ReversingLabs TitaniumCloud (Preview)
ReversingLabs TitaniumCloud is a threat intelligence solution providing up-to-date file reputation services, threat classification and rich context on over 10 billion goodware and malware files. A powerful set of REST API query and feed functions deliver targeted file and malware intelligence for threat identification, analysis, intelligence development, and threat hunting services.
This connector is available in the following products and regions:
| Service | Class | Regions |
|---|---|---|
| Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
| Contact | |
|---|---|
| Name | ReversingLabs support |
| URL | https://support.reversinglabs.com/ |
| support@reversinglabs.com |
| Connector Metadata | |
|---|---|
| Publisher | ReversingLabs |
| Website | https://www.reversinglabs.com/ |
| Privacy policy | https://www.reversinglabs.com/privacy-policy |
| Categories | Security |
The ReversingLabs TitaniumCloud connector allows users of the ReversingLabs Titanium platform to access the rich threat intelligence data available for enhancing their ability to react to security events. The TitaniumCloud API-s provide for reputation services, threat intelligence feeds, static and dynamic file analysis and much more.
To use the ReversingLabs TitaniumCloud connector, the user needs to obtain the credentials with adequate roles.
Credentials can be obtained by purchasing one of ReversingLabs marketplace offers. Users needing more capabilities than what is available in the marketplace can contact ReversingLabs for a custom solution.
After enabling the connector, users can set triggers and build file analysis workflows. The TitaniumCloud connector offers over 50 analysis actions that can be used to automate various security-related routines. After setting up a trigger, users can start with uploading a new sample to the ReversingLabs analysis platform, followed by retrieving an extended file reputation report and network threat intelligence indicators. Actions provided by this connector give users options for creating extensive and highly detailed sample and indicator analysis routines.
Q1. How long should I wait for the results of a sample I submitted for dynamic analysis?
A1. Processing time will vary depending upon the load on the service, size and complexity of the file. It is best practice to create a loop that sleeps and checks the analysis status.
Q2. Do I have to wait long to see file reputation results of a file freshly uploaded using the file upload action?
A2. In case the ReversingLabs TitaniumCloud platform has never encountered the uploaded file before, depending on the size and complexity of a file, allow the platform some time to populate all the reputation, detailed analysis and network indicator reports.
Q3. I received a 404 response for a properly formatted request towards one of TitaniumCloud API-a. What happened?
A3. Everything is fine. Since a lot of our API requests carry the sample indicator in the URL path, the API-s treat each request as a new URL. The 404 response means that there were no results for the requested sample.
The connector supports the following authentication types:
| Default | Parameters for creating connection. | All regions | Not shareable |
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
| Name | Type | Description | Required |
|---|---|---|---|
| Username | securestring | TitaniumCloud username | True |
| Password | securestring | TitaniumCloud password | True |
| Name | Calls | Renewal Period |
|---|---|---|
| API calls per connection | 100 | 60 seconds |
| Advanced Search |
TCA-0320 Allows users to find samples in ReversingLabs TitaniumCloud by combining various search keywords |
| Analyze URL |
TCA-0404 Requests an analysis of the submitted URL. |
| Cancel YARA Retro Hunt |
TCA-0319 Allows users to cancel started YARA retro hunts. |
| Create YARA Ruleset |
TCA-0303 Allows the authenticated user to create YARA rulesets in ReversingLabs TitaniumCloud |
| Daily API usage (company) |
TCA-9999 Returns information about combined daily service usage for all users in the company. |
| Daily API usage (current user) |
TCA-9999 Returns information about daily service usage for the TitaniumCloud account that sent the request. |
| Date range API usage (company) |
TCA-9999 Returns information about combined date range service usage for all users in the company. |
| Date range API usage (current user) |
TCA-9999 Returns total usage for all product licenses with a fixed quota over a single date range for the current user. |
| Delete sample (single query) |
TCA-0204 Deletes a single sample defined by the hash value. |
| Delete samples (bulk query) |
TCA-0204 Deletes multiple samples at once defined by the list of hash values in the request payload. |
| Delete YARA Ruleset |
TCA-0303 Allows the authenticated user to delete YARA rulesets in ReversingLabs TitaniumCloud |
| Download sample |
TCA-0201 Returns the contents of a sample matching the requested hash. |
| File Reputation List User Overrides |
TCA-0102 The List File User Overrides Query |
| File Reputation User Override |
TCA-0102 Service enables sample classification overrides. |
| Get active YARA rulesets |
TCA-9999 Returns information about the number of active YARA rulesets for the TitaniumCloud account that sent the request. |
| Get API quota limits (company) |
TCA-9999 Returns current quota limits for APIs available to all users belonging to the authenticated user’s company. |
| Get API quota limits (current user) |
TCA-9999 Returns current quota limits for APIs accessible to the authenticated user. |
| Get continuous reputation data changes |
