LogoLogo
Get Demo
  • đź’«NEXT-GENERATION PRODUCT
    • Introduction
    • Getting Started
      • 1. Invite System Users
      • 2. Add Target Users
        • Add Users via CSV
        • Add users via SCIM
          • SCIM Setup in Azure AD
          • SCIM Setup in Okta
          • SCIM Setup in Onelogin
          • SCIM Setup in Jumpcloud
        • Add users via LDAP
        • Add Users via API
      • 3. Email Deliverability
        • Microsoft 365
          • M365: Direct Email Creation
          • M365: Whitelisting
        • Google Workspace
          • Google: Direct Email Creation
          • Google: Whitelisting
        • Exchange 2013 and 2016
      • 4. Track Opened Emails
      • 5. Allow Phishing URLs
        • Whitelist for Office 365
        • Whitelist for Google Workspace
        • Whitelist for Exchange 2013/2016
        • Whitelist in Security Solutions
      • 6. Setup Phishing Reporter
        • Step 1. Download Phishing Reporter
        • Step 2. Deploy Phishing Reporter
          • How to Deploy Add-In in Microsoft 365
          • How to Deploy Add-In in Exchange Admin Center
          • How to Deploy Add-In in Google Workspace
          • How to Deploy Add-In in Outlook
            • Troubleshooting Phishing Reporter Add-In on Outlook Desktop
      • 7. Incident Responder Setup
        • Step 1. Integrate Threat Intel Partners
        • Step 2. Mail Configurations
          • Microsoft 365
          • Google Workspace (Gsuite)
          • Exchange (EWS)
    • Platform
      • Dashboard
        • Dashboard Widgets
        • Incident Responder Widgets
        • Threat Sharing Widgets
        • Phishing Simulator Widgets
      • Threat Intelligence
      • Email Threat Simulator
        • Start Scan
        • View Scan Report
        • Create Trusted Account on Exchange
        • Start Scan on O365 Email Account
        • Start Scan on Google Workspace Email Account
      • Threat Sharing
        • Communities
        • Incidents
      • Phishing Simulator
        • Manage Phishing Scenarios
          • Phishing Scenarios
          • Email Templates
          • Landing Pages
        • Phishing Campaign Manager
        • Phishing Campaign Reports
        • Settings
          • DNS Services and Domains
          • Exclude IP Address
      • Callback Simulator
        • Manage Callback Scenarios
          • Callback Scenarios
          • Callback Email Templates
          • Callback Templates
        • Callback Campaign Manager
        • Callback Campaign Reports
        • Settings
          • Callback Phone Numbers
      • Vishing Simulator
        • Vishing Templates
        • Vishing Campaign Manager
        • Vishing Campaign Reports
      • Smishing Simulator
        • Manage Smishing Scenarios
          • Smishing Scenarios
          • Text Message Templates
          • Landing Page Templates
        • Smishing Campaign Manager
        • Smishing Campaign Reports
        • Settings
          • Manage DNS and Domains
          • Exclude IP Addresses
      • Quishing Simulator
        • Manage Quishing Scenarios
          • Quishing Scenarios
          • Quishing Templates
          • Quishing Landing Page Templates
        • Quishing Campaign Manager
        • Quishing Campaign Reports
        • Settings
          • DNS and Domains
          • Excluding IP Address
      • Awareness Educator
        • Training Library
        • Enrollments
        • Certificates
        • Training Reports
        • Training Completion Queries
      • Incident Responder
        • Incident Responder Dashboard
        • Investigations
        • Integrations
        • Playbook
        • Mail Configurations
          • Microsoft 365
          • Exchange
          • Google Workspace
        • Cross Company Integration
