Cortex XSOAR
You can find more information about XSOAR here.
Now, OPSWAT Filescan integration is available in XSOAR marketplace:
Installation
Step #1 - Search for OPSWAT Filescan in the marketplace
Step #2 - Click on the Install button in the top right corner.
Integration is then added to the basket. (The integration is free.)
Step #3 - Add an instance.
For that go to Settings -> Integrations, search for 'OPSWAT' and click on 'Add instance' at the right side.
A Filescan API key is required to use the integration.
You need to add your API key, and if you have on-prem version of OPSWAT Filescan, you can add your own server's URL. The default URL is Filescan Community.
You can validate it under the 'Test results':
Available commands
Scan URL
opswat-filescan-scan-url
Scan URL resource with Filescan POST - Scan URLAPI
Command Arguments
| Description | Default value | Required | |
|---|---|---|---|
| url | The URL to submit | yes | |
| timeout | The timeout for the polling in seconds | 600 | |
| hide_polling_output | Hide polling output. | true | |
| description | Uploaded file/url description | ||
| tags | Tags array to propagate | ||
| password | Custom password, in case uploaded archive is protected | ||
| is_private | If file should not be available for download by other users | false |
Command example
!opswat-filescan-scan-url https://www.google.com
Output example
Scan File
opswat-filescan-scan-file
Scan file resource with Filescan POST - Scan FileAPI
Command Arguments
| Description | Default value | Required | |
|---|---|---|---|
| entry_id | The War Room entry ID of the file to submit. | yes | |
| timeout | The timeout for the polling in seconds | 1200 | |
| hide_polling_output | Hide polling output. | true | |
| description | Uploaded file/url description | ||
| tags | Tags array to propagate | ||
| password | Custom password, in case uploaded archive is protected | ||
| is_private | If file should not be available for download by other users | false |
Command example
!opswat-filescan-scan-file entry_id=<paste your entry id here> retry-interval=1
Output example
Search
opswat-filescan-search-query
Search for reports. Finds reports and uploaded files by various tokens. Use GET - Search ReportAPI endpoint.
Arguments
| Description | Default value | Required | |
|---|---|---|---|
| query | The query string | yes | |
| page | Page number, starting from 1 | ||
| page_size | Page size. Can be 5, 10 or 20 | ||
| limit | Number of total results. Maximum 50. (If page and page_size was also provided, then it will be ignored.) | 10 |
Command example
!opswat-filescan-search-query query=theuselessweb limit=3
Output example
