Cisco Secure Malware Analytics

Details
Content
Dependencies
Version History

Download With Dependencies

Query and upload samples to Cisco threat grid.

Use this pack to fetch, manage, and query threat feeds and samples.

What does this pack do?

The Feed integration fetches indicators from Cisco Secure Malware Analytics (Threat Grid). When setting up this integration, select from which feeds to fetch indicators (for example: modified-hosts-dns, public-ip-check-dns, ransomware-dns, etc.).
The Cisco Threat Grid integration enables you to query and upload samples to Cisco's threat grid.
The playbooks enable detonating one or more files or URLs. The playbooks return relevant reports to the War Room and file/URL reputations to the context data.

Use this pack to fetch, manage, and query threat feeds and samples.

What does this pack do?

The Feed integration fetches indicators from Cisco Secure Malware Analytics (Threat Grid). When setting up this integration, select from which feeds to fetch indicators (for example: modified-hosts-dns, public-ip-check-dns, ransomware-dns, etc.).
The Cisco Threat Grid integration enables you to query and upload samples to Cisco's threat grid.
The playbooks enable detonating one or more files or URLs. The playbooks return relevant reports to the War Room and file/URL reputations to the context data.

Integrations

Name	Description
Cisco Threat Grid (Deprecated)	Deprecated. Use Cisco Secure Malware Analytics (Threat Grid) v2 instead.
Cisco Secure Malware Analytics Feed	Secure Malware Analytics (formerly Threat Grid) combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware.
Cisco Secure Malware Analytics (Threat Grid) v2	Query and upload samples to Cisco threat grid.

Playbooks

Name	Description
Detonate File - ThreatGrid	Deprecated. Use Detonate File - ThreatGrid v2 instead.
Detonate URL - ThreatGrid	Deprecated. Use Detonate URL - ThreatGrid v2 instead.
Detonate File - ThreatGrid v2	Detonate one or more files using the ThreatGrid integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types - EXE, DLL, JAR, JS, PDF, DOC, DOCX, RTF, XLS, PPT, PPTX, XML, ZIP, VBN, SEP, XZ, GZ, BZ2, TAR, MHTML, SWF, LNK, URL, MSI, JTD, JTT, JTDC, JTTC, HWP, HWT, HWPX, BAT, HTA, PS1, VBS, WSF, JSE, VBE, CHM
Detonate URL - ThreatGrid v2	Detonate one or more URLs using the ThreatGrid integration.

Integrations

Name	Description
Cisco Secure Malware Analytics (Threat Grid) v2	Query and upload samples to Cisco threat grid.
Cisco Threat Grid (Deprecated)	Deprecated. Use Cisco Secure Malware Analytics (Threat Grid) v2 instead.
Cisco Secure Malware Analytics Feed	Secure Malware Analytics (formerly Threat Grid) combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware.

Playbooks

Name	Description
Detonate URL - ThreatGrid v2	Detonate one or more URLs using the ThreatGrid integration.
Detonate File - ThreatGrid v2	Detonate one or more files using the ThreatGrid integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types - EXE, DLL, JAR, JS, PDF, DOC, DOCX, RTF, XLS, PPT, PPTX, XML, ZIP, VBN, SEP, XZ, GZ, BZ2, TAR, MHTML, SWF, LNK, URL, MSI, JTD, JTT, JTDC, JTTC, HWP, HWT, HWPX, BAT, HTA, PS1, VBS, WSF, JSE, VBE, CHM
Detonate File - ThreatGrid	Deprecated. Use Detonate File - ThreatGrid v2 instead.
Detonate URL - ThreatGrid	Deprecated. Use Detonate URL - ThreatGrid v2 instead.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (6)

Pack Name	Pack By
Rasterize	By: Cortex XSOAR
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

2.0.23 - R1631266 (November 12, 2024)

Integrations

Cisco Secure Malware Analytics (Threat Grid) v2

Added a sample ID value to the human-readable output for the threat-grid-sample-upload command.

Related pull requests:
- 34925
- 35120

Download

2.0.22 - 956366 (April 15, 2024)

Integrations

Cisco Secure Malware Analytics (Threat Grid) v2

Fixed an issue where the threat-grid-sample-upload command failed when an unsupported file is sent.
Updated the Docker image to: demisto/python3:3.10.14.91134.

Related pull requests:
- 33546

Download

2.0.21 - 927547 (April 1, 2024)

Integrations

Cisco Secure Malware Analytics (Threat Grid) v2

Fixed an issue where Cortex XSOAR scores were considered Good when API scores were 0.
Fixed an issue where the threat-grid-analysis-iocs-get command failed when no results were found for the sample_id.

Related pull requests:
- 33332

Download

2.0.20 - 815435 (February 8, 2024)

Integrations

Cisco Secure Malware Analytics (Threat Grid) v2

Fixed an issue where the threat-grid-sample-upload command failed on time out when the upload state returned as fail.
Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 32774

Download

2.0.19 - 762016 (January 14, 2024)

Integrations

Cisco Secure Malware Analytics Feed

Updated the Docker image to: demisto/python3:3.10.13.84405.

Cisco Secure Malware Analytics (Threat Grid) v2

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32183

Download

2.0.18 - 722180 (December 28, 2023)

Integrations

Cisco Secure Malware Analytics Feed

Updated the Docker image to: demisto/python3:3.10.13.83255.

Cisco Secure Malware Analytics (Threat Grid) v2

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31828

Download

2.0.17 - 6894987 (November 15, 2023)

Integrations

Cisco Secure Malware Analytics Feed

Fixed an issue where base_url key was missing when configuring an instance.