TCA-0206 Returns a recordset with samples that the user is subscribed to from the requested timestamp onwards. The timestamp is defined in the request itself. |
| Get domain related domains |
TCA-0405 Provides a list of domains that have the same top parent domain as the requested domain. |
| Get domain resolutions |
TCA-0405 Provides a list of domain-to-IP mappings for the requested domain. |
| Get dynamic analysis report (latest) |
TCA-0106 This query returns the latest analysis report for the requested sample hash. |
| Get dynamic analysis report (merged) |
TCA-0106 This query returns the merged analysis report for the requested sample hash. |
| Get dynamic analysis report (specific) |
TCA-0106 This query returns a specific analysis report for the requested sample hash defined by the analysis ID. |
| Get dynamic analysis report for an archive (latest) |
TCA-0106 Returns the most recent dynamic analysis report for each file within the archive. |
| Get dynamic analysis report for an archive (merged) |
TCA-0106 Returns the merged dynamic analysis report for each file within the archive. |
| Get dynamic analysis report for url (base64) |
TCA-0106 Returns dynamic analysis reports for requested url |
| Get dynamic analysis report for url (sha1) |
TCA-0106 Returns dynamic analysis reports for requested url |
| Get file analysis (bulk query) |
TCA-0104 Get the analysis results for the requested hashes. |
| Get file analysis (single query) |
TCA-0104 Get the analysis results for the requested hash. |
| Get file analysis - non-malicious (bulk query) |
TCA-0105 Get a response containing all public knowledge about the given non-malicious samples identified by hash. |
| Get file analysis - non-malicious (single query) |
TCA-0105 Get a response containing all public knowledge about the given non-malicious sample identified by hash. |
| Get file reputation (bulk query) |
TCA-0101 Get information about the malware status of requested samples. |
| Get file reputation (single query) |
TCA-0101 Get information about the malware status of the requested sample. |
| Get historical multi-AV scan records (bulk query) |
TCA-0103 Provides cross-reference data (AV scanner scanning information, first and last seen date-time (UTC), sample type and size, first and last scanned date, etc.) for given samples. |
| Get historical multi-AV scan records (single query) |
TCA-0103 Provides cross-reference data (AV scanner scanning information, first and last seen date-time (UTC), sample type and size, first and last scanned date, etc.) for a given sample. |
| Get IP address resolutions |
TCA-0406 Provides a list of IP-to-domain mappings for the specified IP address. |
| Get reputation data changes |
TCA-0206 Returns the next recordset with samples to which the user is subscribed with the starting point defined using the "Set start time for reputation changes" action. |
| Get sample download status |
TCA-0201 Returns the file size of samples matching the requested hash values, but only if they are available for download. If the requested samples are not available for download, their size in the response will be returned as -1. |
| Get specific dynamic analysis report for url (base64) |
TCA-0106 Returns the specific dynamic analysis report for requested url |
| Get specific dynamic analysis report for url (SHA1) |
TCA-0106 Returns the specific dynamic analysis report for requested url |
| Get the domain report |
TCA-0405 Returns threat intelligence data for the submitted domain. |
| Get the IP address report |
TCA-0406 Returns threat intelligence data for the submitted IP. |
| Get the latest URL analyses (first page) |
TCA-0403 Returns the latest completed URL analyses. This action only returns the first page of results. |
| Get the latest URL analyses (with page parameter) |
TCA-0403 Returns the latest completed URL analyses. This action returns the requested page of results. |
| Get the URL report |
TCA-0403 Returns the classification and reputation report for the submitted URL. |
| Get URL analyses from requested time (first page) |
TCA-0403 Returns a list of completed URL analyses, starting from the requested time. This action only returns the first page of results. |
| Get URL analyses from requested time (with page parameter) |
TCA-0403 Returns a list of completed URL analyses, starting from the requested time. This action returns the requested page of results. |
| Get URL-s from domain |
TCA-0405 Provides a list of URLs associated with the requested domain. |
| Get URL-s from IP address |
TCA-0406 Provides a list of URL-s associated with the requested IP. |
| Get YARA Matches Feed |
TCA-0303 Returns a recordset of YARA ruleset matches in the requested time range |
| Get YARA Retro Hunting Status |
TCA-0319 Allows users to check status of their own YARA retro hunts and retroactively match YARA rules against files from ReversingLabs TitaniumCloud |
| Get YARA Retro Matches Feed |
TCA-0319 Returns a recordset of YARA ruleset matches in the requested time range for the authenticated user. |
| Get YARA Ruleset information |
TCA-0303 API Returns information about created user YARA ruleset |
| Get YARA Ruleset Text |
TCA-0303 API Returns text for specified YARA rule |
| Group By RHA1 Single Query |
TCA-0321 This query returns a list containing all SHA1 hashes of functionally similar samples for the requested SHA1 sample hash and RHA1 precision level. |
| Import Hash Similarity |
TCA-0302 Provides a list of all available SHA1 hashes for the requested import hash (imphash) |
| Import Hash Similarity paginated |
TCA-0302 Provides a list of all available SHA1 hashes for the requested import hash (imphash) |
