ThreatConnect and VMRay have improved our existing integration with VMRay Analyzer. This Playbook App will allow you to send malware to a sandbox to be further examined and results retrieved with VMRay Analyzer. Leveraging this App, you will be able to perform Phishing Email Triage, Endpoint Investigation, or Malware Hunting. This all leads to more informed decision making and more efficient remediation through automation.
“VMRay Analyzer > Submit File” Playbook App Template
The VMRay Analyzer Playbook App will enable you to:
- Build a composite of knowledge for malware variants by overlaying VMRay’s analysis results on top of open-source or premium intelligence information
- Mine for potential IOCs in the form of C2 nodes, Registry Keys, etc to gain a more holistic understanding of the potential threat by discovering how and where the malware operates
- Leverage VMRay Analyzer to detonate potentially malicious files as part of an investigation such as phishing email triage, or performing further host-based analysis and remediation
- Make EDR and SIEM workflows smarter and more efficient by triaging potentially malicious files early on instead of wasting precious time hunting for false positives
- Address business-security goals by enabling triage and remediation techniques for dealing with malicious phishing email attachments that directly affect end-users
The following actions are available with this Playbook App:
- Submit File
- Get File Results
- Parse File Results
Together, ThreatConnect and VMRay help you to automate remediation tasks and protect your network from sophisticated attacks. If you’re a ThreatConnect customer, please reach out to your dedicated Customer Success Team for more information on utilizing the VMRay Analyzer App. If you’re not yet a customer and are interested in ThreatConnect and this integration, contact us at firstname.lastname@example.org.