chronicle · TalShafir1 · Mar 25, 2026 · Mar 10, 2026 · Mar 18, 2026 · Mar 22, 2026
@@ -0,0 +1 @@
+3.11
@@ -0,0 +1,14 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
@@ -0,0 +1,65 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import annotations
+from soar_sdk.SiemplifyUtils import output_handler
+from soar_sdk.SiemplifyDataModel import EntityTypes
+
+# Imports
+from soar_sdk.SiemplifyAction import SiemplifyAction
+from ..core.A1000MalwareAnalysis import A1000MalwareAnalysisClient
+
+# Consts
+FILEHASH = EntityTypes.FILEHASH
+
+
+@output_handler
+def main():
-def main():
+def main() -> None:
+    """Delete samples (file hashes) from the ReversingLabs A1000 appliance."""
-def main():
+def main() -> None:
+    """Delete samples (file hashes) from the ReversingLabs A1000 appliance."""
+    siemplify = SiemplifyAction()
+
+    # Configuration.
+    conf = siemplify.get_configuration("ReversinglabsA1000")
+    server_address = conf["Api Root"]
+    username = conf["Username"]
+    password = conf["Password"]
+
+    a1000_manager = A1000MalwareAnalysisClient(
+        server_address,
+        username,
+        password
+    )
+
+    hashes = []
+
+    for entity in siemplify.target_entities:
+        if entity.entity_type == FILEHASH:
+            result = a1000_manager.delete_sample(entity.identifier.lower())
+            if result["code"] == 200:
+                hashes.append(entity.identifier)
+
+    if hashes:
+        output_message = (
+            "Following hashes deleted successfully from the A1000 appliance.\n\n"
+        )
+        output_message += ", ".join(hashes)
+        result_value = True
+    else:
+        output_message = "No entities were deleted from the A1000 appliance."
+        result_value = False
+
+    siemplify.end(output_message, result_value)
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,23 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Delete Sample
+description: Delete a set of samples that exist on the A1000 appliance. All related
+    data, including extracted samples and metadata, will be deleted
+documentation_link: https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/reversinglabs-a1000#delete_sample
+integration_identifier: ReversinglabsA1000
+parameters: []
+dynamic_results_metadata: []
+creator: admin
+simulation_data_json: '{"Entities": ["FILEHASH"]}'
@@ -0,0 +1,80 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import annotations
+from soar_sdk.SiemplifyUtils import output_handler
+from soar_sdk.SiemplifyDataModel import EntityTypes
+
+# Imports
+from soar_sdk.SiemplifyAction import SiemplifyAction
+from soar_sdk.SiemplifyUtils import (
+    dict_to_flat,
+    flat_dict_to_csv,
+    convert_dict_to_json_result_dict,
+)
+from ..core.A1000MalwareAnalysis import A1000MalwareAnalysisClient
+
+# Consts
+FILEHASH = EntityTypes.FILEHASH
+
+
+@output_handler
+def main():
-def main():
+def main() -> None:
+    """Get a summary classification report for a sample or a list of samples."""
-def main():
+def main() -> None:
+    """Get a summary classification report for a sample or a list of samples."""
+    siemplify = SiemplifyAction()
+
+    # Configuration.
+    conf = siemplify.get_configuration("ReversinglabsA1000")
+    server_address = conf["Api Root"]
+    username = conf["Username"]
+    password = conf["Password"]
+
+    a1000_manager = A1000MalwareAnalysisClient(
+        server_address,
+        username,
+        password
+    )
+
+    hash_values = []
+
+    for entity in siemplify.target_entities:
+        if entity.entity_type == FILEHASH:
+            hash_values.append(entity.identifier.lower())
+
+    report = a1000_manager.get_report(hash_values)
+    hash_report_dict = {}
+
+    if report:
+        # Add csv table
+        for hash_report in report:
+            hash_report_dict.update({hash_report["md5"]: hash_report})
+            flat_report = dict_to_flat(hash_report)
+            csv_output = flat_dict_to_csv(flat_report)
+            siemplify.result.add_data_table(
+                f'Hash Report {hash_report["md5"]}:', csv_output
+            )
+        output_message = "Scan has been completed, Report is attached."
+        result_value = True
+    else:
+        output_message = "Unable to attach a report."
