Ichi chinyorwa chichave chinobatsira kune avo vanoziva teknolojia Check Point nekutevedzera faira (Kutyisidzira Emulation) uye proactive faira kuchenesa (Threat Extraction) uye anoda kutora nhanho kuenda kune otomatiki aya mabasa. Check Point ine , iyo inomhanya zvese mugore uye pamidziyo yemuno, uye zvinoshanda zvakafanana nekutarisa mafaera muwebhu/smtp/ftp/smb/nfs traffic hova. Ichi chinyorwa chimwe chikamu chekududzira kwemunyori kweseti yezvinyorwa kubva kune zviri pamutemo zvinyorwa, asi zvichibva pane yangu yekushanda ruzivo uye yangu pachangu mienzaniso. Zvakare muchinyorwa iwe unowana munyori wePostman muunganidzwa wekushanda neiyo Threat Prevention API.
Basic mapfupiso
Iyo Threat Prevention API inoshanda nezvikamu zvitatu zvikuru, izvo zvinodaidzwa muAPI kuburikidza neanotevera mavara kukosha:
av -Anti-Virus chikamu, chine basa rekuongorora siginecha yekutyisidzira kunozivikanwa.
te -Kutyisidzira Emulation chikamu, chine basa rekutarisa mafaera mubhokisi rejecha, uye kuita mutongo wakashata / wakashata mushure mekutevedzera.
kuburitsa -Threat Extraction chikamu, chine mutoro wekukurumidza kushandura magwaro ehofisi kuita fomu yakachengeteka (umo umo zvese zvingangove zvakashata zvinobviswa zvinobviswa), kuitira kukurumidza kuendesa kune vashandisi / masisitimu.
API chimiro uye mipimo mikuru
Threat Prevention API inoshandisa zvikumbiro zvina chete - upload, bvunza, dhawunirodha uye quota. Mumusoro wezvikumbiro zvina iwe unofanirwa kupfuudza kiyi yeAPI uchishandisa parameter Mvumo. Pakutanga kuona, chimiro chinogona kutaridzika chakapfava kupfuura mukati , asi huwandu hweminda mukurodha uye kubvunza zvikumbiro uye chimiro chezvikumbiro izvi zvakaomarara. Izvi zvinogona kushanda zvichienzaniswa neThreat Prevention profiles mune gedhi / sandbox kuchengetedza mutemo.
Parizvino, iyo chete vhezheni yeThreat Prevention API yakaburitswa - 1.0; iyo URL yema API mafoni inofanira kusanganisira. v1 muchikamu chaunoda kutsanangura vhezheni. Kusiyana neManagement API, zvinodikanwa kuratidza iyo API vhezheni muURL, zvikasadaro chikumbiro hachizoitwa.
Iyo Anti-Virus chikamu, kana ichidanwa pasina zvimwe zvikamu (te, kuburitsa), parizvino inongotsigira zvikumbiro zvemubvunzo ine md5 hash sums. Kutyisidzira Emulation uye Kutyisidzira Kubvisa zvakare inotsigira sha1 uye sha256 hash sums.
Izvo zvakakosha kuti usaite zvikanganiso mumibvunzo! Chikumbiro chinogona kuitwa pasina kukanganisa, asi kwete zvachose. Tichitarisa kumberi zvishoma, ngatitarisei zvinogona kuitika kana paine zvikanganiso / typos mumibvunzo.
Kumbira ne typo ine izwi rekuti mishumo (mishumo)
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reportss: ["tar", "pdf", "xml"]
}
}
]
}Pachave pasina kukanganisa mumhinduro, asi panenge pasisina ruzivo nezvemishumo zvachose
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Asi kune chikumbiro pasina typo mukiyi yemishumo
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reports: ["tar", "pdf", "xml"]
}
}
]
}Isu tinogashira mhinduro inotova id yekudhawunirodha mareport
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "b684066e-e41c-481a-a5b4-be43c27d8b65",
"pdf_report": "e48f14f1-bcc7-4776-b04b-1a0a09335115",
"xml_report": "d416d4a9-4b7c-4d6d-84b9-62545c588963"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Kana tikatumira kiyi isiriyo/yakapera API kiyi, tinogashira kukanganisa kwe403 mukupindura.
