Kab lus no yuav muaj txiaj ntsig zoo rau cov neeg uas paub txog technology Kuaj Cov Lus los ntawm cov ntaub ntawv emulation (Kev Nyuaj Siab Emulation) thiab proactive ntaub ntawv tu (Kev Phem Txhaum Cai) thiab xav ua ib kauj ruam mus rau automating cov haujlwm no. Check Point muaj , uas khiav ob qho tib si hauv huab thiab ntawm cov khoom siv hauv zos, thiab ua haujlwm nws zoo ib yam rau kev tshuaj xyuas cov ntaub ntawv hauv web / smtp / ftp / smb / nfs tsheb khiav. Kab lus no yog ib feem ntawm tus sau phau ntawv txhais lus ntawm cov kab lus los ntawm cov ntaub ntawv raug cai, tab sis raws li kuv tus kheej kev ua haujlwm thiab kuv tus kheej cov qauv. Tsis tas li hauv tsab xov xwm koj yuav pom tus sau Postman sau los ua haujlwm nrog Kev Tiv Thaiv Kev Nyab Xeeb API.
Cov ntawv luv luv
Kev Tiv Thaiv Kev Nyuaj Siab API ua haujlwm nrog peb lub ntsiab lus, uas yog hu ua API los ntawm cov ntawv hauv qab no:
av - Anti-Virus tivthaiv, lub luag haujlwm rau kev kos npe rau kev txheeb xyuas txog kev hem thawj paub.
te - Kev Nyuaj Siab Emulation tivthaiv, lub luag haujlwm rau kev tshuaj xyuas cov ntaub ntawv hauv sandbox, thiab ua qhov kev txiav txim siab phem / tsis zoo tom qab emulation.
kev rho tawm - Kev Tiv Thaiv Kev Tiv Thaiv Kev Tiv Thaiv, lub luag haujlwm hloov pauv cov ntaub ntawv chaw ua haujlwm sai sai rau hauv daim ntawv nyab xeeb (nyob rau hauv uas tag nrho cov ntsiab lus tsis zoo raug tshem tawm), txhawm rau xa lawv sai sai rau cov neeg siv / cov kab ke.
API qauv thiab cov kev txwv tseem ceeb
Kev Tiv Thaiv Kev Nyab Xeeb API tsuas yog siv 4 qhov kev thov - upload, nug, download thiab quota. Hauv header rau tag nrho plaub qhov kev thov koj yuav tsum dhau API tus yuam sij siv qhov ntsuas Tso Cai. Thaum xub thawj siab ib muag, tus qauv yuav zoo li ntau yooj yim dua nyob rau hauv , tab sis tus naj npawb ntawm cov teb nyob rau hauv cov upload thiab query thov thiab cov qauv ntawm cov kev thov no complex heev. Cov no tuaj yeem ua haujlwm tau zoo piv rau Kev Tiv Thaiv Kev Nyab Xeeb hauv lub rooj vag / sandbox txoj cai kev nyab xeeb.
Tam sim no, tsuas yog version ntawm Kev Tiv Thaiv Kev Nyab Xeeb API tau raug tso tawm - 1.0; URL rau API hu yuav tsum suav nrog v1 nyob rau hauv qhov chaw uas koj yuav tsum tau qhia lub version. Tsis zoo li Kev Tswj Xyuas API, nws yog qhov tsim nyog los qhia API version hauv URL, txwv tsis pub qhov kev thov yuav tsis raug tua.
Lub Anti-Virus tivthaiv, thaum hu tsis muaj lwm yam Cheebtsam (te, rho tawm), tam sim no tsuas txhawb cov lus nug thov nrog md5 hash sums. Kev Nyuaj Siab Emulation thiab hem Extraction kuj txhawb nqa sha1 thiab sha256 hash sums.
Nws tseem ceeb heev kom tsis txhob ua yuam kev hauv cov lus nug! Qhov kev thov tuaj yeem ua tiav yam tsis muaj qhov yuam kev, tab sis tsis tag. Saib ua ntej me ntsis, cia saib dab tsi tuaj yeem tshwm sim thaum muaj qhov yuam kev / typos hauv cov lus nug.