      • Phishing Reporter
        • Phishing Reporter Customization
        • Phishing Reporter Deployment
          • How to Deploy the Add-in in Microsoft 365
          • Phishing Reporter Page View Failure Due to Deprecated Exchange Online Tokens
          • Microsoft Ribbon Phishing Reporter
          • How to Deploy the Add-in in Exchange Admin Center
          • How to Deploy the Add-in in Google Workspace
          • Phishing Reporter Announcement Email Template
        • Diagnostic Tool
        • Integrating Microsoft Phishing Reporting Button with Keepnet
        • Troubleshooting Phishing Reporter on Outlook Desktop
      • Reports
        • Advanced Reports
        • Executive Reports
        • Scheduled Reports
        • Gamification Report
      • Company
        • Target Users
        • Companies
          • Company Groups
        • Company Settings
          • Privacy
            • Account Privacy
            • Data Privacy
          • AI Ally Settings
          • SMTP Settings
          • Direct Email Creation
            • Direct Email Creation for Google Workspace
            • Direct Email Creation for Microsoft 365
          • Notification Templates
          • Google User Provisioning
          • REST API
          • White Labeling
          • Proxy Settings
          • SAML Settings
            • How to Configure SAML on ADFS
            • How to Configure SAML on Google Workspace
            • How to Configure SAML on Azure AD
            • How to Configure SAML on CyberArk
            • How to Configure SAML on Okta
          • SCIM Settings
            • Getting Started with SCIM
            • Azure AD SCIM Integration
            • Okta SCIM Integration
            • Onelogin SCIM Integration
            • Jumpcloud SCIM Integration
          • SIEM Integrations
            • Splunk Integration
            • Syslog Integration
          • LDAP
          • Allowed Domains
        • System Users
          • People
          • Roles
        • Audit Log
        • Job Log
      • Free Phishing Email Analysis Service
    • Miscellaneous
      • Whitelisting
        • How to Whitelist an IP Address in Office 365
        • How to Whitelist an IP Address in Exchange 2013 and 2016
        • How to Whitelist an IP Address in Google Workspace
        • How to Whitelist in Mimecast
        • Whitelisting in Other Security Solutions
        • Whitelisting the Pictures on Microsoft Outlook Apps
        • Keepnet Tools Whitelisting Guidelines
        • Understanding Email Delivery Errors
        • Tracking Email Opens in Phishing Simulations
      • User Profile
      • Multi-Factor Authentication (MFA) Settings
      • On-Premise Requirement Checker
      • Platform Requirements
        • Portal UI Requirements
        • Phishing Reporter Requirements
        • Diagnostic Tool Requirements
      • Maintenance Tool
      • Understanding the Preferred Language Setting
  • 📚RESOURCES
    • Platform Security
    • Volume & Performance
    • Customer Help Desk
    • Product Update/Maintenance
    • Research Methodology
    • Release Notes
      • 2025
      • 2024
      • 2023
      • 2022
      • 2021
      • 2020
  • ⚖️Legal Hub
    • For Customers
      • Customer Terms of Service
      • Product Specific Terms
      • Jurisdiction Specific Terms
      • Data Processing Agreement
      • Regional Data Hosting Policy
      • Product and Services Catalog
      • Acceptable Use Policy
      • Keepnet Security Program
      • Microsoft CoPilot Usage Policy
    • For Everyone
      • Website
        • Terms of Use
        • Privacy Policy
        • Cookie Policy
      • Free Phishing Email Analysis
        • Terms of Service
        • Privacy Policy
      • Transparency Report
Powered by GitBook

