VMRay Analyzer | Marketplace

Details
Content
Dependencies
Version History

Analyze files and URLs using the VMRay Platform for accurate threat intelligence and high-quality IOCs.

Note: Support for this pack moved to the Partner on December, 21, 2021. Please contact the Partner directly via the support link on the right.

VMRay Analyzer is a breakthrough solution for dynamic analysis of advanced threats, including zero day and targeted attacks. By surmounting inherent flaws that plague other products, VMRay Analyzer has become the gold standard for malware sandboxing among leading DFIR teams worldwide.

Core Capabilities and Advanced Features

Fully Automated Analysis shortens DFIR investigations with hands-free features such as simulated user interaction and automatic reboot to trigger malicious behavior.

Manual Analysis lets team members interact with suspicious malware in near real time to identify IOCs and fully reveal harmful behavior that automated methods occasionally miss.

Automated IOC Extraction captures threat details (files, URLs, network traffic, registry activity) to enhance incident response, threat intelligence and support threat hunting.

Golden Images and Cloud Localization support lets you replicate the users’ production environment to optimize detection of targeted malware.

Smart Memory Dumping supports deep-dive investigations by capturing “just the right information at just the right time”, without noise or visibility gaps.

Phishing Detection identifies credential-harvesting and drive-by download sites.

Note: Support for this pack moved to the Partner on December, 21, 2021. Please contact the Partner directly via the support link on the right.

Core Capabilities and Advanced Features

Fully Automated Analysis shortens DFIR investigations with hands-free features such as simulated user interaction and automatic reboot to trigger malicious behavior.

Manual Analysis lets team members interact with suspicious malware in near real time to identify IOCs and fully reveal harmful behavior that automated methods occasionally miss.

Automated IOC Extraction captures threat details (files, URLs, network traffic, registry activity) to enhance incident response, threat intelligence and support threat hunting.

Golden Images and Cloud Localization support lets you replicate the users’ production environment to optimize detection of targeted malware.

Smart Memory Dumping supports deep-dive investigations by capturing “just the right information at just the right time”, without noise or visibility gaps.

Phishing Detection identifies credential-harvesting and drive-by download sites.

Playbooks

Name	Description
Detonate URL - VMRay	Detonates a URL using the VMRay sandbox integration.
File Enrichment - VMRay	Get file information using the VMRay integration.
Detonate File - VMRay	Detonates a file with VMRay.

Integrations

Name	Description
VMRay (Partner Contribution)	Malware analysis sandboxing.

Playbooks

Name	Description
Detonate URL - VMRay	Detonates a URL using the VMRay sandbox integration.
File Enrichment - VMRay	Get file information using the VMRay integration.
Detonate File - VMRay	Detonates a file with VMRay.

Integrations

Name	Description
VMRay (Partner Contribution)	Malware analysis sandboxing.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (6)

Pack Name	Pack By
Rasterize	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

1.1.13 - R6834680 (November 8, 2023)

Integrations

VMRay

Added the argument net_scheme_name to the vmray-upload-url command.
Updated the Docker image to: demisto/python3:3.10.13.78960.

Related pull requests:
- 30692
- 30390
- 30669
- 30670
- 30673
- 30672
- 30674
- 30678
- 30655
- 30625
- 30677
- 30682
- 30681
- 30684
- 30668

Download

1.1.12 - 6651140 (October 19, 2023)

Integrations

VMRay

Updated the Docker image to: demisto/python3:3.10.13.77674.
Added 2 commands:
- vmray-get-license-usage-verdicts
- vmray-get-license-usage-reports
Added the net_scheme_name parameter to the vmray-upload-sample command.

Related pull requests:
- 30293
- 28872

Download

1.1.11 - 6170593 (August 28, 2023)

Integrations

VMRay

Updated the Docker image to: demisto/python3:3.10.13.72123.
Added the vmray-get-screenshots command to download the screenshots for a specific analysis.

Playbooks

Detonate File - VMRay

Fixed an issue in which the playbook input parameters archive_password, document_password, max_jobs, sample_type, shareable, and tags were not used by the vmray-upload-sample command.

VMRay

Updated the Docker image to: demisto/python:2.7.18.24398.

Download

1.1.2 - 7640590 (September 16, 2021)

Note: Support for this pack will be moving to the partner around Oct 15, 2021.

Integrations

VMRay

Extended the vmray-get-sample-by-hash command to include File indicator output.

Playbooks

New: File Enrichment - VMRay

Added a new playbook to enrich file information using the VMRay Platform.

Download

1.1.1 - 7567740 (September 12, 2021)

Integrations

VMRay

Updated the Docker image to: demisto/python:2.7.18.24066.

Related pull requests:
- 28924
- 14823
- 14890
- 14436

Download

1.1.0 - 404180 (July 30, 2021)

Note: Support for this pack will be moving to the partner around Oct 15, 2021.

Integrations

VMRay

Added the vmray-upload-url command to enable submission and detonation of URLs in the VMRay Platform.
Extended the vmray-get-sample command results to include child and parent samples (VMRay.Sample.ChildSampleIDs, VMRay.Sample.ParentSampleIDs) and the link to the VMRay Web Interface (VMRay.Sample.SampleURL).
Added the vmray-get-summary command to download the Summary JSON v2 for a specific analysis.
Added the vmray-get-sample-by-hash command to query for a sample using its hash.
Improved the vmray-get-iocs command:
- Added an all_artifacts parameter to specify whether all artifacts should be returned or only Indicators of Compromise (IOCs).
- Added new IOC types: EmailAddress, Email, Filename, Mutex, and Process.
- Added many new attributes to the existing IOC types.
- VMRay IOCs and their verdicts are now mapped correctly to XSOAR Indicators (Domain, IP, URL, Email, File).
Added Verdict and VerdictReason output values to commands that return a severity.
Marked the Severity output value as deprecated (Verdict should be used instead).
Marked VMRay.Sample.IOC.*.ID output value as deprecated (will always be 0).

Playbooks

Detonate File - VMRay

Removed the legacy reanalyze parameter because it is no longer needed since we introduced the analysis caching feature. To control analysis caching, you should now use the API Key settings instead, which are available via the Analysis Settings page, in the VMRay Web Interface.

New: Detonate URL - VMRay

Added a new playbook to detonate a URL in the VMRay Platform.

Download

1.0.4 - 390600 (June 28, 2021)

Integrations

VMRay

Fixed an issue where the vmray-upload-sample command failed on file entry IDs whose names included backslashes.

Download

PUBLISHER

VMRay

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	December 22, 2020
Last Release	November 8, 2023

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.