I am trying to use the Hybrid Analysis plugin in an AV workflow but cannot get it to pass a connectivity test. The plugin docs say it uses v1 of the API but the Hybrid Analysis API docs state that V1 has been removed. I have verified the credentials by executing a hash lookup via postman. I have tried fiddling with the URL in InsightConnect but cannot find a combination that works.
If nobody else has gotten it to work, do you suggest any free alternatives for looking up hashes?
It looks like the Hybrid Analysis plugin may need an update to work with v2 of the API.
In the meantime a good alternative would be ThreatCrowd. ThreatCrowd can run in your AV workflow as well as being available in Quick Actions
Thanks for the suggestion Patrick. I tried it but it doesn’t seem to work as our AV system only provides the sha256 hash which Alienvault does not support. I also tried the generic http connector for Hybrid Analysis but that requires a json body which Hybrid Analysis doesn’t support! Any way to notify Rapid7 to update the plugin? It is odd that the plugin was updated a few months after the v1 API was supposedly removed.
Yes, you can open a support ticket and the development team can be notified.
Thanks Matt. I have opened a ticket. We are a new customer and not sure what the process was. The plugin docs say to use the community for support.
I got a response back from support. They said they are aware of the issue and working on a fix. No eta.
Hi @bsnowden! The fix for this is now in testing phase and should be rolled out soon!
@bsnowden a new version of the Hybrid Analysis plugin has been rolled out today which uses the v2 api. Could you update the plugin and give it a try?
@patrick_mcgleenon1 I updated the plugin and created a new connection. No red dot at least! I will try to integrate it into the workflow now.
@bsnowden that’s great, keep us posted with how you get on!
Hey @patrick_mcgleenon1 I am happy to report that I am getting results from the workflow task now. Thanks for following up.