Getting basic file analysis report
Expand all | Collapse all
Kaspersky Threat Intelligence Portal provides an API for sending a file for analysis in the Sandbox and getting a basic report.
Request
Request method: POST
Endpoint: https://opentip.kaspersky.com/api/v1/scan/file
Query parameter: filename—Name of the file you want to analyze.
cURL command sample:
curl --request POST 'https://opentip.kaspersky.com/api/v1/scan/file?filename=<file name>' --header 'x-api-key: <API token>' --header 'Content-Type: application/octet-stream' --data-binary '@<path to file>'
Here:
|
Responses
200 OK
Request processed successfully.
Endpoint returns a JSON object that contains basic information about the analyzed file.
File analysis may take several minutes, therefore some sections may be not included in the method response. You can obtain the updated results by using the getresult/file method.
200 OK response parameters
Parameter
|
Type
|
Description
|
Zone
|
string
|
Color of the zone that a file belongs to. Available values:
Red—The file can be classified as Malware.
Yellow—The file is classified as Adware and other (Adware, Pornware, and other programs).
Green—The file has the Clean or No threats detected status. The No threats detected status is applied if the file was not classified by Kaspersky, but it was previously scanned and/or analyzed, and no threats were detected at the time of the analysis.
Grey—No data or not enough information is available for the file.
|
FileGeneralInfo
|
object
|
General information about the analyzed file.
|
FileStatus
|
string
|
Status of the submitted file (Malware, Adware and other, Clean, No threats detected, or Not categorized).
|
Sha1
|
string
|
SHA1 hash of the analyzed file.
|
Md5
|
string
|
MD5 hash of the analyzed file.
|
Sha256
|
string
|
SHA256 hash of the analyzed file.
|
FirstSeen
|
string <date-time>
|
Date and time when the analyzed file was detected by Kaspersky expert systems for the first time.
|
LastSeen
|
string <date-time>
|
Date and time when the analyzed file was detected by Kaspersky expert systems for the last time.
|
Signer
|
string
|
Organization that signed the analyzed file.
|
Packer
|
string
|
Packer name (if available).
|
Size
|
integer
|
Size of the analyzed file (in bytes).
|
Type
|
string
|
Type of the analyzed file.
|
HitsCount
|
integer
|
Number of hits (popularity) of the analyzed file detected by Kaspersky expert systems. Number of hits is rounded to the nearest power of 10.
|
DetectionsInfo
|
Array of objects
|
Information about detected objects.
|
LastDetectDate
|
string <date-time>
|
Date and time when the object was last detected by Kaspersky expert systems.
|
DescriptionUrl
|
string
|
Link to the detected object's description in the Kaspersky threats website (if available).
|
Zone
|
string
|
Color of the zone that the detected object belongs to.
|
DetectionName
|
string
|
Name of the detected object.
|
DetectionMethod
|
string
|
Method used to detect the object.
|
DynamicDetections
|
Array of objects
|
Detects related to the analyzed file.
Zone—Color of the zone of the detected object (Red or Yellow).
Threat—Number of detected objects that belong to the zone.
|
400 Bad Request
Request not processed: incorrect query.
Make sure you enter the correct parameter, and then try to run the query again.
401 Unauthorized
Request not processed: user authentication failed.
Make sure you enter the correct credentials, and then try to run the query again.
413 Payload Too Large
Request not processed: file size exceeds a size limit.
To execute the file, make sure its size does not exceed 256 MB.
[Topic SubmitFileAPI]