Kaspersky Threat Intelligence Portal

Getting basic file analysis report

Expand all | Collapse all

Kaspersky Threat Intelligence Portal provides an API for sending a file for analysis in the Sandbox and getting a basic report.

Request

Request method: POST

Endpoint: https://opentip.kaspersky.com/api/v1/scan/file

Query parameter: filename—Name of the file you want to analyze.

cURL command sample:

curl --request POST 'https://opentip.kaspersky.com/api/v1/scan/file?filename=<file name>' --header 'x-api-key: <API token>' --header 'Content-Type: application/octet-stream' --data-binary '@<path to file>'

Here:

Responses

200 OK

Request processed successfully.

Endpoint returns a JSON object that contains basic information about the analyzed file.

File analysis may take several minutes, therefore some sections may be not included in the method response. You can obtain the updated results by using the getresult/file method.

200 OK response parameters

Parameter

Type

Description

Zone

string

Color of the zone that a file belongs to. Available values:

Red—The file can be classified as Malware.

Yellow—The file is classified as Adware and other (Adware, Pornware, and other programs).

Green—The file has the Clean or No threats detected status. The No threats detected status is applied if the file was not classified by Kaspersky, but it was previously scanned and/or analyzed, and no threats were detected at the time of the analysis.

Grey—No data or not enough information is available for the file.

FileGeneralInfo

object

General information about the analyzed file.

FileStatus

string

Status of the submitted file (Malware, Adware and other, Clean, No threats detected, or Not categorized).

Sha1

string

SHA1 hash of the analyzed file.

Md5

string

MD5 hash of the analyzed file.

Sha256

string

SHA256 hash of the analyzed file.

FirstSeen

string <date-time>

Date and time when the analyzed file was detected by Kaspersky expert systems for the first time.

LastSeen

string <date-time>

Date and time when the analyzed file was detected by Kaspersky expert systems for the last time.

Signer

string

Organization that signed the analyzed file.

Packer

string

Packer name (if available).

Size

integer

Size of the analyzed file (in bytes).

Type

string

Type of the analyzed file.

HitsCount

integer

Number of hits (popularity) of the analyzed file detected by Kaspersky expert systems. Number of hits is rounded to the nearest power of 10.

DetectionsInfo

Array of objects

Information about detected objects.

LastDetectDate

string <date-time>

Date and time when the object was last detected by Kaspersky expert systems.

DescriptionUrl

string

Link to the detected object's description in the Kaspersky threats website (if available).

Zone

string

Color of the zone that the detected object belongs to.

DetectionName

string

Name of the detected object.

DetectionMethod

string

Method used to detect the object.

DynamicDetections

Array of objects

Detects related to the analyzed file.

Zone—Color of the zone of the detected object (Red or Yellow).

Threat—Number of detected objects that belong to the zone.

400 Bad Request

Request not processed: incorrect query.

Make sure you enter the correct parameter, and then try to run the query again.

401 Unauthorized

Request not processed: user authentication failed.

Make sure you enter the correct credentials, and then try to run the query again.

413 Payload Too Large

Request not processed: file size exceeds a size limit.

To execute the file, make sure its size does not exceed 256 MB.

Page top
[Topic SubmitFileAPI]