ãã®èšäºã¯ãã¯ãããžãŒã«ç²ŸéããŠãã人ã«ãšã£ãŠåœ¹ç«ã¡ãŸã ãã§ãã¯ãã€ã³ã ãã¡ã€ã«ãšãã¥ã¬ãŒã·ã§ã³ã«ãã(è
åšãšãã¥ã¬ãŒã·ã§ã³) ããã³ããã¢ã¯ãã£ããªãã¡ã€ã« ã¯ãªãŒãã³ã° (è
åšã®æœåº) ã§ããããããã®ã¿ã¹ã¯ã®èªååã«åããäžæ©ãèžã¿åºããããšèããŠããŸãã ãã§ãã¯ãã€ã³ãã¯
åºæ¬çãªç¥èª
Threat Prevention API ã¯ã次ã®ããã¹ãå€ãéã㊠API ã§åŒã³åºããã XNUMX ã€ã®äž»èŠã³ã³ããŒãã³ãã§åäœããŸãã
av â ãŠã€ã«ã¹å¯Ÿçã³ã³ããŒãã³ããæ¢ç¥ã®è åšã®ã·ã°ããã£åæãæ åœããŸãã
te - è åšãšãã¥ã¬ãŒã·ã§ã³ ã³ã³ããŒãã³ãããµã³ãããã¯ã¹å ã®ãã¡ã€ã«ããã§ãã¯ãããšãã¥ã¬ãŒã·ã§ã³åŸã«æªæããã/è¯æ§ã§ããããå€æããŸãã
æœåº - è åšæœåºã³ã³ããŒãã³ãããªãã£ã¹ææžãå®å šãªåœ¢åŒ (æœåšçã«æªæã®ããã³ã³ãã³ãããã¹ãŠåé€ããã) ã«è¿ éã«å€æããŠããŠãŒã¶ãŒ/ã·ã¹ãã ã«è¿ éã«é ä¿¡ããŸãã
API ã®æ§é ãšäž»ãªå¶éäºé
Threat Prevention APIã¯4ã€ã®ãªã¯ãšã¹ãã®ã¿ã䜿çšããŸã- ã¢ããããŒããã¯ãšãªãããŠã³ããŒããã¯ã©ãŒã¿ã XNUMX ã€ã®ãªã¯ãšã¹ããã¹ãŠã®ããããŒã§ããã©ã¡ãŒã¿ã䜿çšã㊠API ããŒãæž¡ãå¿
èŠããããŸãã æ¿èªã äžèŠãããšãæ§é ã¯ä»¥åãããã¯ããã«åçŽã«èŠãããããããŸããã
çŸæç¹ã§ã¯ãThreat Prevention API ã®å¯äžã®ããŒãžã§ã³ããªãªãŒã¹ãããŠããŸã - 1.0ãAPI åŒã³åºãã® URL ã«ã¯æ¬¡ã®ãã®ãå«ãŸããŠããå¿ èŠããããŸãã v1 ããŒãžã§ã³ãæå®ããå¿ èŠãããéšåã§ãã Management API ãšã¯ç°ãªããURL ã« API ããŒãžã§ã³ãæå®ããå¿ èŠããããŸããæå®ããªãå Žåããªã¯ãšã¹ãã¯å®è¡ãããŸããã
Anti-Virus ã³ã³ããŒãã³ãã¯ãä»ã®ã³ã³ããŒãã³ã (teãæœåº) ãªãã§åŒã³åºãããå ŽåãçŸåšãmd5 ããã·ã¥ ãµã ã䜿çšããã¯ãšãª ãªã¯ãšã¹ãã®ã¿ããµããŒãããŠããŸãã è åšãšãã¥ã¬ãŒã·ã§ã³ãšè åšæœåºã¯ãsha1 ããã³ sha256 ããã·ã¥ ãµã ããµããŒãããŸãã
ã¯ãšãªãééããªãããšãéåžžã«éèŠã§ãã ãªã¯ãšã¹ãã¯ãšã©ãŒãªãã§å®è¡ã§ããŸãããå®å šã«ã¯å®è¡ã§ããŸããã å°ãå ãèŠãŠãã¯ãšãªã«ãšã©ãŒãã¿ã€ããã¹ããã£ãå Žåã«äœãèµ·ããããèŠãŠã¿ãŸãããã
reports(reportss) ãšããåèªã®ã¿ã€ããã¹ã®ãããªã¯ãšã¹ã
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reportss: ["tar", "pdf", "xml"]
}
}
]
}
å¿çã«ãšã©ãŒã¯ãããŸããããã¬ããŒãã«é¢ããæ å ±ã¯ãŸã£ãããããŸããã
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}
ãã ããã¬ããŒãããŒã«ã¿ã€ããã¹ã®ãªããªã¯ãšã¹ãã®å Žå
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reports: ["tar", "pdf", "xml"]
}
}
]
}
ã¬ããŒããããŠã³ããŒãããããã® ID ããã§ã«å«ãŸããå¿çãåãåããŸã
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "b684066e-e41c-481a-a5b4-be43c27d8b65",
"pdf_report": "e48f14f1-bcc7-4776-b04b-1a0a09335115",
"xml_report": "d416d4a9-4b7c-4d6d-84b9-62545c588963"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}
ééã£ã/æéåãã® API ããŒãéä¿¡ãããšãå¿çãšã㊠403 ãšã©ãŒãè¿ãããŸãã
