PARTNER INTEGRATION

Unlocking Advanced Threat Detection and Response

VISIT WEBSITE

At VMRay, our purpose is to liberate the world from undetectable digital threats.

 

Led by reputable cyber security pioneers, we develop best-in-class technologies to help organizations distinguish genuine threats from the noise and obtain additional context and insights into those threats.

 

Based on the world’s most advanced malware and phishing analysis platform, we enable enterprises, government organizations, and MSSPs to automate security operations, accelerate analysis and response, and build reliable threat intelligence. In times of uncertainty and complexity, we create room for clarity and productivity to help security teams thrive.

Integrated Dataminr Products
Agentic Threat Intelligence Platform
Investigation Insights

Get the full details on how this partnership
enhances your operations

DOWNLOAD SOLUTION BRIEF

VMRay with Investigation Insights

The Investigation Insights – VMRay integration enables analysts to have complete insights on hashes and if they are malicious or not. Enabling analysts to know if the hash in their environment was determined to be malicious or not. The Investigation Insights – VMRay integration also enables analysts to understand the attack techniques used when the file runs and even allows analysts to upload a file to check and see if the file has been run through VMRay.

Data Overview – Hash Overview
When running a search against VMRay, analysts will quickly get an overview of the hash. Learning if the sample is malicious, when it was submitted and the file associated with it.
Data Overview – Sample Details
When an analyst navigates to the details tab they will quickly be able to see the associated hashes with the sample, copy them out to search or add to a report and even see the file size of the submitted file.
Data Overview – File Summary
When an analyst clicks on the Summary tab in the details pain of the overlay window, they will be able to get the full analysis details of the file. Learning information on what was malicious or not about the file, what threats were identified and more.
Data Overview – Known ATT&CKs
When clicking on the ATT&CK tag analysts will be able to quickly see what ATT&CKS VMRay has identified and associated with the file. Allowing the analyst to have a better idea on how the threat actor is deploying to file to attack their network. Quickly enabling faster response and triage.
Data Overview – Associated IOCs
When an analyst clicks on the IOCs tab they will quickly be able to see any associated indicators of compromise that VMRay has associated with the file. Analysts can then quickly pivot on those IOC’s to look them up in Investigation Insights to see if they have been seen in their environment.
Data Overview – File Check
When an analyst is on the File Check tab in the integration they can quickly upload a file to check if that file has an associated sample in VMRay already. Investigation Insights will translate the file into a hash and then look up that hash in VMRay enabling the analyst to see if it was submitted and if it was not they can quickly pivot to VMRay to add the file for submission.

VMRay Platform

The VMRay Platform (formerly Analyzer) Playbook App simplifies and automates submitting files and URLs for analysis by VMRay’s TotalInsight and FinalVerdict solutions, and processing the results from analysis reports as new Indicators, like File Hash, IP Address, Domain, and URLs, and Tags directly into Agentic Threat Intelligence Platform, along with the full analysis report. The App supports a variety of actions like:

  • Submit File
  • Get File Results
  • Parse File Results
  • Submit URL
  • Get URL Results
  • Parse URL Results

This App can be found in the App Catalog in Dataminr Agentic Threat Intelligence Platform under the name: VMRay Analyzer. Playbook templates for the App can be found under Downloads on this page.

VMRay Threat Intelligence

The VMRay Threat Intelligence Job App automates the ingestion of threat intel from files and URLs analyzed by VMRay TotalInsight and FinalVerdict. Malicious IOCs are continuously fed from VMRay to Dataminr as a feed, ensuring CTI and security operations analysts have the latest intel from attacks against their organization, and can leverage that intel for proactive defense.

Looking for other integration?

Contact Us