Maqaalkani wuxuu faa'iido u yeelan doonaa kuwa aqoonta u leh farsamada Fiiri Goobta ku dayasho faylka (Ku dayashada Hanjabaadda) iyo nadiifinta faylka firfircoon (Soo Saaridda Hanjabaadda) oo uu rabo inuu qaado tillaabo dhanka otomaatiga ah hawlahan. Check Point waxay leedahay , kaas oo ku shaqeeya daruuraha iyo qalabka maxaliga ah labadaba, iyo Shaqsi ahaan waxay la mid tahay hubinta faylasha web/smtp/ftp/smb/nfs. Maqaalkani waa qayb ka mid ah tarjumaadda qoraaga ee maqaallo laga soo qaatay dukumeenti rasmi ah, laakiin ku salaysan khibradeyda hawlgelinta iyo tusaalayaashayda gaarka ah. Sidoo kale maqaalka waxaad ka heli doontaa ururinta qoraaga Boostada ee la shaqaynta API Prevention Threat Prevention.
Soo gaabinta aasaasiga ah
Kahortagga Khatarta API wuxuu la shaqeeyaa saddex qaybood oo waaweyn, kuwaas oo loogu yeero API-ga iyada oo loo marayo qiyamka qoraalka ee soo socda:
av - Qayb ka-hortagga fayraska, oo mas'uul ka ah falanqaynta saxeexa ee hanjabaadaha la yaqaan.
te -Qaybta ku dayashada hanjabaada, masuulka ka ah hubinta faylasha ku jira sanduuqa bacaadka, iyo samaynta xukun xun/xukun ka dib ku dayashada.
saarid - Qaybta Soo saarista Hanjabaadda, oo mas'uul ka ah inay si dhakhso ah ugu beddelaan dukumiintiyada xafiiska qaab ammaan ah (kaas oo dhammaan waxyaabaha suurtagalka ah xaasidnimada laga saaray), si dhaqso loogu gaarsiiyo isticmaaleyaasha/nidaamka.
Qaab dhismeedka API iyo xaddidaadaha ugu muhiimsan
Threat Prevention API waxay isticmaashaa 4 codsi oo keliya - soo rar, waydiin, soo dejin iyo kooto. Madaxa dhammaan afarta codsi waxaad u baahan tahay inaad gudbiso furaha API adoo isticmaalaya cabbirka Oggolaanshaha. Jaleecada hore, qaabdhismeedku wuxuu u ekaan karaa mid aad uga fudud marka loo eego gudaha , laakiin tirada goobaha ku jira raritaanka iyo codsiyada weydiinta iyo qaabka codsiyadani waa kuwo aad u adag. Kuwan waxaa si hawlkar ah loo barbar dhigi karaa astaanta Ka-hortagga Khatarta ah ee ku jira siyaasadda amniga albaabka/sanduuq-ciyeed.
Waqtigan xaadirka ah, nooca kaliya ee Kahortagga Khatarta API waa la siidaayay - 1.0; URL wicitaanada API waa in lagu daro v1 qaybta aad u baahan tahay inaad qeexdo nooca. Si ka duwan API-ga Maamulka, waa lagama maarmaan in lagu muujiyo nooca API ee URL, haddii kale codsiga lama fulin doono.
Qaybta Ka-hortagga Fayraska, marka loo yeedho iyada oo aan la helin qaybo kale (te, saarid), hadda waxay taageertaa codsiyada weydiinta oo keliya md5 xashiishyada. Ku dayashada Hanjabaadda iyo Soo saarista Khatarta sidoo kale waxay taageertaa sha1 iyo sha256 xashiish ah.
Aad bay muhiim u tahay inaadan ku khaldamin su'aalaha! Codsiga waxaa lagu fulin karaa qalad la'aan, laakiin si buuxda ma aha. In yar oo hore u eegno, aan eegno waxa dhici kara marka ay jiraan khaladaad/wax-ku-qoris su'aalaha.