Thov nrog tus typo nrog cov lus ceeb toom (cov ntawv ceeb toom)
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reportss: ["tar", "pdf", "xml"]
}
}
]
}Yuav tsis muaj qhov yuam kev hauv cov lus teb, tab sis yuav tsis muaj cov ntaub ntawv hais txog cov lus ceeb toom txhua
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Tab sis rau kev thov yam tsis muaj typo nyob rau hauv cov ntaub ntawv tseem ceeb
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reports: ["tar", "pdf", "xml"]
}
}
]
}Peb tau txais cov lus teb uas twb muaj id rau rub tawm cov ntaub ntawv
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "b684066e-e41c-481a-a5b4-be43c27d8b65",
"pdf_report": "e48f14f1-bcc7-4776-b04b-1a0a09335115",
"xml_report": "d416d4a9-4b7c-4d6d-84b9-62545c588963"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Yog tias peb xa tus yuam sij API tsis raug / tas sijhawm, peb yuav tau txais 403 yuam kev hauv kev teb.
SandBlast API: hauv huab thiab ntawm cov khoom siv hauv zos
API thov tuaj yeem xa mus rau Check Point cov khoom siv uas muaj Kev Nyab Xeeb Emulation tivthaiv (hniav) qhib. Raws li qhov chaw nyob rau kev thov, koj yuav tsum siv ip/url ntawm lub cuab yeej thiab chaw nres nkoj 18194 (piv txwv li, https://10.10.57.19:18194/tecloud/api/v1/file/query). Koj yuav tsum tau ua kom paub tseeb tias txoj cai ruaj ntseg ntawm lub cuab yeej tso cai rau kev sib txuas zoo li no. Kev tso cai los ntawm API tus yuam sij ntawm cov khoom siv hauv zos los ntawm lub neej ntawd tawm thiab tus yuam sij tso cai nyob rau hauv daim ntawv thov headers tej zaum yuav tsis raug xa kiag li.
API thov mus rau CheckPoint huab yuav tsum raug xa mus rau te.checkpoint.com (piv txwv li - https://te.checkpoint.com/tecloud/api/v1/file/query). Tus yuam sij API tuaj yeem tau txais raws li daim ntawv tso cai sim rau 60 hnub los ntawm kev tiv tauj Check Point cov koom tes lossis lub tuam txhab lub chaw haujlwm hauv zos.
Ntawm cov khoom siv hauv zos, Kev Nyuaj Siab Extraction tseem tsis tau txais kev txhawb nqa raws li tus qauv. thiab yuav tsum tau siv (peb mam li tham txog nws kom ntxaws ntxiv nyob rau qhov kawg ntawm tsab xov xwm).
Cov khoom siv hauv zos tsis txhawb nqa daim ntawv thov.
Txwv tsis pub, tsis muaj qhov sib txawv ntawm kev thov rau cov khoom siv hauv zos thiab rau huab.
Upload API hu
Txoj kev siv - NCEJ
Hu chaw nyob - https:///tecloud/api/v1/file/upload
Qhov kev thov muaj ob ntu (cov ntaub ntawv-cov ntaub ntawv): cov ntaub ntawv npaj rau emulation / ntxuav thiab thov lub cev nrog cov ntawv.
Cov ntawv thov tsis tuaj yeem khoob, tab sis nws yuav tsis muaj kev teeb tsa. Txhawm rau kom qhov kev thov ua tiav, koj yuav tsum xa tsawg kawg cov ntawv hauv qab no hauv kev thov:
Yam tsawg kawg nkaus yuav tsum tau thov rau upload
HTTP POST
https:///tecloud/api/v1/file/upload
Headers:
Kev Tso Cai:
lub cev
{
"request": {
}
}
cov ntaub ntawv
cov ntaub ntawv
Nyob rau hauv cov ntaub ntawv no, cov ntaub ntawv yuav tsum tau ua raws li lub default parameters: tivthaiv - te, OS images - Yeej XP thiab Win 7, tsis tsim ib daim ntawv qhia.
