Wannan labarin zai zama da amfani ga waɗanda suka saba da fasaha Duba Point ta hanyar kwaikwayar fayil (Barazana Kwaikwayo) da tsaftacewa fayil mai aiki (Cire Barazana) kuma yana so ya ɗauki mataki don sarrafa waɗannan ayyuka. Check Point yana da , wanda ke gudana duka a cikin gajimare da na'urorin gida, da Aiki yana daidai da duba fayiloli a cikin gidan yanar gizo / smtp / ftp / smb / nfs rafukan zirga-zirga.. Wannan labarin wani bangare ne na fassarar mawallafin na jerin labaran daga takardun hukuma, amma bisa gogewar aiki na da kuma misalan kaina. Hakanan a cikin labarin za ku sami tarin tarin Postman na marubucin don aiki tare da API na Rigakafin Barazana.
Gajartawar asali
API ɗin Rigakafin Barazana yana aiki tare da manyan abubuwa guda uku, waɗanda ake kira a cikin API ta waɗannan ƙimar rubutu masu zuwa:
av - Bangaren Anti-Virus, wanda ke da alhakin nazarin sa hannu kan barazanar da aka sani.
te - Bangaren Emulation na Barazana, alhakin bincika fayiloli a cikin akwatin yashi, da yin hukunci mara kyau / mara kyau bayan kwaikwaya.
hakar - Bangaren Haɓakar Barazana, alhakin canza takaddun ofis cikin sauri zuwa tsari mai aminci (wanda aka cire duk abubuwan da ke da yuwuwar qeta), don isar da su da sauri ga masu amfani/tsari.
Tsarin API da manyan iyakoki
API ɗin Rigakafin Barazana yana amfani da buƙatun 4 kawai - loda, tambaya, zazzagewa da keɓancewa. A cikin taken don duk buƙatun guda huɗu kuna buƙatar wuce maɓallin API ta amfani da siga izini. A kallon farko, tsarin zai iya zama da sauƙi fiye da na ciki , amma adadin filayen da ke cikin buƙatun lodawa da tambaya da tsarin waɗannan buƙatun suna da sarƙaƙiya. Ana iya kwatanta waɗannan da aiki da bayanan bayanan Rigakafin Barazana a cikin manufofin tsaro na ƙofar kofa/sanda.
A halin yanzu, an fitar da sigar API ɗin Rigakafin Barazana kawai - 1.0; URL ɗin kiran API yakamata ya haɗa da v1 a cikin sashin da kake buƙatar ƙayyade sigar. Ba kamar API ɗin Gudanarwa ba, wajibi ne a nuna sigar API a cikin URL ɗin, in ba haka ba ba za a aiwatar da buƙatar ba.
Bangaren Anti-Virus, lokacin da ake kira ba tare da wasu abubuwan haɗin gwiwa ba (te, cirewa), a halin yanzu kawai yana goyan bayan buƙatun tambaya tare da jimlar md5 hash. Barazana Emulation da Haɓakar Barazana kuma suna tallafawa sha1 da sha256 hash jimlar.
Yana da matukar muhimmanci kada a yi kuskure a cikin tambayoyi! Ana iya aiwatar da buƙatar ba tare da kuskure ba, amma ba gaba ɗaya ba. Duban gaba kadan, bari mu ga abin da zai iya faruwa idan akwai kurakurai/tambayoyi a cikin tambayoyin.
Nemi tare da buga rubutu tare da kalmar rahotanni(rahotanni)
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reportss: ["tar", "pdf", "xml"]
}
}
]
}Ba za a sami kuskure a cikin martani ba, amma ba za a sami bayani game da rahotannin kwata-kwata ba
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Amma don buƙatar ba tare da buga rubutu ba a maɓallin rahotanni
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reports: ["tar", "pdf", "xml"]
}
}
]
}Muna karɓar amsa wanda ya riga ya ƙunshi id don zazzage rahotanni
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "b684066e-e41c-481a-a5b4-be43c27d8b65",
"pdf_report": "e48f14f1-bcc7-4776-b04b-1a0a09335115",
"xml_report": "d416d4a9-4b7c-4d6d-84b9-62545c588963"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Idan muka aika maɓallin API mara kuskure/ ƙarewa, za mu sami kuskuren 403 don amsawa.