| List files from a domain |
TCA-0405 Retrieve a list of files downloaded from the submitted domain. |
| List files from a URL |
TCA-0403 Retrieve a list of files downloaded from the submitted URL. |
| List files from an IP address |
TCA-0406 Retrieve a list of files downloaded from the submitted IP address. |
| List User Override |
TCA-0408 List user overrides for network locations |
| Monthly API usage (company) |
TCA-9999 Returns information about combined monthly service usage for all users in the company. |
| Monthly API usage (current user) |
TCA-9999 Returns information about monthly service usage for the TitaniumCloud account that sent the request. |
| Network Reputation API |
TCA-0407 Provides information regarding the reputation of requested URL, domain or IP Address. |
| Network Reputation User Override |
TCA-0408 Enables URL classification overrides. |
| Reanalyze sample (single query) |
TCA-0205 Sends a sample defined by a hash for rescanning. |
| Reanalyze samples (bulk query) |
TCA-0205 Sends multiple samples defined by hashes for rescanning. |
| Set start time for reputation changes |
TCA-0206 Sets the starting timestamp for the reputation data changes feed. |
| Start YARA Retro Hunt |
TCA-0319 Allows users to start their own YARA retro hunts and retroactively match YARA rules against files from ReversingLabs TitaniumClou |
| Submit archive for dynamic analysis |
TCA-0207 Submits an archive for dynamic anaylsis. |
| Submit sample for dynamic analysis |
TCA-0207 Submits a sample for dynamic analysis. |
| Subscribe to reputation changes |
TCA-0206 Subscribes to a list of samples for which the changed sections (if there are any) will be delivered in the Data Change Feed. |
| Unsubscribe from reputation changes |
TCA-0206 Unsubscribes from a list of samples that the user was previously subscribed to. |
| Upload sample |
TCA-0202 Upload a given sample identified by hash via open stream of POST data. |
| Upload sample metadata |
TCA-0202 Upload metadata for the sample identified by hash. |
| URI to hash search by URI SHA-1 (first page) |
TCA-0401 Returns hashes related to the provided URI. This request accepts an URI in the form of a SHA-1 string and returns only the first page of results. |
| URI to hash search by URI SHA-1 (with page parameter) |
TCA-0401 Returns hashes related to the provided URI. This request accepts an URI in the form of a SHA-1 string and returns the requested page of results. |
| URI to hash search by URI string (with page parameter) |
TCA-0401 Returns hashes related to the provided URI. This request accepts an URI string and returns the requested page of results. |
TCA-0320 Allows users to find samples in ReversingLabs TitaniumCloud by combining various search keywords
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
name
|
name | True | string |
field name |
|
criteria
|
criteria | True | string |
operators from enum |
|
value
|
value | True | string |
string or object |
|
format
|
format | string |
specifies the format for the response |
|
|
records_per_page
|
records_per_page | integer |
records_per_page |
|
|
page
|
page | integer |
page |
|
|
sort
|
sort | string |
Sort by one of these fields: sha1, firstsee, threatname, sampletype, filecount, size. Append asc for ascending and desc for descending order. E.g. threatname asc. |
|
|
Content-Type
|
Content-Type | string |
Content-Type |
TCA-0404 Requests an analysis of the submitted URL.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | True | string |
Request format. |
|
url
|
url | string |
url |
|
|
response_format
|
response_format | string |
response_format |
TCA-0319 Allows users to cancel started YARA retro hunts.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Specifies the name of the YARA ruleset for which the user is requesting an action from the service
|
ruleset_name | True | string |
ruleset_name |
|
Content-Type
|
Content-Type | string |
Content-Type |
TCA-0303 Allows the authenticated user to create YARA rulesets in ReversingLabs TitaniumCloud
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Specifies the name of the YARA ruleset
|
ruleset_name | True | string |
ruleset_name |
|
Configuration of the YARA rule
|
text | True | string |
text |
|
sample_available
|
sample_available | True | boolean |
sample_available |
|
Content-Type
|
Content-Type | string |
Content-Type |
TCA-9999 Returns information about combined daily service usage for all users in the company.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | string |
Response format. |
|
|
Date
|
date | string |
Specific date. YYYY-MM-DD format. Mutually exclusive with 'from' and 'to' parameters. |
|
|
From
|
from | string |
Start date. YYYY-MM-DD format. Needs to be used together with the 'to' parameter. Mutually exclusive with the 'date' parameter. |
|
|
To
|
to | string |
End date. YYYY-MM-DD format. Needs to be used together with the 'from' parameter. Mutually exclusive with the 'date' parameter. |
TCA-9999 Returns information about daily service usage for the TitaniumCloud account that sent the request.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | string |
Response format. |
|
|
Date
|
date | string |
Specific date. YYYY-MM-DD format. Mutually exclusive with 'from' and 'to' parameters. |
|
|
From
|
from | string |
Start date. YYYY-MM-DD format. Needs to be used together with the 'to' parameter. Mutually exclusive with the 'date' parameter. |
|
|
To
|
to | string |
End date. YYYY-MM-DD format. Needs to be used together with the 'from' parameter. Mutually exclusive with the 'date' parameter. |
TCA-9999 Returns information about combined date range service usage for all users in the company.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | string |