Cov lus pom ntawm cov teb tseem ceeb hauv cov ntawv thov:
file_ npe ΠΈ file_type Koj tuaj yeem tso lawv dawb paug lossis tsis xa lawv tag nrho, vim qhov no tsis yog cov ntaub ntawv tseem ceeb thaum uploading cov ntaub ntawv. Hauv cov lus teb API, cov teb no yuav raug sau cia raws li lub npe ntawm cov ntaub ntawv rub tawm, thiab cov ntaub ntawv hauv cache tseem yuav tsum tau tshawb nrhiav siv md5/sha1/sha256 hash npaum li cas.
Piv txwv thov nrog khoob file_name thiab file_type
{
"request": {
"file_name": "",
"file_type": "",
}
}nta - ib daim ntawv teev npe uas qhia txog qhov tsim nyog ua haujlwm thaum ua haujlwm hauv sandbox - av (Anti-Virus), te (Threat Emulation), rho tawm (Thiab Extraction). Yog tias qhov ntsuas no tsis dhau tag nrho, ces tsuas yog lub neej ntawd tivthaiv yuav raug siv - te (Threat Emulation).
Txhawm rau txhawm rau txheeb xyuas peb yam khoom muaj, koj yuav tsum qhia cov khoom no hauv API thov.
Piv txwv ntawm kev thov nrog kev txheeb xyuas hauv av, te thiab rho tawm
{ "request": [
{
"sha256": {{sha256}},
"features": ["av", "te", "extraction"]
}
]
}Cov yuam sij hauv ntu ntu
dluab - ib daim ntawv teev cov phau ntawv txhais lus nrog id thiab hloov kho tus lej ntawm cov kev khiav hauj lwm uas yuav tau ua. IDs thiab cov xov tooj hloov kho yog tib yam rau txhua yam khoom siv hauv zos thiab huab.
Daim ntawv teev cov kev khiav hauj lwm systems thiab kev hloov kho
Muaj OS Image ID
kho nqi lus
Image OS thiab Application
e50e99f3-5963-4573-af9e-e3f4750b55e2
1
Microsoft lub qhov rais: XP - 32 ntsis SP3
chaw ua hauj lwm: 2003, 2007
Adobe Acrobat nyeem ntawv: 9.0
flash Player 9r115 ua ActiveX 10.0
Java Runtime: 1.6.0u22
7e6fe36e-889e-4c25-8704-56378f0830df
1
Microsoft lub qhov rais: 7-32 ib
chaw ua hauj lwm: 2003, 2007
Adobe Acrobat nyeem ntawv: 9.0
Flash Player: 10.2r152 (plugin& ActiveX)
Java Runtime: 1.6.0u0
8d188031-1010-4466-828b-0cd13d4303ff
1
Microsoft lub qhov rais: 7-32 ib
chaw ua hauj lwm: 2010
Adobe Acrobat nyeem ntawv: 9.4
Flash Player: 11.0.1.152 (plugin & ActiveX)
Java Runtime: 1.7.0u0
5e5de275-a103-4f67-b55b-47532918fa59
1
Microsoft lub qhov rais: 7-32 ib
chaw ua hauj lwm: 2013
Adobe Acrobat nyeem ntawv: 11.0
Flash Player: 15 (plugin & ActiveX)
Java Runtime: 1.7.0u9
3ff3ddae-e7fd-4969-818c-d5f1a2be336d
1
Microsoft lub qhov rais: 7-64 ib
chaw ua hauj lwm: 2013 (32 ntsis)
Adobe Acrobat nyeem ntawv: 11.0.01
Flash Player: 13 (plugin & ActiveX)
Java Runtime: 1.7.0u9
6c453c9b-20f7-471a-956c-3198a868dc92
1
Microsoft lub qhov rais: 8.1-64 ib
chaw ua hauj lwm: 2013 (64 ntsis)
Adobe Acrobat nyeem ntawv: 11.0.10
Flash Player: 18.0.0.160 (plugin & ActiveX)
Java Runtime: 1.7.0u9
10b4a9c6-e414-425c-ae8b-fe4dd7b25244
1
Microsoft lub qhov rais: 10
chaw ua hauj lwm: Professional Plus 2016 en-us
Adobe Acrobat nyeem ntawv: DC 2015 MUI
Flash Player: 20 (plugin & ActiveX)
Java Runtime: 1.7.0u9
Yog tias cov duab tseem ceeb tsis tau teev tseg, ces emulation yuav tshwm sim hauv cov duab pom zoo los ntawm Check Point (tam sim no Yeej XP thiab Yeej 7). Cov duab no raug pom zoo raws li kev txiav txim siab ntawm qhov zoo tshaj plaws sib npaug ntawm kev ua tau zoo thiab tus nqi ntes.
