Detection as a Service API version 2022.08.01

DaaS_2022.08.01-v11-20220812_122330.pdf (1.3 MB)

NewFeatures-

  • IOC information via telemetry api
    • A new parameter IOC added in telemetry API to provide additional information for a
      submission that includes file creations, redirections etc
    • Provide ioc=true in api param to get ioc information
  • Hash (md5 & sha256) search feature on submissions tab.
    • If the user has made any submissions for the provided hash then last 10 submissions for hash would be displayed on UI
  • Showing submission level selected options on reports page (Portal report, pdf report and public report)
    • All the options selected by user while submitting a sample would be displayed on the submission report page under the Overview Analysis detail section.
  • Slack integration support for delete action
    • User can select Trash option as supported action to delete detected malicious file or chat message with a malicious url
  • Box integration support for forceful unlock
    • “Forced File Unlock” is selected from Box actions and a file is uploaded that is locked by other user. If file is detected malicious then it would be moved to quarantine folder after forcefully getting unlocked.
  • Custom sharepoint SPO site scanning option
    • A user can specify up to 100 specific sites that can be configured with DOD via webhook and the rest of them via audit log events.

Improvements

  • box integration : action failure reason on submission entry (if any)

    • If failed to take action on object then error message will be shown on alerts page.
  • limited api key name to 100 characters

    • Go to “Key Management” , select “Create Authorization Key”, and create an API key
  • Connector’s additional information provided on reports page

    • This is working for onedrive, Teams and Sharepoint.
    • This includes information like sender, receiver, owner, etc
  • containerize VNC functionality

    • The Artifact column now show a VNC button to connect to the instance where the object is getting analyzed. If a button is not seen please refresh the recent submissions.