SandBlast API: ã¯ã©ãŠãããã³ããŒã«ã«ããã€ã¹äž
API ãªã¯ãšã¹ãã¯ãThreat Emulation ã³ã³ããŒãã³ã (ãã¬ãŒã) ãæå¹ã«ãªã£ãŠãã Check Point ããã€ã¹ã«éä¿¡ã§ããŸãã ãªã¯ãšã¹ãã®ã¢ãã¬ã¹ãšããŠãããã€ã¹ã® IP/URL ãšããŒã 18194 (äŸ: https://) ã䜿çšããå¿ èŠããããŸãã10.10.57.19:18194/tecloud/api/v1/file/query)ã ãŸããããã€ã¹ã®ã»ãã¥ãªã㣠ããªã·ãŒã§ãã®æ¥ç¶ãèš±å¯ãããŠããããšã確èªããå¿ èŠããããŸãã ããã©ã«ãã§ã¯ããŒã«ã«ããã€ã¹äžã® API ããŒã«ããèªèšŒ ãªã ãŸãããªã¯ãšã¹ã ããããŒå ã®èªèšŒããŒã¯ãŸã£ããéä¿¡ãããªãå¯èœæ§ããããŸãã
CheckPoint ã¯ã©ãŠããžã® API ãªã¯ãšã¹ãã¯ã次ã®å®å ã«éä¿¡ããå¿ èŠããããŸãã te.checkpoint.com (äŸ - https://te.checkpoint.com/tecloud/api/v1/file/query)ã API ããŒã¯ãCheck Point ããŒãããŒãŸãã¯äŒç€Ÿã®çŸå°ãªãã£ã¹ã«é£çµ¡ããããšã§ã60 æ¥éã®è©Šçšã©ã€ã»ã³ã¹ãšããŠååŸã§ããŸãã
ããŒã«ã« ããã€ã¹ã§ã¯ãè
åšæœåºã¯ãŸã æšæºãšããŠãµããŒããããŠããŸããã
ããŒã«ã« ããã€ã¹ã¯ã¯ã©ãŒã¿ ãªã¯ãšã¹ãããµããŒãããŠããŸããã
ãã以å€ã®å ŽåãããŒã«ã« ããã€ã¹ãžã®ãªã¯ãšã¹ããšã¯ã©ãŠããžã®ãªã¯ãšã¹ãã«éãã¯ãããŸããã
ã¢ããããŒã API åŒã³åºã
䜿çšãããæ¹æ³- POST
é»è©±çªå· - https:///tecloud/api/v1/ãã¡ã€ã«/ã¢ããããŒã
ãªã¯ãšã¹ãã¯ããšãã¥ã¬ãŒã·ã§ã³/ã¯ãªãŒãã³ã°çšã®ãã¡ã€ã«ãšããã¹ããå«ããªã¯ãšã¹ãæ¬æã® XNUMX ã€ã®éšå (ãã©ãŒã ããŒã¿) ã§æ§æãããŸãã
ããã¹ããªã¯ãšã¹ãã空ã«ããããšã¯ã§ããŸããããèšå®ãå«ããããšã¯ã§ããŸããã ãªã¯ãšã¹ããæåããã«ã¯ãå°ãªããšã次ã®ããã¹ãããªã¯ãšã¹ãã§éä¿¡ããå¿ èŠããããŸãã
ã¢ããããŒããªã¯ãšã¹ãã«æäœéå¿ èŠãªãã®
HTTPPOST
https:///tecloud/api/v1/ãã¡ã€ã«/ã¢ããããŒã
ããããŒïŒ
æ¿èªïŒ
ããã£
{
"ãªã¯ãšã¹ã"ïŒ {
}
}
File
File
ãã®å Žåããã¡ã€ã«ã¯ããã©ã«ãã®ãã©ã¡ãŒã¿ã«åŸã£ãŠåŠçãããŸã: ã³ã³ããŒãã³ã - teãOS ã€ã¡ãŒãž - Windows XP ããã³ Windows 7ãã¬ããŒããçæããã«ã
ããã¹ããªã¯ãšã¹ãã®äž»èŠãã£ãŒã«ãã«é¢ããã³ã¡ã³ã:
file_name О ãã¡ã€ã«ã®çš®é¡ ããã¯ãã¡ã€ã«ãã¢ããããŒããããšãã«ç¹ã«æçšãªæ å ±ã§ã¯ãªãããã空çœã®ãŸãŸã«ãããããŸã£ããéä¿¡ããªãããšãã§ããŸãã API å¿çã§ã¯ããããã®ãã£ãŒã«ãã¯ããŠã³ããŒãããããã¡ã€ã«ã®ååã«åºã¥ããŠèªåçã«å ¥åãããŸããããã£ãã·ã¥å ã®æ å ±ã¯åŒãç¶ã md5/sha1/sha256 ããã·ã¥éã䜿çšããŠæ€çŽ¢ããå¿ èŠããããŸãã
空㮠file_name ãš file_type ãå«ããªã¯ãšã¹ãã®äŸ
{
"request": {
"file_name": "",
"file_type": "",
}
}
æ©èœãäœ¿çš â ãµã³ãããã¯ã¹ã§åŠçãããšãã«å¿ èŠãªæ©èœã瀺ããªã¹ã - av (ãŠã€ã«ã¹å¯Ÿç)ãte (è åšãšãã¥ã¬ãŒã·ã§ã³)ãæœåº (è åšæœåº)ã ãã®ãã©ã¡ãŒã¿ããŸã£ããæž¡ãããªãå Žåã¯ãããã©ã«ãã®ã³ã³ããŒãã³ãã§ãã te (è åšãšãã¥ã¬ãŒã·ã§ã³) ã®ã¿ã䜿çšãããŸãã
XNUMX ã€ã®äœ¿çšå¯èœãªã³ã³ããŒãã³ãã®ãã§ãã¯ã€ã³ãæå¹ã«ããã«ã¯ãAPI ãªã¯ãšã¹ãã§ãããã®ã³ã³ããŒãã³ããæå®ããå¿ èŠããããŸãã
avãteãæœåºããã§ãã¯ã€ã³ãããªã¯ãšã¹ãã®äŸ
{ "request": [