lus ceeb toom - ib daim ntawv teev cov ntawv ceeb toom uas peb thov yog tias cov ntaub ntawv hloov mus ua phem. Cov kev xaiv hauv qab no muaj:
-
Cov ntsiab lus - .tar.gz archive muaj ib daim ntawv qhia txog emulation los ntawm rau txhua tus thov dluab (ob leeg ib nplooj ntawv html thiab cov khoom xws li ib tug yees duab los ntawm lub emulator OS, ib tug network tsheb thauj khoom pov tseg, ib daim ntawv qhia nyob rau hauv json, thiab cov qauv nws tus kheej nyob rau hauv ib tug password-tiv thaiv archive). Peb tab tom nrhiav tus yuam sij hauv cov lus teb - summary_report rau tom qab rub tawm daim ntawv tshaj tawm.
-
pdf - ntaub ntawv hais txog emulation hauv ib duab, uas ntau tus neeg tau txais los ntawm Smart Console. Peb tab tom nrhiav tus yuam sij hauv cov lus teb - pdf_report rau tom qab rub tawm daim ntawv tshaj tawm.
-
xml - ntaub ntawv hais txog emulation hauv ib duab, yooj yim rau tom qab parsing ntawm tsis nyob rau hauv tsab ntawv ceeb toom. Peb tab tom nrhiav tus yuam sij hauv cov lus teb - xml_report rau tom qab rub tawm daim ntawv tshaj tawm.
-
tar - .tar.gz archive muaj ib daim ntawv qhia txog emulation hauv ib thov dluab (ob leeg ib nplooj ntawv html thiab cov khoom xws li ib tug yees duab los ntawm lub emulator OS, ib tug network tsheb thauj khoom pov tseg, ib daim ntawv qhia nyob rau hauv json, thiab cov qauv nws tus kheej nyob rau hauv ib tug password-tiv thaiv archive). Peb tab tom nrhiav tus yuam sij hauv cov lus teb - full_report rau tom qab rub tawm daim ntawv tshaj tawm.
Dab tsi yog nyob rau hauv daim ntawv qhia cov ntsiab lus
Cov yuam sij full_report, pdf_report, xml_report yog nyob rau hauv phau ntawv txhais lus rau txhua OS
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9e6f07d03b37db0d3902bde4e239687a9e3d650e8c368188c7095750e24ad2d5",
"file_type": "html",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "8d18067e-b24d-4103-8469-0117cd25eea9",
"pdf_report": "05848b2a-4cfd-494d-b949-6cfe15d0dc0b",
"xml_report": "ecb17c9d-8607-4904-af49-0970722dd5c8"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "d7c27012-8e0c-4c7e-8472-46cc895d9185",
"pdf_report": "488e850c-7c96-4da9-9bc9-7195506afe03",
"xml_report": "e5a3a78d-c8f0-4044-84c2-39dc80ddaea2"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Tab sis qhov summary_report key - muaj ib qho rau emulation feem ntau
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "d57eadb7b2f91eea66ea77a9e098d049c4ecebd5a4c70fb984688df08d1fa833",
"file_type": "exe",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "c9a1767b-741e-49da-996f-7d632296cf9f",
"xml_report": "cc4dbea9-518c-4e59-b6a3-4ea463ca384b"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "ba520713-8c0b-4672-a12f-0b4a1575b913",
"xml_report": "87bdb8ca-dc44-449d-a9ab-2d95e7fe2503"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"summary_report": "7e7db12d-5df6-4e14-85f3-2c1e29cd3e34",
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Koj tuaj yeem thov tar thiab xml thiab pdf cov ntaub ntawv nyob rau tib lub sijhawm, koj tuaj yeem thov cov ntsiab lus thiab tar thiab xml. Nws yuav tsis tuaj yeem thov daim ntawv qhia luv luv thiab pdf tib lub sijhawm.
