Getting basic file analysis report

Kaspersky Threat Intelligence Portal provides an API for sending a file for analysis in the Sandbox and getting a basic report.

Request

Request method: POST

Endpoint: https://opentip.kaspersky.com/api/v1/scan/file

Query parameter: filename—Name of the file you want to analyze.

cURL command sample:

curl --request POST 'https://opentip.kaspersky.com/api/v1/scan/file?filename=<file name>' --header 'x-api-key: <API token>' --header 'Content-Type: application/octet-stream' --data-binary '@<path to file>'

Here:

<file name>—The name of the file that you want to analyze.
<API token>—The API token that you requested in the web interface.
<path to file>—The full path to the file that you want to analyze.

Responses

200 OK

Request processed successfully.

Endpoint returns a JSON object that contains basic information about the analyzed file.

File analysis may take several minutes, therefore some sections may be not included in the method response. You can obtain the updated results by using the getresult/file method.

200 OK response parameters

Parameter	Type	Description
`Zone`	string	Color of the zone that a file belongs to. Available values: `Red`—The file can be classified as Malware. `Yellow`—The file is classified as Adware and other (Adware, Pornware, and other programs). `Green`—The file has the Clean or No threats detected status. The No threats detected status is applied if the file was not classified by Kaspersky, but it was previously scanned and/or analyzed, and no threats were detected at the time of the analysis. `Grey`—No data or not enough information is available for the file.
`FileGeneralInfo`	object	General information about the analyzed file.
`FileStatus`	string	Status of the submitted file (Malware, Adware and other, Clean, No threats detected, or Not categorized).
`Sha1`	string	SHA1 hash of the analyzed file.
`Md5`	string	MD5 hash of the analyzed file.
`Sha256`	string	SHA256 hash of the analyzed file.
`FirstSeen`	string <date-time>	Date and time when the analyzed file was detected by Kaspersky expert systems for the first time.
`LastSeen`	string <date-time>	Date and time when the analyzed file was detected by Kaspersky expert systems for the last time.
`Signer`	string	Organization that signed the analyzed file.
`Packer`	string	Packer name (if available).
`Size`	integer	Size of the analyzed file (in bytes).
`Type`	string	Type of the analyzed file.
`HitsCount`	integer	Number of hits (popularity) of the analyzed file detected by Kaspersky expert systems. Number of hits is rounded to the nearest power of 10.
`DetectionsInfo`	Array of objects	Information about detected objects.
`LastDetectDate`	string <date-time>	Date and time when the object was last detected by Kaspersky expert systems.
`DescriptionUrl`	string	Link to the detected object's description in the Kaspersky threats website (if available).
`Zone`	string	Color of the zone that the detected object belongs to.
`DetectionName`	string	Name of the detected object.
`DetectionMethod`	string	Method used to detect the object.
`DynamicDetections`	Array of objects	Detects related to the analyzed file. `Zone`—Color of the zone of the detected object (Red or Yellow). `Threat`—Number of detected objects that belong to the zone.

400 Bad Request

401 Unauthorized

413 Payload Too Large

Page top