Sengoliloeng sena se tla ba molemo ho ba tloaelaneng le theknoloji Check Point ka mohlala oa faele (Emulation ea Kotsi) le ho hloekisa lifaele ka potlako (Tshokelo ea Kotsi) mme o batla ho nka bohato ba ho iketsetsa mesebetsi ena. Check Point e na le , e sebetsang ka bobeli lerung le lisebelisoa tsa lehae, le ka ts'ebetso e ts'oana le ho hlahloba lifaele ho marang-rang a marang-rang / smtp / ftp / smb / nfs. Sengoliloeng sena ke karolo ea tlhaloso ea sengoli ea sete ea lingoliloeng tse tsoang litokomaneng tsa semmuso, empa ho ipapisitsoe le boiphihlelo ba ka ba ts'ebetso le mehlala ea ka. Hape sehloohong sena u tla fumana pokello ea mongoli oa Postman bakeng sa ho sebetsa le Threat Prevention API.
Likgutsufatso tsa mantlha
The Threat Prevention API e sebetsa ka likarolo tse tharo tsa mantlha, tse bitsoang ho API ka lintlha tse latelang tsa mongolo:
av - Karolo ea Anti-Virus, e ikarabellang bakeng sa tlhahlobo ea tekeno ea litšokelo tse tsebahalang.
te - Karolo ea Tšokelo ea Emulation, e ikarabellang bakeng sa ho lekola lifaele ka har'a sandbox, le ho etsa qeto e mpe / e mpe ka mor'a ho etsisa.
ho ntsha - Karolo ea Threat Extraction, e ikarabellang bakeng sa ho fetola kapele litokomane tsa ofisi hore e be foromo e sireletsehileng (eo ho eona ho tlosoang lintho tsohle tse ka 'nang tsa e-ba kotsi), e le ho li isa kapele ho basebelisi / litsamaiso.
Sebopeho sa API le meeli e ka sehloohong
Threat Prevention API e sebelisa likopo tse 4 feela − kenya, botsa, khoasolla le palo. Sehloohong sa likopo tsohle tse 'ne u hloka ho fetisa senotlolo sa API u sebelisa parameter Tokiso. Ha u sheba ka lekhetlo la pele, sebopeho se ka 'na sa bonahala se le bonolo ho feta , empa palo ea likarolo tsa likopo tsa ho kenya le ho botsa lipotso le sebopeho sa likopo tsena li rarahane haholo. Tsena li ka bapisoa ka mokhoa o sebetsang le li-profiles tsa Thibelo ea Tšokelo leanong la ts'ireletso la heke / sandbox.
Hajoale, mofuta o le mong feela oa Threat Prevention API o lokollotsoe - 1.0; URL ea mehala ea API e lokela ho kenyelletsa v1 karolong eo u hlokang ho hlakisa mofuta. Ho fapana le Tsamaiso ea API, hoa hlokahala ho bonts'a mofuta oa API ho URL, ho seng joalo kopo e ke ke ea etsoa.
Karolo ea Anti-Virus, ha e bitsoa ntle le likarolo tse ling (te, extraction), hajoale e ts'ehetsa feela likopo tsa lipotso ka md5 hash sums. Emulation ea Ts'okelo le Phokotso ea Tšokelo e boetse e ts'ehetsa lipalo tsa sha1 le sha256 hash.
Ho bohlokoa haholo hore u se ke ua etsa liphoso lipotsong! Kopo e ka etsoa ntle le phoso, empa eseng ka ho feletseng. Ha re sheba pele hanyane, ha re shebeng hore na ho ka etsahala eng ha ho na le liphoso / typos lipotsong.
Kopa ka ho thaepa ka lentsoe litlaleho(litlaleho)
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reportss: ["tar", "pdf", "xml"]
}
}
]
}Ho ke ke ha e-ba le phoso karabong, empa ho ke ke ha e-ba le boitsebiso bo mabapi le litlaleho ho hang
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Empa bakeng sa kopo ntle le typo senotlolo sa litlaleho
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reports: ["tar", "pdf", "xml"]
}
}
]
}Re fumana karabo e seng e ntse e na le id bakeng sa ho khoasolla litlaleho
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "b684066e-e41c-481a-a5b4-be43c27d8b65",
"pdf_report": "e48f14f1-bcc7-4776-b04b-1a0a09335115",
"xml_report": "d416d4a9-4b7c-4d6d-84b9-62545c588963"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Haeba re romella senotlolo sa API se fosahetseng / se felloang ke nako, re tla fumana phoso ea 403 ha re arabela.