Cov yuam sij hauv seem extraction
Txhawm rau tshem tawm kev hem thawj, tsuas yog siv ob lub yuam sij:
txoj kev - pdf (hloov mus rau pdf, siv los ntawm lub neej ntawd) lossis huv (ntxuav cov ntsiab lus nquag).
rho tawm_parts_codes - daim ntawv teev cov lis dej num tshem tawm cov ntsiab lus nquag, tsuas yog siv rau txoj kev huv
Codes rau tshem tawm cov ntsiab lus ntawm cov ntaub ntawv
Code
Hauj lwm
1025
Cov khoom txuas
1026
Macros thiab Code
1034
Sensitive Hyperlinks
1137
PDF GoToR Kev Ua Haujlwm
1139
PDF Launch Ua Haujlwm
1141
PDF URI Kev Ua Haujlwm
1142
PDF Sound Actions
1143
PDF Movie Ua
1150
PDF JavaScript Actions
1151
PDF Xa Daim Ntawv Ua Haujlwm
1018
Database Queries
1019
Embedded Objects
1021
Ceev ceev cov ntaub ntawv
1017
Custom Properties
1036
Statistics Properties
1037
Summary Properties
Txhawm rau rub tawm cov ntawv theej, koj tseem yuav tau ua cov lus nug (uas yuav tau tham hauv qab no) tom qab ob peb vib nas this, qhia qhov hash npaum li cas ntawm cov ntaub ntawv thiab cov khoom rho tawm hauv cov ntawv thov. Koj tuaj yeem khaws cov ntaub ntawv huv uas siv tus ID los ntawm cov lus teb rau cov lus nug - rho tawm_file_download_id. Ib zaug ntxiv, saib ua ntej me ntsis, kuv muab cov piv txwv ntawm kev thov thiab cov lus nug teb rau kev tshawb nrhiav tus id rau rub tawm cov ntaub ntawv tshem tawm.
Nug thov kom tshawb nrhiav tus yuam sij rho tawm_file_download_id
{ "request": [
{
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"features": ["extraction"] ,
"extraction": {
"method": "pdf"
}
}
]
}Teb rau cov lus nug (saib rau extracted_file_download_id key)
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"file_type": "",
"file_name": "",
"features": [
"extraction"
],
"extraction": {
"method": "pdf",
"extract_result": "CP_EXTRACT_RESULT_SUCCESS",
"extracted_file_download_id": "b5f2b34e-3603-4627-9e0e-54665a531ab2",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"time": "0.013",
"extract_content": "Macros and Code",
"extraction_data": {
"input_extension": "xls",
"input_real_extension": "xls",
"message": "OK",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"protection_name": "Potential malicious content extracted",
"protection_type": "Conversion to PDF",
"protocol_version": "1.0",
"risk": 5.0,
"scrub_activity": "Active content was found - XLS file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0.0,
"scrub_time": "0.013",
"scrubbed_content": "Macros and Code"
},
"tex_product": false,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Cov lus qhia dav dav
Hauv ib qho API hu, koj tuaj yeem xa ib daim ntawv nkaus xwb rau kev kuaj xyuas.
Cov av tivthaiv tsis tas yuav tsum muaj ntu ntxiv nrog cov yuam sij, nws txaus los qhia nws hauv phau ntawv txhais lus nta.
Query API hu
Txoj kev siv - NCEJ
Hu chaw nyob - https:///tecloud/api/v1/file/query
Ua ntej xa cov ntaub ntawv rub tawm (kev thov rub tawm), nws raug nquahu kom kuaj xyuas sandbox cache (kev nug thov) txhawm rau txhawm rau txhim kho cov khoom thauj ntawm API server, vim API server yuav muaj cov ntaub ntawv thiab kev txiav txim siab ntawm cov ntaub ntawv rub tawm. Kev hu tsuas yog ib feem ntawm cov ntawv nyeem. Qhov xav tau ntawm qhov kev thov yog sha1/sha256/md5 hash tus nqi ntawm cov ntaub ntawv. Los ntawm txoj kev, koj tuaj yeem tau txais nws hauv cov lus teb rau qhov kev thov upload.
