Palo Alto - Cortex XSOAR
Paloalto XSOAR is a security orchestration, automation and response (SOAR) platform, which allows security teams to automate and streamline security processes. By integrating OPSWAT Filescan with Paloalto XSOAR, security teams can automate the process of scanning files for malware and other security threats. This integration allows security teams to quickly and easily scan files for potential threats, and take immediate action to mitigate any risks that are identified.
With the integration, you can send a file or URL scan request from XSOAR to Filescan, or search for previously scanned reports in Filescan.
You can find more information about XSOAR here.
OPSWAT Filescan integration in the XSOAR marketplace available here.
Installation
Step #1 - Search for OPSWAT Filescan in the marketplace
Step #2 - Click on the Install button in the top right corner.
Integration is then added to the basket. (The integration is free.)
Step #3 - Add an instance.
For that go to Settings -> Integrations, search for 'OPSWAT' and click on 'Add instance' at the right side.
A Filescan API key is required to use the integration.
You can use the Activation Key that you received from your OPSWAT Sales Representative, and follow the instructions on the License Activation page or you can create an API key on the Community site under API Key tab.
You need to add your API key, and if you have on-prem version of OPSWAT Filescan, you can add your own server's URL. The default URL is Filescan Community.
You can validate it under the 'Test results':
Available commands
Scan URL
opswat-filescan-scan-url
Scan URL resource with Filescan POST - Scan URLAPI
Command Arguments
| Description | Default value | Required | |
|---|---|---|---|
| url | The URL to submit | yes | |
| timeout | The timeout for the polling in seconds | 600 | |
| hide_polling_output | Hide polling output. | true | |
| description | Uploaded file/url description | ||
| tags | Tags array to propagate | ||
| password | Custom password, in case uploaded archive is protected | ||
| is_private | If file should not be available for download by other users | false |
Command example
!opswat-filescan-scan-url https://www.google.com
Output example
Scan File
opswat-filescan-scan-file
Scan file resource with Filescan POST - Scan FileAPI
Command Arguments
| Description | Default value | Required | |
|---|---|---|---|
| entry_id | The War Room entry ID of the file to submit. | yes | |
| timeout | The timeout for the polling in seconds | 1200 | |
| hide_polling_output | Hide polling output. | true | |
| description | Uploaded file/url description | ||
| tags | Tags array to propagate | ||
| password | Custom password, in case uploaded archive is protected | ||
| is_private | If file should not be available for download by other users | false |
Command example
!opswat-filescan-scan-file entry_id=<paste your entry id here> retry-interval=1
Output example
Search
opswat-filescan-search-query
Search for reports. Finds reports and uploaded files by various tokens. Use GET - Search ReportAPI endpoint.
Arguments
| Description | Default value | Required | |
|---|---|---|---|
| query | The query string | yes | |
| page | Page number, starting from 1 | ||
| page_size | Page size. Can be 5, 10 or 20 | ||
| limit | Number of total results. Maximum 50. (If page and page_size was also provided, then it will be ignored.) | 10 |
Command example
!opswat-filescan-search-query query=theuselessweb limit=3
Output example