SandBlast API: mugore uye pamidziyo yemuno
Zvikumbiro zveAPI zvinogona kutumirwa kuCheck Point zvishandiso zvine iyo Threat Emulation chikamu (blade) inogoneswa. Sekero yezvikumbiro, unofanirwa kushandisa ip/url yechishandiso uye port 18194 (semuenzaniso, https://10.10.57.19:18194/tecloud/api/v1/file/query). Iwe unofanirwawo kuve nechokwadi chekuti mutemo wekuchengetedza pane mudziyo unobvumira kubatana uku. Mvumo kuburikidza neAPI kiyi pamidziyo yemuno nekukasira off uye kiyi yeMvumo mumisoro yekukumbira inogona kusatumirwa zvachose.
Zvikumbiro zveAPI kuCheckPoint gore zvinofanirwa kutumirwa te.checkpoint.com (semuenzaniso - https://te.checkpoint.com/tecloud/api/v1/file/query). Iyo API kiyi inogona kuwanikwa serezinesi rekuyedza kwemazuva makumi matanhatu nekubata Check Point vadyidzani kana hofisi yekambani yemuno.
Pamidziyo yemuno, Threat Extraction haisati yatsigirwa seyakajairwa. uye inofanira kushandiswa (tichataura nezvazvo zvakadzama pamagumo echinyorwa).
Midziyo yemuno haitsigire chikumbiro chemugove.
Zvikasadaro, hapana misiyano pakati pezvikumbiro kumidziyo yemuno uye kune gore.
Isa API call
Nzira yakashandiswa - POST
Call address - https:///tecloud/api/v1/file/upload
Chikumbiro chine zvikamu zviviri (fomu-data): faira rakagadzirirwa kutevedzera / kuchenesa uye muviri wekukumbira une zvinyorwa.
Chikumbiro chemavara hachigone kuve chisina chinhu, asi chinogona kunge chisine chero zvigadziriso. Kuti chikumbiro chibudirire, unofanirwa kutumira zvinyorwa zvinotevera muchikumbiro:
Zvishoma zvinodikanwa pakurodha chikumbiro
HTTP POST
https:///tecloud/api/v1/file/upload
Musoro:
Chiremera:
muviri
{
"chikumbiro": {
}
}
faira
faira
Muchiitiko ichi, iyo faira ichagadziriswa zvinoenderana neyakagadzika paramita: chikamu - te, OS mifananidzo - Win XP uye Win 7, pasina kubudisa mushumo.
Maonero pandima huru muchikumbiro chemavara:
faira_name ΠΈ file_type Unogona kuvasiya vasina kana kumbovatumira zvachose, sezvo iri risiri iro ruzivo rwakakosha kana uchiisa faira. Mumhinduro yeAPI, minda iyi ichazadzwa otomatiki zvichibva pazita refaira rakatorwa, uye ruzivo rwuri mucache ruchatofanira kutsvaga uchishandisa md5/sha1/sha256 hash huwandu.
Muenzaniso chikumbiro chine isina chinhu file_name uye file_type
{
"request": {
"file_name": "",
"file_type": "",
}
}zvinhu - runyoro runoratidza mashandiro anodiwa pakugadziriswa mubhokisi rejecha - av (Anti-Virus), te (Threat Emulation), kudhirowa (Threat Extraction). Kana iyi parameter isina kupfuudzwa zvachose, ipapo chete chikamu chakasarudzika chichashandiswa - te (Threat Emulation).
Kuti ugone kugonesa kutarisa muzvikamu zvitatu zviripo, unofanirwa kutsanangura zvikamu izvi muchikumbiro cheAPI.
Muenzaniso wechikumbiro nekutarisa mukati av, te uye kuburitsa
{ "request": [
{
"sha256": {{sha256}},
"features": ["av", "te", "extraction"]
}
]
}Makiyi muchikamu che
mifananidzo - rondedzero ine dictionaries ine id uye yekudzokorora nhamba yeanoshanda masisitimu umo cheki ichaitwa. ID uye nhamba dzekudzokorora zvakafanana kune ese maturusi emuno uye gore.
