RL Blog

Topics

All Blog PostsAppSec & Supply Chain SecurityDev & DevSecOpsProducts & TechnologySecurity OperationsThreat Research
Why RL Built Spectra Assure Community

Why RL Built Spectra Assure Community

We set out to help dev and AppSec teams secure the village: OSS dependencies, malware, more. Learn how.

Read More about Why RL Built Spectra Assure Community
Why RL Built Spectra Assure Community

Follow us

XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBluesky

Subscribe

Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

The inaugural Gartner® Magic Quadrant™ for Software Supply Chain Security is outGET THE REPORT
Skip to main content
Contact UsSupportBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsBlack Hat 2026
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Request a demo
Menu
Products & TechnologyNovember 6, 2023

TitaniumCloud app for Splunk SOAR updated

Version 1.2.0 of ReversingLabs' TitaniumCloud v2 app for Splunk SOAR adds new actions for network reputation lookups.

FacebookFacebookXX / TwitterLinkedInLinkedInblueskyBlueskyEmail Us
titaniumcloud new version announcement

ReversingLabs has recently released version 1.2.0 of its TitaniumCloud app for Splunk SOAR. This release introduces our new network reputation action to help SOC teams identify malicious network indicators, increasing the count to a total of 33 available actions to improve your SOC team's efficiency. Here are the network reputation actions, and some example use cases.

reversinglabs titaniumcloud dashboard

What’s new TitaniumCloud for Splunk SOAR 1.2.0

This update mostly focuses on introducing our new network reputation APIs. Here are the new available actions:

• Get network reputation: the Network Reputation API provides a classification of network-related indicators, including URLs, Domain names, and IP addresses.

• Network reputation user override: this action enables TitaniumCloud users to override and set a classification value for a network indicator

• Get list user overrides: this action returns a list of all overrides made by a given user

• Get list user overrides aggregated: this action returns an aggregate of all overrides made by a given user

Continue reading to learn more about the network reputation capabilities of TitaniumCloud and how to effectively utilize the provided actions to automate the process of detecting and responding to network threats.

Network indicator reputation: Key for identifying malware

Network reputation lookups are a new feature that we are excited to offer our TitaniumCloud customers. Where other solutions only provide a one-dimensional result, TitaniumCloud combines traditional reputation information with our massive repository of billions of files and powerful file analysis capabilities to help SOC teams identify malware.

In Splunk SOAR, using the new “get network reputation” action will provide SOC analysts with reputation information for IP addresses, domain names, and URLs. The screenshot below shows the formatted output of an IP address lookup:

malicious detection

It is easy for analysts to gain insight into the reputation of an IP address, domain, or URL by referring to the bar graph that displays classification values from third-party analysis engines. Additionally, if TitaniumCloud has detected any malware samples related to the indicator, a simple True or False value is provided for quick identification.

Playbook use case: Artifact enrichment

This is a simple enrichment use case that will use the network reputation API to enrich all network indicators in a container. If any of the indicators are classified as malicious, the playbook will automatically update the severity of the container to High. Here’s what the playbook looks like when it’s finished:

malicious indicator in playbook

The steps are pretty simple. First, create a filter that checks if the relevant artifact fields exist in the container:

creating filter on titaniumcloud

By setting the condition to equal to true if the value of each artifact field isn’t empty, you can save on API calls in the event that the associated field isn’t present in an artifact. The next step is to call the network reputation action for each condition, using the associated artifact field as the network location input.

setting url indicators on titaniumcloud

Next, add a decision step that checks if the classification value is equal to malicious for any of the reputation lookups. This can be accomplished by providing the classification value from each of the previous “get network reputation” actions as input to the conditional:

<action_name>:action_result.data.0.rl.entries.0.classification

From here, add another action that will set the severity to “High” if any of the indicators are malicious, and do nothing if none of them are malicious.

setting indicators as high

Using an enrichment playbook like this is a great way to help improve your SOC team's efficiency by focusing on the validated threats.