Copyright © Keepnet Labs LTD. All rights reserved.

On this page
  • Integrations
  • Creating New Integration
  • Advanced Settings
  • How to Add Integration
  • IBM X-Force
  • VirusTotal
  • Google Safe Browsing
  • Google Web Risk
  • Zen SpamHaus
  • FortiSandbox
  • Cyber X-Ray
  • OPSWAT
  • VMRay
  • AnyRun

Was this helpful?

Export as PDF
  1. NEXT-GENERATION PRODUCT
  2. Platform
  3. Incident Responder

Integrations

This section explains the functions of Incident Responder > Integrations. The Incident Responder product can be used to perform simple tasks like adding a new integration, modifying, deactivating, and deleting the existing integration.

To access every section of this document, go to the Incident Responder > Integrations menu.

Integrations

The components of the Integrations page are:

Integration Name

Name of the Integration.

Integration Type

Type of the Integration.

Description

Description of the integration.

Status

The status information of the integration. (Active, Inactive)

Date Created

The date of the integration creation.

Actions

You can edit the selected integration. You can change the status or delete the integration by clicking the "︙" button.

Creating New Integration

If you want to add an integration for the first time, click the New button (on the middle of the page), if there is an integration that has been added before, click the New button (in the upper right corner of the page).

You can create a new integration by following the steps in the table below.

Integration Name

Name of the Integration.

Description

Description of the integration.

Integration Type

Select an integration type.

API URL

The API URL address of the integration type. The VirusTotal, Google Safe Browsing, Zen Spamhaus, IBM X-Force, Opswat, Google Web Risk, VMRay, AnyRun, and Cyber X-Ray analysis engines have API URLs by default on the platform and changing the domain may cause disfunction.

Tags

Labeling function. Integrations defined in the system can be filtered more easily by labeling them.

Proxy

You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.

URLs

URL analysis capability is enabled by default, you can disable it if needed.

Sender IP

Sender IP analysis capability is active by default, you can disable it if needed.

Attachments

File analysis capability is active by default, you can disable it if needed.

Status

Integration is active by default, you can disable the integration if needed.

Advanced Settings

You can access this feature from the Advanced Settings page on the Incident Responder > Integration menu.

URLs

Exclude URL addresses in a reported email from the analysis.

IP Addresses

Exclude the IP address of a reported email server and the IP addresses included as URLs in the email from the analysis.

Attachments

Exclude file extensions in a reported email from the analysis.

How to Add Integration

IBM X-Force

IBM X-Force is a commercial threat analysis engine from IBM. It is available in a premium version. The IBM X-Force doesn't provide a free API key subscription. The IBM X-Force threat analysis engine analyzes whether a reported email is malicious or not using the following capabilities.

Sender IP

The sender email server IP address of a reported email is analyzed.

URLs

URL addresses in a reported email are analyzed.

Attachments

The hash information of the file in a reported email is analyzed.

NOTE: The file itself is not analyzed, its hash data is analyzed.

IBM X-Force API Key and Password Generating Steps

  1. To view the Profile Summary, click the user icon at the top right corner of the X-Force Exchange page.

  2. To visit the Settings page, click the Settings link in the lower left corner. From there, click the API Access link to view the API information page.

  3. To generate a brand-new API key and password, click the Generate button.

  4. Before refreshing the page after creating an API key and password, save your API key and password information.

How to Integrate IBM X-Force into the Platform?

You can integrate the API key and password (which you obtained by following the steps in the 'IBM X-Force API Key and Password Creation Steps' section) to the Incident Responder by the following steps below and benefit from its capabilities.

Click the New button on the relevant page, then fill in the fields:

Name

Name of the Integration.

Description

Description of the integration.

Integration Type

Select IBM X-force integration.

API URL

The URL address of the IBM X-force integration is defined automatically. Please do not change.

API Key

Define the API key.

API Password

Define the password for the API key.

Test Connection

Make sure the API key and password are working correctly with the Test Connection button.

Tags

Tags are used to filter the integrations defined in the system.

Proxy

You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.

URLs

URL analysis capability is enabled by default, you can disable it if needed.

Optionally, you can add it to the scanning process by selecting the "Hide URL Parameters" field.

NOTE: With the Hide URL Parameters feature, instead of analyzing the entire URL address, only the relevant domain is analyzed.

Sender IP

Sender IP analysis capability is enabled by default, you can disable it if needed.

Attachments

File Hash analysis capability is enabled by default, you can disable it if needed.

Status

Integration is active by default, you can disable the integration if needed.

VirusTotal

VirusTotal is a commercial threat analysis engine, also available in a free version. The VirusTotal analysis engine analyzes whether a reported email is malicious or not.

URLs

URL addresses in a reported email are analyzed.

Attachments

Only the hash data of the file in a reported email is analyzed.