Response format. |
TCA-9999 Returns total usage for all product licenses with a fixed quota over a single date range for the current user.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | string |
Response format. |
TCA-0204 Deletes a single sample defined by the hash value.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Hash Type
|
hash_type | True | string |
md5, sha1 or sha256 |
|
Hash Value
|
hash_value | True | string |
Hash string |
|
Delete On
|
delete_on | string |
When the sample will be deleted. Expressed in UNIX timestamp format. |
TCA-0204 Deletes multiple samples at once defined by the list of hash values in the request payload.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Post Format
|
post_format | True | string |
Request format. |
|
hash_type
|
hash_type | string |
hash_type |
|
|
delete_on
|
delete_on | string |
When the sample will be deleted. Expressed in UNIX timestamp format. |
|
|
hashes
|
hashes | array of string |
hashes |
TCA-0303 Allows the authenticated user to delete YARA rulesets in ReversingLabs TitaniumCloud
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Yara ruleset name
|
ruleset_name | True | string |
Yara ruleset name |
TCA-0201 Returns the contents of a sample matching the requested hash.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Hash Type
|
hash_type | True | string |
md5, sha1 or sha256 |
|
Hash Value
|
hash_value | True | string |
Hash string |
TCA-0102 The List File User Overrides Query
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Specifies which hash type will be used in the request (md5, sha1, sha256)
|
hash_type | True | string |
hash_type |
|
start_hash
|
start_hash | string |
The format must correspond to the one defined with the hash_type parameter. |
|
|
format
|
format | string |
Supported values: json, xml |
Returns
TCA-0102 Service enables sample classification overrides.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Post format
|
post_format | True | string |
XML or JSON |
|
sha1
|
sha1 | string |
Provide values for md5, sha1, sha256 |
|
|
md5
|
md5 | string |
Provide values for md5, sha1, sha256 |
|
|
sha256
|
sha256 | string |
Provide values for md5, sha1, sha256 |
|
|
status
|
status | string |
options: MALICIOUS, SUSPICIOUS, KNOWN. For KNOWN status optional trust_factor. For MALICIOUS/SUSPICIOUS optional threat_name, threat_level |
|
|
trust_factor
|
trust_factor | integer |
Allowed as optional parameter for KNOWN status option |
|
|
threat_level
|
threat_level | integer |
Allowed as optional parameter for MALICIOUS and SUSPICIOUS status option |
|
|
threat_name
|
threat_name | string |
Allowed as optional parameter for MALICIOUS and SUSPICIOUS status option |
|
|
sha1
|
sha1 | string |
sha1 |
|
|
md5
|
md5 | string |
md5 |
|
|
sha256
|
sha256 | string |
sha256 |
TCA-9999 Returns information about the number of active YARA rulesets for the TitaniumCloud account that sent the request.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | string |
Response format. |
TCA-9999 Returns current quota limits for APIs available to all users belonging to the authenticated user’s company.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | string |
Response format. |
TCA-9999 Returns current quota limits for APIs accessible to the authenticated user.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | string |
Response format. |
TCA-0206 Returns a recordset with samples that the user is subscribed to from the requested timestamp onwards. The timestamp is defined in the request itself.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Time Format
|
time_format | True | string |
Unix timestamp or YYYY-MM-DDThh:mm:ss |
|
Time Value
|
time_value | True | string |
Time value string |
|
Format
|
format | string |
Response format. |
|
|
Events
|
events | string |
Sections that should be included in the response. Consult the API documentation for possible options. |
TCA-0405 Provides a list of domains that have the same top parent domain as the requested domain.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | True | string |
Request format. |
|
domain
|
domain | string |
domain |
|
|
response_format
|
response_format | string |
json or xml |
|
|
limit
|
limit | integer |
Number of results per page. |
|
|
page
|
page | string |
Next page string. |
TCA-0405 Provides a list of domain-to-IP mappings for the requested domain.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | True | string |
Request format. |
|
domain
|
domain | string |
domain |
|
|
response_format
|
response_format | string |
json or xml |
|
|
limit
|
limit | integer |
Number of results per page. |
|
|
page
|
page | string |
Next page string. |
TCA-0106 This query returns the latest analysis report for the requested sample hash.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Hash Type
|
hash_type | True | string |
sha1 only |
|
Hash Value
|
hash_value | True | string |
Hash string |
|
Format
|
format | string |
Response format. |
TCA-0106 This query returns the merged analysis report for the requested sample hash.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Hash Type
|
hash_type | True | string |
sha1 only |
|
Hash Value
|
hash_value | True | string |
Hash string |
|
Format
|
format | string |
Response format. |
TCA-0106 This query returns a specific analysis report for the requested sample hash defined by the analysis ID.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Hash Type
|
hash_type | True | string |
sha1 only |
|
Hash Value
|
hash_value | True | string |
Hash string |
|
Analysis Id
|