Yam tsawg kawg yuav tsum tau nug
HTTP POST
https:///tecloud/api/v1/file/query
Headers:
Kev Tso Cai:
lub cev
{
"request": {
"sha256":
}
}
Ib qho piv txwv ntawm cov lus teb rau qhov kev thov upload, qhov twg sha1 / md5 / sha256 hash cov nyiaj tau pom
{
"response": {
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
},
"sha1": "954b5a851993d49ef8b2412b44f213153bfbdb32",
"md5": "ac29b7c26e7dcf6c6fdb13ac0efe98ec",
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "",
"file_name": "kp-20-doc.doc",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
}
}
}
}Cov lus nug thov, ntxiv rau tus lej hash, yuav tsum zoo ib yam li qhov kev thov upload yog (los yog npaj yuav ua), lossis txawm tias "twb" (muaj tsawg dua hauv cov lus nug ntau dua li hauv kev thov upload). Nyob rau hauv rooj plaub uas cov lus nug thov muaj ntau lub teb dua li nyob rau hauv qhov kev thov upload, koj yuav tsis tau txais tag nrho cov ntaub ntawv xav tau nyob rau hauv cov lus teb.
Ntawm no yog ib qho piv txwv ntawm cov lus teb rau cov lus nug uas tsis pom tag nrho cov ntaub ntawv xav tau
{
"response": [
{
"status": {
"code": 1006,
"label": "PARTIALLY_FOUND",
"message": "The request cannot be fully answered at this time."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te",
"extraction"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
},
"extraction": {
"method": "pdf",
"tex_product": false,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Ua tib zoo saib cov teb code ΠΈ daim ntawv lo. Cov teb no tshwm sim peb zaug hauv cov xwm txheej dictionaries. Ua ntej peb pom lub ntiaj teb tseem ceeb "code": 1006 thiab "label": "PARTIALLY_FOUND". Tom ntej no, cov yuam sij no tau pom rau txhua tus neeg uas peb tau thov - te thiab rho tawm. Thiab yog hais tias rau te nws yog tseeb hais tias cov ntaub ntawv tau raug pom, ces rau extraction yog tsis muaj ntaub ntawv.
Qhov no yog qhov lus nug zoo li rau qhov piv txwv saum toj no
{ "request": [
{
"sha256": {{sha256}},
"features": ["te", "extraction"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Yog tias koj xa cov lus nug uas tsis muaj cov khoom rho tawm
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Tom qab ntawd cov lus teb yuav muaj cov ntaub ntawv tiav ("code": 1001, "label": "FUND")
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Yog tias tsis muaj cov ntaub ntawv hauv cache txhua, ces cov lus teb yuav yog "label": "NOT_FOUND"
{
"response": [
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd91",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Hauv ib qho API hu, koj tuaj yeem xa ntau tus lej hash ib zaug rau kev txheeb xyuas. Cov lus teb yuav rov qab cov ntaub ntawv hauv tib qhov kev txiav txim raws li nws tau xa hauv qhov kev thov.
Piv txwv cov lus nug nrog ob peb tus lej sha256
{ "request": [
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81"
},
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82"
}
]
}Teb rau cov lus nug nrog ntau tus lej sha256
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81",
"file_type": "dll",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
},
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Kev thov ntau tus lej hash ib zaug hauv kev thov nug kuj tseem yuav muaj txiaj ntsig zoo rau kev ua haujlwm ntawm API server.
Download API hu
Txoj kev siv - NCEJ (raws li cov ntaub ntawv), TAU kuj tseem ua haujlwm (thiab tej zaum yuav zoo li ntau qhov laj thawj)
Hu chaw nyob - https:///tecloud/api/v1/file/download?id=
Lub header xav kom tus yuam sij API kom dhau, lub cev ntawm qhov kev thov yog khoob, tus lej download tau dhau los ntawm qhov chaw nyob URL.
Hauv kev teb rau cov lus nug, yog tias qhov kev ua tiav tiav thiab cov ntaub ntawv tau thov thaum rub tawm cov ntaub ntawv, tus ID rau rub tawm cov ntaub ntawv yuav pom. Yog tias thov kom tau daim ntawv theej huv, koj yuav tsum nrhiav tus ID txhawm rau rub tawm cov ntaub ntawv huv.
