Expand SIEM and SOAR Visibility

ReversingLabs provides comprehensive, automated static analysis on files entering an organization. This rich, highly relevant file intelligence enhances correlation and visibility of malware, enriching any SIEM or SOAR, and promotes a more effective and efficient malware identification and incident response process.

Download Solution Brief
SIEM-SOAR
RL - Splunk Dashboard

Optimize with Enriched Hash Metadata

Challenge: Not enough context in file intelligence data to understand the threat and be actionable for security teams to respond smartly and in a timely manner.

Solution: ReversingLabs performs high-speed static analysis to classify files (good, malicious, suspicious, unknown), rank severity level, and provide enriched context in near real-time. File reputation can be supplied from ReversingLabs with a query directly from the SIEM or SOAR console.

A1000 interface

Extract Critical Context with Advanced Search

Challenge: There is no unified platform for advanced analysis on unknown malware,  finding functionally similar malware or performing pivots on IOCs to better understand threats. Analysts are forced to navigate between siloed security tools which are not designed for collaboration, and in most cases, open to privacy concerns.

Solution: ReversingLabs provides seamless  integration with SIEM and SOAR solutions. The platform provides a unified workbench and integrates an 8 billion sample database of goodware and malware, offering enriched context and continuous threats-in-the-wild updates. In a single click, a user can switch to the ReversingLabs console and quickly determine relevant indicators to help prioritize threats and determine the next course of action.

Splunk Workflow Actions

Classify and Reduce Response Times

Challenge: Given multiple file sources and varying types of incoming files, there are many ways malware can enter your environment. In similar manner, specific or similar threats may already exist in your environment and also need to be identified. 

Solution: ReversingLabs classifies huge volumes of files at near real-time, providing comprehensive detection for a wide-range of sources while enhancing automated playbooks, streamlining workflows, and reducing analyst overhead. Summary results can be reviewed in Splunk and with a single click analysts can pivot to the ReversingLabs platform for further analysis and hunting.

Reference Architecture

The Titanium Hybrid-Cloud Platform offers a flexible deployment architecture enabling high volume processing, accelerated object analysis, file reputation services and investigation through TitaniumCore, TitaniumCloud, TitaniumScale and the A1000

Reference Architecture - ReversingLabs Solutions

SIEM & SOAR Partners