The ReversingLabs Action Bundle enables seamless integration between ThreatQ and ReversingLabs Spectra Analyze, allowing analysts to enrich indicators with advanced threat intelligence and malware analysis data. This bundle automates the enrichment of URLs, FQDNs, and file hashes by submitting supported indicators to the ReversingLabs API and ingesting the resulting classification and contextual analysis back into ThreatQ.

The integration provides the following actions:

• ReversingLabs - Hash Enrichment - looks up supported hashes in ReversingLabs and ingests summary and classification context.
• ReversingLabs - Submit URL - submits a URL or FQDN to ReversingLabs and stores the returned Submission ID on the original indicator. 
• ReversingLabs - URL Report - uses the stored ReversingLabs Submission ID to fetch the URL analysis report and ingest the returned context.

The integration supports and returns enrichment for the following indicator types:

• FQDN
• URL
• MD5
• SHA-1
• SHA-256
• SHA-512

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.