service_manifest.yml

name: Intezer
version: $SERVICE_TAG
description: Fetch the Intezer results of the submitted file's sha256
# These are the file type categories that we have found Intezer Analyze hits on.
accepts: android/.*|executable/windows/.*|executable/linux/.*|document/installer/windows
rejects: empty|metadata/.*

stage: CORE
category: External

file_required: true
timeout: 60
disable_cache: false

enabled: false
is_external: false
licence_count: 0
privileged: true

config:
  # Don't forget the /api/ at the end of the URL!
  base_url: https://analyze.intezer.com/api/
  api_version: v2-0
  api_key: sample_api_key
  private_only: false
  is_on_premise: false
  retry_forever: true
  allow_dynamic_submit: true
  polling_period_in_seconds: 5
  analysis_timeout_in_seconds: 60
  try_to_download_every_file: false
  download_subfiles: true
  min_malware_genes: 5
  score_administration_tools: true
  use_black_box_verdicts: true

submission_params:
  - default: true
    name: dynamic_submit
    type: bool
    value: true

  - default: ""
    name: analysis_id
    type: str
    value: ""

heuristics:
  - heur_id: 1
    name: File is malicious
    score: 1000
    filetype: .*
    description: Intezer considers this file malicious
  - heur_id: 2
    name: File is suspicious
    score: 500
    filetype: .*
    description: Intezer considers this file suspicious
  - heur_id: 3
    name: Family Type of Interest
    score: 100
    filetype: .*
    description: Intezer identified a file (or sub-file) that is associated with a family type of interest
  - heur_id: 4
    name: Generic signature raised
    score: 0
    filetype: .*
    description: Intezer raised a signature
  - heur_id: 5
    name: Command And Control
    score: 0
    filetype: .*
    description: Intezer raised a signature
  - heur_id: 6
    name: Credential Access
    score: 0
    filetype: .*
    description: Intezer raised a signature
  - heur_id: 7
    name: Defense Evasion
    score: 0
    filetype: .*
    description: Intezer raised a signature
  - heur_id: 8
    name: Discovery
    score: 0
    filetype: .*
    description: Intezer raised a signature
  - heur_id: 9
    name: Execution
    score: 0
    filetype: .*
    description: Intezer raised a signature
  - heur_id: 10
    name: Persistence
    score: 0
    filetype: .*
    description: Intezer raised a signature
  - heur_id: 11
    name: Collection
    score: 0
    filetype: .*
    description: Intezer raised a signature
  - heur_id: 12
    name: Reused Malware Genes
    score: 0
    filetype: .*
    description: Intezer has detected reused malware genes
  - heur_id: 13
    name: Intezer found a subverdict malicious
    score: 1000
    filetype: .*
    description: Intezer has found this submission as malicious
  - heur_id: 14
    name: Intezer found a subverdict known malicious
    score: 1000
    filetype: .*
    description: Intezer has found this submission as known malicious
  - heur_id: 15
    name: Intezer found a subverdict suspicious
    score: 500
    filetype: .*
    description: Intezer has found this submission as suspicious
  - heur_id: 16
    name: Intezer found a subverdict unique
    score: 50
    filetype: .*
    description: Intezer has found this submission as unique
  - heur_id: 17
    name: Intezer found a subverdict trusted
    score: 0
    filetype: .*
    description: Intezer has found this submission as trusted
  - heur_id: 18
    name: Intezer found a subverdict administration_tool
    score: 100
    filetype: .*
    description: Intezer has found this submission as administration_tool
  - heur_id: 19
    name: Intezer found a subverdict known_administration_tool
    score: 100
    filetype: .*
    description: Intezer has found this submission as known_administration_tool
  - heur_id: 20
    name: Intezer returned a result
    score: 0
    filetype: .*
    description: Results from Intezer analysis
docker_config:
  allow_internet_access: true
  image: ${REGISTRY}cccs/assemblyline-service-intezer:$SERVICE_TAG
  cpu_cores: 0.5
  ram_mb: 512