Hauv tag nrho, cov yuam sij hauv cov lus teb rau cov lus nug uas muaj tus nqi id rau kev thauj khoom tuaj yeem yog:
-
summary_report
-
full_report
-
pdf_report
-
xml_report
-
extracted_file_download_id
Tau kawg, txhawm rau kom tau txais cov yuam sij no teb rau cov lus nug, lawv yuav tsum tau teev nyob rau hauv daim ntawv thov (rau cov ntawv ceeb toom) lossis nco ntsoov ua daim ntawv thov uas siv cov haujlwm rho tawm (rau cov ntaub ntawv huv)
Quota API hu
Txoj kev siv - NCEJ
Hu chaw nyob - https:///tecloud/api/v1/file/quota
Txhawm rau txheeb xyuas cov quota seem hauv huab, siv cov lus nug quota. Lub cev thov yog khoob.
Piv txwv teb rau kev thov quota
{
"response": [
{
"remain_quota_hour": 1250,
"remain_quota_month": 10000000,
"assigned_quota_hour": 1250,
"assigned_quota_month": 10000000,
"hourly_quota_next_reset": "1599141600",
"monthly_quota_next_reset": "1601510400",
"quota_id": "TEST",
"cloud_monthly_quota_period_start": "1421712300",
"cloud_monthly_quota_usage_for_this_gw": 0,
"cloud_hourly_quota_usage_for_this_gw": 0,
"cloud_monthly_quota_usage_for_quota_id": 0,
"cloud_hourly_quota_usage_for_quota_id": 0,
"monthly_exceeded_quota": 0,
"hourly_exceeded_quota": 0,
"cloud_quota_max_allow_to_exceed_percentage": 1000,
"pod_time_gmt": "1599138715",
"quota_expiration": "0",
"action": "ALLOW"
}
]
}Kev Tiv Thaiv Kev Nyab Xeeb API rau Security Gateway
Qhov API no tau tsim ua ntej Kev Tiv Thaiv Kev Nyab Xeeb API thiab tsuas yog npaj rau cov khoom siv hauv zos xwb. Txog tam sim no nws tsuas tuaj yeem pab tau yog tias koj xav tau qhov Kev Nyuaj Siab Extraction API. Rau Kev Nyuaj Siab Emulation nws yog qhov zoo dua los siv qhov Kev Tiv Thaiv Kev Nyab Xeeb tsis tu ncua. tig rau TP API rau SG thiab teeb tsa tus yuam sij API koj yuav tsum ua raws li cov kauj ruam ntawm . Kuv pom zoo kom ua tib zoo saib rau qib 6b thiab tshawb xyuas qhov nkag tau ntawm nplooj ntawv https://<IPAddressofSecurityGateway>/UserCheck/TPAPI vim hais tias nyob rau hauv cov ntaub ntawv ntawm ib tug tsis zoo tshwm sim, ntxiv configuration tsis muaj kev nkag siab. Txhua qhov kev hu API yuav raug xa mus rau qhov url no. Hom hu (upload/query) yog tswj nyob rau hauv hu lub cev tseem ceeb β thov_npe. Tseem xav tau cov yuam sij - api_key (koj yuav tsum nco ntsoov nws thaum lub sijhawm teeb tsa) thiab raws tu qauv_version (tam sim no tam sim no version yog 1.1). Koj tuaj yeem nrhiav cov ntaub ntawv raug cai rau API no ntawm . Cov txheeb ze zoo muaj xws li muaj peev xwm xa ob peb cov ntaub ntawv ib zaug rau emulation thaum thauj lawv, txij li thaum cov ntaub ntawv raug xa mus ua ib txoj hlua base64. Txhawm rau encode / txiav txim siab cov ntaub ntawv rau / los ntawm base64 koj tuaj yeem siv lub converter online hauv Postman rau kev ua qauv qhia, piv txwv li - . Rau lub hom phiaj tswv yim, koj yuav tsum siv cov txheej txheem encode built-in thiab txiav txim siab thaum sau code.
Tam sim no cia peb saib ze dua ntawm cov haujlwm te ΠΈ kev rho tawm hauv API no.
Rau cov khoom siv te phau ntawv txhais lus muab te_options nyob rau hauv upload/query thov, thiab cov yuam sij nyob rau hauv qhov kev thov no tag nrho coincide nrog cov te yuam sij nyob rau hauv .
