ckaadic
diff --git a/‎Packs/VMRay/Integrations/VMRay/README.md‎
Lines changed: 11 additions & 0 deletions b/‎Packs/VMRay/Integrations/VMRay/README.md‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎Packs/VMRay/Integrations/VMRay/VMRay.py‎
Lines changed: 17 additions & 0 deletions b/‎Packs/VMRay/Integrations/VMRay/VMRay.py‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎Packs/VMRay/Integrations/VMRay/VMRay.yml‎
Lines changed: 47 additions & 0 deletions b/‎Packs/VMRay/Integrations/VMRay/VMRay.yml‎
Lines changed: 47 additions & 0 deletions
@@ -570,6 +570,16 @@ Retrieves sample information by hash.
 
 | **Path** | **Type** | **Description** |
 | --- | --- | --- |
+| File.Name | String | The full file name \(including file extension\). | 
+| File.MD5 | String | The MD5 hash of the file. | 
+| File.SHA1 | String | The SHA1 hash of the file. | 
+| File.SHA256 | String | The SHA256 hash of the file. | 
+| File.SSDeep | String | The SSDeep hash of the file. | 
+| DBotScore.Indicator | String | The indicator that was tested. | 
+| DBotScore.Type | String | The indicator type. | 
+| DBotScore.Vendor | String | The vendor used to calculate the score. | 
+| DBotScore.Score | Number | The actual score. | 
+| DBotScore.Reliability | String | Reliability of the source providing the intelligence data. | 
 | VMRay.Sample.SampleID | Number | ID of the sample. | 
 | VMRay.Sample.SampleURL | String | URL to sample page. | 
 | VMRay.Sample.FileName | String | File name of the sample. | 
@@ -781,6 +791,7 @@ Retrieves Indicators of Compromise for a specified sample.
 | DBotScore.Type | String | The indicator type. | 
 | DBotScore.Vendor | String | The vendor used to calculate the score. | 
 | DBotScore.Score | Number | The actual score. | 
+| DBotScore.Reliability | String | Reliability of the source providing the intelligence data. | 
 | Domain.Name | String | The domain name | 
 | IP.Address | String | IP address | 
 | URL.Data | String | The URL | 
 
@@ -14,6 +14,7 @@
 USE_SSL = not demisto.params().get('insecure', False)
 HEADERS = {'Authorization': 'api_key ' + API_KEY}
 ERROR_FORMAT = 'Error in API call to VMRay [{}] - {}'
+RELIABILITY = demisto.params().get('integrationReliability', DBotScoreReliability.C) or DBotScoreReliability.C
 
 # disable insecure warnings
 requests.packages.urllib3.disable_warnings()
@@ -198,6 +199,7 @@ def dbot_score_by_hash(data):
                     'Type': 'hash',
                     'Vendor': 'VMRay',
                     'Score': DBOTSCORE.get(data.get('Verdict', 0)),
+                    'Reliability': RELIABILITY
                 }
             )
     return scores
@@ -671,18 +673,33 @@ def get_sample_by_hash_command():
     samples = raw_response.get('data')
 
     if samples:
+        # VMRay outputs
         entry_context = dict()
         context_key = 'VMRay.Sample(val.{} === obj.{})'.format(hash.upper(), hash.upper())
         entry_context[context_key] = [
             create_sample_entry(sample)
             for sample in samples
         ]
 
+        # DBotScore output
         scores = list()  # type: list
         for sample in entry_context[context_key]:
             scores += dbot_score_by_hash(sample)
         entry_context[outputPaths['dbotscore']] = scores
 
+        # Indicator output
+        # just use the first sample that is returned by the API for now
+        entry = entry_context[context_key][0]
+        file = Common.File(
+            None,
+            md5=entry['MD5'],
+            sha1=entry['SHA1'],
+            sha256=entry['SHA256'],
+            ssdeep=entry['SSDeep'],
+            name=entry['FileName']
+        )
+        entry_context.update(file.to_context())
+
         human_readable = tableToMarkdown(
             'Results for {} hash {}:'.format(hash_type, hash),
             entry_context[context_key],
 
@@ -3,6 +3,20 @@ commonfields:
   id: vmray
   version: -1
 configuration:
+- additionalinfo: Reliability of the source providing the intelligence data.
+  defaultvalue: C - Fairly reliable
+  display: Source Reliability
+  name: integrationReliability
+  options:
+  - A+ - 3rd party enrichment
+  - A - Completely reliable
+  - B - Usually reliable
+  - C - Fairly reliable
+  - D - Not usually reliable
+  - E - Unreliable
+  - F - Reliability cannot be judged
+  required: true
+  type: 15
 - defaultvalue: https://cloud.vmray.com
   display: Server URL (e.g., https://cloud.vmray.com)
   name: server
@@ -399,6 +413,36 @@ script:
     execution: false
     name: vmray-get-sample-by-hash
     outputs:
+    - contextPath: File.Name
+      description: The full file name (including file extension).
+      type: String
+    - contextPath: File.MD5
+      description: The MD5 hash of the file.
+      type: String
+    - contextPath: File.SHA1
+      description: The SHA1 hash of the file.
+      type: String
+    - contextPath: File.SHA256
+      description: The SHA256 hash of the file.
+      type: String
+    - contextPath: File.SSDeep
+      description: The SSDeep hash of the file.
+      type: String
+    - contextPath: DBotScore.Indicator
+      description: The indicator that was tested.
+      type: String
+    - contextPath: DBotScore.Type
+      description: The indicator type.
+      type: String
+    - contextPath: DBotScore.Vendor
+      description: The vendor used to calculate the score.
+      type: String
+    - contextPath: DBotScore.Score
+      description: The actual score.
+      type: Number
+    - contextPath: DBotScore.Reliability
+      description: Reliability of the source providing the intelligence data.
+      type: String
     - contextPath: VMRay.Sample.SampleID
       description: ID of the sample.
       type: Number
@@ -554,6 +598,9 @@ script:
     - contextPath: DBotScore.Score
       description: The actual score.
       type: Number
+    - contextPath: DBotScore.Reliability
+      description: Reliability of the source providing the intelligence data.
+      type: String
     - contextPath: Domain.Name
       description: The domain name
       type: String