NOTE: The file itself is not analyzed, the Hash of the file is analyzed.

Sender IP

The sender email server IP address of a reported email is analyzed.

VirusTotal API Key Creation Steps

Once verified, log into your VirusTotal account and view the API key from the API menu on your profile.

How to Integrate VirusTotal?

The API key obtained by applying the 'VirusTotal API Key Creation Steps' can be integrated into the Incident Responder platform by following the steps below and its capabilities can be utilized.

Click the New button on the relevant page, then fill in the fields:

Name

Name of Integration.

Description

Description of the integration.

Integration Type

Select the Virustotal integration.

API URL

The URL address of the Virustotal integration is defined automatically. Please do not change.

API Key

Define the API key.

Test Connection

Make sure the API key is working correctly with the Test Connection button.

Detection Threshold

How many analyzing tools in Virustotal need to flag it as malicious for you to consider a link, attachment, or sender IP to be harmful in your analysis results?

Tags

You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.

Proxy

You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.

URLs

URL analysis capability is enabled by default, you can disable it if needed. Optionally, you can add it to the scanning process by selecting the "Hide URL Parameters" field. NOTE: With the Hide URL Parameters feature, instead of analyzing the entire URL address, only the relevant domain is analyzed.

Cache

It recommends enabling to use of API key limits more effectively. If this option is enabled, the reported domain such as "test.com" results (undetected or phishing) will be saved, and when the same domain is requested to be analyzed again, the previous results (undetected or phishing) will be referenced until the X hours and Y times. After exceeding the X hours or Y times query for the related domain, the domain will be analyzed via Virustotal and the same process will be working again.

Attachments

File Hash analysis capability is enabled by default, you can disable it if needed.

Status

Integration is active by default, you can disable the integration if needed.

Google Safe Browsing

Google Safe Browsing is an analytics engine offered by Google for free. The Google Safe Browsing analysis engine analyzes whether a reported email is malicious.

URLs

URL addresses in a reported email are analyzed.

Google Safe Browsing API Key Creation Steps

  1. After opening the Dashboard from the left menu, click the Select a Project button above.

  2. Click on the New Project button in the upper right corner of the new window, give the project a name and create the project with the Create button.

  3. Open the left menu and click on the Library module.

  4. Type Safe Browsing in the Search field. Then click on Safe Browsing API.

  5. Click the Enable button in the new window.

  6. Click APIs & Services > Credentials in the left menu.

  7. Click the Create Credentials button at the top. Then click on API Key.

  8. You can save your API key created here and use it in the necessary field on our platform.

Please note that you must enable billing for the project which you created in step 3.

How to Integrate Google Safe Browsing?

The API key obtained by applying the 'Google Safe Browsing API Key Creation Steps' can be integrated on the Incident Responder platform by following the steps below and its capabilities can be utilized.

Click the New button on the relevant page, then fill in the fields:

Name

Name of the Integration.

Description

Description of the integration.

Integration Type

Select the Google Safe Browsing integration.

API URL

The URL address of Google Safe Browsing integration is defined automatically. Please do not change.

API Key

Define the API key.

Test Connection

Make sure the API key is working correctly with the Test Connection button.

Tags

You can filter the integrations defined in the system more easily by labeling them.

Proxy

You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.

URLs

URL analysis capability is enabled by default, you can disable it if needed. Optionally, you can add it to the scanning process by selecting the "Hide URL Parameters" field. NOTE: With the Hide URL Parameters feature, instead of analyzing the entire URL address, only the relevant domain is analyzed.

Status

Integration is active by default, you can disable the integration if needed.

Google Web Risk

Google Web Risk is an analytics engine offered by Google for free for up to 100.000 requests per month. The Google Web Risk analysis engine analyzes whether a reported email is malicious.

URLs

URL addresses in a reported email are analyzed.

Google Web Risk API Key Creation Steps

  1. After opening the Dashboard from the left menu, click the Select a Project button above.

  2. Click on the New Project button in the upper right corner of the new window, give the project a name and create the project with the Create button.