SandBlast API: marung le lisebelisoa tsa lehae
Likopo tsa API li ka romelloa ho lisebelisoa tsa Check Point tse nang le karolo ea Threat Emulation (lehare) e lumelletsoeng. Joalo ka aterese ea likopo, o hloka ho sebelisa ip/url ea sesebelisoa le port 18194 (mohlala, https://10.10.57.19:18194/tecloud/api/v1/file/query). U lokela hape ho etsa bonnete ba hore leano la ts'ireletso ho sesebelisoa se lumella khokahano e joalo. Ho etsa tumello ka senotlolo sa API ho lisebelisoa tsa lehae ka boiketsetso tima 'me konopo ea Authorization ho lihlooho tsa kopo e kanna ea se romeloe ho hang.
Likopo tsa API ho CheckPoint cloud li lokela ho romelloa ho te.checkpoint.com (mohlala - https://te.checkpoint.com/tecloud/api/v1/file/query). Senotlolo sa API se ka fumanoa e le laesense ea teko bakeng sa matsatsi a 60 ka ho ikopanya le balekane ba Check Point kapa ofisi ea lehae ea k'hamphani.
Ho lisebelisoa tsa lehae, Threat Extraction ha e so tšehetsoe joalo ka maemo. 'me e lokela ho sebelisoa (re tla bua ka eona ka ho qaqileng haholoanyane qetellong ea sehlooho).
Lisebelisoa tsa lehae ha li tšehetse kopo ea quota.
Ho seng joalo, ha ho na phapang pakeng tsa likopo ho lisebelisoa tsa lehae le ho leru.
Kenya mohala oa API
Mokhoa o sebelisitsoeng - POST
Aterese ea mohala - https:///tecloud/api/v1/file/upload
Kopo e na le likarolo tse peli (fomo-data): faele e reretsoeng ho etsisa / ho hloekisa le mokhatlo oa kopo o nang le mongolo.
Kopo ea mongolo e ka se be le letho, empa e kanna ea se be le litlhophiso life kapa life. Hore kopo e atlehe, o tlameha ho romella bonyane mongolo o latelang kopong:
Bonyane bo hlokahalang bakeng sa kopo ea ho kenya
HTTP POST
https:///tecloud/api/v1/file/upload
Lihlooho:
Tumello:
Body
{
"kopo": {
}
}
faele
faele
Tabeng ena, faele e tla sebetsoa ho latela maemo a kamehla: karolo - te, litšoantšo tsa OS - Win XP le Win 7, ntle le ho hlahisa tlaleho.
Maikutlo mabapi le likarolo tse kholo tsa kopo ea mongolo:
lebitso la faele и mofuta_wa faele U ka li tlohela li se na letho kapa u se ke ua li romela ho hang, kaha sena ha se tlhahisoleseling e bohlokoa haholo ha u kenya faele. Karabelong ea API, masimo ana a tla tlatsoa ka bohona ho latela lebitso la faele e jarollotsoeng, 'me tlhahisoleseling e ka har'a cache e ntse e tla tlameha ho batlisisoa ho sebelisoa li-md5/sha1/sha256 hash.
Mohlala oa kopo ka file_name e se nang letho le file_type
{
"request": {
"file_name": "",
"file_type": "",
}
}Likaroloana — lethathamo le bontšang tshebetso e hlokahalang ha ho sebetswa ka lebokoseng la lehlabathe - av (Anti-Virus), te (Tshreat Emulation), ntsa (Threat Extraction). Haeba paramethara ena e sa fetisetsoe ho hang, ho tla sebelisoa karolo ea kamehla feela - te (Tshreat Emulation).
Ho nolofalletsa ho hlahloba likarolo tse tharo tse fumanehang, o hloka ho hlakisa likarolo tsena kopong ea API.
