Pono kēia ʻatikala i ka poʻe i kamaʻāina i ka ʻenehana ʻIke Point ma ka hoʻolike ʻana o ka faila (Hoʻoweliweli Hoʻoweliweli) a me ka hoʻomaʻemaʻe ʻana i nā faila (Hoʻoweliweli ʻana) a makemake ʻo ia e hana i ka hana ʻana i kēia mau hana. Loaʻa iā Check Point , e holo ana ma ke ao a ma nā polokalamu kūloko, a He like ia me ka nānā ʻana i nā faila ma ka pūnaewele / smtp / ftp / smb / nfs traffic streams. ʻO kēia ʻatikala ka wehewehe ʻana a ka mea kākau i kahi pūʻulu ʻatikala mai ka palapala kūhelu, akā ma muli o kaʻu ʻike hana ponoʻī a me kaʻu mau hiʻohiʻona. Ma ka ʻatikala e ʻike ʻoe i nā hōʻiliʻili Postman a ka mea kākau no ka hana ʻana me ka Threat Prevention API.
Nā pōkole kumu
Hana ʻia ka Threat Prevention API me ʻekolu mau mea nui, i kapa ʻia ma ka API ma o nā waiwai kikokikona aʻe:
av - ʻĀpana Anti-Virus, kuleana no ka loiloi pūlima o nā mea hoʻoweliweli i ʻike ʻia.
te - ʻO ka mea hoʻoweliweli hoʻoweliweli, kuleana no ka nānā ʻana i nā faila i loko o ka pahu one, a me ka hana ʻana i kahi ʻōlelo hoʻoholo maikaʻi ʻole ma hope o ka hoʻohālikelike ʻana.
kāʻili ʻana - ʻĀpana Hoʻoweliweli, kuleana no ka hoʻololi wikiwiki ʻana i nā palapala o ke keʻena i kahi ʻano palekana (kahi e wehe ʻia ai nā mea ʻino a pau), i mea e hāʻawi koke ai iā lākou i nā mea hoʻohana / ʻōnaehana.
ʻO ka hoʻolālā API a me nā palena nui
Hoʻohana ʻo Threat Prevention API i nā noi 4 wale nō − hoʻouka, nīnau, hoʻoiho a me ka quota. Ma ke poʻomanaʻo no nā noi ʻehā pono ʻoe e hāʻawi i ke kī API me ka hoʻohana ʻana i ka ʻāpana Hana ʻae. I ka nānā mua ʻana, ʻoi aku ka maʻalahi o ka hale ma mua o ka in , akā paʻakikī loa ka helu o nā kahua i ka hoʻouka ʻana a me nā noi nīnau a me ke ʻano o kēia mau noi. Hiki ke hoʻohālikelike ʻia kēia mau mea me nā profiles Prevention Threat ma kahi kulekele palekana puka/sandbox.
I kēia manawa, ua hoʻokuʻu ʻia ka mana hoʻokahi o ka Threat Prevention API - 1.0; pono e komo ka URL no nā kelepona API. v1 ma ka ʻāpana e pono ai ʻoe e kuhikuhi i ka mana. ʻAʻole like me ka API Management, pono e hōʻike i ka mana API ma ka URL, inā ʻaʻole e hoʻokō ʻia ka noi.
ʻO ka ʻāpana Anti-Virus, ke kāhea ʻia me ka ʻole o nā ʻāpana ʻē aʻe (te, extraction), kākoʻo wale i kēia manawa i nā noi nīnau me nā md5 hash sums. Kākoʻo pū ʻo Threat Emulation a me Threat Extraction i nā huina hash sha1 a me sha256.
He mea nui ʻaʻole e hana hewa i nā nīnau! Hiki ke hoʻokō ʻia ka noi me ka hewa ʻole, akā ʻaʻole loa. Ke nānā iki nei i mua, e nānā kākou i ka mea hiki ke loaʻa nā hewa/typos i nā nīnau.