Ku codso qoraal qoraal ah oo leh ereyga warbixin (warbixinno)
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reportss: ["tar", "pdf", "xml"]
}
}
]
}Ma jiri doonto wax qalad ah jawaabta, laakiin ma jiri doonto wax macluumaad ah oo ku saabsan warbixinnada gabi ahaanba
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Laakin codsi bilaa qoraal ah oo ku jira furaha warbixinada
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reports: ["tar", "pdf", "xml"]
}
}
]
}Waxaan helnaa jawaab horeyba ugu jirtay aqoonsiga soo dejinta warbixinnada
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "b684066e-e41c-481a-a5b4-be43c27d8b65",
"pdf_report": "e48f14f1-bcc7-4776-b04b-1a0a09335115",
"xml_report": "d416d4a9-4b7c-4d6d-84b9-62545c588963"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Haddii aan dirno furaha API ee khaldan/ dhacay, waxaan heli doonaa 403 qalad jawaab ahaan.
SandBlast API: daruuraha iyo aaladaha maxalliga ah
Codsiyada API waxaa loo diri karaa Check Point aaladaha leh qaybta ku dayda khatarta ah (daabka) karti leh. Cinwaan ahaan codsiyada, waxaad u baahan tahay inaad isticmaasho ip/url ee aaladda iyo dekedda 18194 (tusaale, https://10.10.57.19:18194/tecloud/api/v1/file/query). Waa inaad sidoo kale hubisaa in siyaasadda amniga ee qalabka ay ogolaato xiriirkan. Oggolaanshaha iyada oo loo marayo furaha API ee aaladaha maxalliga ah sida caadiga ah off iyo furaha oggolaanshaha ee codsiga madaxyada lama diri karo gabi ahaanba.
Codsiyada API ee daruurta CheckPoint waa in loo diraa te.checkpoint.com (tusaale ahaan - https://te.checkpoint.com/tecloud/api/v1/file/query). Furaha API waxa loo heli karaa shati tijaabo ahaan 60 maalmood iyadoo lala xidhiidhinayo la-hawlgalayaasha Check Point ama xafiiska deegaanka ee shirkadda.
Aaladaha maxaliga ah, Soo saarista Khatarta ilaa hadda looma taageero heer ahaan. waana in la isticmaalo (waxaan uga hadli doonaa si faahfaahsan dhamaadka maqaalka).
Aaladaha maxaliga ahi ma taageeraan codsiga kootada.
Haddii kale, ma jiraan wax farqi ah oo u dhexeeya codsiyada aaladaha maxalliga ah iyo daruuraha.
Soo rar wicitaanka API
Habka loo isticmaalo - POST
Cinwaanka wac - https:///tecloud/api/v1/file/upload
Codsigu wuxuu ka kooban yahay laba qaybood (qaab-xog): fayl loogu talagalay kudayasho/nadiifinta iyo hay'ad codsi leh qoraal.
Codsiga qoraalka ma noqon karo madhan, laakiin waxa laga yaabaa in aanu ku jirin wax qaabayn ah. Si codsigu u guulaysto, waa inaad u dirtaa ugu yaraan qoraalkan soo socda codsiga:
Inta ugu yar ayaa looga baahan yahay codsi soo rarid
HTTP POST
https:///tecloud/api/v1/file/upload
Madaxda:
Oggolaanshaha:
jirka
{
"codsi": {
}
}
file
file
Xaaladdan oo kale, faylka waxaa loo habayn doonaa si waafaqsan xuduudaha caadiga ah: qayb - te, sawirada OS- Win XP iyo Win 7, iyada oo aan la soo saarin warbixin.