{
"sha256": {{sha256}},
"features": ["av", "te", "extraction"]
}
]
}
ãã»ã¯ã·ã§ã³ã®ããŒ
ç»å â ãã§ãã¯ãå®è¡ããããªãã¬ãŒãã£ã³ã° ã·ã¹ãã ã® ID ãšãªããžã§ã³çªå·ãå«ãèŸæžãå«ããªã¹ãã ID ãšãªããžã§ã³çªå·ã¯ããã¹ãŠã®ããŒã«ã« ããã€ã¹ãšã¯ã©ãŠãã§åãã§ãã
ãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ãšãªããžã§ã³ã®ãªã¹ã
å©çšå¯èœãªOSã€ã¡ãŒãžID
ãªããžã§ã³
ç»åOSãšã¢ããªã±ãŒã·ã§ã³
e50e99f3-5963-4573-af9e-e3f4750b55e2
1
Microsoft Windowsã®ïŒXP - 32bit SP3
OfficeïŒ2003ã2007
Adobe Acrobat ReaderãïŒïŒïŒïŒ
Flash Playerã 9R115ãš ã¢ã¯ãã£ããšãã¯ã¹ 10.0
Java ã©ã³ã¿ã€ã : 1.6.0u22
7e6fe36e-889e-4c25-8704-56378f0830df
1
Microsoft Windowsã®ïŒ7ïœ32ããã
OfficeïŒ2003ã2007
Adobe Acrobat ReaderãïŒïŒïŒïŒ
ãã©ãã·ã¥ãã¬ãŒã€ãŒïŒ 10.2r152 (ãã©ã°ã€ã³& ã¢ã¯ãã£ããšãã¯ã¹)
Java ã©ã³ã¿ã€ã : 1.6.0u0
8d188031-1010-4466-828b-0cd13d4303ff
1
Microsoft Windowsã®ïŒ7ïœ32ããã
OfficeïŒïŒïŒïŒ
Adobe Acrobat ReaderãïŒïŒïŒïŒ
ãã©ãã·ã¥ãã¬ãŒã€ãŒïŒ 11.0.1.152ïŒãã©ã°ã€ã³ & ã¢ã¯ãã£ããšãã¯ã¹)
Java ã©ã³ã¿ã€ã : 1.7.0u0
5e5de275-a103-4f67-b55b-47532918fa59
1
Microsoft Windowsã®ïŒ7ïœ32ããã
OfficeïŒïŒïŒïŒ
Adobe Acrobat ReaderãïŒïŒïŒïŒ
ãã©ãã·ã¥ãã¬ãŒã€ãŒïŒ 15ïŒãã©ã°ã€ã³ & ã¢ã¯ãã£ããšãã¯ã¹)
Java ã©ã³ã¿ã€ã : 1.7.0u9
3ff3ddae-e7fd-4969-818c-d5f1a2be336d
1
Microsoft Windowsã®ïŒ7ïœ64ããã
Office: 2013 (32bit)
Adobe Acrobat ReaderãïŒïŒïŒïŒ
ãã©ãã·ã¥ãã¬ãŒã€ãŒïŒ 13ïŒãã©ã°ã€ã³ & ã¢ã¯ãã£ããšãã¯ã¹)
Java ã©ã³ã¿ã€ã : 1.7.0u9
6c453c9b-20f7-471a-956c-3198a868dc92
1
Microsoft Windowsã®ïŒ8.1ïœ64ããã
Office: 2013 (64bit)
Adobe Acrobat ReaderãïŒïŒïŒïŒ
ãã©ãã·ã¥ãã¬ãŒã€ãŒïŒ 18.0.0.160ïŒãã©ã°ã€ã³ & ã¢ã¯ãã£ããšãã¯ã¹)
Java ã©ã³ã¿ã€ã : 1.7.0u9
10b4a9c6-e414-425c-ae8b-fe4dd7b25244
1
Microsoft Windowsã®ïŒïŒïŒïŒ
Office: ãããã§ãã·ã§ãã« ãã©ã¹ 2016 ja-us
Adobe Acrobat Readerã: DC 2015 MUI
ãã©ãã·ã¥ãã¬ãŒã€ãŒïŒ 20ïŒãã©ã°ã€ã³ & ã¢ã¯ãã£ããšãã¯ã¹)
Java ã©ã³ã¿ã€ã : 1.7.0u9
ã€ã¡ãŒãž ããŒããŸã£ããæå®ãããŠããªãå Žåããšãã¥ã¬ãŒã·ã§ã³ã¯ Check Point ãæšå¥šããã€ã¡ãŒãž (çŸåšã¯ Win XP ããã³ Win 7) ã§è¡ãããŸãã ãããã®ç»åã¯ãããã©ãŒãã³ã¹ãšææçã®æé©ãªãã©ã³ã¹ãèæ ®ããŠæšå¥šãããŸãã
ã¬ããŒã â ãã¡ã€ã«ãæªæã®ãããã®ã§ããããšãå€æããå Žåã«èŠæ±ããã¬ããŒãã®ãªã¹ãã 次ã®ãªãã·ã§ã³ãå©çšå¯èœã§ãã
-
èŠçŽ - .tar.gz ã¢ãŒã«ã€ãã«ã¯ããšãã¥ã¬ãŒã·ã§ã³ã«é¢ããã¬ããŒããå«ãŸããŠããŸãã ãã¹ãŠ ãªã¯ãšã¹ããããã€ã¡ãŒãž (HTML ããŒãžãšããšãã¥ã¬ãŒã¿ OS ããã®ãããªããããã¯ãŒã¯ ãã©ãã£ã㯠ãã³ããJSON 圢åŒã®ã¬ããŒãããã¹ã¯ãŒãã§ä¿è·ãããã¢ãŒã«ã€ãå ã®ãµã³ãã«èªäœãªã©ã®ã³ã³ããŒãã³ãã®äž¡æ¹)ã ç§ãã¡ã¯çãã®éµãæ¢ããŠããŸã - æŠç¥å ±å åŸã§ã¬ããŒããããŠã³ããŒãããããã«äœ¿çšããŸãã