analysis_id | True | string |
ID of the dynamic analysis report. |
|
Format
|
format | string |
Response format. |
TCA-0106 Returns the most recent dynamic analysis report for each file within the archive.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Hash Type
|
hash_type | True | string |
sha1 only |
|
Hash Value
|
hash_value | True | string |
Hash string |
|
Format
|
format | string |
Response format. |
TCA-0106 Returns the merged dynamic analysis report for each file within the archive.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Hash Type
|
hash_type | True | string |
sha1 only |
|
Hash Value
|
hash_value | True | string |
Hash string |
|
Format
|
format | string |
Response format. |
TCA-0106 Returns dynamic analysis reports for requested url
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Base64 Value
|
base64_value | True | string |
Must be a string corresponding to the base64 encoding of url. |
|
Content-Type
|
Content-Type | string |
Content-Type |
TCA-0106 Returns dynamic analysis reports for requested url
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Sha1 Value
|
sha1_value | True | string |
Must be a sha1 string corresponding to the defined hash type. |
|
Content-Type
|
Content-Type | string |
Content-Type |
TCA-0104 Get the analysis results for the requested hashes.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Post Format
|
post_format | True | string |
Request format. |
|
hash_type
|
hash_type | string |
hash_type |
|
|
hashes
|
hashes | array of string |
hashes |
TCA-0104 Get the analysis results for the requested hash.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Hash Type
|
hash_type | True | string |
md5, sha1 or sha256 |
|
Hash Value
|
hash_value | True | string |
Hash string |
|
Format
|
format | string |
Response format. |
TCA-0105 Get a response containing all public knowledge about the given non-malicious samples identified by hash.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Post Format
|
post_format | True | string |
Request format. |
|
hash_type
|
hash_type | string |
hash_type |
|
|
hashes
|
hashes | array of string |
hashes |
TCA-0105 Get a response containing all public knowledge about the given non-malicious sample identified by hash.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Hash Type
|
hash_type | True | string |
md5, sha1 or sha256 |
|
Hash Value
|
hash_value | True | string |
Hash string |
TCA-0101 Get information about the malware status of requested samples.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Post Format
|
post_format | True | string |
XML or JSON |
|
Extended
|
extended | boolean |
Show extended results. |
|
|
Show Hashes
|
show_hashes | boolean |
Show all hashes for the sample. |
|
|
hash_type
|
hash_type | string |
hash_type |
|
|
hashes
|
hashes | array of string |
hashes |
TCA-0101 Get information about the malware status of the requested sample.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Hash Type
|
hash_type | True | string |
Possible values are 'md5', 'sha1' and 'sha256'. |
|
Hash Value
|
hash_value | True | string |
Must be a hash string corresponding to the defined hash type. |
|
Extended
|
extended | boolean |
Show extended results. |
|
|
Show Hashes
|
show_hashes | boolean |
Show all hashes for the sample. |
|
|
Format
|
format | string |
Set the response format. |
TCA-0103 Provides cross-reference data (AV scanner scanning information, first and last seen date-time (UTC), sample type and size, first and last scanned date, etc.) for given samples.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Post Format
|
post_format | True | string |
Request format. |
|
History
|
history | boolean |
Return historical data. |
|
|
Format
|
format | string |
Response format. |
|
|
hash_type
|
hash_type | string |
hash_type |
|
|
hashes
|
hashes | array of string |
hashes |
TCA-0103 Provides cross-reference data (AV scanner scanning information, first and last seen date-time (UTC), sample type and size, first and last scanned date, etc.) for a given sample.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Hash Type
|
hash_type | True | string |
md5, sha1 or sha256 |
|
Hash Value
|
hash_value | True | string |
Hash string |
|
History
|
history | boolean |
Return historical data. |
|
|
Format
|
format | string |
Response format. |
TCA-0406 Provides a list of IP-to-domain mappings for the specified IP address.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | True | string |
Request format. |
|
ip
|
ip | string |
ip |
|
|
response_format
|
response_format | string |
json or xml |
|
|
limit
|
limit | integer |
Number of results per page. |
|
|
page
|
page | string |
Next page string. |
TCA-0206 Returns the next recordset with samples to which the user is subscribed with the starting point defined using the "Set start time for reputation changes" action.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | string |
Response format. |
|
|
events
|
events | string |
List one or more sections separated with comma: xref, sample_available, malware_presence, sample_became_shareable |
|
|
Limit
|
limit | integer |
Number of records to return in the response. |
TCA-0201 Returns the file size of samples matching the requested hash values, but only if they are available for download. If the requested samples are not available for download, their size in the response will be returned as -1.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Post Format
|
post_format | True | string |
Request format. |
|
Format
|
format | string |
Response format. |
|
|
Content-Type
|
Content-Type | string |
Needs to be application/octet-stream |
|
|
hash_type
|
hash_type | string |