Piv txwv thov rau cov ntaub ntawv emulation hauv Win10 nrog cov ntawv ceeb toom
{
"request": [{
"protocol_version": "1.1",
"api_key": "<api_key>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "<filename>",
"te_options": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": ["summary", "xml"]
}
}
]
}Rau cov khoom siv kev rho tawm phau ntawv txhais lus muab scrub_options. Qhov kev thov no qhia txog txoj kev tu: hloov mus rau PDF, tshem tawm cov ntsiab lus tseem ceeb, lossis xaiv ib hom raws li Kev Tiv Thaiv Kev Nyab Xeeb (lub npe profile tau qhia). Qhov zoo tshaj plaws txog kev teb rau qhov kev thov rho tawm API rau cov ntaub ntawv yog tias koj tau txais ib daim ntawv theej hauv cov lus teb rau qhov kev thov ntawd raws li txoj hlua hauv paus 64 encrypted (koj tsis tas yuav ua cov lus nug thiab nrhiav tus id mus rub tawm. ntaub ntawv)
Piv txwv ntawm kev thov kom tshem cov ntaub ntawv
{
"request": [{
"protocol_version": "1.1",
"api_key": "<API_KEY>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "hi.txt",
"scrub_options": {
"scrub_method": 2
}
}]
}Teb rau qhov kev thov
{
"response": [{
"protocol_version": "1.1",
"src_ip": "<IP_ADDRESS>",
"scrub": {
"file_enc_data": "<base64_encoded_converted_to_PDF_file>",
"input_real_extension": "js",
"message": "OK",
"orig_file_url": "",
"output_file_name": "hi.cleaned.pdf",
"protection_name": "Extract potentially malicious content",
"protection_type": "Conversion to PDF",
"real_extension": "txt",
"risk": 0,
"scrub_activity": "TXT file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0,
"scrub_time": "0.011",
"scrubbed_content": ""
}
}]
} Txawm hais tias qhov tseeb tias qhov kev thov API tsawg dua yuav tsum tau txais daim ntawv theej, kuv pom qhov kev xaiv no tsis tshua nyiam thiab yooj yim dua li daim ntawv thov cov ntaub ntawv siv hauv .
Postman Collections
Kuv tsim cov ntawv sau hauv Postman rau ob qho Kev Tiv Thaiv Kev Nyuaj Siab API thiab Kev Tiv Thaiv Kev Nyuaj Siab API rau Kev Ruaj Ntseg Qhov Rooj, uas sawv cev rau qhov kev thov API feem ntau. Txhawm rau kom tus neeg rau zaub mov ip / url API thiab qhov tseem ceeb tau hloov pauv mus rau hauv kev thov, thiab sha256 hash tus nqi yuav tsum nco ntsoov tom qab rub tawm cov ntaub ntawv, peb qhov sib txawv tau tsim nyob rau hauv cov khoom sau (koj tuaj yeem pom lawv los ntawm kev mus rau qhov chaw sau. Kho kom raug -> Variables): te_api (yuav tsum tau), api_key (yuav tsum tau sau rau hauv, tshwj tsis yog thaum siv TP API nrog cov khoom siv hauv zos), sha256 (tso tseg, tsis siv hauv TP API rau SG).
Piv txwv ntawm kev siv
Hauv zej zog scripts sau nyob rau hauv Python tau nthuav tawm uas kos cov ntaub ntawv los ntawm cov ntaub ntawv xav tau ntawm , thiab . Los ntawm kev cuam tshuam nrog Kev Tiv Thaiv Kev Nyuaj Siab API, koj lub peev xwm luam theej duab cov ntaub ntawv tau nthuav dav, txij li tam sim no koj tuaj yeem luam theej duab cov ntaub ntawv hauv ntau lub platform ib zaug (xyuas hauv , thiab tom qab ntawd hauv Check Point sandbox), thiab tau txais cov ntaub ntawv tsis yog los ntawm kev siv network nkaus xwb, tab sis kuj coj lawv los ntawm txhua lub network drives thiab, piv txwv li, CRM systems.
Tau qhov twg los: www.hab.com