ReversingLabs A1000 v2.4.4 (#38112) (#38170)

* Update version to 2.4.4

* Update readme

* Fix minor bugs in classification commands.

* Add the contributors file

* Add release notes

Co-authored-by: Mislav Sever <[email protected]>

Author: 2 people

Packs/ReversingLabs_A1000/CONTRIBUTORS.json

@@ -0,0 +1,3 @@
+[
+    "Mislav Sever"
+]

Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/README.md

@@ -5740,6 +5740,7 @@ Retrieve classification report for a sample
 | --- | --- | --- |
 | hash | The hash of a desired sample. | Required | 
 | localOnly | Return only local classification data for the sample, without falling back to querying TitaniumCloud. Default is False. | Optional | 
+| avScanners | Return AV scanner data from TitaniumCloud. | Optional | 
 
 #### Context Output
 

Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.py

@@ -2,7 +2,7 @@
 from ReversingLabs.SDK.a1000 import A1000
 
 
-VERSION = "v2.4.0"
+VERSION = "v2.4.4"
 USER_AGENT = f"ReversingLabs XSOAR A1000 {VERSION}"
 HOST = demisto.getParam('host')
 TOKEN = demisto.getParam('token')
@@ -427,11 +427,12 @@ def get_classification(a1000):
     """
     hash_value = demisto.getArg('hash')
     local_only = argToBoolean(demisto.getArg('localOnly'))
+    av_scanners = argToBoolean(demisto.getArg('avScanners'))
 
     try:
         response_json = a1000.get_classification_v3(hash_value,
                                                     local_only=local_only,
-                                                    av_scanners=True).json()
+                                                    av_scanners=av_scanners).json()
     except Exception as e:
         return_error(str(e))
 
@@ -1211,36 +1212,41 @@ def sample_classification_output(resp_json, action, av_scanners, sample_hash):
     markdown = f"""## ReversingLabs A1000 sample classification - {action}\n"""
 
     if action == "GET CLASSIFICATION":
-        markdown = markdown + f"""**Classification**: {resp_json.get("classification")}
-        **Risk score**: {resp_json.get("riskscore")}
-        **First seen**: {resp_json.get("first_seen")}
-        **Last seen**: {resp_json.get("last_seen")}
-        **Classification result**: {resp_json.get("classification_result")}
-        **Classification reason**: {resp_json.get("classification_reason")}
-        **SHA-1**: {resp_json.get("sha1")}
-        **SHA-256**: {resp_json.get("sha256")}
-        **MD5**: {resp_json.get("md5")}
-        """
-        if av_scanners:
-            scanners_table = tableToMarkdown("Scanner results", resp_json.get("av_scanners"))
-            markdown = markdown + f"\n{scanners_table}"
+        if resp_json.get("classification"):
+            markdown = markdown + f"""**Classification**: {resp_json.get("classification")}
+            **Risk score**: {resp_json.get("riskscore")}
+            **First seen**: {resp_json.get("first_seen")}
+            **Last seen**: {resp_json.get("last_seen")}
+            **Classification result**: {resp_json.get("classification_result")}
+            **Classification reason**: {resp_json.get("classification_reason")}
+            **SHA-1**: {resp_json.get("sha1")}
+            **SHA-256**: {resp_json.get("sha256")}
+            **MD5**: {resp_json.get("md5")}
+            """
+            if av_scanners:
+                scanners_table = tableToMarkdown("Scanner results", resp_json.get("av_scanners"))
+                markdown = markdown + f"\n{scanners_table}"
+
+            d_bot_score = classification_to_score(resp_json.get("classification").upper())
+            dbot_score = Common.DBotScore(
+                indicator=sample_hash,
+                indicator_type=DBotScoreType.FILE,
+                integration_name='ReversingLabs A1000 v2',
+                score=d_bot_score,
+                malicious_description=resp_json.get("classification_result"),
+                reliability=RELIABILITY
+            )
 
-        d_bot_score = classification_to_score(resp_json.get("classification").upper())
-        dbot_score = Common.DBotScore(
-            indicator=sample_hash,
-            indicator_type=DBotScoreType.FILE,
-            integration_name='ReversingLabs A1000 v2',
-            score=d_bot_score,
-            malicious_description=resp_json.get("classification_result"),
-            reliability=RELIABILITY
-        )
+            indicator = Common.File(
+                md5=resp_json.get("md5"),
+                sha1=resp_json.get("sha1"),
+                sha256=resp_json.get("sha256"),
+                dbot_score=dbot_score
+            )
 
-        indicator = Common.File(
-            md5=resp_json.get("md5"),
-            sha1=resp_json.get("sha1"),
-            sha256=resp_json.get("sha256"),
-            dbot_score=dbot_score
-        )
+        else:
+            markdown = markdown + "There were no results for the given hash."
+            indicator = None
 
         command_results = CommandResults(
             outputs_prefix="ReversingLabs",

Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.yml

@@ -236,6 +236,9 @@ script:
     - defaultValue: 'False'
       description: Return only local classification data for the sample, without falling back to querying TitaniumCloud.
       name: localOnly
+    - defaultValue: 'True'
+      description: Return AV scanner data from TitaniumCloud.
+      name: avScanners
     description: Retrieve classification report for a sample.
     name: reversinglabs-a1000-get-classification
     outputs:

Packs/ReversingLabs_A1000/ReleaseNotes/2_4_4.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### ReversingLabs A1000 v2
+
+- Fixed minor bugs in the ***reversinglabs-a1000-get-classification*** and ***reversinglabs-a1000-sample-classification*** commands.

Packs/ReversingLabs_A1000/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "ReversingLabs A1000",
     "description": "Powerful threat detection and file analysis platform. Get detailed information on each file's status and threat capabilities.",
     "support": "partner",
-    "currentVersion": "2.4.3",
+    "currentVersion": "2.4.4",
     "author": "ReversingLabs",
     "url": "https://www.reversinglabs.com/products/malware-threat-hunting-and-investigations",
     "email": "[email protected]",