-
PDFãã¡ã€ã« - ã§ã®ãšãã¥ã¬ãŒã·ã§ã³ã«é¢ããããã¥ã¡ã³ã 1 ãã®ç»åã¯ãå€ãã®äººã Smart Console ãéããŠåãåãããšã«æ £ããŠããŸãã ç§ãã¡ã¯çãã®éµãæ¢ããŠããŸã - pdf_ã¬ããŒã åŸã§ã¬ããŒããããŠã³ããŒãããããã«äœ¿çšããŸãã
-
XML - ã§ã®ãšãã¥ã¬ãŒã·ã§ã³ã«é¢ããããã¥ã¡ã³ã 1 ç»åãã¬ããŒãå ã®ãã©ã¡ãŒã¿ãåŸã§è§£æããã®ã«äŸ¿å©ã§ãã ç§ãã¡ã¯çãã®éµãæ¢ããŠããŸã - xml_report åŸã§ã¬ããŒããããŠã³ããŒãããããã«äœ¿çšããŸãã
-
tar - ãšãã¥ã¬ãŒã·ã§ã³ã«é¢ããã¬ããŒããå«ã .tar.gz ã¢ãŒã«ã€ã 1 ãªã¯ãšã¹ããããã€ã¡ãŒãž (HTML ããŒãžãšããšãã¥ã¬ãŒã¿ OS ããã®ãããªããããã¯ãŒã¯ ãã©ãã£ã㯠ãã³ããJSON 圢åŒã®ã¬ããŒãããã¹ã¯ãŒãã§ä¿è·ãããã¢ãŒã«ã€ãå ã®ãµã³ãã«èªäœãªã©ã®ã³ã³ããŒãã³ãã®äž¡æ¹)ã ç§ãã¡ã¯çãã®éµãæ¢ããŠããŸã - ãã«ã¬ããŒã åŸã§ã¬ããŒããããŠã³ããŒãããããã«äœ¿çšããŸãã
æŠèŠã¬ããŒãã®å 容
ã㌠full_reportãpdf_reportãxml_report ã¯å OS ã®èŸæžã«ãããŸã
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9e6f07d03b37db0d3902bde4e239687a9e3d650e8c368188c7095750e24ad2d5",
"file_type": "html",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "8d18067e-b24d-4103-8469-0117cd25eea9",
"pdf_report": "05848b2a-4cfd-494d-b949-6cfe15d0dc0b",
"xml_report": "ecb17c9d-8607-4904-af49-0970722dd5c8"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "d7c27012-8e0c-4c7e-8472-46cc895d9185",
"pdf_report": "488e850c-7c96-4da9-9bc9-7195506afe03",
"xml_report": "e5a3a78d-c8f0-4044-84c2-39dc80ddaea2"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}
ãã ããsummary_report ã㌠- äžè¬ã«ãšãã¥ã¬ãŒã·ã§ã³çšã®ããŒããããŸã
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "d57eadb7b2f91eea66ea77a9e098d049c4ecebd5a4c70fb984688df08d1fa833",
"file_type": "exe",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "c9a1767b-741e-49da-996f-7d632296cf9f",
"xml_report": "cc4dbea9-518c-4e59-b6a3-4ea463ca384b"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "ba520713-8c0b-4672-a12f-0b4a1575b913",
"xml_report": "87bdb8ca-dc44-449d-a9ab-2d95e7fe2503"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"summary_report": "7e7db12d-5df6-4e14-85f3-2c1e29cd3e34",
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}
tarãxmlãããã³ pdf ã¬ããŒããåæã«ãªã¯ãšã¹ãããããæŠèŠãš tar ãš xml ããªã¯ãšã¹ããããã§ããŸãã æŠèŠã¬ããŒããšPDFãåæã«ãªã¯ãšã¹ãããããšã¯ã§ããŸããã
æœåºã»ã¯ã·ã§ã³ã®ããŒ
è åšã®æœåºã«ã¯ã次㮠XNUMX ã€ã®ããŒã®ã¿ã䜿çšãããŸãã