SandBlast API: a cikin gajimare da kan na'urorin gida
Ana iya aika buƙatun API zuwa na'urorin Check Point waɗanda ke da bangaren Barazana Emulation (blade). A matsayin adireshin buƙatun, kuna buƙatar amfani da ip/url na na'urar da tashar jiragen ruwa 18194 (misali, https: //)10.10.57.19:18194/tecloud/api/v1/file/query). Hakanan yakamata ku tabbatar da cewa manufar tsaro akan na'urar ta ba da damar wannan haɗin. Izini ta hanyar maɓallin API akan na'urorin gida ta tsohuwa kashe kuma ba za a iya aika maɓallin izini a cikin buƙatun ba kwata-kwata.
Ya kamata a aika buƙatun API zuwa ga gajimare na CheckPoint te.checkpoint.com (misali https://te.checkpoint.com/tecloud/api/v1/file/query). Ana iya samun maɓallin API azaman lasisin gwaji na kwanaki 60 ta hanyar tuntuɓar abokan hulɗar Check Point ko ofishin gida na kamfanin.
A kan na'urori na gida, Har yanzu ba a tallafawa Haɗin Barazana a matsayin ma'auni. kuma ya kamata a yi amfani da shi (za mu yi magana game da shi dalla-dalla a ƙarshen labarin).
Na'urorin gida ba sa goyan bayan buƙatun keɓe.
In ba haka ba, babu bambance-bambance tsakanin buƙatun zuwa na'urorin gida da ga gajimare.
Sanya kiran API
Hanyar amfani - POST
Adireshin kira - https:///tecloud/api/v1/file/upload
Buƙatar ta ƙunshi sassa biyu (form-data): fayil ɗin da aka yi niyya don kwaikwaya/tsaftacewa da jikin buƙatun tare da rubutu.
Buƙatun rubutu ba zai iya zama fanko ba, amma maiyuwa bazai ƙunshi kowane tsari ba. Domin neman yin nasara, dole ne ka aika aƙalla wannan rubutu a cikin buƙatar:
Mafi ƙarancin buƙata don buƙatun lodawa
HTTP POST
https:///tecloud/api/v1/file/upload
Masu kai:
Izini:
jiki
{
"buƙata": {
}
}
fayil
fayil
A wannan yanayin, za a sarrafa fayil ɗin daidai da madaidaitan sigogi: bangaren - te, Hotunan OS - Win XP kuma Win 7, ba tare da samar da rahoto ba.
Sharhi kan manyan filayen cikin buƙatun rubutu:
sunan fayil и file_type Kuna iya barin su babu komai ko kar a aika su kwata-kwata, tunda wannan baya da amfani musamman lokacin loda fayil. A cikin martanin API, waɗannan filayen za a cika su ta atomatik bisa sunan fayil ɗin da aka zazzage, kuma har yanzu za a bincika bayanan da ke cikin cache ta amfani da adadin hash md5/sha1/sha256.
Misalin nema tare da komai na file_name da file_type
{
"request": {
"file_name": "",
"file_type": "",
}
}fasaloli - jerin da ke nuna aikin da ake bukata lokacin aiki a cikin akwatin yashi - av (Anti-Virus), te (Treat Emulation), cirewa (Treat Extraction). Idan ba a wuce wannan siga ba kwata-kwata, to kawai za a yi amfani da abubuwan da aka saba amfani da su - te (Treat Emulation).
Don ba da damar dubawa a cikin abubuwan da ake da su guda uku, kuna buƙatar saka waɗannan abubuwan haɗin gwiwa a cikin buƙatar API.
Misalin buƙatu tare da dubawa av, te da cirewa
{ "request": [
{
"sha256": {{sha256}},
"features": ["av", "te", "extraction"]
}
]
}Maɓallai a cikin sashin te
images - jeri mai ƙunshe da ƙamus mai id da lambar bita na tsarin aiki wanda za a yi rajistan. ID da lambobin bita iri ɗaya ne ga duk na'urorin gida da gajimare.