Noi me ka typo me ka hua'ōlelo hōʻike (hōʻike)
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reportss: ["tar", "pdf", "xml"]
}
}
]
}ʻAʻohe hewa i ka pane, akā ʻaʻohe ʻike e pili ana i nā hōʻike
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Akā no kahi noi me ka ʻole o ka typo i ke kī hōʻike
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reports: ["tar", "pdf", "xml"]
}
}
]
}Loaʻa iā mākou kahi pane i loaʻa i ka id no ka hoʻoiho ʻana i nā hōʻike
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "b684066e-e41c-481a-a5b4-be43c27d8b65",
"pdf_report": "e48f14f1-bcc7-4776-b04b-1a0a09335115",
"xml_report": "d416d4a9-4b7c-4d6d-84b9-62545c588963"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Inā hoʻouna mākou i kahi kī API hewa ʻole / pau, e loaʻa iā mākou kahi hewa 403 ma ka pane.
SandBlast API: ma ke ao a ma nā polokalamu kūloko
Hiki ke hoʻouna ʻia nā noi API i nā hāmeʻa Check Point i hoʻohana ʻia ka mea Threat Emulation (blade). Ma ke ʻano he helu no nā noi, pono ʻoe e hoʻohana i ka ip/url o ka hāmeʻa a me ka port 18194 (no ka laʻana, https://10.10.57.19:18194/tecloud/api/v1/file/query). Pono ʻoe e hōʻoia i ka ʻae ʻana o ke kulekele palekana ma ka hāmeʻa i kēia pili. ʻO ka ʻae ʻana ma o ke kī API ma nā polokalamu kūloko ma ka paʻamau hemo a ʻaʻole hiki ke hoʻouna ʻia ke kī ʻae i nā poʻomanaʻo noi.
Pono e hoʻouna ʻia nā noi API i ke ao CheckPoint te.checkpoint.com (no ka laʻana - https://te.checkpoint.com/tecloud/api/v1/file/query). Hiki ke loaʻa ke kī API ma ke ʻano he laikini hoʻāʻo no nā lā 60 ma ke kelepona ʻana i nā hoa Check Point a i ʻole ke keʻena kūloko o ka hui.
Ma nā polokalamu kūloko, ʻaʻole i kākoʻo ʻia ka Threat Extraction ma ke ʻano maʻamau. a pono e hoʻohana (E kamaʻilio mākou e pili ana i ia mea ma ka hopena o ka ʻatikala).
ʻAʻole kākoʻo nā lako kūloko i ka noi quota.
A i ʻole, ʻaʻohe ʻokoʻa ma waena o nā noi i nā polokalamu kūloko a me ke ao.
Hoʻouka i ke kelepona API
Hana ʻia − POST
Helu kelepona - https:///tecloud/api/v1/file/upload
Aia ʻelua ʻāpana o ka noi (form-data): kahi faila i manaʻo ʻia no ka hoʻohālikelike/hoʻomaʻemaʻe a me kahi kino noi me ka kikokikona.
ʻAʻole hiki ke hoʻokaʻawale ʻia ke noi kikokikona, akā ʻaʻole i loaʻa kekahi hoʻonohonoho. I mea e kūleʻa ai ka noi, pono ʻoe e hoʻouna i ka liʻiliʻi i kēia kikokikona ma ka noi:
Pono ka liʻiliʻi no kahi noi hoʻouka
HTTP POST
https:///tecloud/api/v1/file/upload
Poʻomanaʻo:
Ka mana 'ana:
kino
{
"noi": {
}
}
File
File
I kēia hihia, e hana ʻia ka faila e like me nā ʻāpana paʻamau: ʻāpana - te, kiʻi OS - Win XP a Win 7, me ka hana ʻole ʻana i kahi hōʻike.
Nā manaʻo ma nā kahua nui ma ka noi kikokikona:
inoa_ inoa и faila_type Hiki iā ʻoe ke waiho hakahaka a hoʻouna ʻole paha iā lākou, no ka mea, ʻaʻole kēia he ʻike kūpono loa i ka hoʻouka ʻana i kahi faila. Ma ka pane API, e hoʻopiha piha ʻia kēia mau kahua ma muli o ka inoa o ka faila i hoʻoiho ʻia, a ʻo ka ʻike i loko o ka cache e ʻimi mau ʻia me ka hoʻohana ʻana i nā nui hash md5/sha1/sha256.