Faallo ku saabsan meelaha muhiimka ah ee codsiga qoraalka:
Magaca faylka ΠΈ nooca faylka Waad ka tagi kartaa iyaga oo maran ama ma diri kartid gabi ahaanba, maadaama tani aysan ahayn macluumaad faa'iido gaar ah leh marka faylka la soo gelinayo. Jawaabta API, meelahan si toos ah ayaa loo buuxin doonaa iyadoo lagu salaynayo magaca faylka la soo dejiyay, iyo macluumaadka ku jira khasnadda weli waa in la baaraa iyadoo la isticmaalayo md5/sha1/sha256 xashiishyada.
Tusaale codsi leh file_name iyo file_type madhan
{
"request": {
"file_name": "",
"file_type": "",
}
}Astaamaha - liis tilmaamaya shaqada lagama maarmaanka ah marka la farsameynayo sanduuqa sandbox - av (Anti-Virus), te (Emulation Threat), saarista (khatarta saarista). Haddii halbeeggaan aan la gudbin gabi ahaanba, markaas kaliya qaybta caadiga ah ayaa la isticmaali doonaa - te (Khatarta Emulation).
Si aad awood ugu siiso hubinta saddexda qaybood ee la heli karo, waxaad u baahan tahay inaad ku qeexdo qaybahan codsiga API.
Tusaale ahaan codsi leh hubinta av, te iyo soo saarista
{ "request": [
{
"sha256": {{sha256}},
"features": ["av", "te", "extraction"]
}
]
}Furayaasha qaybta te
images - liis ay ku jiraan qaamuusyo wata id iyo lambarka dib u eegis ee nidaamyada hawlgalka ee hubinta lagu samayn doono. Aqoonsiyada iyo lambarada dib u eegisku waa isku mid dhammaan qalabka deegaanka iyo daruuraha.
Liiska nidaamyada hawlgalka iyo dib u eegis
Aqoonsiga sawirka OS ee la heli karo
Dib
Sawirka OS iyo Codsiga
e50e99f3-5963-4573-af9e-e3f4750b55e2
1
Microsoft Windows: XP - 32bit SP3
Office: 2003, 2007
Adobe Acrobat Reader: 9.0
flash Player 9r115 iyo ActiveX 10.0
Java Runtime: 1.6.0u22
7e6fe36e-889e-4c25-8704-56378f0830df
1
Microsoft Windows: 7-32bit
Office: 2003, 2007
Adobe Acrobat Reader: 9.0
Flash Player: 10.2r152 (plugin& ActiveX)
Java Runtime: 1.6.0u0
8d188031-1010-4466-828b-0cd13d4303ff
1
Microsoft Windows: 7-32bit
Office: 2010
Adobe Acrobat Reader: 9.4
Flash Player: 11.0.1.152 (plugin & ActiveX)
Java Runtime: 1.7.0u0
5e5de275-a103-4f67-b55b-47532918fa59
1
Microsoft Windows: 7-32bit
Office: 2013
Adobe Acrobat Reader: 11.0
Flash Player: 15 (plugin & ActiveX)
Java Runtime: 1.7.0u9
3ff3ddae-e7fd-4969-818c-d5f1a2be336d
1
Microsoft Windows: 7-64bit
Office: 2013 (32bit)
Adobe Acrobat Reader: 11.0.01
Flash Player: 13 (plugin & ActiveX)
Java Runtime: 1.7.0u9
6c453c9b-20f7-471a-956c-3198a868dc92
1
Microsoft Windows: 8.1-64bit
Office: 2013 (64bit)
Adobe Acrobat Reader: 11.0.10
Flash Player: 18.0.0.160 (plugin & ActiveX)
Java Runtime: 1.7.0u9
10b4a9c6-e414-425c-ae8b-fe4dd7b25244
1
Microsoft Windows: 10
Office: Professional Plus 2016 en-us
Adobe Acrobat Reader: DC 2015 MUI
Flash Player: 20 (plugin & ActiveX)
Java Runtime: 1.7.0u9
Haddii furaha sawirada aan la cayimin gabi ahaanba, markaa ku dayashada ayaa ka dhici doonta sawirada lagu taliyay Check Point (hadda Win XP iyo Win 7). Sawiradan waxaa lagu taliyaa iyadoo lagu saleynayo tixgelinta dheelitirka ugu fiican ee waxqabadka iyo heerka qabashada.
