with the MalShare repository, allowing you to search for malware sample hashes and upload new samples.
Available Tools¶
Enrich Hash¶
Tool Name: mal_share_enrich_hash
Description: Search for hashes in MalShare.
Arguments:
case_id(string, required): The ID of the case.alert_group_identifiers(List[string], required): Identifiers for the alert groups.target_entities(List[TargetEntity], optional): Optional list of specific target entities (Identifier, EntityType) to run the action on. Typically runs on Filehash entities. Defaults to empty list.scope(string, optional): Defines the scope for the action. Defaults to “All entities”.
Returns:
dict: A dictionary containing the result of the action execution, including details if the hash was found in MalShare.
Ping¶
Tool Name: mal_share_ping
Description: Test Connectivity.
Arguments:
case_id(string, required): The ID of the case.alert_group_identifiers(List[string], required): Identifiers for the alert groups.target_entities(List[TargetEntity], optional): Optional list of specific target entities (Identifier, EntityType) to run the action on. Defaults to empty list.scope(string, optional): Defines the scope for the action. Defaults to “All entities”.
Returns:
dict: A dictionary containing the result of the action execution.
Upload File¶
Tool Name: mal_share_upload_file
Description: Upload file to MalShare.
Arguments:
case_id(string, required): The ID of the case.alert_group_identifiers(List[string], required): Identifiers for the alert groups.file_path(string, required): The path of the file to upload.target_entities(List[TargetEntity], optional): Optional list of specific target entities (Identifier, EntityType) to run the action on. Defaults to empty list.scope(string, optional): Defines the scope for the action. Defaults to “All entities”.
Returns:
dict: A dictionary containing the result of the action execution, indicating the success or failure of the upload.