ReversingLabs Content Pack for Microsoft Sentinel
Solution: ReversingLabs
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | ReversingLabs |
| Support Tier | Partner |
| Support Link | https://support.reversinglabs.com/hc/en-us |
| Categories | domains |
| Version | 3.0.1 |
| Author | ReversingLabs - support@reversinglabs.com |
| First Published | 2022-08-08 |
| Last Updated | 2024-07-17 |
| Solution Folder | ReversingLabs |
| Marketplace | Azure Marketplace · Popularity: ⚪ Very Low (0%) |
The ReversingLabs Content Pack solution for Microsoft Sentinel includes a number of Microsoft Sentinel resources designed to automate your security operations using the power of Spectra Intelligence (formerly TitaniumCloud) and Spectra Analyze (formerly A1000) APIs.
Contents
Data Connectors
This solution does not include data connectors.
This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.
Internal Tables
The following 4 table(s) are used internally by this solution's content items:
| Table | Used By Content |
|---|---|
RLTiCloudQuotas_CL |
Playbooks (writes), Workbooks |
SecurityAlert |
Workbooks |
SecurityIncident |
Workbooks |
ThreatIntelIndicators |
Workbooks |
Content Items
This solution includes 6 content item(s):
| Content Type | Count |
|---|---|
| Playbooks | 5 |
| Workbooks | 1 |
Workbooks
| Name | Tables Used |
|---|---|
| ReversingLabs-CapabilitiesOverview | Internal use:RLTiCloudQuotas_CLSecurityAlertSecurityIncidentThreatIntelIndicators |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| ReversingLabs-CheckQuota | This playbook will check your ReversingLabs TitaniumCloud API quota and provide usage details. To be... | Internal use:RLTiCloudQuotas_CL (write) |
| SpectraAnalyze-EnrichFileHash | This playbook will enrich a Microsoft Sentinel incident with file hash information from a Spectra An... | - |
| SpectraAnalyze-EnrichNetworkEntities | This playbook will enrich a network entities (IP addresses, URLs, and domain names) with information... | - |
| SpectraIntelligence-EnrichFileHash | This playbook will enrich a Microsoft Sentinel Incident with file hash information from ReversingLab... | - |
| SpectraIntelligence-EnrichNetworkEntities | This playbook will enrich a Microsoft Sentinel Incident with information about network entities (IP ... | - |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.2 | 08-08-2025 | Updated Reversing Labs workbook with new ThreatIntelIndicators Table |
| 3.0.1 | 17-07-2024 | What's New - Playbook | SpectraAnalyze-EnrichNetworkEntities: New playbook that enriches network entities (IP addresses, URLs, and domain names) with data from a Spectra Analyze appliance | v1.0.0 - Playbook | SpectraIntelligence-EnrichNetworkEntities: New playbook that enriches network entities (IP addresses, URLs, and domain names) with data from Spectra Intelligence. | v1.0.0 - Playbook | SpectraAnalyze-EnrichFileHash: New playbook exmaple for enriching file hash entities with data from a Spectra Analyze apliance | v1.0.0 What's Changed - Playbook | ReversingLabs-EnrichFileHash has been renamed to SpectraIntelligence-EnrichFileHash |
| 3.0.0 | 09-08-2023 | Playbook | ReversingLabs-EnrichFileHash: Updated to use new TitaniumCloud Logic App connector; Added AV scan results | v2.0.0 Workbook | ReversingLabs-CapabilitiesOverview: Remove hardcoded parameter value "ti_feed_check"; Update indicator quality query to be more accurate for uniqueness check | v1.1.2 |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