Jerin tsarin aiki da bita
Akwai ID na Hoton OS
bita
Hoton OS da Aikace-aikace
e50e99f3-5963-4573-af9e-e3f4750b55e2
1
Microsoft WindowsSaukewa: XP-32bit SP3
Office: 2003, 2007
Adobe Acrobat Reader: 9.0
Flash Player 9r115 ku ActiveX 10.0
Java Runtime: 1.6.0u22
7e6fe36e-889e-4c25-8704-56378f0830df
1
Microsoft WindowsSaukewa: 7-32bit
Office: 2003, 2007
Adobe Acrobat Reader: 9.0
Flash Player: 10.2r152plugin& ActiveX)
Java Runtime: 1.6.0u0
8d188031-1010-4466-828b-0cd13d4303ff
1
Microsoft WindowsSaukewa: 7-32bit
Office: 2010
Adobe Acrobat Reader: 9.4
Flash Player: 11.0.1.152 (plugin & ActiveX)
Java Runtime: 1.7.0u0
5e5de275-a103-4f67-b55b-47532918fa59
1
Microsoft WindowsSaukewa: 7-32bit
Office: 2013
Adobe Acrobat Reader: 11.0
Flash Player: 15 (plugin & ActiveX)
Java Runtime: 1.7.0u9
3ff3ddae-e7fd-4969-818c-d5f1a2be336d
1
Microsoft WindowsSaukewa: 7-64bit
Office: 2013 (32 bit)
Adobe Acrobat Reader: 11.0.01
Flash Player: 13 (plugin & ActiveX)
Java Runtime: 1.7.0u9
6c453c9b-20f7-471a-956c-3198a868dc92
1
Microsoft WindowsSaukewa: 8.1-64bit
Office: 2013 (64 bit)
Adobe Acrobat Reader: 11.0.10
Flash Player: 18.0.0.160 (plugin & ActiveX)
Java Runtime: 1.7.0u9
10b4a9c6-e414-425c-ae8b-fe4dd7b25244
1
Microsoft Windows: 10
Office: Professional Plus 2016 en-us
Adobe Acrobat ReaderDC 2015 MUI
Flash Player: 20 (plugin & ActiveX)
Java Runtime: 1.7.0u9
Idan ba a kayyade maɓallin hotuna kwata-kwata, to za a yi kwaikwayi a cikin hotuna da aka ba da shawarar ta Check Point (Win XP da Win 7 a halin yanzu). Ana ba da shawarar waɗannan hotuna bisa la'akari da mafi kyawun ma'auni na aiki da ƙimar kama.
rahotanni - jerin rahotannin da muke nema idan fayil ɗin ya zama qeta. Akwai zaɓuɓɓuka masu zuwa:
-
summary - .tar.gz archive dauke da rahoto kan kwaikwaya ta ga kowa Hotunan da aka nema (duka shafi na html da abubuwan da aka gyara kamar bidiyo daga OS mai kwaikwaya, jujiyar zirga-zirgar hanyar sadarwa, rahoto a json, da samfurin kanta a cikin rumbun adana kalmar sirri). Muna neman mabuɗin a cikin amsar - summary_rahoton domin sauke rahoton na gaba.
-
pdf - takarda game da kwaikwaya a cikin daya Hoton, wanda da yawa sun saba karɓa ta Smart Console. Muna neman mabuɗin a cikin amsar - pdf_report domin sauke rahoton na gaba.
-
xml - takarda game da kwaikwaya a cikin daya hoto, dacewa don tantance sigogi na gaba a cikin rahoton. Muna neman mabuɗin a cikin amsar - xml_rahoton domin sauke rahoton na gaba.
-
kwalta - .tar.gz tambura mai dauke da rahoto kan kwaikwaya a cikin daya Hotunan da aka nema (duka shafi na html da abubuwan da aka gyara kamar bidiyo daga OS mai kwaikwaya, jujiyar zirga-zirgar hanyar sadarwa, rahoto a json, da samfurin kanta a cikin rumbun adana kalmar sirri). Muna neman mabuɗin a cikin amsar - cikakken_rahoton domin sauke rahoton na gaba.