hash_type |
|
|
hashes
|
hashes | array of string |
hashes |
TCA-0106 Returns the specific dynamic analysis report for requested url
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Base64 Value
|
base64_value | True | string |
Must be a base64 string corresponding of the submitted url. |
|
analysis_id
|
specific_report | True | string |
analysis_id for which report is retrieved |
|
Format
|
format | string |
Response format. |
|
|
Content-Type
|
Content-Type | string |
Content-Type |
TCA-0106 Returns the specific dynamic analysis report for requested url
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
SHA1 Value
|
sha1_value | True | string |
Must be a hash string corresponding to the defined hash type. |
|
analysis_id
|
specific_report | True | string |
analysis_id for which report is retrieved |
|
Format
|
format | string |
Response format. |
|
|
Content-Type
|
Content-Type | string |
Content-Type |
TCA-0405 Returns threat intelligence data for the submitted domain.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | True | string |
Request format. |
|
domain
|
domain | string |
domain |
|
|
response_format
|
response_format | string |
response_format |
TCA-0406 Returns threat intelligence data for the submitted IP.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | True | string |
Request format. |
|
ip
|
ip | string |
ip |
|
|
response_format
|
response_format | string |
json or xml |
TCA-0403 Returns the latest completed URL analyses. This action only returns the first page of results.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | string |
Response format. |
|
|
Limit
|
limit | integer |
Maximum number of results returned per page. |
TCA-0403 Returns the latest completed URL analyses. This action returns the requested page of results.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Page
|
page | True | string |
Page marker for returning results. |
|
Format
|
format | string |
Response format. |
|
|
Limit
|
limit | integer |
Maximum number of results returned per page. |
TCA-0403 Returns the classification and reputation report for the submitted URL.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | True | string |
Request format. |
|
url
|
url | string |
url |
|
|
response_format
|
response_format | string |
response_format |
TCA-0403 Returns a list of completed URL analyses, starting from the requested time. This action only returns the first page of results.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Time Format
|
time_format | True | string |
timestamp or utc |
|
Start Time
|
start_time | True | string |
Unix timestamp or YYYY-MM-DDThh:mm:ss |
|
Format
|
format | string |
Response format. |
|
|
Limit
|
limit | integer |
Maximum number of results returned per page. |
TCA-0403 Returns a list of completed URL analyses, starting from the requested time. This action returns the requested page of results.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Time Format
|
time_format | True | string |
timestamp or utc |
|
Start Time
|
start_time | True | string |
Unix timestamp or YYYY-MM-DDThh:mm:ss |
|
Page
|
page | True | string |
Page marker for returning results. |
|
Format
|
format | string |
Response format. |
|
|
Limit
|
limit | integer |
Maximum number of results returned per page. |
TCA-0405 Provides a list of URLs associated with the requested domain.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | True | string |
Request format. |
|
domain
|
domain | string |
domain |
|
|
response_format
|
response_format | string |
json or xml |
|
|
limit
|
limit | integer |
Number of results per page. |
|
|
page
|
page | string |
Next page string. |
TCA-0406 Provides a list of URL-s associated with the requested IP.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | True | string |
Request format. |
|
ip
|
ip | string |
ip |
|
|
response_format
|
response_format | string |
json or xml |
|
|
limit
|
limit | integer |
Number of results per page. |
|
|
page
|
page | string |
Next page string. |
TCA-0303 Returns a recordset of YARA ruleset matches in the requested time range
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Time Format
|
time_format | True | string |
Unix timestamp or YYYY-MM-DDThh:mm:ss |
|
Time Value
|
time_value | True | string |
Time value string |
|
Format
|
format | string |
Response format. |
TCA-0319 Allows users to check status of their own YARA retro hunts and retroactively match YARA rules against files from ReversingLabs TitaniumCloud
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Yara ruleset name
|
ruleset_name | True | string |
Yara ruleset name |
TCA-0319 Returns a recordset of YARA ruleset matches in the requested time range for the authenticated user.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Time Format
|
time_format | True | string |
Unix timestamp or YYYY-MM-DDThh:mm:ss |
|
Time Value
|
time_value | True | string |
Time value string |
|
Format
|
format | string |
Response format. |
TCA-0303 API Returns information about created user YARA ruleset
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Yara ruleset name
|
ruleset_name | True | string |
Yara ruleset name |
TCA-0303 API Returns text for specified YARA rule
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Yara ruleset name
|
ruleset_name | True | string |
Yara ruleset name |
TCA-0321 This query returns a list containing all SHA1 hashes of functionally similar samples for the requested SHA1 sample hash and RHA1 precision level.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
rha1_type
|
rha1_type | True | string |
This parameter accepts one of the following values: pe01, elf01, machO01, pe02 |
|