Rondedzero yeanoshanda masisitimu uye kudzokorora
Inowanikwa OS Image ID
dzokororo
Image OS uye Application
e50e99f3-5963-4573-af9e-e3f4750b55e2
1
Microsoft Windows: XP - 32bit SP3
hofisi: 2003, 2007
Adobe Acrobat Reader: 9.0
mbaravara Player 9r115 uye ActiveX 10.0
Java Runtime: 1.6.0u22
7e6fe36e-889e-4c25-8704-56378f0830df
1
Microsoft Windows: 7 - 32bit
hofisi: 2003, 2007
Adobe Acrobat Reader: 9.0
Flash Player: 10.2r152 (Bairira& ActiveX)
Java Runtime: 1.6.0u0
8d188031-1010-4466-828b-0cd13d4303ff
1
Microsoft Windows: 7 - 32bit
hofisi: 2010
Adobe Acrobat Reader: 9.4
Flash Player: 11.0.1.152 (Bairira & ActiveX)
Java Runtime: 1.7.0u0
5e5de275-a103-4f67-b55b-47532918fa59
1
Microsoft Windows: 7 - 32bit
hofisi: 2013
Adobe Acrobat Reader: 11.0
Flash Player: 15 (Bairira & ActiveX)
Java Runtime: 1.7.0u9
3ff3ddae-e7fd-4969-818c-d5f1a2be336d
1
Microsoft Windows: 7 - 64bit
hofisi: 2013 (32bit)
Adobe Acrobat Reader: 11.0.01
Flash Player: 13 (Bairira & ActiveX)
Java Runtime: 1.7.0u9
6c453c9b-20f7-471a-956c-3198a868dc92
1
Microsoft Windows: 8.1 - 64bit
hofisi: 2013 (64bit)
Adobe Acrobat Reader: 11.0.10
Flash Player: 18.0.0.160 (Bairira & ActiveX)
Java Runtime: 1.7.0u9
10b4a9c6-e414-425c-ae8b-fe4dd7b25244
1
Microsoft Windows: 10
hofisi: Professional Plus 2016 en-us
Adobe Acrobat Reader: DC 2015 MUI
Flash Player: 20 (Bairira & ActiveX)
Java Runtime: 1.7.0u9
Kana iyo kiyi yemifananidzo isina kutaurwa zvachose, kutevedzera kuchaitika mumifananidzo inokurudzirwa neCheck Point (ikozvino Win XP uye Win 7). Iyi mifananidzo inokurudzirwa zvichibva pakufunga nezve yakanakisa chiyero chekuita uye chiyero chekubata.
mishumo - runyorwa rwemishumo yatinokumbira kana faira rikava rakashata. Izvi zvinotevera zvingasarudzwa zviripo:
-
pfupiso - .tar.gz dura renhoroondo rine mushumo wekutevedzera na kune vose yakakumbira mifananidzo (zvese zviri zviviri peji rehtml uye zvikamu zvakaita sevhidhiyo kubva kune emulator OS, network tramp dump, report mujson, uye sampuli pachayo mune password-yakachengetedzwa archive). Tiri kutsvaga kiyi mumhinduro - summary_report kuitira kudhaunirodwa kunotevera kwerepoti.
-
PDF - gwaro nezve emulation mukati Poshi mufananidzo, uyo vazhinji vakajaira kugamuchira kuburikidza neSmart Console. Tiri kutsvaga kiyi mumhinduro - pdf_report kuitira kudhaunirodwa kunotevera kwerepoti.
-
XML - gwaro nezve emulation mukati Poshi mufananidzo, wakanakira kuteedzera kutevedzana kwema paramita mumushumo. Tiri kutsvaga kiyi mumhinduro - xml_report kuitira kudhaunirodwa kunotevera kwerepoti.
-
tar - .tar.gz dura rine mushumo wekutevedzera mukati Poshi yakakumbira mifananidzo (zvese zviri zviviri peji rehtml uye zvikamu zvakaita sevhidhiyo kubva kune emulator OS, network tramp dump, report mujson, uye sampuli pachayo mune password-yakachengetedzwa archive). Tiri kutsvaga kiyi mumhinduro - full_report kuitira kudhaunirodwa kunotevera kwerepoti.