Me ke cikin rahoton taƙaitaccen bayani
Maɓallan cikakken_report, pdf_report, xml_report suna cikin ƙamus na kowane OS
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9e6f07d03b37db0d3902bde4e239687a9e3d650e8c368188c7095750e24ad2d5",
"file_type": "html",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "8d18067e-b24d-4103-8469-0117cd25eea9",
"pdf_report": "05848b2a-4cfd-494d-b949-6cfe15d0dc0b",
"xml_report": "ecb17c9d-8607-4904-af49-0970722dd5c8"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "d7c27012-8e0c-4c7e-8472-46cc895d9185",
"pdf_report": "488e850c-7c96-4da9-9bc9-7195506afe03",
"xml_report": "e5a3a78d-c8f0-4044-84c2-39dc80ddaea2"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Amma maɓallin summary_report - akwai ɗaya don kwaikwaya gabaɗaya
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "d57eadb7b2f91eea66ea77a9e098d049c4ecebd5a4c70fb984688df08d1fa833",
"file_type": "exe",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "c9a1767b-741e-49da-996f-7d632296cf9f",
"xml_report": "cc4dbea9-518c-4e59-b6a3-4ea463ca384b"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "ba520713-8c0b-4672-a12f-0b4a1575b913",
"xml_report": "87bdb8ca-dc44-449d-a9ab-2d95e7fe2503"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"summary_report": "7e7db12d-5df6-4e14-85f3-2c1e29cd3e34",
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Kuna iya buƙatar tar da xml da rahoton pdf a lokaci guda, kuna iya buƙatar taƙaitawa da kwalta da xml. Ba zai yiwu a nemi rahoton taƙaitaccen bayani da pdf a lokaci guda ba.
Maɓallai a cikin sashin hakar
Don cirewar barazanar, maɓallai biyu kawai ake amfani da su:
hanyar - pdf (canza zuwa pdf, amfani da tsoho) ko mai tsabta (tsabtace abun ciki mai aiki).
codes_parts_codes - jerin lambobin don cire abun ciki mai aiki, masu amfani kawai don hanya mai tsabta
Lambobi don cire abun ciki daga fayiloli
code
description
1025
Abubuwan da aka haɗa
1026
Macros da Code
1034
Hannun Hannun Hannu
1137
Ayyukan GoToR na PDF
1139
Ayyukan Kaddamar da PDF
1141
Ayyukan URI PDF
1142
Ayyukan Sauti na PDF
1143
Ayyukan Fina-Finan PDF
1150
Ayyukan JavaScript na PDF
1151
Ayyukan Samar da Tsarin PDF
1018
Tambayoyin Database
1019
Abubuwan da aka haɗa
1021
Saurin Ajiye Bayanai
1017
Kayayyakin Musamman
1036
Ƙididdiga Properties
1037
Abubuwan Takaitawa
Don zazzage kwafin da aka tsaftace, kuna buƙatar yin buƙatar tambaya (wanda za a tattauna a ƙasa) bayan ƴan daƙiƙa kaɗan, ƙididdige adadin zanta na fayil ɗin da ɓangaren cirewa a cikin rubutun buƙatun. Kuna iya ɗaukar fayil ɗin da aka tsaftace ta amfani da id daga amsa tambayar - extracted_file_download_id. Har yanzu, duban gaba kadan, na ba da misalan buƙatu da amsa tambaya don neman id don zazzage daftarin aiki.
Neman tambaya don bincika maɓallin cirewa_file_download_id
{ "request": [
{
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"features": ["extraction"] ,
"extraction": {
"method": "pdf"
}
}
]
}Martani ga tambaya (nemi extracted_file_download_id key)
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"file_type": "",
"file_name": "",
"features": [
"extraction"
],
"extraction": {
"method": "pdf",
"extract_result": "CP_EXTRACT_RESULT_SUCCESS",
"extracted_file_download_id": "b5f2b34e-3603-4627-9e0e-54665a531ab2",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"time": "0.013",
"extract_content": "Macros and Code",
"extraction_data": {
"input_extension": "xls",
"input_real_extension": "xls",
"message": "OK",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"protection_name": "Potential malicious content extracted",
"protection_type": "Conversion to PDF",
"protocol_version": "1.0",
"risk": 5.0,
"scrub_activity": "Active content was found - XLS file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0.0,
"scrub_time": "0.013",
"scrubbed_content": "Macros and Code"
},
"tex_product": false,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Janar bayani
A cikin kiran API ɗaya, zaku iya aika fayil ɗaya kawai don tabbatarwa.
