Detection On Demand API version 2021.0401

What’s New:

Custom YARA Rules

  • Upload custom YARA rules for files, email content, or email headers.
  • Additionally, custom YARA rules directly against post processed content, such as office macros, or embedded binaries

Live Mode Support

  • Run file samples live on the internet to gather the next stage payload
  • Option to switch between live and sandbox mode

Riskware Support

  • Define framework to determine malicious content based on categories of objects rather than pure behavior, such as “password protected archives”

Guest Images Customization

  • Customize virtual machine environment including username, domain, keyboard layout, time zones, language, etc.

Integration with Helix, Sumo Logic, and Splunk SIEM

  • Generate alerts formatted for Helix, Sumo Logic, and Splunk SIEM based on Detection on Demand output

Increased file size support

  • 100MB file support for sample submission

More detailed reporting

  • Static context reporting in PDF report and API
  • Avoid multiple scans via file version_id in all API response [telemetry + search api]
  • integration enhancements
  • BoX file version on the alerts page
  • BoX file version search support in search API
  • Search up to one year of malicious data via telemetry API scan
  • Outlook MSG file scan support
  • Native integration for Cisco Webex
  • Native integration for Dropbox
  • Native integration for Salesforce
  • Native integration for Azure Blob Storage
  • Native integration for OneDrive and Sharepoint