Noi laʻana me ka file_name a me ka file_type
{
"request": {
"file_name": "",
"file_type": "",
}
}hiʻona - he papa inoa e hōʻike ana i ka hana pono i ka wā e hana ai i ka pahu one - av (Anti-Virus), te (Threat Emulation), extraction (Threat Extraction). Inā ʻaʻole i kau ʻia kēia ʻāpana, a laila e hoʻohana ʻia ka mea paʻamau - te (Threat Emulation).
I mea e hiki ai ke nānā i nā ʻāpana ʻekolu i loaʻa, pono ʻoe e kuhikuhi i kēia mau ʻāpana i ka noi API.
Laʻana o kahi noi me ka nānā ʻana i ka av, te a me ka unuhi
{ "request": [
{
"sha256": {{sha256}},
"features": ["av", "te", "extraction"]
}
]
}Nā kī ma ka ʻāpana te
kiʻi - he papa inoa i loaʻa nā puke wehewehe ʻōlelo me ka helu id a me ka helu hoʻoponopono o nā ʻōnaehana hana kahi e hana ʻia ai ka nānā. Ua like nā ID a me nā helu hoʻoponopono no nā mea āpau āpau a me ke ao.
Ka papa inoa o nā ʻōnaehana hana a me nā hoʻoponopono
Loaʻa iā OS Image ID
hou
OS kiʻi a me ka noi
e50e99f3-5963-4573-af9e-e3f4750b55e2
1
Microsoft Windows: XP - 32bit SP3
Office: 2003, 2007
ʻO Adobe Acrobat Reader: 9.0
Flash Player 9r115 a me ʻĀkauX 10.0
Java Runtime: 1.6.0u22
7e6fe36e-889e-4c25-8704-56378f0830df
1
Microsoft Windows: 7 - 32bit
Office: 2003, 2007
ʻO Adobe Acrobat Reader: 9.0
Mea pāʻani Flash: 10.2r152 (Kiki& ʻĀkauX)
Java Runtime: 1.6.0u0
8d188031-1010-4466-828b-0cd13d4303ff
1
Microsoft Windows: 7 - 32bit
Office: 2010
ʻO Adobe Acrobat Reader: 9.4
Mea pāʻani Flash: 11.0.1.152 (Kiki & ʻĀkauX)
Java Runtime: 1.7.0u0
5e5de275-a103-4f67-b55b-47532918fa59
1
Microsoft Windows: 7 - 32bit
Office: 2013
ʻO Adobe Acrobat Reader: 11.0
Mea pāʻani Flash: 15 (Kiki & ʻĀkauX)
Java Runtime: 1.7.0u9
3ff3ddae-e7fd-4969-818c-d5f1a2be336d
1
Microsoft Windows: 7 - 64bit
Office: 2013 (32-bit)
ʻO Adobe Acrobat Reader: 11.0.01
Mea pāʻani Flash: 13 (Kiki & ʻĀkauX)
Java Runtime: 1.7.0u9
6c453c9b-20f7-471a-956c-3198a868dc92
1
Microsoft Windows: 8.1 - 64bit
Office: 2013 (64-bit)
ʻO Adobe Acrobat Reader: 11.0.10
Mea pāʻani Flash: 18.0.0.160 (Kiki & ʻĀkauX)
Java Runtime: 1.7.0u9
10b4a9c6-e414-425c-ae8b-fe4dd7b25244
1
Microsoft Windows: 10
Office: ʻOihana Plus 2016 en-us
ʻO Adobe Acrobat Reader: DC 2015 MUI
Mea pāʻani Flash: 20 (Kiki & ʻĀkauX)
Java Runtime: 1.7.0u9
Inā ʻaʻole i kuhikuhi ʻia ke kī kiʻi, a laila e hana ʻia ka emulation i nā kiʻi i ʻōlelo ʻia e Check Point (Win XP a Win 7 i kēia manawa). Manaʻo ʻia kēia mau kiʻi ma muli o ka noʻonoʻo ʻana i ke koena maikaʻi o ka hana a me ka helu hopu.