Bangaren av baya buƙatar ƙarin sashe tare da maɓalli, ya isa ya ƙayyade shi a cikin ƙamus fasaloli.
API ɗin tambaya
Hanyar amfani - POST
Adireshin kira - https:///tecloud/api/v1/file/query
Kafin aika fayil don zazzagewa (buƙatun loda), yana da kyau a bincika cache akwatin sandbox (buƙatun tambaya) don haɓaka kaya akan sabar API, tunda uwar garken API na iya samun bayanai da hukunci akan fayil ɗin da aka zazzage. Kiran ya ƙunshi ɓangaren rubutu kawai. Abinda ake buƙata na buƙatar shine sha1/sha256/md5 adadin hash na fayil ɗin. Af, za ka iya samun shi a cikin martani ga buƙatun lodawa.
Mafi ƙarancin buƙata don tambaya
HTTP POST
https:///tecloud/api/v1/file/query
Masu kai:
Izini:
jiki
{
"buƙata": {
"sha256":
}
}
Misalin martani ga buƙatun lodawa, inda sha1/md5/sha256 adadin hash ke bayyane.
{
"response": {
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
},
"sha1": "954b5a851993d49ef8b2412b44f213153bfbdb32",
"md5": "ac29b7c26e7dcf6c6fdb13ac0efe98ec",
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "",
"file_name": "kp-20-doc.doc",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
}
}
}
}Buƙatun tambaya, ban da adadin hash, yakamata ya kasance daidai da buƙatun da aka yi (ko kuma an tsara shi), ko ma “riga” (ya ƙunshi ƴan filaye a cikin buƙatar tambaya fiye da na buƙatun loda). A cikin yanayin da buƙatar neman ta ƙunshi filaye fiye da yadda ake a cikin buƙatun loda, ba za ku sami duk bayanan da ake buƙata ba a cikin martanin.
Ga misalin amsa tambaya inda ba a sami duk bayanan da ake buƙata ba
{
"response": [
{
"status": {
"code": 1006,
"label": "PARTIALLY_FOUND",
"message": "The request cannot be fully answered at this time."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te",
"extraction"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
},
"extraction": {
"method": "pdf",
"tex_product": false,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Kula da filayen code и lakabin. Waɗannan filayen suna bayyana sau uku a cikin ƙamus na matsayi. Da farko muna ganin maɓallin "lambar" na duniya: 1006 da "lakabi": "PARTIALLY_FOUND". Bayan haka, ana samun waɗannan maɓallai don kowane ɓangaren ɓangaren da muka nema - te da cirewa. Kuma idan na te a bayyane yake cewa an samo bayanan, to don hakar babu wani bayani.
Wannan shine yadda tambayar tayi kama da misalin da ke sama
{ "request": [
{
"sha256": {{sha256}},
"features": ["te", "extraction"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Idan ka aika buƙatar tambaya ba tare da ɓangaren cirewa ba
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Sannan amsar zata ƙunshi cikakkun bayanai ("code": 1001, "label": "FOUND").
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Idan babu wani bayani a cikin cache kwata-kwata, to, amsar za ta zama “lakabi”: “NOT_FOUND”
{
"response": [
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd91",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}A cikin kiran API ɗaya, zaku iya aika adadin zanta da yawa lokaci ɗaya don tabbatarwa. Amsar za ta dawo da bayanai a cikin tsari guda kamar yadda aka aika a cikin buƙatar.
