VMRay Platform flexibly integrates with ThreatQ, automating the submission of files and URLs for analysis. Precise and actionable results are returned back that drive TI enrichment, block/allow decisions, threat hunting workflows and other security measures across the whole enterprise fleet. The Integration is available in two parts : VMRay TI Extraction and VMRay Operation.
Connector Name: VMRay Operation
Connector Version: 1.0.0
Works with VMRay Platform Versions: 4.0, 4.1, 4.2
Owner of Connector: ThreatQ
ThreatQ Partner Page: VMRay Operation ThreatQ Marketplace Page
Primary Category: TIP
Connects Into Analyzer: Yes – The VMRay Operation is used to submit URLs, FQDNs and File Objects to VMRay Platform for analysis and retrieve reports in PDF format. File and URL analysis results including Verdicts, IOCs, VTIs, and YARA rule matches; malicious file hashes into ThreatQ (Threat Intel)
Use Cases: Enhanced Threat Intelligence, IOC Mining, Secure Detonation, Binary Evaluation
Connector Name: VMRay TI Extraction
Connector Version: 1.0.1
Works with VMRay Platform Versions: 4.0, 4.1, 4.2
Owner of Connector: ThreatQ
ThreatQ Partner Page: VMRay TI Extraction ThreatQ Marketplace Page
Categories: TIP
Connects Out of Analyzer: Yes – The VMRay TI Extraction ingests threat intelligence data that has been submitted to VMRay Platform via the “VMRay Operation”. VMRay Platform returns Indicators of type URL, MD5, SHA-1, SHA-256, Fuzzy Hash, IPv4 Address, Registry Key, Filename, FQDN and Malware Objects, Attack Patterns and uses basic HTTP authentication based on API key
Use Cases: Enhanced Threat Intelligence, IOC Mining, Detonation, Threat Hunting