def get_metadata(self):
return generate_feed(
self.name,
summary="VMRay Detonation Analysis",
tech_data="An on-premises VMRay server is required to use this feed. There are no requirements to share any data with Carbon Black to use this feed.",
provider_url="http://www.vmray.com",
icon_path="/usr/share/cb/integrations/vmray/vmray-logo.png",
display_name="VMRay",
category="Connectors",
)
def get_metadata(self):
return generate_feed(
self.name,
summary="VMRay Detonation Analysis",
tech_data=“This integration works with VMRay Analyzer on-prem or VMRay Analyzer Cloud. There are no requirements to share any data with Carbon Black to use this feed.",
provider_url="http://www.vmray.com",
icon_path="/usr/share/cb/integrations/vmray/vmray-logo.png",
display_name="VMRay",
category="Connectors",
)
def get_metadata(self):
return feed.generate_feed(
self.name,
summary=
"The ReversingLabs TitaniumCloud File Reputation, part of ReversingLabs Threat Intelligence provides up-to-date file reputation, Anti-Virus scan information and internal analysis information on billions of goodware and malware samples.Malware samples are continually reanalyzed to ensure that the reputation information is relevant at all times.In addition to file reputation and historical AV reputation, additional Threat Intelligence can be obtained from TitaniumCloud via multiple APIs and Feeds, which allow users to search for files by hash or anti-virus detection name. It is also possible to hunt for files from a single malware family, search for functionally similar samples, perform bulk queries, and receive alerts on file reputation changes. ",
tech_data=
"A ReversingLabs private API key is required to use this feed. There are no requirements to share any data with Carbon Black to use this feed. However, binaries may be shared with ReversingLabs.",
provider_url="https://www.reversinglabs.com/",
icon_path=
"/usr/share/cb/integrations/reversinglabs-ticloud/cb-titaniumcloud.png",
display_name="ReversingLabs - TitaniumCloud",
category="Connector")
def get_metadata(self):
return feed.generate_feed(
self.name,
summary=
"The A1000 appliance is a powerful threat detection and file analysis platform that integrates other ReversingLabs technologies (TitaniumCore - the automated static analysis solution, and TitaniumCloud File Reputation Service) to provide detailed information on each file's status and threat capabilities. The A1000 makes it easy to upload multiple samples for analysis. It can process, unpack, and classify them in a matter of milliseconds, and display detailed analysis reports. Historical analysis results are preserved in a database to enable in-depth searching, and malware samples are continually reanalyzed to ensure the most up-to-date file reputation status.The A1000 relies on several threat classification methods, including YARA rules and ReversingLabs hashing algorithm (RHA) that classifies files based on their functional similarity.",
tech_data=
"A ReversingLabs private API key is required to use this feed. There are no requirements to share any data with Carbon Black or ReversingLabs to use this feed. However, binaries may be shared with ReversingLabs.",
provider_url="https://www.reversinglabs.com/",
icon_path=
"/usr/share/cb/integrations/reversinglabs-a1000/cb-a1000.png",
display_name="ReversingLabs - A1000",
category="Connector")
def get_metadata(self):
return feed.generate_feed(
self.name,
summary=
"The ReversingLabs TitaniumScale Appliance is powered by TitaniumCore, the malware analysis engine that performs automated static analysis using the Active File Decomposition technology.TitaniumCore unpacks and recursively analyzes files without executing them, and extracts internal threat indicators to classify files and determine their threat level. TitaniumCore is capable of identifying thousands of file format families. It recursively unpacks hundreds of file format families, and fully repairs extracted files to enable further analysis.",
tech_data=
"A ReversingLabs private API key is required to use this feed. There are no requirements to share any data with Carbon Black or ReversingLabs to use this feed. However, binaries may be shared with ReversingLabs.",
provider_url="https://reversinglabs.com",
icon_path=
"/usr/share/cb/integrations/reversinglabs-tiscale/rl-titaniumscale.png",
display_name='ReversingLabs - TitaniumScale',
category='Connector')
def create_feed(self):
return FeedHandler(generate_feed(
self.feed_name,
summary="Connector for Threat intelligence data from Facebook ThreatExchange",
tech_data="""This connector enables members of the Facebook ThreatExchange to import threat indicators
from the ThreatExchange, including domain names, IPs, hashes, and behavioral indicators, into Carbon
Black. The Facebook ThreatExchange and its members provide and maintain this data. This connector
requires an Access Token to the Facebook ThreatExchange API. For more information, visit:
https://developers.facebook.com/products/threat-exchange/""",
provider_url="https://developers.facebook.com/products/threat-exchange",
icon_path="%s/%s" % (self.directory, self.integration_image_path),
small_icon_path="%s/%s" % (self.directory, self.integration_small_image_path),
display_name=self.display_name,
category="Partner"))
def create_feed(self):
return FeedHandler(generate_feed(
self.feed_name,
summary="Connector for Threat intelligence data from Facebook ThreatExchange",
tech_data="""This connector enables members of the Facebook ThreatExchange to import threat indicators
from the ThreatExchange, including domain names, IPs, hashes, and behavioral indicators, into Carbon
Black. The Facebook ThreatExchange and its members provide and maintain this data. This connector
requires an Access Token to the Facebook ThreatExchange API. For more information, visit:
https://developers.facebook.com/products/threat-exchange/""",
provider_url="https://developers.facebook.com/products/threat-exchange",
icon_path="%s/%s" % (self.directory, self.integration_image_path),
small_icon_path="%s/%s" % (self.directory, self.integration_small_image_path),
display_name=self.display_name,
category="Partner"))