wararka - liiska warbixinnada aan codsano haddii faylka uu noqdo mid xaasidnimo ah. Doorashooyinka soo socda ayaa diyaar ah:
-
oo kooban -.tar.gz archive ka kooban warbixin ku dayasho by dhammaan dadka sawirada la codsado (labadaba bogga html iyo qaybaha sida fiidyowga emulator OS, qashin qubka shabkada, warbixin ku jirta json, iyo muunada lafteeda oo ku jirta kaydka sirta ah ee la ilaaliyo). Waxaan raadineynaa furaha jawaabta - warbixin_kooban soo dejinta xiga ee warbixinta.
-
pdf - dukumeenti ku saabsan ku dayashada mid sawirka, kaas oo qaar badan ay caadaysteen inay ka helaan Smart Console. Waxaan raadineynaa furaha jawaabta - pdf_warbixin soo dejinta xiga ee warbixinta.
-
XML - dukumeenti ku saabsan ku dayashada mid sawirka, oo ku habboon falanqaynta xiga ee cabbirrada warbixinta. Waxaan raadineynaa furaha jawaabta - xml_warbixin soo dejinta xiga ee warbixinta.
-
daamur - .tar.gz archive ka kooban warbixin ku dayasho in mid sawirada la codsado (labadaba bogga html iyo qaybaha sida fiidyowga emulator OS, qashin qubka shabkada, warbixin ku jirta json, iyo muunada lafteeda oo ku jirta kaydka sirta ah ee la ilaaliyo). Waxaan raadineynaa furaha jawaabta - warbixin_buuxa soo dejinta xiga ee warbixinta.
Maxaa ku jira warbixinta kooban
Furayaasha full_report, pdf_report, xml_report waxay ku jiraan qaamuuska OS kasta
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9e6f07d03b37db0d3902bde4e239687a9e3d650e8c368188c7095750e24ad2d5",
"file_type": "html",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "8d18067e-b24d-4103-8469-0117cd25eea9",
"pdf_report": "05848b2a-4cfd-494d-b949-6cfe15d0dc0b",
"xml_report": "ecb17c9d-8607-4904-af49-0970722dd5c8"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "d7c27012-8e0c-4c7e-8472-46cc895d9185",
"pdf_report": "488e850c-7c96-4da9-9bc9-7195506afe03",
"xml_report": "e5a3a78d-c8f0-4044-84c2-39dc80ddaea2"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Laakiin furaha_warbixinta kooban - waxaa jira mid loogu dayan karo guud ahaan
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "d57eadb7b2f91eea66ea77a9e098d049c4ecebd5a4c70fb984688df08d1fa833",
"file_type": "exe",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "c9a1767b-741e-49da-996f-7d632296cf9f",
"xml_report": "cc4dbea9-518c-4e59-b6a3-4ea463ca384b"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "ba520713-8c0b-4672-a12f-0b4a1575b913",
"xml_report": "87bdb8ca-dc44-449d-a9ab-2d95e7fe2503"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"summary_report": "7e7db12d-5df6-4e14-85f3-2c1e29cd3e34",
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Waxaad codsan kartaa daamur iyo xml iyo warbixinnada pdf isku mar, waxaad codsan kartaa soo koobid iyo daamur iyo xml. Suurtagal ma noqon doonto in la codsado warbixin kooban iyo pdf isku mar.
Furayaasha qaybta soo saarista
Soo saarista khatarta, laba fure oo keliya ayaa loo isticmaalaa:
habka - pdf ( u beddel pdf, si caadi ah loo isticmaalo) ama nadiif ah (nadiifinta nuxurka firfircoon).