æ¹æ³ â pdf (pdf ã«å€æãããã©ã«ãã§äœ¿çš) ãŸã㯠clean (ã¢ã¯ãã£ããªã³ã³ãã³ããæ¶å»)ã
æœåºãããããŒãã³ãŒã - ã¢ã¯ãã£ã ã³ã³ãã³ããåé€ããããã®ã³ãŒãã®ãªã¹ããã¯ãªãŒã³ ã¡ãœããã«ã®ã¿é©çšãããŸãã
ãã¡ã€ã«ããã³ã³ãã³ããåé€ããã³ãŒã
Code
説æ
1025
ãªã³ã¯ããããªããžã§ã¯ã
1026
ãã¯ããšã³ãŒã
1034
æ©å¯æ§ã®é«ããã€ããŒãªã³ã¯
1137
PDF GoToR ã¢ã¯ã·ã§ã³
1139
PDF èµ·åã¢ã¯ã·ã§ã³
1141
PDF URI ã¢ã¯ã·ã§ã³
1142
PDF ã®ãµãŠã³ã ã¢ã¯ã·ã§ã³
1143
PDF ã ãŒããŒã®ã¢ã¯ã·ã§ã³
1150
PDF JavaScript ã¢ã¯ã·ã§ã³
1151
PDF éä¿¡ãã©ãŒã ã®ã¢ã¯ã·ã§ã³
1018
ããŒã¿ããŒã¹ã¯ãšãª
1019
åã蟌ã¿ãªããžã§ã¯ã
1021
é«éã»ãŒãããŒã¿
1017
ã«ã¹ã¿ã ããããã£
1036
çµ±èšããããã£
1037
æŠèŠããããã£
ã¯ãªãŒã³ãªã³ããŒãããŠã³ããŒãããã«ã¯ãæ°ç§åŸã«ã¯ãšãª ãªã¯ãšã¹ã (ããã«ã€ããŠã¯åŸè¿°ããŸã) ãäœæãããªã¯ãšã¹ã ããã¹ãã§ãã¡ã€ã«ã®ããã·ã¥éãšæœåºã³ã³ããŒãã³ããæå®ããå¿ èŠããããŸãã ã¯ãšãªã«å¯Ÿããå¿çã® ID (extracted_file_download_id) ã䜿çšããŠãã¯ãªãŒã³ã¢ããããããã¡ã€ã«ãéžæã§ããŸãã ããäžåºŠãå°ãå ãèŠæ®ããŠãã¯ãªã¢ãããããã¥ã¡ã³ããããŠã³ããŒãããããã® ID ãæ€çŽ¢ããããã®ãªã¯ãšã¹ããšã¯ãšãªå¿çã®äŸã瀺ããŸãã
extracted_file_download_id ããŒãæ€çŽ¢ããããã®ã¯ãšãª ãªã¯ãšã¹ã
{ "request": [
{
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"features": ["extraction"] ,
"extraction": {
"method": "pdf"
}
}
]
}
ã¯ãšãªãžã®å¿ç (extracted_file_download_id ããŒãæ¢ã)
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"file_type": "",
"file_name": "",
"features": [
"extraction"
],
"extraction": {
"method": "pdf",
"extract_result": "CP_EXTRACT_RESULT_SUCCESS",
"extracted_file_download_id": "b5f2b34e-3603-4627-9e0e-54665a531ab2",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"time": "0.013",
"extract_content": "Macros and Code",
"extraction_data": {
"input_extension": "xls",
"input_real_extension": "xls",
"message": "OK",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"protection_name": "Potential malicious content extracted",
"protection_type": "Conversion to PDF",
"protocol_version": "1.0",
"risk": 5.0,
"scrub_activity": "Active content was found - XLS file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0.0,
"scrub_time": "0.013",
"scrubbed_content": "Macros and Code"
},
"tex_product": false,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}
æŠèŠ
XNUMX åã® API åŒã³åºãã§ãæ€èšŒã®ããã«éä¿¡ã§ãããã¡ã€ã«ã¯ XNUMX ã€ã ãã§ãã
av ã³ã³ããŒãã³ãã«ã¯ããŒãå«ãè¿œå ã®ã»ã¯ã·ã§ã³ã¯å¿ èŠãããŸãããèŸæžã§æå®ããã ãã§ååã§ãã æ©èœã䜿çš.