Mohlala oa kopo ka ho hlahloba av, te le ho hula
{ "request": [
{
"sha256": {{sha256}},
"features": ["av", "te", "extraction"]
}
]
}Linotlolo karolong ea te
litšoantšo - lethathamo le nang le lidikishinari tse nang le id le nomoro ea ntlafatso ea lits'ebetso tseo cheke e tla etsoa ho tsona. Li-ID le linomoro tsa ntlafatso lia tšoana bakeng sa lisebelisoa tsohle tsa lehae le maru.
Lethathamo la litsamaiso tse sebetsang le lintlafatso
ID ea setšoantšo sa OS e teng
hlaoloa
Setšoantšo sa OS le Sesebelisoa
e50e99f3-5963-4573-af9e-e3f4750b55e2
1
Microsoft WindowsTlhaloso: XP - 32bit SP3
Office: 2003, 2007
Adobe Acrobat Reader: 9.0
Flash Player 9r115 le X e sebetsang 10.0
Java Runtime: 1.6.0u22
7e6fe36e-889e-4c25-8704-56378f0830df
1
Microsoft WindowsTlhaloso: 7-32bit
Office: 2003, 2007
Adobe Acrobat Reader: 9.0
Flash Player: 10.2r152 (plugin& X e sebetsang)
Java Runtime: 1.6.0u0
8d188031-1010-4466-828b-0cd13d4303ff
1
Microsoft WindowsTlhaloso: 7-32bit
Office: 2010
Adobe Acrobat Reader: 9.4
Flash Player: 11.0.1.152 (plugin & X e sebetsang)
Java Runtime: 1.7.0u0
5e5de275-a103-4f67-b55b-47532918fa59
1
Microsoft WindowsTlhaloso: 7-32bit
Office: 2013
Adobe Acrobat Reader: 11.0
Flash Player: 15 (plugin & X e sebetsang)
Java Runtime: 1.7.0u9
3ff3ddae-e7fd-4969-818c-d5f1a2be336d
1
Microsoft WindowsTlhaloso: 7-64bit
Office: 2013 (32bit)
Adobe Acrobat Reader: 11.0.01
Flash Player: 13 (plugin & X e sebetsang)
Java Runtime: 1.7.0u9
6c453c9b-20f7-471a-956c-3198a868dc92
1
Microsoft WindowsTlhaloso: 8.1-64bit
Office: 2013 (64bit)
Adobe Acrobat Reader: 11.0.10
Flash Player: 18.0.0.160 (plugin & X e sebetsang)
Java Runtime: 1.7.0u9
10b4a9c6-e414-425c-ae8b-fe4dd7b25244
1
Microsoft Windows: 10
Office: Professional Plus 2016 en-us
Adobe Acrobat Reader: DC 2015 MUI
Flash Player: 20 (plugin & X e sebetsang)
Java Runtime: 1.7.0u9
Haeba senotlolo sa litšoantšo se sa hlalosoa ho hang, joale ho tla etsoa mohlala ka litšoantšo tse khothaletsoang ke Check Point (hona joale ke Win XP le Win 7). Lits'oants'o tsena li khothaletsoa ho ipapisitse le menahano ea tekanyo e ntle ea ts'ebetso le sekhahla sa ho tšoasa.
litlaleho tse - lethathamo la litlaleho tseo re li kopang haeba faele e fetoha e kotsi. Likhetho tse latelang lia fumaneha:
-
kgutsufatso - polokelo ea .tar.gz e nang le tlaleho ea ho etsisa ho bohle litšoantšo tse kopiloeng (ka bobeli leqephe la html le likarolo tse joalo ka video e tsoang ho emulator OS, thotobolo ea sephethephethe sa marang-rang, tlaleho ho json, le sampole ka boeona polokelong e sirelelitsoeng ka password). Re batla senotlolo karabong - kakaretso_tlaleho bakeng sa ho jarolla tlaleho ka mor'a moo.
-
pdf ra - tokomane e mabapi le emulation ka ngoe setšoantšo, seo ba bangata ba tloaetseng ho se fumana ka Smart Console. Re batla senotlolo karabong - pdf_tlaleho bakeng sa ho jarolla tlaleho ka mor'a moo.