  3. Open the left menu and click on the Library module.

  4. Type Web Risk API in the Search field. Then click on Web Risk API.

  5. Click the Enable button in the new window.

  6. Click APIs & Services > Credentials in the left menu.

  7. Click the Create Credentials button at the top. Then click on API Key.

  8. As the last step, you can save your API key created here and use it in the necessary field on our platform.

How to Integrate Google Web Risk?

The API key obtained by applying the 'Google Web Risk API Key Creation Steps' can be integrated on the Incident Responder platform by following the steps below and its capabilities can be utilized.

Click the New button on the relevant page, then fill in the fields:

Name

Name of the Integration.

Description

Description of the integration.

Integration Type

Select the Google Web Risk integration.

API URL

The URL address of Google Web Risk integration is defined automatically. Please do not change.

API Key

Define the API key.

Test Connection

Make sure the API key is working correctly with the Test Connection button.

Tags

You can filter the integrations defined in the system more easily by labeling them.

Proxy

You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.

URLs

URL analysis capability is enabled by default, you can disable it if needed.

Optionally, you can add it to the scanning process by selecting the "Hide URL Parameters" field.

NOTE: With the Hide URL Parameters feature, instead of analyzing the entire URL address, only the relevant domain is analyzed.

Status

Integration is active by default, you can disable the integration if needed.

Zen SpamHaus

Zen Spamhaus is a spam analysis engine made available for free by Spamhaus. SpamHaus spam analysis engine has the following capabilities and features to analyze whether a reported email is malicious or not.

SpamHaus integration does not use API keys, analysis is done over DNS.

Sender IP

The sender's email server IP address of a reported email is analyzed. If the sender's IP address has previously performed malicious or suspicious activity (e.g. Phishing or Blacklisted), you can see it on this interface.

How to Integrate Zen SpamHaus?

By following the steps below on the Incident Responder module, it can be integrated into the system and its capabilities can be utilized.

Click the New button on the relevant page, then fill in the fields below:

Name

Name of the Integration.

Description

Description of the integration.

Integration Type

Choose Zen SpamHaus integration.

API URL

The URL address of the Zen SpamHaus integration is defined automatically.

Test Connection

Make sure that the integration works correctly with the Test Connection button.

Tags

You can filter the integrations defined in the system more easily by labeling them.

Proxy

You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.

Sender IP

Sender IP analysis capability is enabled by default, you can disable it if needed.

Status

Integration is active by default, you can disable the integration if needed.

FortiSandbox

The FortiSandbox is a paid analysis engine offered by Fortinet has the following capabilities, and it automatically scans whether a reported email is malicious or not.

URLs

URL addresses in a reported email are analyzed.

Attachments

The files in a reported email are analyzed.

FortiSandbox API Key Creation Steps

  1. Use the FortiSandbox administration page to log in.

  2. Go to the Administrators page in the left menu under the System.

  3. By selecting the Create option from the menu, you can create a user.

  4. For the relevant person, you can provide either a Super Admin or Custom Role.

  5. Please go to the Admin Profiles under the System heading if you wish to define a Custom Role.

  6. Save the relevant user's username and password.

How to Integrate FortiSandbox?

By following the steps below on the Incident Responder module, you can integrate it to our platform and utilize its capabilities.

Click the New button on the relevant page, then fill in the fields below on the new page.

Name

Name of Integration.

Description

Description of the integration.

Integration Type

Select FortiSandbox integration.

API URL

The URL address of FortiSandbox integration is defined automatically. Please do not change.

API Key

Define the API key.

Test Connection

Make sure the API key is working correctly with the Test button.

Tags

You can filter the integrations defined in the system more easily by labeling them.

Proxy

You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.

URLs

URL analysis capability is enabled by default, you can disable it if needed.

Optionally, you can add it to the scanning process by selecting the"Hide URL Parameters" field.

NOTE: With the Hide URL Parameters feature, instead of analyzing the entire URL address, only the relevant domain is analyzed.