Chii chiri mukati memushumo wepfupiso
Makiyi akazara_report, pdf_report, xml_report ari muduramazwi reOs yega yega
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9e6f07d03b37db0d3902bde4e239687a9e3d650e8c368188c7095750e24ad2d5",
"file_type": "html",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "8d18067e-b24d-4103-8469-0117cd25eea9",
"pdf_report": "05848b2a-4cfd-494d-b949-6cfe15d0dc0b",
"xml_report": "ecb17c9d-8607-4904-af49-0970722dd5c8"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "d7c27012-8e0c-4c7e-8472-46cc895d9185",
"pdf_report": "488e850c-7c96-4da9-9bc9-7195506afe03",
"xml_report": "e5a3a78d-c8f0-4044-84c2-39dc80ddaea2"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Asi iyo summary_report kiyi - pane imwe yekuteedzera zvakazara
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "d57eadb7b2f91eea66ea77a9e098d049c4ecebd5a4c70fb984688df08d1fa833",
"file_type": "exe",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "c9a1767b-741e-49da-996f-7d632296cf9f",
"xml_report": "cc4dbea9-518c-4e59-b6a3-4ea463ca384b"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "ba520713-8c0b-4672-a12f-0b4a1575b913",
"xml_report": "87bdb8ca-dc44-449d-a9ab-2d95e7fe2503"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"summary_report": "7e7db12d-5df6-4e14-85f3-2c1e29cd3e34",
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Unogona kukumbira tar uye xml uye pdf mishumo panguva imwe chete, unogona kukumbira pfupiso uye tar uye xml. Hazvizogoneke kukumbira pfupiso mushumo uye pdf panguva imwe chete.
Makiyi muchikamu chekuburitsa
Kubvisa kutyisidzira, makiyi maviri chete anoshandiswa:
nzira - pdf (shandura kupdf, inoshandiswa neyakagadzika) kana kuchenesa (kuchenesa zvinoshanda).
akatorwa_zvikamu_makodhi - rondedzero yemakodhi ekubvisa anoshanda zvemukati, anoshanda chete kune yakachena nzira
Macode ekubvisa zvirimo mumafaira
kodhi
tsananguro
1025
Zvinobatanidzwa Zvinhu
1026
Macros uye Code
1034
Sensitive Hyperlinks
1137
PDF GoToR Actions
1139
PDF Launch Actions
1141
PDF URI Actions
1142
PDF Sound Actions
1143
Sravana Sameeralu Serial XNUMXth Movie Actions
1150
PDF JavaScript Zviito
1151
PDF Tumira Fomu Zviito
1018
Dhatabhesi Mibvunzo
1019
Embedded Objects
1021
Fast Sevha Data
1017
Custom Properties
1036
Statistics Properties
1037
Summary Properties
Kuti utore kopi yakacheneswa, iwe zvakare uchafanirwa kuita chikumbiro chemubvunzo (iyo ichakurukurwa pazasi) mushure memasekondi mashoma, uchitsanangura huwandu hwehashi hwefaira uye chikamu chekubvisa murugwaro rwekukumbira. Unogona kutora faira rakacheneswa uchishandisa id kubva mumhinduro kumubvunzo - yakatorwa_file_download_id. Zvakare, ndichitarisa kumberi zvishoma, ndinopa mienzaniso yekukumbira uye mhinduro yemubvunzo yekutsvaga id yekurodha gwaro rakacheneswa.
Chikumbiro chekutsvaga kiyi yakatorwa_file_download_id
{ "request": [
{
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"features": ["extraction"] ,
"extraction": {
"method": "pdf"
}
}
]
}Mhinduro kumubvunzo (tsvaga yakatorwa_file_download_id kiyi)
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"file_type": "",
"file_name": "",
"features": [
"extraction"
],
"extraction": {
"method": "pdf",
"extract_result": "CP_EXTRACT_RESULT_SUCCESS",
"extracted_file_download_id": "b5f2b34e-3603-4627-9e0e-54665a531ab2",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"time": "0.013",
"extract_content": "Macros and Code",
"extraction_data": {
"input_extension": "xls",
"input_real_extension": "xls",
"message": "OK",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"protection_name": "Potential malicious content extracted",
"protection_type": "Conversion to PDF",
"protocol_version": "1.0",
"risk": 5.0,
"scrub_activity": "Active content was found - XLS file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0.0,
"scrub_time": "0.013",
"scrubbed_content": "Macros and Code"
},
"tex_product": false,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}General information
Mune imwe API kufona, unogona kutumira faira rimwe chete kuti rionekwe.