+        result_value = False
+
+    # add json
+    siemplify.result.add_result_json(
+        convert_dict_to_json_result_dict(hash_report_dict)
+    )
+    siemplify.end(output_message, result_value)
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,26 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Get Report
+description: Get a summary classification report and all details for a sample or a
+    list of samples using hash value(s)
+documentation_link: https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/reversinglabs-a1000#get_report
+integration_identifier: ReversinglabsA1000
+parameters: []
+dynamic_results_metadata:
+-   result_example_path: resources/get_report_JsonResult_example.json
+    result_name: JsonResult
+    show_result: true
+creator: admin
+simulation_data_json: '{"Entities": ["FILEHASH"]}'
@@ -0,0 +1,79 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import annotations
+from soar_sdk.SiemplifyUtils import output_handler
+from soar_sdk.SiemplifyDataModel import EntityTypes
+
+# Imports
+from soar_sdk.SiemplifyAction import SiemplifyAction
+from soar_sdk.SiemplifyUtils import (
+    dict_to_flat,
+    flat_dict_to_csv,
+    convert_dict_to_json_result_dict,
+)
+from ..core.A1000MalwareAnalysis import A1000MalwareAnalysisClient
+
+# Consts
+FILEHASH = EntityTypes.FILEHASH
+
+
+@output_handler
+def main():
-def main():
+def main() -> None:
+    """Get the processing status for a list of hash values."""
-def main():
+def main() -> None:
+    """Get the processing status for a list of hash values."""
+    siemplify = SiemplifyAction()
+
+    # Configuration.
+    conf = siemplify.get_configuration("ReversinglabsA1000")
+    server_address = conf["Api Root"]
+    username = conf["Username"]
+    password = conf["Password"]
+
+    a1000_manager = A1000MalwareAnalysisClient(
+        server_address,
+        username,
+        password
+    )
+
+    hash_values = []
+    hash_status_dict = {}
+
+    for entity in siemplify.target_entities:
+        if entity.entity_type == FILEHASH:
+            hash_values.append(entity.identifier.lower())
+
+    hash_status = a1000_manager.processing_status(hash_values)
+
+    if hash_status:
+        for hash_data in hash_status:
+            hash_status_dict.update({hash_data["hash_value"]: hash_data["status"]})
+
+        # Add csv table
+        flat_report = dict_to_flat(hash_status_dict)
+        csv_output = flat_dict_to_csv(flat_report)
+        siemplify.result.add_data_table("Scan Status:", csv_output)
+        output_message = "Scan completed successfully."
+        result_value = True
+    else:
+        output_message = "Unable to get scan status."
+        result_value = False
+
+    # add json
+    siemplify.result.add_result_json(
+        convert_dict_to_json_result_dict(hash_status_dict)
+    )
+    siemplify.end(output_message, result_value)
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,26 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Get Scan Status
+description: ' Return the processing status in the A1000 system for the list of hash
+    values'
+documentation_link: https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/reversinglabs-a1000#get_scan_status
+integration_identifier: ReversinglabsA1000
+parameters: []
+dynamic_results_metadata:
+-   result_example_path: resources/get_scan_status_JsonResult_example.json
+    result_name: JsonResult
+    show_result: true
+creator: admin
+simulation_data_json: '{"Entities": ["FILEHASH"]}'
@@ -0,0 +1,45 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import annotations
+from soar_sdk.SiemplifyUtils import output_handler
+
+# Imports
+from soar_sdk.SiemplifyAction import SiemplifyAction
+from ..core.A1000MalwareAnalysis import A1000MalwareAnalysisClient
+
+
+@output_handler
+def main():
-def main():
+def main() -> None:
+    """Test connectivity to the ReversingLabs A1000 appliance."""
-def main():
+def main() -> None:
+    """Test connectivity to the ReversingLabs A1000 appliance."""
+    siemplify = SiemplifyAction()
+
+    # Configuration.
+    conf = siemplify.get_configuration("ReversinglabsA1000")
+    server_address = conf["Api Root"]
+    username = conf["Username"]
+    password = conf["Password"]
+
+    a1000_manager = A1000MalwareAnalysisClient(
+        server_address,
+        username,
+        password
+    )
+
+    connectivity = a1000_manager.test_connectivity()
+    output_message = "Connected Successfully"
+    siemplify.end(output_message, connectivity)
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,21 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Ping
+description: Test Connectivity
+documentation_link: https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/reversinglabs-a1000#ping
+integration_identifier: ReversinglabsA1000
+parameters: []
+dynamic_results_metadata: []
+creator: admin