ã¯ãšãªAPIåŒã³åºã
䜿çšãããæ¹æ³- POST
é»è©±çªå· - https:///tecloud/api/v1/ãã¡ã€ã«/ã¯ãšãª
API ãµãŒããŒã«ã¯ããŠã³ããŒãããããã¡ã€ã«ã«é¢ããæ å ±ãšå€å®ããã§ã«ååšããŠããå¯èœæ§ããããããããŠã³ããŒã (ã¢ããããŒã ãªã¯ãšã¹ã) ã®ããã«ãã¡ã€ã«ãéä¿¡ããåã«ãAPI ãµãŒããŒã®è² è·ãæé©åããããã«ãµã³ãããã¯ã¹ ãã£ãã·ã¥ (ã¯ãšãª ãªã¯ãšã¹ã) ããã§ãã¯ããããšããå§ãããŸãã é話ã¯ããã¹ãéšåã®ã¿ã§æ§æãããŸãã ãªã¯ãšã¹ãã®å¿ é éšåã¯ããã¡ã€ã«ã® sha1/sha256/md5 ããã·ã¥éã§ãã ã¡ãªã¿ã«ãã¢ããããŒããªã¯ãšã¹ãã«å¯Ÿããã¬ã¹ãã³ã¹ã§ååŸã§ããŸãã
ã¯ãšãªã«æäœéå¿ èŠãªãã®
HTTPPOST
https:///tecloud/api/v1/ãã¡ã€ã«/ã¯ãšãª
ããããŒïŒ
æ¿èªïŒ
ããã£
{
"ãªã¯ãšã¹ã"ïŒ {
"sha256":
}
}
ã¢ããããŒã ãªã¯ãšã¹ãã«å¯Ÿããå¿çã®äŸãsha1/md5/sha256 ããã·ã¥éã衚瀺ãããŸãã
{
"response": {
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
},
"sha1": "954b5a851993d49ef8b2412b44f213153bfbdb32",
"md5": "ac29b7c26e7dcf6c6fdb13ac0efe98ec",
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "",
"file_name": "kp-20-doc.doc",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
}
}
}
}
ããã·ã¥éã«å ããŠãã¯ãšãª ãªã¯ãšã¹ãã¯ãçæ³çã«ã¯ã¢ããããŒã ãªã¯ãšã¹ããšåãã§ãããããŸãã¯ããã§ã«ãåãã§ããå¿ èŠããããŸãïŒã¢ããããŒã ãªã¯ãšã¹ããããã¯ãšãª ãªã¯ãšã¹ãã«å«ãŸãããã£ãŒã«ããå°ãªãïŒã ã¯ãšãª ãªã¯ãšã¹ãã«ã¢ããããŒã ãªã¯ãšã¹ããããå€ãã®ãã£ãŒã«ããå«ãŸããŠããå Žåãå¿çã§å¿ èŠãªæ å ±ããã¹ãŠåãåãããšãã§ããŸããã
å¿ èŠãªããŒã¿ããã¹ãŠèŠã€ãããªãã£ãå Žåã®ã¯ãšãªãžã®å¿çã®äŸã次ã«ç€ºããŸãã
{
"response": [
{
"status": {
"code": 1006,
"label": "PARTIALLY_FOUND",
"message": "The request cannot be fully answered at this time."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te",
"extraction"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
},
"extraction": {
"method": "pdf",
"tex_product": false,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}
ãã£ãŒã«ãã«æ³šç®ããŠãã ãã ã³ãŒã О ã©ãã«ã ãããã®ãã£ãŒã«ãã¯ã¹ããŒã¿ã¹ ãã£ã¯ã·ã§ããªã« 1006 å衚瀺ãããŸãã ãŸããã°ããŒãã« ããŒã®ãã³ãŒãã: XNUMX ãšãã©ãã«ã: ãPARTIALLY_FOUNDãã衚瀺ãããŸãã 次ã«ããããã®ããŒã¯ãèŠæ±ããåã ã®ã³ã³ããŒãã³ã (te ãšæœåº) ããšã«èŠã€ãããŸãã ãããŠãããŒã¿ãèŠã€ãã£ãããšãæãããªå Žåãæœåºããããã®æ å ±ã¯ãããŸããã
äžèšã®äŸã®ã¯ãšãªã¯æ¬¡ã®ããã«ãªããŸãã
{ "request": [
{
"sha256": {{sha256}},
"features": ["te", "extraction"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}
æœåºã³ã³ããŒãã³ãã䜿çšããã«ã¯ãšãªãªã¯ãšã¹ããéä¿¡ããå Žå
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}
ãããããšãçãã«ã¯å®å šãªæ å ±ãå«ãŸããŸã (ãã³ãŒãã: 1001ããã©ãã«ã: ãFOUNDã)
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}
ãã£ãã·ã¥ã«æ å ±ããŸã£ãããªãå Žåãå¿çã¯ãlabelã:ãNOT_FOUNDãã«ãªããŸãã
{
"response": [