Koodhadhka_qaybaha_soosaaray - liiska koodka meesha looga saaro waxyaabaha firfircoon, ee lagu dabaqi karo kaliya habka nadiifka ah
Xeerarka ka saarida waxyaabaha ku jira faylasha
Code
Description
1025
Walxaha isku xidhan
1026
Macros iyo Code
1034
Isku-xidhaha Xasaasiga ah
1137
PDF GoToR Actions
1139
Waxqabadyada Bilowga PDF
1141
Falalka URI PDF
1142
Ficilada Codka PDF
1143
Ficilada Filimka PDF
1150
Falalka JavaScript ee PDF
1151
Falalka Foomka Gudbinta PDF
1018
Weydiimaha Keydka Xogta
1019
Walxaha ku duugan
1021
Dhakhso u kaydso xogta
1017
Guryaha gaarka ah
1036
Guryaha Tirakoobka
1037
Guryaha Kooban
Si aad u soo dejiso nuqul nadiif ah, waxa kale oo aad u baahan doontaa inaad samayso codsi (kaasoo hoos lagaga hadli doono) dhawr ilbiriqsi ka dib, adigoo tilmaamaya cadadka xashiishka ee faylka iyo qaybta soo saarista ee qoraalka codsiga. Waxaad ka qaadan kartaa feylka la nadiifiyay adigoo isticmaalaya aqoonsiga jawaabta su'aasha - extracted_file_download_id. Mar labaad, anigoo wax yar sii eegaya, waxaan bixiyaa tusaalayaal codsi iyo jawaab su'aal ah si aan u raadiyo aqoonsiga soo dejinta dukumeenti nadiif ah.
Codsiga weydiinta si aad u raadiso furaha_file_download_id ee laga soosaaray
{ "request": [
{
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"features": ["extraction"] ,
"extraction": {
"method": "pdf"
}
}
]
}Jawaabta su'aasha ( raadi furaha soosaaray_file_download_id)
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"file_type": "",
"file_name": "",
"features": [
"extraction"
],
"extraction": {
"method": "pdf",
"extract_result": "CP_EXTRACT_RESULT_SUCCESS",
"extracted_file_download_id": "b5f2b34e-3603-4627-9e0e-54665a531ab2",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"time": "0.013",
"extract_content": "Macros and Code",
"extraction_data": {
"input_extension": "xls",
"input_real_extension": "xls",
"message": "OK",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"protection_name": "Potential malicious content extracted",
"protection_type": "Conversion to PDF",
"protocol_version": "1.0",
"risk": 5.0,
"scrub_activity": "Active content was found - XLS file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0.0,
"scrub_time": "0.013",
"scrubbed_content": "Macros and Code"
},
"tex_product": false,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Macluumaad guud
Hal wicitaan oo API ah, waxaad u diri kartaa kaliya hal fayl si loo xaqiijiyo.
Qaybta av uma baahna qayb dheeraad ah oo leh furayaal, waa ku filan tahay in lagu qeexo qaamuuska Astaamaha.
Query API call
Habka loo isticmaalo - POST
Cinwaanka wac - https:///tecloud/api/v1/file/query
Kahor intaadan dirin fayl soo dejineed (codsi soo dejineed), waxaa lagu talinayaa inaad hubiso sanduuqa sanduuqa (codsiga weydiinta) si aad u wanaajiso culeyska ku jira server-ka API, maadaama server-ka API uu horey u lahaan karo macluumaad iyo xukun ku yaal faylka la soo dejiyay. Wicitaanku wuxuu ka kooban yahay kaliya qayb qoraal ah. Qaybta loo baahan yahay ee codsiga waa sha1/sha256/md5 xashiishka faylka. Jid ahaan, waxaad ku heli kartaa jawaabta codsiga soo dejinta.