hash_value
|
hash_value | True | string |
The value must be a valid SHA1 hash of the sample for which the user is requesting a list of functionally similar samples |
|
next_page_sha1
|
next_page_sha1 | True | string |
To get the next page of results from the API, use the next_page_sha1 value from the response in place of this parameter in a new request. When the parameter is not included in the request, only the first page of results is returned. |
|
Content-Type
|
Content-Type | string |
Content-Type |
|
|
Format
|
format | string |
Set the response format. |
|
|
Limit
|
limit | integer |
Number of records to return in the response. |
|
|
Extended
|
extended | boolean |
Show extended results. |
|
|
Classification
|
classification | string |
Return only hashes with this classification. |
TCA-0302 Provides a list of all available SHA1 hashes for the requested import hash (imphash)
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Hash Value
|
hash_value | True | string |
The value must be a valid ImpHash hash for which the user is requesting a list of SHA1 hashes |
|
Content-Type
|
Content-Type | string |
Content-Type |
|
|
Format
|
format | string |
Set the response format. |
TCA-0302 Provides a list of all available SHA1 hashes for the requested import hash (imphash)
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Hash Value
|
hash_value | True | string |
The value must be a valid ImpHash hash for which the user is requesting a list of SHA1 hashes |
|
Next page sha1
|
next_page_sha1 | True | string |
The value must be a valid hash for which the user is requesting a list of SHA1 hashes |
|
Content-Type
|
Content-Type | string |
Content-Type |
|
|
Format
|
format | string |
Set the response format. |
TCA-0405 Retrieve a list of files downloaded from the submitted domain.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | True | string |
Request format. |
|
domain
|
domain | string |
domain |
|
|
response_format
|
response_format | string |
response_format |
|
|
limit
|
limit | integer |
limit |
|
|
extended
|
extended | boolean |
extended |
|
|
classification
|
classification | string |
classification |
|
|
page
|
page | string |
page |
TCA-0403 Retrieve a list of files downloaded from the submitted URL.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | True | string |
Request format. |
|
url
|
url | string |
url |
|
|
analysis_id
|
analysis_id | string |
Mutally exlusive with 'last_analysis' |
|
|
last_analysis
|
last_analysis | boolean |
Return last analysis. Mutally exlusive with 'analysis_id' |
|
|
response_format
|
response_format | string |
xml or json |
|
|
limit
|
limit | integer |
Number of results per page. |
|
|
extended
|
extended | boolean |
Return extended results. |
|
|
classification
|
classification | string |
Return only samples with this classification. |
|
|
page
|
page | string |
Next page string. |
TCA-0406 Retrieve a list of files downloaded from the submitted IP address.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | True | string |
Request format. |
|
ip
|
ip | string |
ip |
|
|
response_format
|
response_format | string |
json or xml |
|
|
limit
|
limit | integer |
Number of results per page. |
|
|
extended
|
extended | boolean |
Return extended results. |
|
|
classification
|
classification | string |
Return results with this classification. |
|
|
page
|
page | string |
Next page string. |
TCA-0408 List user overrides for network locations
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | string |
Optional parameter that allows choosing the response format. Supported values: xml, json |
|
|
Next Network Location
|
next_network_location | string |
Optional parameter used for pagination. To get the next page of results from the API, use the next_network_location value from the response in place of this parameter in a new request. When the parameter is not included in the request, only the first page of results is returned. |
TCA-9999 Returns information about combined monthly service usage for all users in the company.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | string |
Response format. |
|
|
Month
|
month | string |
Specific month. YYYY-MM format. Mutually exclusive with 'from' and 'to' parameters. |
|
|
From
|
from | string |
Start month. YYYY-MM format. Needs to be used together with the 'to' parameter. Mutually exclusive with the 'month' parameter. |
|
|
To
|
to | string |
End month. YYYY-MM format. Needs to be used together with the 'from' parameter. Mutually exclusive with the 'month' parameter. |
TCA-9999 Returns information about monthly service usage for the TitaniumCloud account that sent the request.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | string |
Response format. |
|
|
Month
|
month | string |
Specific month. YYYY-MM format. Mutually exclusive with 'from' and 'to' parameters. |
|
|
From
|
from | string |
Start month. YYYY-MM format. Needs to be used together with the 'to' parameter. Mutually exclusive with the 'month' parameter. |
|
|
To
|
to | string |
End month. YYYY-MM format. Needs to be used together with the 'from' parameter. Mutually exclusive with the 'month' parameter. |
TCA-0407 Provides information regarding the reputation of requested URL, domain or IP Address.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Post format
|
post_format | True | string |
XML or JSON |
|
Network Location
|
network_location | True | string |
List of network locations (url, ip, domain) |
|
type
|
type | string |
url or ip or domain |
|
|
response_format
|
response_format | string |
json or xml |
TCA-0408 Enables URL classification overrides.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Post format
