The latest update to the extended report schema adds three fields:
The engine_results field is no longer necessary and will be removed from the report schema on September 15th, 2020. Be sure to update your applications to use the new fields before September 15th.
What’s New :
- New API endpoint to get the health status of the service, subscription, and API key.
- Get total and remaining quota stats for full, monthly, and daily periods.
- -1 denotes that quota is not applied.
URL scan API
- New POST endpoint to submit URLs for scanning
- Retrieve results from reports endpoint using the report uuid
- Dynamic analysis of all URLs
- Max list of 10 URLs can be submitted per submission
Dashboard to show API utilization and service status
- New dashboard to show API utilization, quota counters, and status of DoD service
UX upgrade for DoD Portal and DoD integrated reports
MITRE ATT&CK Mapping enhancements to show associated rule and os change events
Process Graph Enhancements to show Registry, File, Rules, and Network events
UI report enhancements to show eextracted objects, details, and graph
UI enhancements to show extracted IoCs
File distribution widget on dashboard to show top file types analyzed
- New widget on dashboard UI to show file type distribution
Various UI widgets to show utilization and alert charts
- New widgets on dashboard to show API count, malicious submissions, and recent submissions
Submission tab to support UX functionality
- New tab to submit samples via DoD to multiple MVX profiles at a time. Additionally, we now track recent submissions on a per API key basis
Alerts tab to show alerts from different integrations and API-based submissions
- New tab for showing malicious alerts reported from different integration(s) and API based submission(s).
BETA release for native integrations support
- New beta feature for direct integration of DoD with 3rd party applications
Native integration for Box.com
- Native integration of DoD file scanning for Box.com accounts
- OAuth 2.0 Authentication
- Support webhooks for all users’ top level folder in root directory (max 1000 directories for each user)
- Event polling support to track new directory creation at the root level, new user creation, and admin logs to track changes for file creation at the enterprise level
- Trash action - All malicious files will be moved to trash directory of individual user
- Tombstone file : Once a file is trashed, the DoD service will create a tombstone file
- Account enable/disable feature
Native integration for Microsoft Teams for File and URL scanning
- Native integration of DoD file and URL scanning for Microsoft Teams
- OAuth 2.0 Authentication
Quarantine support for BoX.com and Microsoft Teams
- Admin-Level Quarantine: All malicious files will be quarantined to the admin level. DoD Service will create a folder at the root level, which will have all quarantined files.
- User-Level Quarantine: All malicious files will be quarantined to the user level itself. DoD Service will create a folder at the root level, which will have all quarantined files.
- Tombstone file: Once file quarantined, DoD service will create a tombstone file which will have more details of the quarantine
DUA support for extracted URLs.
- Support for Dynamic URL Analysis (DUA) for extracted URLs from URL or object submissions.
Enhancements to reporting of results
- New format for reporting results
- Report API to support v1 for old format and v2 for new format
- Separate sections for extracted objects and results from different engines
- OS changes to be not reported in new version in reports API, and instead moved to the artifacts.
SHA1 support in reports API
- New field “sha1” in report for sha1 hash of submitted file.
Support for memory dumps
- New flag “memory_dump” in files API to enable memory dump
Support for extracted/dropped files
- New flag “file_extraction” in files API to enable dropped file extraction
Support to extract video files
- New flag “video” in files API to enable video capture
Support to extract pcap files
- New flag "pcap "in files API to enable pcap extraction
Libmagic reporting via reports API
- New field “magic” in report for submitted submitted file
Artifacts information reporting
- New field to report details of artifacts in reports API
- Details of os changes, vm artifacts, and screenshots extracted
- Detailed path of artifacts from downloaded file
Artifacts API to report os changes
- Artifacts API support new param “type=os_changes” to get os changes of an analysis.
Detailed reporting on extracted objects and their results
- Report list of extracted objects (files or URLs) from the submitted sample with individual object uuids
- Extracted object metadata about sample and its verdict
- Result is a list of results for each extracted object from different engines, with weights, signatures, and other details
HTML Emulator for URL and HTML files
- New HTML emulator engine to perform analysis on HTML content, downloaded from a URL or submitted directly as a sample
Health API integration with API key management portal
User guides for various integrations