hoike - he papa inoa o nā hōʻike a mākou e noi ai inā he hewa ka faila. Loaʻa nā koho ma lalo nei:
-
hōʻuluʻulu manaʻo - .tar.gz waihona i loaʻa kahi hōʻike e pili ana i ka hoʻohālike ʻana e i nā mea a pau i noi ʻia nā kiʻi (ʻo ka ʻaoʻao html a me nā ʻāpana e like me ke wikiō mai ka emulator OS, kahi hoʻokuʻu ʻana o ka pūnaewele, kahi hōʻike ma json, a me ka laʻana ponoʻī i loko o kahi waihona mālama huna). Ke ʻimi nei mākou i ke kī i ka pane - summary_report no ka hoʻoiho ʻana mai o ka hōʻike.
-
PDF - palapala e pili ana i ka emulation ma ekahi kiʻi, kahi i maʻa mau i ka loaʻa ʻana ma o ka Smart Console. Ke ʻimi nei mākou i ke kī i ka pane - pdf_hōʻike no ka hoʻoiho ʻana mai o ka hōʻike.
-
'ōkuene - palapala e pili ana i ka emulation ma ekahi kiʻi, kūpono no ka parsing hope o nā ʻāpana i ka hōʻike. Ke ʻimi nei mākou i ke kī i ka pane - xml_hōʻike no ka hoʻoiho ʻana mai o ka hōʻike.
-
'ō - .tar.gz waihona i loaʻa kahi hōʻike e pili ana i ka hoʻohālike i loko ekahi i noi ʻia nā kiʻi (ʻo ka ʻaoʻao html a me nā ʻāpana e like me ke wikiō mai ka emulator OS, kahi hoʻokuʻu ʻana o ka pūnaewele, kahi hōʻike ma json, a me ka laʻana ponoʻī i loko o kahi waihona mālama huna). Ke ʻimi nei mākou i ke kī i ka pane - piha_hōʻike no ka hoʻoiho ʻana mai o ka hōʻike.
He aha ka mea i loko o ka hōʻike hōʻuluʻulu
Aia nā kī full_report, pdf_report, xml_report i ka puke wehewehe ʻōlelo no kēlā me kēia OS
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9e6f07d03b37db0d3902bde4e239687a9e3d650e8c368188c7095750e24ad2d5",
"file_type": "html",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "8d18067e-b24d-4103-8469-0117cd25eea9",
"pdf_report": "05848b2a-4cfd-494d-b949-6cfe15d0dc0b",
"xml_report": "ecb17c9d-8607-4904-af49-0970722dd5c8"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "d7c27012-8e0c-4c7e-8472-46cc895d9185",
"pdf_report": "488e850c-7c96-4da9-9bc9-7195506afe03",
"xml_report": "e5a3a78d-c8f0-4044-84c2-39dc80ddaea2"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Akā ʻo ke kī summary_report - aia kekahi no ka emulation ma ka laulā
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "d57eadb7b2f91eea66ea77a9e098d049c4ecebd5a4c70fb984688df08d1fa833",
"file_type": "exe",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "c9a1767b-741e-49da-996f-7d632296cf9f",
"xml_report": "cc4dbea9-518c-4e59-b6a3-4ea463ca384b"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "ba520713-8c0b-4672-a12f-0b4a1575b913",
"xml_report": "87bdb8ca-dc44-449d-a9ab-2d95e7fe2503"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"summary_report": "7e7db12d-5df6-4e14-85f3-2c1e29cd3e34",
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Hiki iā ʻoe ke noi i nā hōʻike tar a me xml a me pdf i ka manawa like, hiki iā ʻoe ke noi i ka hōʻuluʻulu a me ka tar a me xml. ʻAʻole hiki ke noi i kahi hōʻike hōʻuluʻulu a me kahi pdf i ka manawa like.