Playbook use case: IOC harvesting

By utilizing the "get downloaded files" action within the enrichment playbook, it is possible to expand its capabilities even further. This action checks in with TitaniumCloud to determine if any files associated with a URL have been previously analyzed for malware. This feature is particularly useful for identifying additional indicators of compromise and for blocking potential threats.

network enrichment test

Simply adding the “network_locations” value from the previous network reputation action as input to the “get downloaded files” will return all files associated with the URL:

getting downloaded files

In this example, the supplied URL is hosting a single malicious PDF document. TitaniumCloud has already analyzed the file and determined it to also be malicious:

<action_name>:action_result.parameter.network_locations

The playbook in the previous use case can be further modified to take advantage of Splunk SOARs orchestration capabilities by integrating with your SIEM or EDR tool to check for instances of this document in the environment. The screenshot below shows an example of using Microsoft Defender for Endpoint’s Advanced Hunting query action to look for the associated SHA1 file hash:

sha1 hash titaniumcloud url downloads

The rest of this example playbook continues along the same path as the previous example by setting the severity to High if any indicators are malicious, but you can use your imagination to add additional steps that are relevant to your environment and workflows. Consider taking actions to block the discovered indicators, send the indicators to your TIP, or even quarantine endpoints if samples are found.

Conclusion

We hope that SOC teams will find these new network reputation features useful in detecting threats in their environment. If you are an existing TitaniumCloud and Splunk SOAR customer and would like to use the example playbooks demonstrated in this post, see the playbooks in our Github repository.

Interested in learning more? See the demo for how you can get access to TitaniumCloud for increased SOC efficiency.

Special shoutout to our senior integration engineer Dinko Jakovljevic for making this release happen!

Keep learning

  • Learn how Gartner® named RL a supply chain security 'visionary.' Download: Gartner® Magic Quadrant™ for Software Supply Chain Security.
  • Get key insights into why Gartner® identified binary analysis a must-have control in its recent CISO Playbook for Commercial Software Supply Chain Security.
  • Get up to speed on the Agentic Development Security tools landscape in this webinar with Forrester Sr. Analyst Janet Worthington.
  • Take a deep dive on the state of software security with RL's Software Supply Chain Security Report 2026. Plus: See the the webinar discussing the findings.

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

Plus: Join the free Spectra Assure Community today to get hands-on with RL's binary analysis-based software supply chain security platform.

Tags:Products & Technology

More Blog Posts

Spectra Analyze in Action: Hunting Device Code Phishing Pages

Spectra Analyze in Action: Hunting Device Code Phishing Pages

RL recently discovered active Microsoft 365 device code phishing. Here's a walkthrough of how our researchers found the campaign.

Learn More about Spectra Analyze in Action: Hunting Device Code Phishing Pages
Spectra Analyze in Action: Hunting Device Code Phishing Pages
MQ for SSCS blog

This Report from Gartner Defines the Software Supply Chain Security Market

Explore the new Gartner® Magic Quadrant™ for software supply chain security and learn why ReversingLabs is recognized. 

Learn More about This Report from Gartner Defines the Software Supply Chain Security Market
This Report from Gartner Defines the Software Supply Chain Security Market
Mario Vuksan

Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 

SSCS is a footnote that grew up, moved out, and got its own report. 

Learn More about Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 
Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is In It 
Mario Vuksan

Gartner® Named RL a Software Supply Chain Security Visionary. Here’s What We See Coming

The first Magic Quadrant™ for Software Supply Chain Security comes as, we feel, the demand for greater supply chain visibility explodes.

Learn More about Gartner® Named RL a Software Supply Chain Security Visionary. Here’s What We See Coming
Gartner® Named RL a Software Supply Chain Security Visionary. Here’s What We See Coming

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / TwitterLinkedInLinkedInFacebookFacebookInstagramInstagramYouTubeYouTubeblueskyBlueskyRSSRSS
Back to Top