-
xML - tokomane e mabapi le emulation ka ngoe setšoantšo, se loketseng ho arola likarolo tse latelang tlalehong. Re batla senotlolo karabong - xml_report bakeng sa ho jarolla tlaleho ka mor'a moo.
-
tar - polokelo ea .tar.gz e nang le tlaleho ea ho etsisa ngoe litšoantšo tse kopiloeng (ka bobeli leqephe la html le likarolo tse joalo ka video e tsoang ho emulator OS, thotobolo ea sephethephethe sa marang-rang, tlaleho ho json, le sampole ka boeona polokelong e sirelelitsoeng ka password). Re batla senotlolo karabong - tlale_tlaleho bakeng sa ho jarolla tlaleho ka mor'a moo.
Se ka hare ho tlaleho ea kakaretso
Linotlolo full_report, pdf_report, xml_report li ka har'a bukantswe bakeng sa OS ka nngwe
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9e6f07d03b37db0d3902bde4e239687a9e3d650e8c368188c7095750e24ad2d5",
"file_type": "html",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "8d18067e-b24d-4103-8469-0117cd25eea9",
"pdf_report": "05848b2a-4cfd-494d-b949-6cfe15d0dc0b",
"xml_report": "ecb17c9d-8607-4904-af49-0970722dd5c8"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "d7c27012-8e0c-4c7e-8472-46cc895d9185",
"pdf_report": "488e850c-7c96-4da9-9bc9-7195506afe03",
"xml_report": "e5a3a78d-c8f0-4044-84c2-39dc80ddaea2"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Empa summary_report key - ho na le e 'ngoe ea ho etsisa ka kakaretso
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "d57eadb7b2f91eea66ea77a9e098d049c4ecebd5a4c70fb984688df08d1fa833",
"file_type": "exe",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "c9a1767b-741e-49da-996f-7d632296cf9f",
"xml_report": "cc4dbea9-518c-4e59-b6a3-4ea463ca384b"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "ba520713-8c0b-4672-a12f-0b4a1575b913",
"xml_report": "87bdb8ca-dc44-449d-a9ab-2d95e7fe2503"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"summary_report": "7e7db12d-5df6-4e14-85f3-2c1e29cd3e34",
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}U ka kopa litlaleho tsa tar le xml le pdf ka nako e le 'ngoe, u ka kopa kakaretso le tar le xml. Ho ke ke ha khoneha ho kopa tlaleho ea kakaretso le pdf ka nako e le 'ngoe.
Linotlolo karolong ea ho ntša
Bakeng sa ts'oaetso, ho sebelisoa linotlolo tse peli feela:
mokhoa - pdf (fetolela ho pdf, e sebelisoang ke kamehla) kapa e hloekile (ho hloekisa litaba tse sebetsang).
ntšitsoeng_likarolo_likhoutu - lethathamo la likhoutu bakeng sa ho tlosa litaba tse sebetsang, tse sebetsang feela bakeng sa mokhoa o hloekileng
Likhoutu tsa ho tlosa litaba ho lifaele
Code
Tlhaloso
1025
Lintho Tse Kopantsoeng
1026
Macros le Khoutu
1034
Li-hyperlink tse Utloisang Bohloko
1137
Liketso tsa GoToR tsa PDF
1139
Liketso tsa ho qala PDF
1141
Liketso tsa URI tsa PDF
1142
Liketso tsa molumo oa PDF
1143
Liketso tsa lifilimi tsa PDF
1150
Liketso tsa JavaScript tsa PDF
1151
PDF Kenya Liketso tsa Foromo
1018
Lipotso tsa polokelongtshedimosetso
1019
Lintho tse Kenyellelitsoeng
1021
Fast Boloka Data
1017
Thepa e Tloaelehileng
1036
Lipalopalo Thepa
1037
Kakaretso ea Thepa
Ho khoasolla kopi e hloekisitsoeng, u tla boela u hloke ho etsa kopo ea potso (e tla tšohloa ka tlase) ka mor'a metsotsoana e seng mekae, ho hlalosa palo ea hash ea faele le karolo ea ho ntša mongolong oa kopo. U ka nka faele e hloekisitsoeng u sebelisa id ho tsoa karabong ea potso - extracted_file_download_id. Hape, ha ke sheba pele hanyane, ke fana ka mehlala ea kopo le karabo ea potso ea ho batla id bakeng sa ho jarolla tokomane e hlakotsoeng.