Ugu yar ayaa loo baahan yahay waydiinta
HTTP POST
https:///tecloud/api/v1/file/query
Madaxda:
Oggolaanshaha:
jirka
{
"codsi": {
"sha256":
}
}
Tusaalaha jawaabta codsiga gelinta, halka sha1/md5/sha256 xashiishyada ay ka muuqdaan
{
"response": {
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
},
"sha1": "954b5a851993d49ef8b2412b44f213153bfbdb32",
"md5": "ac29b7c26e7dcf6c6fdb13ac0efe98ec",
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "",
"file_name": "kp-20-doc.doc",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
}
}
}
}Codsiga weydiinta, marka lagu daro qaddarka xashiishka, waa in uu la mid noqdaa sidii codsigii raritaanka ahaa (ama la qorsheeyay inuu ahaado), ama xitaa "horey" (waxaa ku jira meelo ka yar codsiga codsiga). Haddii ay dhacdo in codsigu ka kooban yahay beero ka badan intii ku jirtay codsiga raritaanka, kuma heli doontid dhammaan macluumaadka loo baahan yahay jawaabta.
Halkan waxaa ah tusaale jawaabta su'aasha meesha aan la helin dhammaan xogta loo baahan yahay
{
"response": [
{
"status": {
"code": 1006,
"label": "PARTIALLY_FOUND",
"message": "The request cannot be fully answered at this time."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te",
"extraction"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
},
"extraction": {
"method": "pdf",
"tex_product": false,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}U fiirso beeraha code ΠΈ calaamadda. Goobahani waxay ka soo muuqdaan saddex jeer qaamuusyada heerka Marka hore waxaan aragnaa furaha caalamiga ah "code": 1006 iyo "calaamadaha": "PARTIALLY_FOUND". Marka xigta, furayaashan ayaa laga helayaa qayb kasta oo gaar ah oo aan codsanay - te iyo saarista. Oo haddii loogu talagalay te ay caddahay in xogta la helay, ka dibna soo saarista ma jiraan wax macluumaad ah.
Tani waa sida ay weydiintu u ekayd tusaalaha kore
{ "request": [
{
"sha256": {{sha256}},
"features": ["te", "extraction"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Haddii aad soo dirto codsi weydiin la'aanteed qaybta soo saarista
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Kadib jawaabtu waxay ka koobnaan doontaa macluumaad dhamaystiran ("code": 1001, "label": "FOUND")
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Haddii aysan jirin wax macluumaad ah oo ku jira kaydka gabi ahaanba, markaa jawaabtu waxay noqon doontaa "calaamad": "NOT_FOUND"
{
"response": [
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd91",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Hal wicitaan oo API ah, waxaad ku diri kartaa dhowr xashiish hal mar si loo xaqiijiyo. Jawaabtu waxay soo celin doontaa xogta si la mid ah sidii loogu soo diray codsiga.
Tusaalaha weydiinta codsiga oo leh dhowr sha256
{ "request": [
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81"
},
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82"
}
]
}Kajawaab su'aal tiro badan sha256
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81",
"file_type": "dll",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
},
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Codsashada dhowr xashiish oo hal mar ah codsiga weydiinta waxay sidoo kale saameyn faa'iido leh ku yeelan doontaa waxqabadka server-ka API.
Soo deji wicitaanka API
Habka loo isticmaalo - POST (sida ku cad dukumentiyada), GET sidoo kale wuu shaqeeyaa (waxayna u ekaan kartaa mid macquul ah)
Cinwaanka wac - https:///tecloud/api/v1/file/download?id=
Cinwaanka wuxuu u baahan yahay furaha API in la gudbiyo, jirka codsigu waa madhan yahay, aqoonsiga soodejinta waxaa lagu gudbiyaa cinwaanka URL.
Iyada oo laga jawaabayo codsiga su'aasha, haddii ku dayashada la dhammeeyo oo warbixinnada la codsado marka la soo dejinayo faylka, idka soo dejinta warbixinnada ayaa muuqan doona. Haddii nuqul la nadiifiyo la codsado, waa inaad raadisaa aqoonsiga si aad u soo dejiso dukumeentiga la nadiifiyey.