Chikamu che av hachidi chimwe chikamu chine makiyi, chinokwana kutsanangura muduramazwi zvinhu.
Query API call
Nzira yakashandiswa - POST
Call address - https:///tecloud/api/v1/file/query
Usati watumira faira yekurodha (kurodha chikumbiro), zvinokurudzirwa kutarisa sandbox cache (mubvunzo chikumbiro) kuitira kukwidziridza mutoro pane API server, sezvo sevha yeAPI ingangove iine ruzivo uye mutongo pane yakatorwa faira. Kufona kunongova nechikamu chemavara. Chikamu chinodiwa chechikumbiro ndeye sha1/sha256/md5 hash huwandu hwefaira. Nenzira, iwe unogona kuiwana mumhinduro kune chikumbiro chekuisa.
Zvishoma zvinodiwa pakubvunza
HTTP POST
https:///tecloud/api/v1/file/query
Musoro:
Chiremera:
muviri
{
"chikumbiro": {
"sha256":
}
}
Muenzaniso wemhinduro kune chikumbiro chekurodha, uko sha1/md5/sha256 hash huwandu hunoonekwa
{
"response": {
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
},
"sha1": "954b5a851993d49ef8b2412b44f213153bfbdb32",
"md5": "ac29b7c26e7dcf6c6fdb13ac0efe98ec",
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "",
"file_name": "kp-20-doc.doc",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
}
}
}
}Chikumbiro chemubvunzo, kuwedzera kuhuwandu hwehashi, inofanirwa kunge yakafanana neyaive chikumbiro chaive (kana chakarongerwa kuve), kana kunyange "chatove" (chine minda mishoma muchikumbiro chemubvunzo pane mukukumbira kurodha). Muchiitiko apo chikumbiro chemubvunzo chine minda yakawanda kupfuura yaive muchikumbiro chekutumira, haugamuchire ruzivo rwese rwunodiwa mumhinduro.
Heino muenzaniso wemhinduro kumubvunzo uko isiri yese data inodiwa yakawanikwa
{
"response": [
{
"status": {
"code": 1006,
"label": "PARTIALLY_FOUND",
"message": "The request cannot be fully answered at this time."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te",
"extraction"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
},
"extraction": {
"method": "pdf",
"tex_product": false,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Chenjerera kuminda kodhi ΠΈ chitaridzi. Iyi ndima inooneka katatu mumaduramazwi emamiriro. Kutanga tinoona kiyi yepasi rose "code": 1006 uye "label": "PARTIALLY_FOUND". Tevere, makiyi aya anowanikwa kune yega yega chikamu chatakakumbira - te uye kudhirowa. Uye kana nokuda kwe te zviri pachena kuti data yakawanikwa, saka pakubvisa hapana ruzivo.
Izvi ndizvo zvakaita mubvunzo wemubvunzo uri pamusoro
{ "request": [
{
"sha256": {{sha256}},
"features": ["te", "extraction"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Kana iwe ukatumira chikumbiro chemubvunzo pasina chikamu chekubvisa
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Ipapo mhinduro ichange iine ruzivo rwakakwana ("code": 1001, "label": "WAWAKA")
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Kana pasina ruzivo mu cache zvachose, ipapo mhinduro ichava "label": "HAISVIKI"
{
"response": [
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd91",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Mune imwe API yekufona, unogona kutumira akati wandei hashi kamwechete kuti uonekwe. Mhinduro yacho ichadzorera data nenzira imwechete sezvayakatumirwa mukukumbira.
