Frequently Asked Questions
about Alert Triage and Investigation

Explore common inquiries about VMRay’s integrations and services, demystifying their ease and value for your cybersecurity efforts.

Automating the time and energy consuming task of alert triage and alert validation can save enormous times for SOC teams to focus on more strategic and critical tasks.

Q: How easy is it to set up integrations with solutions like Sentinel One or Microsoft Defender?

A: Setting up integrations with EDR solutions such as Sentinel One or Microsoft Defender is straightforward. All you need is a lightweight Linux box that’s connected to both our analysis tool and your EDR solution. This Linux box serves as the bridge between the two, ensuring that alerts trigger the integration. The process involves configuring the Linux box to collect alerts and direct relevant files to VMRay for analysis. The integration can be completed within hours or even less, and our GitHub repository provides step-by-step guidance on the setup. With the simplicity of generating an API key and following the setup instructions, you can swiftly establish a seamless integration that enhances your threat detection and response capabilities.

VMRay’s integration philosophy prioritizes simplicity and value addition. Our aim is not to add an additional layer of complexity, but rather to reduce the complexity that SOC teams often face. Our seamless integrations with major EDR/XDR vendors like VMware Carbon Black, SentinelOne, Microsoft Defender for Endpoints, and others, ensure that you’re leveraging your existing tools to their fullest potential. Similarly, our connectors for major SOAR vendors, SIEM solutions, and Threat Intelligence Providers are designed to enhance your capabilities while streamlining your operations. The goal is to empower SOC teams with unified, actionable insights, without overwhelming them with additional complexity.

It’s worth noting that these integrations are available for VMRay FinalVerdict and VMRay TotalInsight users, reinforcing our commitment to simplifying your security operations and maximizing the value you get from your existing tools and systems.

Q: Do you support the deployment of integrations? Do you offer any services to make it easier for us?

A: Absolutely, we understand the importance of seamless integration without adding complexity. VMRay provides a comprehensive suite of professional services to simplify and enhance your experience. Our commitment goes beyond exceptional products; we offer a range of high-quality services to ensure smooth onboarding, efficient configuration, and integrations.

X-press Onboarding: Our express onboarding service ensures swift deployment, guided configuration, and expert assistance.

Automation Integration Deployment: Seamlessly integrate our solutions with your existing tools to fortify your cybersecurity infrastructure and enhance automation.

Bespoke Training: Empower your team with tailored training options, from video recordings to in-person sessions, to maximize the value of our offerings.

Annual Support Package: Our commitment extends beyond implementation. Benefit from annual service reviews, quarterly configuration tuning, a customer web portal, and 24/7 coverage, ensuring ongoing success.

At VMRay, our focus is on breaking down skills barriers, ensuring your success, and simplifying the process of integrating our solutions into your security stack. We’re here to make your journey smoother in the dynamic cybersecurity landscape.

Q: Can VMRay be used to automatically triage and enrich alerts for ServiceNow?

A: Sure. While we don’t have an out-of-the-box integration listed on the ServiceNow marketplace, VMRay offers an open API that allows for customized integrations, including with ServiceNow. 

Customers have successfully created their own integrations to streamline the process of automatically triaging and enriching alerts. Whether it’s ServiceNow, Jira, or other ticketing systems, our open API enables you to tailor the integration to your specific needs. Our support team is ready to assist you in setting up and implementing these customized integrations.

Course home page: 
Mastering Threat Management: Automating Malware Alert Triage to Reduce EDR False Positives

Relevant Course: 
Finding the right approach to Security Automation to empower SOC teams

Table of Contents

See VMRay in action.
Start minimizing EDR false positives without compromising security

Further resources



The single source of truth for security automation


Turn Down the Noise Created by False Positives


Watch the full recording of our webinar on minimizing EDR false positives.

Professional services
for onboarding, deployment and integrations.

At VMRay, we believe that true value lies not only in our exceptional products but also in the quality of our professional services. We are dedicated to removing skills barriers and ensuring your success in the dynamic cybersecurity landscape.

Discover our range of high-quality professional services designed to ensure seamless onboarding, efficient configuration, and integrations.

Unlock the full value of VMRay

X-press Onboarding

Our express onboarding service ensures a swift deployment while our expert team assists with configuration and provides guidance.

Automation Integration Deployment

Seamlessly integrate our solutions with your existing tools to enhance automation and strengthen your cybersecurity infrastructure.

Bespoke Training

Empower your team with tailored training options, including video recordings, accessible PDF materials, and in-person sessions.

Annual support

Annual service reviews

Quarterly configuration tuning

Customer web portal

24/7 coverage

Short email response times

And more*

Our commitment extends beyond implementation.

Benefit from our annual support package, including service reviews, quarterly configuration tuning, access to our customer web portal, and 24/7 coverage with rapid email response times.

* Basic, Gold and Platinum support packages are available.

Welcome to the playground.

Explore what you can do with VMRay.

Click on the yellow dots to check the report formats, see the overview, explore the network connections of the sample, malicious behavior, and relevant files, map the threat on MITRE ATT&CK Framework, analyze and download IOCs and artifacts.

The analysis report tabs are available both for VMRayDeepResponse and VMRayTotalInsight. The bundle of VMRay FinalVerdict and VMRayDeepResponse also offers access to the analysis report tabs.

We’re sorry. 

The interactive tour is not available on mobile devices.

Unveiling the power:
See our experts showcasing VMRay’s capabilities.

Analysis of a malicious file

Join Fatih Akar from the VMRay team as he provides a detailed walkthrough of a malicious LNK file, a prevalent attack vector since Microsoft’s Office macros block.

Gain valuable insights into each tab of our comprehensive analysis report and get a sneak peek into what you’ll be exploring.

Analysis of a malicious URL

Join Andrey Voitenko, an expert in advanced malware and phishing analysis from the VMRay team, as he demonstrates how to submit emails and URLs to the VMRay platform using built-in connectors.

Discover the capabilities of our new Automation Dashboard, enabling one-click automation with your existing EDR, SOAR, SIEM, and TIP tools. Monitor analysis data seamlessly from your VMRay dashboard and unlock new levels of efficiency in your security operations.

Integrating with existing tools

Watch Michael Bourton showcasing the seamless integration of VMRay platform with your existing security stacks.

Discover how effortlessly you can leverage unparalleled detection and analysis capabilities by utilizing dedicated connectors or our Rest API.

Experience VMRay in Action:
Explore Real-world Malware Analysis Reports

Get a firsthand look at the power and capabilities of the VMRay platform by delving into our sample malware and phishing analysis reports.

Immerse yourself in a range of report formats, providing comprehensive insights.

Dive into the overview, explore intricate network connections, analyze malicious behavior in detail, and map threats using the MITRE ATT&CK Framework. See the possibilities to download clear IOCs.

Uncover the capabilities that await you.

Calculate how much malware false positives are costing your organization:
Malware False Positive Cost Calculator