Guud ahaan, furayaasha jawaabta su'aasha ka kooban qiimaha id ee soo dejinta waxay noqon karaan:
-
warbixin_kooban
-
warbixin_buuxa
-
pdf_warbixin
-
xml_warbixin
-
la soosaaray_file_download_id
Dabcan, si loo helo furayaashan si looga jawaabo codsiga weydiinta, waa in lagu qeexaa codsiga (warbixinnada) ama xusuusnow inaad sameyso codsi adigoo isticmaalaya shaqada soo saarista (dokumentiyada la nadiifiyey)
Quota API call
Habka loo isticmaalo - POST
Cinwaanka wac - https:///tecloud/api/v1/file/quota
Si aad u hubiso kootada hadhay ee daruuraha, isticmaal kootada waydiinta. Hay'adda codsigu waa madhan tahay.
Tusaale jawaab celinta codsiga kooto
{
"response": [
{
"remain_quota_hour": 1250,
"remain_quota_month": 10000000,
"assigned_quota_hour": 1250,
"assigned_quota_month": 10000000,
"hourly_quota_next_reset": "1599141600",
"monthly_quota_next_reset": "1601510400",
"quota_id": "TEST",
"cloud_monthly_quota_period_start": "1421712300",
"cloud_monthly_quota_usage_for_this_gw": 0,
"cloud_hourly_quota_usage_for_this_gw": 0,
"cloud_monthly_quota_usage_for_quota_id": 0,
"cloud_hourly_quota_usage_for_quota_id": 0,
"monthly_exceeded_quota": 0,
"hourly_exceeded_quota": 0,
"cloud_quota_max_allow_to_exceed_percentage": 1000,
"pod_time_gmt": "1599138715",
"quota_expiration": "0",
"action": "ALLOW"
}
]
}Kahortagga Khatarta API ee Amniga Kadinka
API-kan waxa la sameeyay kahor API-ga ka-hortagga halista waxaana loogu talagalay oo keliya aaladaha maxalliga ah. Hadda waxay faa'iido yeelan kartaa oo keliya haddii aad u baahan tahay API-ga Khatarta Soo Saaridda. Ku dayashada Hanjabaadda waxa fiican in la isticmaalo API-ga ka-hortagga halista ah ee caadiga ah. Si loo shido TP API ee SG oo deji furaha API ee aad u baahan tahay inaad raacdo tillaabooyinka laga bilaabo . Waxaan ku talinayaa in aad fiiro gaar ah u yeelato tallaabada 6b oo aad hubiso gelitaanka bogga https://<IPAddressofSecurityGateway>/UserCheck/TPAPI sababtoo ah haddii ay dhacdo natiijo xun, qaabeynta dheeraadka ah macno ma samaynayso. Dhammaan wicitaanada API waxaa loo diri doona url kan. Nooca wicitaanka (soo-rarid/wayddiinta) waxa lagu habeeyey furaha jidhka wicitaanka - codsi_magaca. Sidoo kale furayaasha loo baahan yahay waa - api_key (waxaad u baahan tahay inaad xasuusato inta lagu jiro habka qaabaynta) iyo nooca_protocol (nooca hadda jira waa 1.1). Waxaad ka heli kartaa dukumeentiga rasmiga ah ee API kan . Faa'iidooyinka qaraabada ah waxaa ka mid ah awoodda lagu diri karo dhowr faylal hal mar si loogu daydo marka la soo shubayo, maaddaama faylasha loo soo diro sida saldhig64 qoraal ah. Si aad u kood u kood u geliso/dedejiso faylasha base64 waxaad isticmaali kartaa beddelaha khadka ee Postman ujeeddooyin mudaaharaad, tusaale ahaan - . Ujeeddooyin wax ku ool ah, waa inaad isticmaashaa ku dhex-dhis-code iyo hab-code marka aad qorayso koodka.
Haddaba aynu si qoto dheer u eegno hawlaha te ΠΈ saarid gudaha API-gan.
Qayb ahaan te qaamuuska la bixiyay ikhtiyaarka Codsiyada soo raritaanka/ su'aalaha, iyo furayaasha codsigan waxay si buuxda ula mid yihiin furayaasha te ee gudaha .
Tusaalaha codsiga ku dayashada faylka gudaha Win10 oo leh warbixino
{
"request": [{
"protocol_version": "1.1",
"api_key": "<api_key>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "<filename>",
"te_options": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": ["summary", "xml"]
}
}
]
}Qayb ahaan saarid qaamuuska la bixiyay xoqid_options. Codsigan ayaa qeexaya habka nadiifinta: u beddel PDF, nadiifi nuxurka firfircoon, ama dooro qaab waafaqsan astaanta Ka-hortagga Khatarta (magaca astaanta ayaa la tilmaamay). Waxa ugu weyn ee ku saabsan ka jawaabista codsiga API soo saarista ee faylka waa inaad hesho nuqul la nadiifiyey jawaabta codsigaas oo ah saldhig64 sir ah (ma u baahnid inaad samayso codsi su'aal oo aad raadiso id si aad u soo dejiso dukumeenti)
Tusaalaha codsiga nadiifinta fayl
{
"request": [{
"protocol_version": "1.1",
"api_key": "<API_KEY>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "hi.txt",
"scrub_options": {
"scrub_method": 2
}
}]
}Ka jawaab codsi
{
"response": [{
"protocol_version": "1.1",
"src_ip": "<IP_ADDRESS>",
"scrub": {
"file_enc_data": "<base64_encoded_converted_to_PDF_file>",
"input_real_extension": "js",
"message": "OK",
"orig_file_url": "",
"output_file_name": "hi.cleaned.pdf",
"protection_name": "Extract potentially malicious content",
"protection_type": "Conversion to PDF",
"real_extension": "txt",
"risk": 0,
"scrub_activity": "TXT file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0,
"scrub_time": "0.011",
"scrubbed_content": ""
}
}]
} In kasta oo xaqiiqda ah in codsiyo yar oo API ah loo baahan yahay si loo helo nuqul la nadiifiyey, waxaan u arkaa ikhtiyaarkan mid ka door bidi kara oo ku habboon codsiga foomka-xogta ee lagu isticmaalo .
Ururinta Boostada
Waxaan ku abuuray aruurinta Boostada labadaba API-ga Ka-hortagga Hanjabaadda iyo Ka-hortagga Khatarta API ee Kadinka Amniga, kaasoo matalaya codsiyada API-ga ugu caansan. Si server-ka ip/url API iyo furaha si toos ah loogu beddelo codsiyada, iyo sha256 hash in la xasuusto ka dib marka faylka la soo dejiyo, saddex doorsoome ayaa laga dhex abuuray ururinta (waxaad ka heli kartaa adigoo aadaya goobaha ururinta Wax ka beddel -> Kala duwanaansho): te_api (loo baahan yahay), api_key (loo baahan yahay in la buuxiyo, marka laga reebo marka la isticmaalayo TP API qalabka maxaliga ah), sha256 (ka tag faaruq, aan loo isticmaalin TP API ee SG).
Tusaalooyinka isticmaalka
Bulshada dhexdeeda qoraallada ku qoran Python ayaa la soo bandhigay kuwaas oo ka hubinaya faylasha tusaha la rabo iyada oo loo marayo , iyo . Iyada oo la falgalka API-ga Ka-hortagga Khatarta ah, awooddaada in aad iskaankato faylasha si weyn ayaa loo ballaadhiyay, maadaama hadda aad hal mar ku sawiran karto faylalka dhowr goobood (hubinta gudaha , ka dibna sanduuqa Sanduuqa Hubinta), oo hel faylasha kaliya maahan taraafikada shabakada, laakiin sidoo kale ka qaado shabakad kasta oo shabakad ah iyo, tusaale ahaan, nidaamyada CRM.
Source: www.habr.com