Muenzaniso chikumbiro chemubvunzo ine akati wandei sha256 mari
{ "request": [
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81"
},
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82"
}
]
}Mhinduro kumubvunzo ine akawanda sha256 huwandu
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81",
"file_type": "dll",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
},
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Kukumbira akati wandei hash sums kamwechete muchikumbiro chemubvunzo kuchavawo nemhedzisiro inobatsira pakuita kweiyo API server.
Dhaunirodha API call
Nzira yakashandiswa - POST (maererano nezvinyorwa), WANA inoshandawo (uye inogona kuita seine musoro)
Call address - https:///tecloud/api/v1/file/download?id=
Musoro unoda kiyi yeAPI kuti ipfuure, muviri wechikumbiro hauna chinhu, id yekurodha inopfuudzwa mukero yeURL.
Mukupindura kuchikumbiro chemubvunzo, kana kutevedzera kwapera uye mishumo yakakumbirwa pakurodha faira, id yekurodha mishumo ichaonekwa. Kana kopi yakacheneswa ikakumbirwa, unofanirwa kutsvaga id kuti utore gwaro rakacheneswa.
Pakazara, makiyi mumhinduro kumubvunzo une iyo id kukosha kwekurodha anogona kuve:
-
summary_report
-
full_report
-
pdf_report
-
xml_report
-
extracted_file_download_id
Ehe, kuti ugamuchire makiyi aya mukupindura chikumbiro chemubvunzo, anofanirwa kutsanangurwa muchikumbiro (chemishumo) kana kuyeuka kuita chikumbiro uchishandisa iyo yekubvisa basa (yezvinyorwa zvakacheneswa)
Quota API call
Nzira yakashandiswa - POST
Call address - https:///tecloud/api/v1/file/quota
Kuti utarise chikamu chasara mugore, shandisa quota query. Mutumbi wekukumbira hauna chinhu.
Muenzaniso mhinduro kune chikumbiro che quota
{
"response": [
{
"remain_quota_hour": 1250,
"remain_quota_month": 10000000,
"assigned_quota_hour": 1250,
"assigned_quota_month": 10000000,
"hourly_quota_next_reset": "1599141600",
"monthly_quota_next_reset": "1601510400",
"quota_id": "TEST",
"cloud_monthly_quota_period_start": "1421712300",
"cloud_monthly_quota_usage_for_this_gw": 0,
"cloud_hourly_quota_usage_for_this_gw": 0,
"cloud_monthly_quota_usage_for_quota_id": 0,
"cloud_hourly_quota_usage_for_quota_id": 0,
"monthly_exceeded_quota": 0,
"hourly_exceeded_quota": 0,
"cloud_quota_max_allow_to_exceed_percentage": 1000,
"pod_time_gmt": "1599138715",
"quota_expiration": "0",
"action": "ALLOW"
}
]
}Threat Prevention API yeSecurity Gateway
Iyi API yakagadzirwa pamberi peThreat Prevention API uye inoitirwa chete zvishandiso zvemuno. Parizvino inogona kubatsira chete kana iwe uchida Threat Extraction API. Kune Kutyisidzira Emulation zviri nani kushandisa yakajairika Threat Prevention API. Kubatidza TP API yeSG uye gadzirisa kiyi yeAPI yaunoda kutevedzera matanho kubva . Ini ndinokurudzira kuterera nhanho 6b uye kutarisa kuwanikwa kwepeji https://<IPAddressofSecurityGateway>/UserCheck/TPAPI nekuti kana paine mhedzisiro yakaipa, kumwe kugadziridza hakuna musoro. Ese maAPI mafoni achatumirwa kune iyi url. Mhando yekufona (upload/query) inodzorwa mukiyi yemuviri wekufona - request_name. Makiyi anodiwawo ndiwo - api_key (iwe unofanirwa kuzviyeuka panguva yekugadzirisa) uye protocol_version (ikozvino shanduro ndeye 1.1). Unogona kuwana zvinyorwa zvepamutemo zveAPI iyi pa . Mabhenefiti ehukama anosanganisira kugona kutumira akati wandei mafaera kamwechete kuti emulation kana uchiaisa, sezvo mafaera anotumirwa se base64 text tambo. Kuti encode/decode mafaera kuenda/kubva pabase64 unogona kushandisa online converter muPostman nezvinangwa zvekuratidzira, semuenzaniso - . Nezvinangwa zvinoshanda, iwe unofanirwa kushandisa yakavakirwa-mukati encode uye decode nzira paunenge uchinyora kodhi.