Nā kī ma ka ʻāpana unuhi
No ka wehe ʻana i ka hoʻoweliweli, hoʻohana ʻia ʻelua kī:
hana - pdf (hoʻololi i pdf, hoʻohana ʻia e ka paʻamau) a i ʻole maʻemaʻe (hoʻomaʻemaʻe i ka ʻike hana).
extracted_parts_codes - papa inoa o nā code no ka wehe ʻana i ka ʻike hana, pili wale no ke ʻano maʻemaʻe
Nā code no ka wehe ʻana i ka ʻike mai nā faila
Code
Description
1025
Nā mea pili
1026
Macros a me Code
1034
Nā loulou pili pili
1137
Nā Hana PDF GoToR
1139
Nā Hana Hoʻolaha PDF
1141
Nā Hana URI PDF
1142
Nā Hana Leo PDF
1143
Nā Hana Kiʻiʻoniʻoni PDF
1150
Nā Hana JavaScript PDF
1151
Hoʻouna i nā palapala PDF
1018
Nīnau nīnau hōkeo ʻikepili
1019
Nā mea i hoʻokomo ʻia
1021
Mālama wikiwiki i ka ʻikepili
1017
Nā Waiwai Kuʻuna
1036
Na Waiwai Helu
1037
Hōʻuluʻulu Waiwai
No ka hoʻoiho ʻana i kahi kope i hoʻomaʻemaʻe ʻia, pono ʻoe e hana i kahi noi nīnau (e kūkākūkā ʻia ma lalo) ma hope o kekahi mau kekona, e hōʻike ana i ka nui hash o ka faila a me ka ʻāpana unuhi i ka kikokikona noi. Hiki iā ʻoe ke ʻohi i ka faila i hoʻomaʻemaʻe ʻia me ka hoʻohana ʻana i ka id mai ka pane i ka nīnau - extracted_file_download_id. Eia hou, ke nānā iki nei i mua, hāʻawi wau i nā hiʻohiʻona o kahi noi a me kahi pane nīnau e ʻimi i kahi id no ka hoʻoiho ʻana i kahi palapala i hoʻomaʻemaʻe ʻia.
Noi noi e huli i ke kī extracted_file_download_id
{ "request": [
{
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"features": ["extraction"] ,
"extraction": {
"method": "pdf"
}
}
]
}Pane i ka nīnau (nānā i extracted_file_download_id kī)
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"file_type": "",
"file_name": "",
"features": [
"extraction"
],
"extraction": {
"method": "pdf",
"extract_result": "CP_EXTRACT_RESULT_SUCCESS",
"extracted_file_download_id": "b5f2b34e-3603-4627-9e0e-54665a531ab2",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"time": "0.013",
"extract_content": "Macros and Code",
"extraction_data": {
"input_extension": "xls",
"input_real_extension": "xls",
"message": "OK",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"protection_name": "Potential malicious content extracted",
"protection_type": "Conversion to PDF",
"protocol_version": "1.0",
"risk": 5.0,
"scrub_activity": "Active content was found - XLS file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0.0,
"scrub_time": "0.013",
"scrubbed_content": "Macros and Code"
},
"tex_product": false,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Nāʻike nui
Ma hoʻokahi kelepona API, hiki iā ʻoe ke hoʻouna i hoʻokahi faila no ka hōʻoia.
ʻAʻole pono ka ʻāpana av i kahi ʻāpana ʻē aʻe me nā kī, ua lawa ia e wehewehe iā ia ma ka puke wehewehe hiʻona.
Nīnau API kelepona
Hana ʻia − POST
Helu kelepona - https:///tecloud/api/v1/file/query
Ma mua o ka hoʻouna ʻana i kahi faila no ka hoʻoiho ʻana (noi hoʻouka), pono e nānā i ka cache sandbox (noi noi) i mea e hoʻonui ai i ka ukana ma ka server API, ʻoiai ua loaʻa paha i ka server API ka ʻike a me ka ʻōlelo hoʻoholo ma ka faila i hoʻoiho ʻia. He ʻāpana kikokikona wale nō ke kelepona. ʻO ka hapa i koi ʻia o ka noi ʻo sha1/sha256/md5 ka nui hash o ka faila. Ma ke ala, hiki iā ʻoe ke loaʻa i ka pane i ka noi hoʻoili.
