The Polarity VMRay integration supports looking up Sample information by hash (MD5, SHA1 and SHA256). Additionally, the integration includes a "File Check" capability where you can drag and drop a file into the Overlay Window to locally compute a SHA256 hash which is then checked against VMRay for a valid Sample.
For more information on VMRay, please visit the official website.
 |
 |
 |
|---|---|---|
| Sample Overview Tab | Sample Details Tab | Sample Summary Tab |
 |
 |
 |
| Sample Mitre ATT&CK Tab | Sample IOCs Tab | File Check Tab |
 |
||
| Submit From VirusTotal |
The Polarity VMRay integration includes a "File Check" capability that computes the SHA256 of a local file and then checks the resultant SHA256 for a valid Sample in VMRay. The "File Check" capability computes the SHA256 hash locally on your Polarity Client and does not upload the file to VMRay.
The base URL of your hosted or Cloud based VMRay instance including the schema (i.e., https://). For example, https://us.cloud.vmray.com or https://eu.cloud.vmray.com.
A valid VMRay API Key
If checked, the integration will return a result even when no Sample could be found for the given hash.
Provide a VirusTotal API Key to enable downloading VirusTotal files into VMRay for analysis. This option is only available when no VMRay sample is found. You must also enable the "Return result when no sample is found" option above. The VirusTotal API key must support the file download URL endpoint in VirusTotal which requires special privileges and will not work with a typical free API key.
Your VirusTotal API Key must have access to the file download URL endpoint documented here: https://docs.virustotal.com/reference/files-download-url
Installation instructions for integrations are provided on the PolarityIO GitHub Page.
Polarity is a memory-augmentation platform that improves and accelerates analyst decision making. For more information about the Polarity platform please see: