Once your Halo order has been processed, if you’ve opted to include the File Reputation feature, we will set up a new ReversingLabs account for you. **Note:** you can also use an existing ReversingLabs account, provided you have the required credentials. Please follow the steps below to configure Glasswall Halo with your ReversingLabs account. ## Prerequisite - Minimum Halo version: [v2.4.15](/halo/v2415) ## Configure Glasswall Halo with ReversingLabs Follow all the steps in the [deployment](/halo/glasswall-halo-deployment-overview) section to deploy Halo according to your cloud provider. The `cdrplatform-engine` includes the configuration needed to connect to ReversingLabs. The username and password should be set up using an external secret manager. For any additional modifications, refer to the [Halo configuration changes](/halo/glasswall-halo-configuration-changes). The relevant settings can be found under the `Engine` section: - `ReversingLabs__Endpoint` - `ReversingLabs__Timeout` ## Retrieve threat intelligence data for your files ### Single files #### In the Sync API In this example, we process a single file on the CDR-file endpoint on the Sync API. 1. Make a POST request with a single file to the sync API, for example the CDR-file endpoint: `/api/v3/cdr-file`. 2. Observe the response headers. They should contain the following: | Header | Description | Values | |------|-------------|--------| | `x-filereputation-responsecode` | HTTP response code from the file reputation service | `200 OK`, `400 Bad Request`, `401 Unauthorized`, `403 Forbidden`, `404 Not Found`, `405 Method Not Allowed`, `409 Conflict`, `413 Request Too Large`, `429 Too Many Requests`, `500 Internal Server Error`, `502 Bad Gateway`, `503 Service Unavailable`, `UnknownError`, `Timeout` | | `x-filereputation-status` | Malware presence status | `unknown`, `known`, `suspicious`, `malicious` | | `x-filereputation-threatname` | Detected threat name for the requested sample | Example: `win32.trojan.nsis` | | `x-filereputation-threatlevel` | Threat severity calculated by a proprietary ReversingLabs algorithm | Value from `0` to `5`, where `5` indicates the highest severity | | `x-filereputation-trustlevel` | Confidence that a known sample is goodware | Value from `0` to `5`, where `0` represents the highest confidence | ### Archives In this example, we process a ZIP file on the CDR-file endpoint on the Sync API. 1. Make a POST request with a supported archive file to the Sync API, for example the CDR-file endpoint: `/api/v3/cdr-file`. Ensure an analysis report will be generated. 2. Download the composite archive result containing the `/clean` and `/report` folders. 3. Open the report archive file under the `/report` directory. 4. Observe the contents of the `manifest.cdr-json` file. The JSON should contain a new `fileReputation` section: ```json { "fileReputation": { "response": "200", "fileStatus": "SUSPICIOUS", "threatName": "Win32.Trojan.Nsis", "threatLevel": "4", "trustLevel": "5" } } ``` ### Compressed files For compressed files (`.bz2`And`.gzip`), The file reputation data is returned via response headers (similar to single files). **Note:** that the file reputation results are for the underlying file and not the parent compressed type.