Pono ka liʻiliʻi no ka nīnau
HTTP POST
https:///tecloud/api/v1/file/query
Poʻomanaʻo:
Ka mana 'ana:
kino
{
"noi": {
"sha256":
}
}
He laʻana o ka pane i kahi noi hoʻouka, kahi e ʻike ʻia ai nā huina hash sha1/md5/sha256
{
"response": {
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
},
"sha1": "954b5a851993d49ef8b2412b44f213153bfbdb32",
"md5": "ac29b7c26e7dcf6c6fdb13ac0efe98ec",
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "",
"file_name": "kp-20-doc.doc",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
}
}
}
}ʻO ka noi nīnau, me ka nui o ka hash, pono e like me ka noi hoʻouka ʻana (a i ʻole i hoʻolālā ʻia e hana ʻia), a i ʻole "ua" (loaʻa nā māhele liʻiliʻi ma ka noi nīnau ma mua o ka noi hoʻouka). Inā ʻoi aku ka nui o nā kahua i loko o ka noi noi ma mua o ka noi hoʻouka, ʻaʻole e loaʻa iā ʻoe nā ʻike āpau i koi ʻia ma ka pane.
Eia kekahi laʻana o ka pane i kahi nīnau kahi i loaʻa ʻole ai nā ʻikepili i koi ʻia
{
"response": [
{
"status": {
"code": 1006,
"label": "PARTIALLY_FOUND",
"message": "The request cannot be fully answered at this time."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te",
"extraction"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
},
"extraction": {
"method": "pdf",
"tex_product": false,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}E nānā pono i nā māla Kanawai и i 'ae'. Hōʻike ʻia kēia mau māhele ʻekolu manawa ma nā puke wehewehe ʻōlelo kūlana. ʻIke mua mākou i ke kī honua "code": 1006 a me "label": "PARTIALLY_FOUND". A laila, loaʻa kēia mau kī no kēlā me kēia ʻāpana a mākou i noi ai - te a me ka unuhi. A inā no ka maopopo ua loaʻa ka ʻikepili, a laila no ka unuhi ʻana ʻaʻohe ʻike.
ʻO kēia ke ʻano o ka nīnau no ka laʻana ma luna
{ "request": [
{
"sha256": {{sha256}},
"features": ["te", "extraction"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Inā hoʻouna ʻoe i kahi noi nīnau me ka ʻole o ka ʻāpana unuhi
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}A laila e loaʻa i ka pane ka ʻike piha ("code": 1001, "label": "FOUND")
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Inā ʻaʻohe ʻike i loko o ka cache, a laila ʻo ka pane ʻana he "label": "NOT_FOUND"
{
"response": [
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd91",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Ma hoʻokahi kelepona API, hiki iā ʻoe ke hoʻouna i nā helu hash i ka manawa hoʻokahi no ka hōʻoia. E hoʻihoʻi ka pane i ka ʻikepili ma ke ʻano like me ka mea i hoʻouna ʻia ma ka noi.
Noi noi hoʻohālike me nā huina sha256
{ "request": [
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81"
},
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82"
}
]
}Pane i kahi nīnau me nā huina sha256 he nui
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81",
"file_type": "dll",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
},
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}ʻO ke noi ʻana i kekahi mau huina hash i ka manawa hoʻokahi i kahi noi nīnau e loaʻa kekahi hopena maikaʻi i ka hana o ka server API.
Hoʻoiho i ke kelepona API
Hana ʻia − POST (e like me ka palapala), GET hana nō hoʻi (a ʻoi aku paha ke kūpono)
Helu kelepona - https:///tecloud/api/v1/file/download?id=
Pono ke poʻomanaʻo e hāʻawi ʻia ke kī API, ʻaʻohe ke kino o ka noi, ua hāʻawi ʻia ka id download ma ka helu URL.
I ka pane ʻana i kahi noi nīnau, inā pau ka hoʻohālikelike ʻana a noi ʻia nā hōʻike i ka wā e hoʻoiho ai i ka faila, ʻike ʻia ka id no ka hoʻoiho ʻana i nā hōʻike. Inā noi ʻia kahi kope i hoʻomaʻemaʻe ʻia, pono ʻoe e ʻimi i ka id e hoʻoiho i ka palapala i hoʻomaʻemaʻe ʻia.
ʻO ka huina, ʻo nā kī i ka pane i ka nīnau i loaʻa ka waiwai id no ka hoʻouka ʻana:
-
summary_report
-
piha_hōʻike
-
pdf_hōʻike
-
xml_hōʻike
-
extracted_file_download_id
ʻOiaʻiʻo, no ka loaʻa ʻana o kēia mau kī i ka pane ʻana i ka noi nīnau, pono lākou e kuhikuhi ʻia i ka noi (no nā hōʻike) a i ʻole e hoʻomanaʻo e hana i kahi noi me ka hoʻohana ʻana i ka hana unuhi (no nā palapala hoʻomaʻemaʻe).
Kāhea API Quota
Hana ʻia − POST
Helu kelepona - https:///tecloud/api/v1/file/quota
No ka nānā ʻana i ke koena quota ma ke ao, e hoʻohana i ka quota query. Ua nele ke kino noi.
Laʻana pane i kahi noi quota
{
"response": [
{
"remain_quota_hour": 1250,
"remain_quota_month": 10000000,
"assigned_quota_hour": 1250,
"assigned_quota_month": 10000000,
"hourly_quota_next_reset": "1599141600",
"monthly_quota_next_reset": "1601510400",
"quota_id": "TEST",
"cloud_monthly_quota_period_start": "1421712300",
"cloud_monthly_quota_usage_for_this_gw": 0,
"cloud_hourly_quota_usage_for_this_gw": 0,
"cloud_monthly_quota_usage_for_quota_id": 0,
"cloud_hourly_quota_usage_for_quota_id": 0,
"monthly_exceeded_quota": 0,
"hourly_exceeded_quota": 0,
"cloud_quota_max_allow_to_exceed_percentage": 1000,
"pod_time_gmt": "1599138715",
"quota_expiration": "0",
"action": "ALLOW"
}
]
}API Hoʻoweliweli no ka ʻīpuka palekana
Ua kūkulu ʻia kēia API ma mua o ka Threat Prevention API a ua manaʻo ʻia no nā polokalamu kūloko wale nō. I kēia manawa hiki ke hoʻohana wale ʻia inā pono ʻoe i ka Threat Extraction API. No ka Threat Emulation ʻoi aku ka maikaʻi o ka hoʻohana ʻana i ka API Hoʻoweliweli maʻamau. E hoʻā TP API no SG a hoʻonohonoho i ke kī API e pono ai ʻoe e hahai i nā ʻanuʻu mai . Manaʻo wau e hoʻolohe i ka ʻanuʻu 6b a me ka nānā ʻana i ka hiki o ka ʻaoʻao https://<IPAddressofSecurityGateway>/UserCheck/TPAPI no ka mea inā he hopena maikaʻi ʻole, ʻaʻole kūpono ka hoʻonohonoho hou ʻana. E hoʻouna ʻia nā kelepona API āpau i kēia URL. Hoʻoponopono ʻia ke ʻano kelepona (hoʻouka / nīnau) ma ke kī kino kelepona − inoa_noi. Also kī koi ʻia - api_key (pono ʻoe e hoʻomanaʻo i ka wā o ka hoʻonohonoho hoʻonohonoho) a protocol_version (ʻo 1.1 ka mana o kēia manawa). Hiki iā ʻoe ke ʻike i ka palapala kūhelu no kēia API ma . Loaʻa nā pōmaikaʻi pili i ka hiki ke hoʻouna i nā faila i ka manawa hoʻokahi no ka hoʻohālikelike ʻana i ka wā e hoʻouka ai iā lākou, ʻoiai ua hoʻouna ʻia nā faila ma ke ʻano he string text base64. No ka hoʻopili ʻana/decode i nā faila i/mai base64 hiki iā ʻoe ke hoʻohana i kahi mea hoʻololi pūnaewele ma Postman no nā kumu hōʻike, no ka laʻana - . No nā kumu kūpono, pono ʻoe e hoʻohana i nā ʻano hoʻopaʻa inoa i kūkulu ʻia a hoʻokaʻawale i ke kākau ʻana i ke code.
I kēia manawa, e nānā pono kākou i nā hana te и kāʻili ʻana ma keia API.