Attachments

File Hash analysis capability is enabled by default, you can disable it if needed.

Optionally, you can add to the scanning process by selecting the “Upload PE files” and “Upload other file types” fields.

Status

Integration is active by default, you can disable the integration if needed.

Cyber X-Ray

Cyber X-Ray is a commercial AI-powered threat analysis engine, also available in a free version created by Roksit. Cyber X-Ray artificial intelligence threat analysis engine has the following capabilities and it automatically scans whether a reported email is malicious or not thanks to the following features.

URLs

URL addresses in a reported email are analyzed.

Cyber X-Ray API Key Creation Steps

  1. Verify your account with the activation email sent to your email and log in to your account.

  2. Click on Settings > API Key on the left menu.

  3. Click the Create New API Key button in the upper right corner of the page that opens. Fill in the relevant fields in the API Key Information in the new window.

  4. Click the Save button. Thus, a new API Key will be created, and save the new API key before closing this page.

How to Integrate Cyber X-Ray?

By following the steps below on the Incident Responder platform, it can be integrated and its capabilities can be used.

Click the New button on the relevant page, then fill in the following fields on the page that opens.

Name

Name of the Integration.

Description

Description of the integration.

Integration Type

Choose Cyber X-Ray integration.

API URL

The URL address of Cyber X-Ray integration is defined automatically. Please do not change.

API Key

Define the API key.

Test Connection

Make sure the API key is working correctly with the Test Connection button.

Tags

You can filter the integrations defined in the system more easily by labeling them.

Proxy

You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.

URLs

URL analysis capability is active by default, you can disable it if needed.

You can optionally add it to the scanning process by selecting the "Hide URL Parameters" field.

NOTE: With the Hide URL Parameters feature, only the domain name is analyzed instead of analyzing the entire URL address.

Status

Integration is active by default, you can disable the integration if needed.

OPSWAT

OPSWAT is an analysis engine available to companies for a fee. OPSWAT analysis engine has the following capabilities and automatically scans to identify whether a reported email is malicious or not. If you have the OPSWAT product, you can integrate the Incident Responder platform.

URLs

URL addresses in a reported email are analyzed.

Sender IP

The sender email server IP address of a reported email is analyzed.

Attachments

Analysis of the files in a reported email is performed.

How to create OPSWAT API?

Please follow the steps below to create an API to use OPSWAT integration on the platform.

  • Go to the Home > Licensed Products > Cloud-based Products tab, and you can find the API Key on the same page.

How to Integrate OPSWAT?

By following the steps below on the Incident Responder platform, you can integrate OPSWAT and its capabilities.

Click the New button on the relevant page, then fill in the fields below:

Name

Name of the integration.

Description

Description of the integration.

Integration Type

Select OPSWAT integration.

API URL

The URL address of OPSWAT integration is defined automatically. If you are not using a cloud-based solution, you can enter the URL information of the product.

API Key

Enter the API key.

Test Connection

Make sure the API key is working correctly with the Test Connection button.

Tags

You can filter the integrations defined in the system more easily by labeling them.

Proxy

You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.

URLs

URL analysis capability is enabled by default, you can disable it if needed. Optionally, you can add it to the scanning process by selecting the "Hide URL Parameters" field. NOTE: With the Hide URL Parameters feature, only the domain name is analyzed instead of analyzing the entire URL address.

Sender IP

Sender IP analysis capability is active by default, you can disable it if needed.

Attachments

URL analysis capability is not enabled by default, you can enable it if needed. You can add to the scanning process by selecting the “Upload PE files” and “Upload other file types” fields.

Status

Integration is active by default, you can disable the integration if needed.

VMRay

VMRay is an analysis engine available to companies for a fee. VMRay analysis engine has the following capabilities and automatically scans to identify whether a reported email is malicious or not. If you have the VMRay product, you can integrate the Incident Responder platform.

URLs

URL addresses in a reported email are analyzed.

Attachments

Dynamic and static analysis of the files in a reported email is performed.

How to Integrate VMRay?