Related pull requests:
- 30904

Download

2.0.16 - 6887992 (November 14, 2023)

Playbooks

Detonate URL - ThreatGrid v2

Updated playbook output to include 'threat-grid-sample-upload' automation output.
Updated the playbook's task descriptions.
Fixed an issue where the playbook was set to run in quiet mode.

Related pull requests:
- 30709

Download

2.0.15 - 6868594 (November 12, 2023)

Integrations

Cisco Secure Malware Analytics Feed

Fixed an issue where proxy was not handled properly.

Related pull requests:
- 30659

Download

2.0.14 - 6226805 (September 3, 2023)

Integrations

Cisco Secure Malware Analytics (Threat Grid) v2

Fixed an issue where commands would fail with limit 1.
Fixed an issue in threat-grid-sample-list command where corrupted zip returned.
Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29198

Download

2.0.13 - 6129053 (August 23, 2023)

Integrations

Cisco Secure Malware Analytics (Threat Grid) v2

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29149

Download

2.0.12 - 5987442 (August 8, 2023)

Integrations

Cisco Secure Malware Analytics (Threat Grid) v2

Updated the Docker image to: demisto/python3:3.10.12.67728.

Related pull requests:
- 28833

Download

2.0.11 - R5866730 (July 25, 2023)

Integrations

Cisco Secure Malware Analytics (Threat Grid) v2

Updated the Docker image to: demisto/python3:3.10.12.65389.

Related pull requests:
- 28410

Download

2.0.10 - R5801668 (July 18, 2023)

Integrations

Cisco Secure Malware Analytics Feed

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27848

Download

2.0.9 - 5574470 (June 20, 2023)

Integrations

Cisco Secure Malware Analytics (Threat Grid) v2

Added the 'vm' and 'playbook' arguments to the threat-grid-sample-list command.
Added the 'sha1', 'sha256', 'md5', 'user_only' and 'org_only' arguments to the threat-grid-sample-upload command.
Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27468
- 27590
- 25523

Download

2.0.8 - R5450895 (June 5, 2023)

Playbooks

Detonate File - ThreatGrid v2

Playbook now supports instances created from "Cisco Secure Malware Analytics (Threat Grid) v2" integration with default name "ThreatGridv2".
Updated the File playbook input to be not mandatory.

Related pull requests:
- 26573
- 27016

Download

2.0.7 - 5385135 (May 28, 2023)

Playbooks

Detonate URL - ThreatGrid v2

Playbook now supports instances created from "Cisco Secure Malware Analytics (Threat Grid) v2" integration with default name "ThreatGridv2".
Updated the URL playbook input to be not mandatory.

Related pull requests:
- 26572
- 26987

Download

2.0.6 - 5356324 (May 24, 2023)

Integrations

Cisco Secure Malware Analytics (Threat Grid) v2

Added support for the private argument in the threat-grid-sample-upload command.

Related pull requests:
- 26573
- 27016
- 26948
- 25523
- 26667

Download

2.0.5 - 5304600 (May 19, 2023)

Integrations

Cisco Secure Malware Analytics (Threat Grid) v2

Upgraded the Docker image to: demisto/python3:3.10.11.59070.

Related pull requests:
- 26640

Download

2.0.4 - R5170573 (May 2, 2023)

Integrations

Cisco Secure Malware Analytics (Threat Grid) v2

Fixed an issue where the human-readable for the file reputation command was invalid in case the file indicator could not be found.
Updated the Docker image to: demisto/python3:3.10.11.56082.

Related pull requests:
- 26076
- 26138

Download

2.0.3 - 4768372 (March 8, 2023)

Integrations

Cisco Secure Malware Analytics (Threat Grid) v2

Added a validation to URL argument in the threat-grid-url-search command.

Related pull requests:
- 25113
- 25145

Download

2.0.2 - 4727595 (March 2, 2023)

Integrations

Cisco Secure Malware Analytics (Threat Grid) v2

Fixed an issue in which the default value for the integration parameter integrationReliability was not one of the options.

Related pull requests:
- 24975
- 24978

Download

2.0.1 - 4718798 (March 1, 2023)

Integrations

Cisco Secure Malware Analytics (Threat Grid) v2

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24958

Download

2.0.0 - R4646022 (February 19, 2023)

Integrations

New: Cisco Secure Malware Analytics (Threat Grid) v2

Query and upload samples to Cisco threat grid. See ThreatGrid v2 below for the list of new features and improvements.
Improved data parsing to context.
Added reputation commands.
Added the threat-grid-ip-associated-domains command.
Added the threat-grid-ip-associated-urls command.
Added the threat-grid-domain-associated-urls command.
Added the threat-grid-domain-associated-ips command.
Added the threat-grid-ip-search command.
Added the threat-grid-url-search command.
Added informative descriptions to commands and arguments.

Cisco Threat Grid (Deprecated)

Deprecated. Use Cisco Secure Malware Analytics (Threat Grid) v2 instead.

Playbooks

New: Detonate File - ThreatGrid v2

Detonate one or more files using the ThreatGrid integration. This playbook returns relevant reports to the War Room and file reputations to the context data.

New: Detonate URL - ThreatGrid v2

Detonate URL.

Detonate File - ThreatGrid

Deprecated. Use Detonate File - ThreatGrid v2 instead.

Detonate URL - ThreatGrid

Deprecated. Use Detonate URL - ThreatGrid v2 instead.

Related pull requests:
- 24475

Download

1.2.19 - R4372591 (January 11, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 21611
- 23525

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	June 30, 2020
Last Release	November 12, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

Cisco Secure Malware Analytics (Threat Grid) v2

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.