No ka ʻāpana te hāʻawi ʻia ka puke wehewehe ʻōlelo nā_koho i ka hoʻouka ʻana/nā noi noi, a ʻo nā kī o kēia noi e hui pū me nā kī i loko .
Ke noi laʻana no ka hoʻopili faila ma Win10 me nā hōʻike
{
"request": [{
"protocol_version": "1.1",
"api_key": "<api_key>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "<filename>",
"te_options": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": ["summary", "xml"]
}
}
]
}No ka ʻāpana kāʻili ʻana hāʻawi ʻia ka puke wehewehe ʻōlelo scrub_options. Hōʻike kēia noi i ke ʻano hoʻomaʻemaʻe: hoʻololi i ka PDF, hoʻomaʻemaʻe i ka ʻike hana, a i ʻole koho i kahi ʻano e like me ka Threat Prevention profile (hōʻike ʻia ka inoa profile). ʻO ka mea nui e pili ana i ka pane ʻana i kahi noi API unuhi no kahi faila, loaʻa iā ʻoe kahi kope hoʻomaʻemaʻe i ka pane ʻana i kēlā noi ma ke ʻano he string encrypted base64 (ʻaʻole pono ʻoe e hana i kahi noi nīnau a nānā i ka id e hoʻoiho i ka palapala)
Laʻana o kahi noi e holoi i kahi faila
{
"request": [{
"protocol_version": "1.1",
"api_key": "<API_KEY>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "hi.txt",
"scrub_options": {
"scrub_method": 2
}
}]
}E pane i kahi noi
{
"response": [{
"protocol_version": "1.1",
"src_ip": "<IP_ADDRESS>",
"scrub": {
"file_enc_data": "<base64_encoded_converted_to_PDF_file>",
"input_real_extension": "js",
"message": "OK",
"orig_file_url": "",
"output_file_name": "hi.cleaned.pdf",
"protection_name": "Extract potentially malicious content",
"protection_type": "Conversion to PDF",
"real_extension": "txt",
"risk": 0,
"scrub_activity": "TXT file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0,
"scrub_time": "0.011",
"scrubbed_content": ""
}
}]
} ʻOiai ʻo ka liʻiliʻi o nā noi API e koi ʻia e kiʻi i kahi kope i hoʻomaʻemaʻe ʻia, ʻike wau i kēia koho ʻoi aku ka maikaʻi a me ka maʻalahi ma mua o ka noi form-data i hoʻohana ʻia ma. .
Ohi Leta
Ua hana au i nā hōʻiliʻili ma Postman no ka Threat Prevention API a me ka Threat Prevention API no ka Security Gateway, e hōʻike ana i nā noi API maʻamau. I mea e hoʻololi koke ʻia ai ka server ip/url API a me ke kī i nā noi, a e hoʻomanaʻo ʻia ka nui o ka sha256 hash ma hope o ka hoʻoiho ʻana i ka faila, ua hana ʻia ʻekolu mau ʻano i loko o nā hōʻiliʻili (hiki iā ʻoe ke loaʻa iā lākou ma ka hele ʻana i nā hoʻonohonoho hōʻiliʻili. Hoʻoponopono -> Nā mea hoʻololi): te_api (koi), api_key (pono e hoʻopiha ʻia, koe wale nō ka hoʻohana ʻana i ka TP API me nā polokalamu kūloko), sha256 (waiho ʻole, ʻaʻole i hoʻohana ʻia ma TP API no SG).
Nā mea hoʻohana
I ke kaiāulu Hōʻike ʻia nā palapala i kākau ʻia ma Python e nānā i nā faila mai ka papa kuhikuhi makemake ʻia ma , a . Ma o ka launa pū ʻana me ka Threat Prevention API, ua hoʻonui nui ʻia kou hiki ke nānā i nā faila, ʻoiai i kēia manawa hiki iā ʻoe ke nānā i nā faila ma nā pae he nui i ka manawa hoʻokahi (e nānā i loko. , a laila ma ka pahu one Check Point), a loaʻa i nā faila ʻaʻole wale mai ka neʻe ʻana o ka pūnaewele, akā e lawe pū iā lākou mai nā kikowaena pūnaewele a, no ka laʻana, nā ʻōnaehana CRM.
Source: www.habr.com