By following the steps below on the Incident Responder platform, you can integrate VMRay and its capabilities to utilize.

Click the New button on the relevant page, then fill in the fields below:

Name

Name of the integration.

Description

Description of the integration.

Integration Type

Select VMRay integration.

API URL

The URL address of VMRay integration is defined automatically. If you are not using a cloud-based solution, you can enter the URL information of the product.

API Key

Define the API key.

Test Connection

Make sure the API key is working correctly with the Test Connection button.

Tags

You can filter the integrations defined in the system more easily by labeling them.

Proxy

You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.

URLs

URL analysis capability is enabled by default, you can disable it if needed. Optionally, you can add it to the scanning process by selecting the "Hide URL Parameters" field. NOTE: With the Hide URL Parameters feature, only the domain name is analyzed instead of analyzing the entire URL address.

Cache

It recommends enabling to use of API key limits more effectively. If this option is enabled, the reported domain such as "test.com" results (undetected or phishing) will be saved, and when the same domain is requested to be analyzed again, the previous results (undetected or phishing) will be referenced until the X hours and Y times. After exceeding the X hours or Y times query for the related domain, the domain will be analyzed via Vmray and the same process will be working again.

Attachments

URL analysis capability is enabled by default, you can disable it if needed.

Optionally, you can add to the scanning process by selecting the “Upload PE files” and “Upload other file types” fields.

Status

Integration is active by default, you can disable the integration if needed.

AnyRun

AnyRun is a tool for the detection, monitoring, and research of cyber threats in real-time. The service is available in free demo trial and licensed versions. The AnyRun threat analysis engine analyzes whether a reported email is malicious or not using the following capabilities.

URLs

URL addresses in a reported email are analyzed.

Attachments

The original file itself in a reported email is analyzed. Please note if you enable the Attachment scan option, the original file in the reported email will be uploaded and analyzed in AnyRun cloud services.

AnyRun API Key Generating Steps

  1. Go to the AnyRun website and sign up for a free trial or purchase a license.

  2. Go to your profile.

  3. Click on the API and Limits menu.

  4. Copy your API key.

How to Integrate AnyRun into the Platform?

After you copy your API key, go to the Incident Responder by the following steps below and benefit from AnyRun capabilities.

Click the New button on the relevant page, then fill in the fields:

Name

Name of the Integration.

Description

Description of the integration.

Integration Type

Select AnyRun integration.

API URL

The URL address of the AnyRun integration is defined automatically. Please do not change.

API Key

Define the API key.

Test Connection

Make sure the API key is working correctly with the Test Connection button.

Tags

Tags are used to filter the integrations defined in the system.

Proxy

You can choose the proxy server that the platform will use for the connections to the integration. If not, leave Default.

URLs

URL analysis capability is enabled by default; you can disable it if needed.

Optionally, you can add it to the scanning process by selecting the "Hide

URL Parameters" field.

NOTE: With the Hide URL Parameters feature, instead of analyzing the entire URL address, only the relevant domain is analyzed.

Attachments

The attachment analysis capability is disabled by default, you can enable it if needed.

Status

Integration is active by default, you can disable the integration if needed.

PreviousInvestigationsNextPlaybook

Last updated 1 month ago

Was this helpful?

If there are emails that you do not want to be analyzed in the , you can exclude them from analysis by adding their IP addresses, URL addresses, and File Extensions to this menu. Using this feature, you can ensure that secure IP addresses, domains, and file extensions are not analyzed. Thus, API limits used in integrations are utilized more efficiently.

First, go to the . Sign up on the appropriate page, then confirm your account by clicking the verification link in the email that was delivered to your inbox.

You must have a VirusTotal ID to use the VirusTotal API. After registering via the link , you must verify your account via the verification link you received.

Sign in to the

Sign in to the

Complete the registration process through the Roksik platform .

Create an account on and then log in.

đź’«
Incident Responder
IBM X-Force API Key generation process
here
Google Developers Console.
Google Developers Console.
here
https://my.opswat.com/register