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd91",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}
XNUMX åã® API åŒã³åºãã§ãæ€èšŒã®ããã«è€æ°ã®ããã·ã¥éãäžåºŠã«éä¿¡ã§ããŸãã å¿çã¯ãèŠæ±ã§éä¿¡ãããã®ãšåãé åºã§ããŒã¿ãè¿ããŸãã
è€æ°ã® sha256 éãå«ãã¯ãšãª ãªã¯ãšã¹ãã®äŸ
{ "request": [
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81"
},
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82"
}
]
}
è€æ°ã® sha256 éé¡ãå«ãã¯ãšãªãžã®å¿ç
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81",
"file_type": "dll",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
},
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}
ã¯ãšãªãªã¯ãšã¹ãã§äžåºŠã«è€æ°ã®ããã·ã¥ãµã ããªã¯ãšã¹ãããããšããAPI ãµãŒããŒã®ããã©ãŒãã³ã¹ã«æçãªå¹æããããããŸãã
ããŠã³ããŒã API åŒã³åºã
䜿çšãããæ¹æ³- POST (ããã¥ã¡ã³ãã«ãããš)ã GET ãããæ©èœããŸãïŒããè«ççã«èŠãããããããŸããïŒ
é»è©±çªå· - https:///tecloud/api/v1/file/download?id=
ããããŒã«ã¯ API ããŒãæž¡ãå¿ èŠãããããªã¯ãšã¹ãã®æ¬æã¯ç©ºã§ãããŠã³ããŒã ID 㯠URL ã¢ãã¬ã¹ã§æž¡ãããŸãã
ã¯ãšãªèŠæ±ã«å¿ããŠããšãã¥ã¬ãŒã·ã§ã³ãå®äºãããã¡ã€ã«ã®ããŠã³ããŒãæã«ã¬ããŒããèŠæ±ãããå Žåãã¬ããŒããããŠã³ããŒãããããã® ID ã衚瀺ãããŸãã ã¯ãªãŒã³ãªã³ããŒãèŠæ±ãããå Žåã¯ãID ãæ€çŽ¢ããŠã¯ãªãŒã³ãªããã¥ã¡ã³ããããŠã³ããŒãããå¿ èŠããããŸãã
åèšãããšãèªã¿èŸŒã¿çšã® ID å€ãå«ãã¯ãšãªãžã®å¿çå ã®ããŒã¯æ¬¡ã®ããã«ãªããŸãã
-
æŠç¥å ±å
-
ãã«ã¬ããŒã
-
pdf_ã¬ããŒã
-
xml_report
-
æœåºããããã¡ã€ã«ã®ããŠã³ããŒã_id
ãã¡ãããã¯ãšãª ãªã¯ãšã¹ãã«å¿ããŠãããã®ããŒãåãåãã«ã¯ããªã¯ãšã¹ãã§ããŒãæå®ããã (ã¬ããŒãã®å Žå)ãæœåºé¢æ°ã䜿çšããŠãªã¯ãšã¹ããå¿ããã«äœæããå¿ èŠããããŸã (ã¯ãªãŒã³ãªããã¥ã¡ã³ãã®å Žå)ã
ã¯ã©ãŒã¿ API åŒã³åºã
䜿çšãããæ¹æ³- POST
é»è©±çªå· - https:///tecloud/api/v1/ãã¡ã€ã«/ã¯ã©ãŒã¿
ã¯ã©ãŠãå ã®æ®ãã®ã¯ã©ãŒã¿ã確èªããã«ã¯ãã¯ã©ãŒã¿ ã¯ãšãªã䜿çšããŸãã ãªã¯ãšã¹ãã®æ¬æã空ã§ãã
ã¯ã©ãŒã¿èŠæ±ã«å¯Ÿããå¿çã®äŸ
{
"response": [
{
"remain_quota_hour": 1250,
"remain_quota_month": 10000000,
"assigned_quota_hour": 1250,
"assigned_quota_month": 10000000,
"hourly_quota_next_reset": "1599141600",
"monthly_quota_next_reset": "1601510400",
"quota_id": "TEST",
"cloud_monthly_quota_period_start": "1421712300",
"cloud_monthly_quota_usage_for_this_gw": 0,
"cloud_hourly_quota_usage_for_this_gw": 0,
"cloud_monthly_quota_usage_for_quota_id": 0,
"cloud_hourly_quota_usage_for_quota_id": 0,
"monthly_exceeded_quota": 0,
"hourly_exceeded_quota": 0,
"cloud_quota_max_allow_to_exceed_percentage": 1000,
"pod_time_gmt": "1599138715",
"quota_expiration": "0",
"action": "ALLOW"
}
]
}
Security Gateway çšã®è åšé²åŸ¡ API
ãã® API ã¯ãThreat Prevention API ããåã«éçºãããããŒã«ã« ããã€ã¹ã®ã¿ã察象ãšããŠããŸãã çŸæç¹ã§ã¯ãè