Misalin buƙatar tambaya tare da adadin sha256 da yawa
{ "request": [
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81"
},
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82"
}
]
}Amsa ga tambaya tare da adadin sha256 da yawa
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81",
"file_type": "dll",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
},
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Neman adadin hash da yawa a lokaci ɗaya a cikin buƙatar tambaya kuma zai sami tasiri mai fa'ida akan aikin uwar garken API.
Zazzage kiran API
Hanyar amfani - POST (bisa ga takardu), SAMU Hakanan yana aiki (kuma yana iya zama kamar ƙarin ma'ana)
Adireshin kira - https:///tecloud/api/v1/file/download?id=
Taken yana buƙatar maɓallin API don wucewa, jikin buƙatun babu komai, ana shigar da id ɗin zazzagewa a cikin adireshin URL.
Dangane da buƙatun tambaya, idan an gama kwaikwayi kuma an nemi rahotanni lokacin zazzage fayil ɗin, za a ga id na zazzage rahotanni. Idan ana buƙatar kwafin da aka goge, yakamata ku nemi id ɗin don zazzage daftarin da aka goge.
Gabaɗaya, maɓallai a cikin martani ga tambayar mai ɗauke da ƙimar id don lodawa na iya zama:
-
summary_rahoton
-
cikakken_rahoton
-
pdf_report
-
xml_rahoton
-
cire_file_download_id
Tabbas, don karɓar waɗannan maɓallan don amsa buƙatar tambaya, dole ne a ƙayyade su a cikin buƙatun (don rahotanni) ko kuma ku tuna yin buƙatun ta amfani da aikin cirewa (don takaddun da aka goge)
Quota API kira
Hanyar amfani - POST
Adireshin kira - https:///tecloud/api/v1/file/quota
Don duba ragowar adadin a cikin gajimare, yi amfani da tambayar keɓe. Jikin roƙon babu kowa.
Amsa misali ga buƙatar ƙima
{
"response": [
{
"remain_quota_hour": 1250,
"remain_quota_month": 10000000,
"assigned_quota_hour": 1250,
"assigned_quota_month": 10000000,
"hourly_quota_next_reset": "1599141600",
"monthly_quota_next_reset": "1601510400",
"quota_id": "TEST",
"cloud_monthly_quota_period_start": "1421712300",
"cloud_monthly_quota_usage_for_this_gw": 0,
"cloud_hourly_quota_usage_for_this_gw": 0,
"cloud_monthly_quota_usage_for_quota_id": 0,
"cloud_hourly_quota_usage_for_quota_id": 0,
"monthly_exceeded_quota": 0,
"hourly_exceeded_quota": 0,
"cloud_quota_max_allow_to_exceed_percentage": 1000,
"pod_time_gmt": "1599138715",
"quota_expiration": "0",
"action": "ALLOW"
}
]
}API ɗin Rigakafin Barazana don Ƙofar Tsaro
An haɓaka wannan API ɗin kafin API ɗin Rigakafin Barazana kuma an yi nufin na'urorin gida kawai. A yanzu yana iya zama da amfani kawai idan kuna buƙatar API ɗin Barazana. Don Kwaikwayar Barazana yana da kyau a yi amfani da API na Rigakafin Barazana na yau da kullun. Don kunna TP API don SG kuma saita maɓallin API da kuke buƙatar bi matakan daga . Ina ba da shawarar kula da mataki na 6b da kuma duba damar shafin https://<IPAddressofSecurityGateway>/UserCheck/TPAPI saboda idan akwai mummunan sakamako, ƙarin daidaitawa ba ya da ma'ana. Za a aika duk kiran API zuwa wannan url. Nau'in kira (Loda/tambaya) ana tsara shi a cikin maɓallin jikin kira - request_name. Hakanan maɓallan da ake buƙata sune - api_key (kana buƙatar tuna shi a lokacin tsarin tsari) da sigar_protocol (a halin yanzu sigar yanzu shine 1.1). Kuna iya samun takaddun hukuma na wannan API a . Fa'idodin dangi sun haɗa da ikon aika fayiloli da yawa lokaci ɗaya don kwaikwaya lokacin loda su, tunda fayilolin ana aika su azaman layin rubutu na tushe64. Don ɓoyayyi/yanke fayiloli zuwa/daga base64, zaku iya amfani da mai sauya kan layi a cikin Postman don dalilai na nunawa, misali - . Don dalilai masu ma'ana, yakamata kuyi amfani da ginanniyar rufaffiyar da kuma yanke hanyoyin yayin rubuta lamba.