Zvino ngatitarisei zvakanyanya pamabasa te ΠΈ kuburitsa mune iyi API.
Yechikamu te duramazwi rakapihwa te_options mukurodha/mubvunzo zvikumbiro, uye makiyi muchikumbiro ichi anonyatsoenderana nemakiyi emu .
Muenzaniso chikumbiro chekutevedzera faira muWin10 nemishumo
{
"request": [{
"protocol_version": "1.1",
"api_key": "<api_key>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "<filename>",
"te_options": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": ["summary", "xml"]
}
}
]
}Yechikamu kuburitsa duramazwi rakapihwa scrub_options. Ichi chikumbiro chinotsanangudza nzira yekuchenesa: shandura kuPDF, jekesa inoshanda zvirimo, kana sarudza modhi inoenderana neThreat Prevention mbiri (zita rezita rinoratidzwa). Chinhu chikuru pamusoro pekupindura chikumbiro che API chekutora faira ndechekuti iwe unowana kopi yakacheneswa mumhinduro yechikumbiro ichocho se base64 yakavharidzirwa tambo (haufanire kuita chikumbiro chemubvunzo uye tarisa kumusoro id kuti utore pasi. gwaro)
Muenzaniso wechikumbiro chekuchenesa faira
{
"request": [{
"protocol_version": "1.1",
"api_key": "<API_KEY>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "hi.txt",
"scrub_options": {
"scrub_method": 2
}
}]
}Pindura kuchikumbiro
{
"response": [{
"protocol_version": "1.1",
"src_ip": "<IP_ADDRESS>",
"scrub": {
"file_enc_data": "<base64_encoded_converted_to_PDF_file>",
"input_real_extension": "js",
"message": "OK",
"orig_file_url": "",
"output_file_name": "hi.cleaned.pdf",
"protection_name": "Extract potentially malicious content",
"protection_type": "Conversion to PDF",
"real_extension": "txt",
"risk": 0,
"scrub_activity": "TXT file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0,
"scrub_time": "0.011",
"scrubbed_content": ""
}
}]
} Kunyangwe chokwadi chekuti zvikumbiro zvishoma zveAPI zvinodikanwa kuti uwane kopi yakacheneswa, ndinoona iyi sarudzo isingakodzeri uye iri nyore pane iyo fomu-data chikumbiro chinoshandiswa mukati. .
Postman Collections
Ini ndakagadzira kuunganidzwa muPostman kune ese ari maviri Threat Prevention API uye Threat Prevention API yeSecurity Gateway, iyo inomiririra yakajairika zvikumbiro zveAPI. Kuitira kuti server ip/url API uye kiyi ishandurwe otomatiki muzvikumbiro, uye iyo sha256 hash huwandu hwekuyeukwa mushure mekudhawunirodha faira, matatu akasiyana akagadzirwa mukati mezviunganidzwa (unogona kuzviwana nekuenda kunzvimbo dzekuunganidza. Rongedza -> Zvinosiyana): te_api (inodiwa), api_key (inoda kuzadzwa mukati, kunze kwekunge uchishandisa TP API nemidziyo yemuno), sha256 (siya isina chinhu, isina kushandiswa muTP API yeSG).
Mienzaniso yekushandiswa
Munharaunda zvinyorwa zvakanyorwa muPython zvinounzwa zvinotarisa mafaera kubva kune yaunoda dhairekitori kuburikidza , uye . Kuburikidza nekudyidzana neThreat Prevention API, kugona kwako kuongorora mafaera kunowedzerwa zvakanyanya, sezvo ikozvino unokwanisa kuongorora mafaera mumapuratifomu akati wandei kamwechete (kutarisa mukati. , uyezve muCheck Point sandbox), uye gamuchira mafaira kwete chete kubva kunetiweki traffic, asi zvakare utore kubva kune chero network inotyaira uye, semuenzaniso, CRM masisitimu.
Source: www.habr.com