åšæœåº API ãå¿
èŠãªå Žåã«ã®ã¿åœ¹ç«ã¡ãŸãã è
åšãšãã¥ã¬ãŒã·ã§ã³ã®å Žåã¯ãéåžžã®è
åšé²åŸ¡ API ã䜿çšããããšããå§ãããŸãã ã¹ã€ãããã€ãã SG åã TP API ã®æé ã«åŸãå¿
èŠããã API ããŒãèšå®ããŸãã
ã§ã¯ãæ©èœã詳ããèŠãŠã¿ãŸããã te О æœåº ãã® API ã§ã¯ã
ã³ã³ããŒãã³ãçš te èŸæžãã te_options ã¢ããããŒã/ã¯ãšãªãªã¯ãšã¹ãã®ããŒã¯ãã¢ããããŒã/ã¯ãšãªãªã¯ãšã¹ãã®ããŒãšå®å
šã«äžèŽããŸãã
Win10 ã§ã®ãã¡ã€ã« ãšãã¥ã¬ãŒã·ã§ã³ã®ãªã¯ãšã¹ããšã¬ããŒãã®äŸ
{
"request": [{
"protocol_version": "1.1",
"api_key": "<api_key>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "<filename>",
"te_options": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": ["summary", "xml"]
}
}
]
}
ã³ã³ããŒãã³ãçš æœåº èŸæžãã ã¹ã¯ã©ããªãã·ã§ã³ã ãã®ãªã¯ãšã¹ãã§ã¯ãã¯ãªãŒãã³ã°æ¹æ³ãæå®ããŸããPDF ãžã®å€æãã¢ã¯ãã£ã ã³ã³ãã³ãã®ã¯ãªã¢ããŸãã¯è åšå¯Ÿçãããã¡ã€ã« (ãããã¡ã€ã«åã瀺ãããŠããŸã) ã«åŸã£ãã¢ãŒãã®éžæã§ãã ãã¡ã€ã«ã®æœåº API ãªã¯ãšã¹ãã«å¿çããããšã®åªããç¹ã¯ããã®ãªã¯ãšã¹ããžã®å¿çã§ã¯ãªãŒã³ãªã³ããŒã Base64 æå·åæååãšããŠååŸã§ããããšã§ã (ã¯ãšãª ãªã¯ãšã¹ããäœæããŠããã¡ã€ã«ãããŠã³ããŒãããããã« ID ãæ€çŽ¢ããå¿ èŠã¯ãããŸãã)æžé¡ïŒ
ãã¡ã€ã«ãã¯ãªã¢ãããªã¯ãšã¹ãã®äŸ
{
"request": [{
"protocol_version": "1.1",
"api_key": "<API_KEY>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "hi.txt",
"scrub_options": {
"scrub_method": 2
}
}]
}
ãªã¯ãšã¹ãã«è¿ä¿¡ãã
{
"response": [{
"protocol_version": "1.1",
"src_ip": "<IP_ADDRESS>",
"scrub": {
"file_enc_data": "<base64_encoded_converted_to_PDF_file>",
"input_real_extension": "js",
"message": "OK",
"orig_file_url": "",
"output_file_name": "hi.cleaned.pdf",
"protection_name": "Extract potentially malicious content",
"protection_type": "Conversion to PDF",
"real_extension": "txt",
"risk": 0,
"scrub_activity": "TXT file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0,
"scrub_time": "0.011",
"scrubbed_content": ""
}
}]
}
ã¯ãªã¢ãããã³ããŒãååŸããããã«å¿
èŠãª API ãªã¯ãšã¹ãã®æ°ãå°ãªããšããäºå®ã«ããããããããã®ãªãã·ã§ã³ã¯ãã§äœ¿çšããããã©ãŒã ããŒã¿ ãªã¯ãšã¹ãããã奜ãŸãããªããå©äŸ¿æ§ãäœããšæããŸãã
éµäŸ¿é éå¡ã³ã¬ã¯ã·ã§ã³
Postman ã§ãæãäžè¬ç㪠API ãªã¯ãšã¹ããè¡šã Threat Prevention API ãš Security Gateway ã® Threat Prevention API ã®äž¡æ¹ã®ã³ã¬ã¯ã·ã§ã³ãäœæããŸããã ãµãŒããŒã® IP/URL API ãšããŒããªã¯ãšã¹ãã«èªåçã«çœ®ãæãããããã¡ã€ã«ã®ããŠã³ããŒãåŸã« sha256 ããã·ã¥éãèšæ¶ãããããã«ãã³ã¬ã¯ã·ã§ã³å ã« XNUMX ã€ã®å€æ°ãäœæãããŠããŸã (ã³ã¬ã¯ã·ã§ã³ã®èšå®ã«ç§»åãããšèŠã€ããããšãã§ããŸã)ç·šé -> å€æ°): te_api (å¿ é ), api_key (ããŒã«ã«ããã€ã¹ã§ TP API ã䜿çšããå Žåãé€ããå ¥åãå¿ èŠã§ã), sha256 (空ã®ãŸãŸã«ããŠãããŸããSG ã® TP API ã§ã¯äœ¿çšãããŸãã).
䜿çšäŸ
ã³ãã¥ããã£ã®äžã§
åºæïŒ habr.com