|
post_format | True | string |
XML or JSON |
|
Network Location
|
network_location | True | string |
The overridden URL (domain, ip, url). |
|
type
|
type | True | string |
Type of URI. Only url is supported. |
|
classification
|
classification | True | string |
Assigned classification. Must conform to the ReversingLabs naming standard |
|
categories
|
categories | array of string |
categories |
|
|
response_format
|
response_format | string |
json or xml |
TCA-0205 Sends a sample defined by a hash for rescanning.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Hash Type
|
hash_type | True | string |
md5, sha1 or sha256 |
|
Hash Value
|
hash_value | True | string |
Hash string |
TCA-0205 Sends multiple samples defined by hashes for rescanning.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Post Format
|
post_format | True | string |
Request format. |
|
Format
|
format | string |
Response format. |
|
|
hash_type
|
hash_type | string |
hash_type |
|
|
hashes
|
hashes | array of string |
hashes |
TCA-0206 Sets the starting timestamp for the reputation data changes feed.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Time Format
|
time_format | True | string |
Unix timestamp or YYYY-MM-DDThh:mm:ss |
|
Time Value
|
time_value | True | string |
Time value string |
TCA-0319 Allows users to start their own YARA retro hunts and retroactively match YARA rules against files from ReversingLabs TitaniumClou
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Specifies the name of the YARA ruleset for which the user is requesting an action from the service
|
ruleset_name | True | string |
ruleset_name |
|
Content-Type
|
Content-Type | string |
Content-Type |
TCA-0207 Submits an archive for dynamic anaylsis.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Post Format
|
post_format | True | string |
Request format. |
|
sha1
|
sha1 | string |
sha1 |
|
|
platform
|
platform | string |
Platform which will be used for dynamic analysis. Consult the API documentation for possible options. |
|
|
response_format
|
response_format | string |
response_format |
|
|
optional_parameters
|
optional_parameters | string |
Consult the API documentation for possible options. |
TCA-0207 Submits a sample for dynamic analysis.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Post Format
|
post_format | True | string |
Request format. |
|
sha1
|
sha1 | string |
Select either SHA1 or url parameter for sample analysis |
|
|
url
|
url | string |
Select either SHA1 or url parameter for sample analysis |
|
|
platform
|
platform | string |
Platform which will be used for dynamic analysis. Consult the API documentation for possible options. |
|
|
response_format
|
response_format | string |
json or xml |
|
|
optional_parameters
|
optional_parameters | string |
Consult the API documentation for possible options. |
TCA-0206 Subscribes to a list of samples for which the changed sections (if there are any) will be delivered in the Data Change Feed.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Post Format
|
post_format | True | string |
Request format. |
|
hash_type
|
hash_type | string |
hash_type |
|
|
hashes
|
hashes | array of string |
hashes |
TCA-0206 Unsubscribes from a list of samples that the user was previously subscribed to.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Post Format
|
post_format | True | string |
Request format. |
|
hash_type
|
hash_type | string |
hash_type |
|
|
hashes
|
hashes | array of string |
hashes |
TCA-0202 Upload a given sample identified by hash via open stream of POST data.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Sha1 Value
|
sha1_value | True | string |
SHA1 of the sample. |
|
Content-Type
|
Content-Type | True | string |
Needs to be application/octet-stream |
TCA-0202 Upload metadata for the sample identified by hash.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Sha1 Value
|
sha1_value | True | string |
SHA1 of the sample. |
|
Subscribe
|
subscribe | string |
Subscribe to this sample's reputation data changes. Possible values are only 'data_change' |
|
|
Content-Type
|
Content-Type | True | string |
Needs to be application/octet-stream |
|
Body
|
body | True | string |
XML request body. Consult the API documentation for examples. |
TCA-0401 Returns hashes related to the provided URI. This request accepts an URI in the form of a SHA-1 string and returns only the first page of results.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Uri Sha1
|
uri_sha1 | True | string |
SHA1 string representation of the URI |
|
Format
|
format | string |
Response format. |
|
|
Classification
|
classification | string |
Return only hashes with this classification. |
TCA-0401 Returns hashes related to the provided URI. This request accepts an URI in the form of a SHA-1 string and returns the requested page of results.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Uri Sha1
|
uri_sha1 | True | string |
SHA1 string representation of the URI |
|
Next Page Sha1
|
next_page_sha1 | True | string |
SHA1 of the next page of results. |
|
Format
|
format | string |
Response format. |
|
|
Classification
|
classification | string |
Return only hashes with this classification. |
TCA-0401 Returns hashes related to the provided URI. This request accepts an URI string and returns the requested page of results.
Parameters
| Name | Key | Required | Type | Description |
|---|---|---|---|---|
|
Format
|
format | string |
Request format. |
|
|
Content Type Header
|
Content-Type | True | string |
API Call expect explicit content type |
|
uri
|
uri | string |
uri |
|
|
next_page_sha1
|
next_page_sha1 | string |
next_page_sha1 |