BitDam
This Integration is part of the BitDam Pack.#
Overview
BitDam cyber security blocks advanced content-borne attacks across all enterprise communication channels, empowering organisations to collaborate safely. Founded by elite intelligence professionals, BitDam proactively stops malware from running, pre-delivery, preventing hardware and logical exploits, ransomware, phishing, N-Day and Zero-Day attacks contained in any type of attachment or URL. BitDam ensures the highest attack detection rates and delivers the fastest protection from today’s email borne attacks making enterprise communications safe to click.
For more information, see the BitDam documentation .
Use cases
Scan any supported time in a short time. The BitDam scan file playbook enables you to scan a file and return the result as soon as the file scan completes. This provides a decisive verdict, stating whether the file is benign or malicious.
Configure BitDam on Cortex XSOAR
- Navigate to Settings > Integrations > Servers & Services .
- Search for BitDam.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance.
- BitDam API URL
- API Token
- Trust any certificate
- Use proxy settings
- Click Test to validate the URLs, token, and connection.
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
After you successfully execute a command, a DBot message appears in the War Room with the command details.
1. Upload a file
Uploads and submits a file sample to the BitDam service.
Supported types
- doc, dot, docx, docm, dotx, dotm
- rtf
- xls, xlt, xlsx, xlsm, xltx, xltm, xlsb, xlam
- csv
- ppt, pptx, pptm, potx, potm, ppam, ppsx, ppsm, pps
Base Command
bitdam-upload-fileInput
| Argument Name | Description | Required |
|---|---|---|
| entryId | File's entry ID from the War Room | Required |
Context Output
| Path | Type | Description |
|---|---|---|
| BitDam.FileScan.SHA1 | string | SHA-1 |
Command Example
!bitdam-upload-file entryId=499@16
Context Example
root:{} 3 items
BitDam:{} 1 item
FileScan:{} 1 item
SHA1:68f009dc92a405d1015026e8e30e6d1598047124
Human Readable Output
2. Get the verdict of a file
Returns the verdict of a scanned file.
Base Command
bitdam-get-verdictInput
| Argument Name | Description | Required |
|---|---|---|
| idValue | The value of the file's unique identifier. Example: the file SHA-1. | Required |
| idType | Identifier type. Default is SHA-1. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| BitDam.Analysis.Status | string | Status of the analysis ("DONE" or "IN_PROGRESS") |
| BitDam.Analysis.Verdict | string | Final verdict of the analysis ("Clean", "Malicious", or empty if the analysis is not finished. |
| BitDam.Analysis.ID | string | Unique identifier |
| DBotScore.Indicator | string | The Indicator |
| DBotScore.Score | number | The DBot score |
| DBotScore.Type | string | The indicator type |
| DBotScore.Vendor | string | The DBot score vendor |
| File.Malicious.Name | string | File name |
| File.Malicious.Vendor | string | For malicious files, the vendor that made the decision |
| File.Malicious.Description | string | For malicious files, the reason that the vendor made the decision |
Command Example
!bitdam-get-verdict idValue=68f009dc92a405d1015026e8e30e6d1598047124
Context Example
root:{} 4 items
BitDam:{} 2 items
Analysis:{} 3 items
ID:68f009dc92a405d1015026e8e30e6d1598047124
Status:DONE
Verdict:CLEAN
FileScan:{} 1 item
SHA1:68f009dc92a405d1015026e8e30e6d1598047124
DBotScore:{} 4 items
Indicator:68f009dc92a405d1015026e8e30e6d1598047124
Score:1
Type:File
Vendor:BitDam
Human Readable Output