Yanzu bari mu dubi ayyukan te и hakar a cikin wannan API.
Domin bangaren te an bayar da ƙamus te_zaɓi a cikin buƙatun loda/tambayoyi, kuma maɓallan cikin wannan buƙatar sun yi daidai da maɓallan te a ciki .
Misalin buƙatar kwaikwayi fayil a Win10 tare da rahotanni
{
"request": [{
"protocol_version": "1.1",
"api_key": "<api_key>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "<filename>",
"te_options": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": ["summary", "xml"]
}
}
]
}Domin bangaren hakar an bayar da ƙamus goge_zaɓi. Wannan buƙatar tana ƙayyadadden hanyar tsaftacewa: canzawa zuwa PDF, share abun ciki mai aiki, ko zaɓi yanayi daidai da bayanin martabar Rigakafin Barazana (an nuna sunan bayanin martaba). Babban abu game da amsa buƙatun API na cirewa don fayil shine ka sami kwafi mai tsabta a cikin martani ga waccan buƙatun azaman rufaffen kirtani na tushe64 (ba kwa buƙatar yin buƙatar tambaya kuma duba id ɗin don saukar da shi. takarda)
Misalin buƙatar share fayil
{
"request": [{
"protocol_version": "1.1",
"api_key": "<API_KEY>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "hi.txt",
"scrub_options": {
"scrub_method": 2
}
}]
}Amsa ga bukata
{
"response": [{
"protocol_version": "1.1",
"src_ip": "<IP_ADDRESS>",
"scrub": {
"file_enc_data": "<base64_encoded_converted_to_PDF_file>",
"input_real_extension": "js",
"message": "OK",
"orig_file_url": "",
"output_file_name": "hi.cleaned.pdf",
"protection_name": "Extract potentially malicious content",
"protection_type": "Conversion to PDF",
"real_extension": "txt",
"risk": 0,
"scrub_activity": "TXT file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0,
"scrub_time": "0.011",
"scrubbed_content": ""
}
}]
} Duk da cewa ana buƙatar ƙarancin buƙatun API don samun kwafin da aka share, na sami wannan zaɓin bai fi dacewa kuma ya dace ba fiye da buƙatun-bayanan da aka yi amfani da su a ciki .
Tarin ma'aikatan gidan waya
Na ƙirƙiri tarin tarin a cikin Postman don API na Rigakafin Barazana da API ɗin Rigakafin Barazana don Ƙofar Tsaro, waɗanda ke wakiltar buƙatun API na gama gari. Domin a canza uwar garken ip/url API da maɓalli ta atomatik cikin buƙatun, kuma adadin hash sha256 da za a tuna bayan zazzage fayil ɗin, an ƙirƙiri masu canji guda uku a cikin tarin (zaku iya samun su ta hanyar zuwa saitunan tarin). Shirya -> Sauye-sauye): te_api (da ake bukata), api_key (ana buƙatar cika ciki, sai dai lokacin amfani da TP API tare da na'urorin gida), sha256 (bar komai, ba a amfani da shi a cikin TP API don SG).
Misalai na amfani
A cikin al'umma an gabatar da rubutun da aka rubuta a cikin Python waɗanda ke bincika fayiloli daga littafin da ake so ta hanyar kuma . Ta hanyar hulɗa tare da API na Rigakafin Barazana, ikon ku na bincika fayiloli yana faɗaɗa sosai, tunda yanzu kuna iya bincika fayiloli a dandamali da yawa a lokaci ɗaya (duba ciki). , sa'an nan kuma a cikin Check Point sandbox), kuma karɓar fayiloli ba kawai daga zirga-zirgar hanyar sadarwa ba, amma kuma ɗauka su daga kowace hanyar sadarwa da, misali, tsarin CRM.
source: www.habr.com