Kopo ea ho batla konopo ea extracted_file_download_id
{ "request": [
{
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"features": ["extraction"] ,
"extraction": {
"method": "pdf"
}
}
]
}Karabo ho potso (batla konopo ea extracted_file_download_id)
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"file_type": "",
"file_name": "",
"features": [
"extraction"
],
"extraction": {
"method": "pdf",
"extract_result": "CP_EXTRACT_RESULT_SUCCESS",
"extracted_file_download_id": "b5f2b34e-3603-4627-9e0e-54665a531ab2",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"time": "0.013",
"extract_content": "Macros and Code",
"extraction_data": {
"input_extension": "xls",
"input_real_extension": "xls",
"message": "OK",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"protection_name": "Potential malicious content extracted",
"protection_type": "Conversion to PDF",
"protocol_version": "1.0",
"risk": 5.0,
"scrub_activity": "Active content was found - XLS file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0.0,
"scrub_time": "0.013",
"scrubbed_content": "Macros and Code"
},
"tex_product": false,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Boitsebiso bo tloaelehileng
Ka mohala o le mong oa API, o ka romella faele e le 'ngoe feela bakeng sa netefatso.
Karolo ea av ha e hloke karolo e eketsehileng e nang le linotlolo, ho lekane ho e hlalosa ka har'a dikishinari Likaroloana.
Potso API call
Mokhoa o sebelisitsoeng - POST
Aterese ea mohala - https:///tecloud/api/v1/file/query
Pele o romela faele bakeng sa ho jarolla (kopo ea ho kenya), ho bohlokoa ho hlahloba "cache" ea sandbox (potso ea lipotso) e le ho ntlafatsa mojaro ho seva sa API, kaha seva sa API se ka 'na sa e-ba le boitsebiso le qeto ho file e jarollotsoeng. Mohala o na le karolo ea mongolo feela. Karolo e hlokahalang ea kopo ke sha1/sha256/md5 hash palo ea faele. Ka tsela, o ka e fumana karabong ea kopo ea ho kenya.
Bonyane bo hlokahalang bakeng sa potso
HTTP POST
https:///tecloud/api/v1/file/query
Lihlooho:
Tumello:
Body
{
"kopo": {
"sha256":
}
}
Mohlala oa karabo ho kopo ea ho kenya, moo palo ea sha1/md5/sha256 hash e bonahalang
{
"response": {
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
},
"sha1": "954b5a851993d49ef8b2412b44f213153bfbdb32",
"md5": "ac29b7c26e7dcf6c6fdb13ac0efe98ec",
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "",
"file_name": "kp-20-doc.doc",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
}
}
}
}Kopo ea potso, ho kenyelletsa chelete ea hash, e lokela ho tšoana le kopo ea ho kenya (kapa e reriloe ho ba), kapa "e se e ntse e le" (e na le likarolo tse fokolang tsa kopo ho feta kopo ea ho kenya). Boemong boo kopo ea potso e nang le likarolo tse ngata ho feta tse neng li le kopo ea ho kenya, u ke ke ua fumana lintlha tsohle tse hlokahalang karabong.
Mona ke mohlala oa karabo potsong eo ho seng data eohle e hlokahalang e fumanoeng
{
"response": [
{
"status": {
"code": 1006,
"label": "PARTIALLY_FOUND",
"message": "The request cannot be fully answered at this time."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te",
"extraction"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
},
"extraction": {
"method": "pdf",
"tex_product": false,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Elang hloko masimo khoutu и labels. Maemo ana a hlaha ka makhetlo a mararo ho didikishinari tsa maemo. Taba ea pele re bona "khoutu" ea lefats'e: 1006 le "label": "PARTIALLY_FOUND". Ka mor'a moo, linotlolo tsena li fumanoa bakeng sa karolo ka 'ngoe eo re e kopileng - te le ho hula. 'Me haeba bakeng sa te ho hlakile hore data e fumanoe, joale bakeng sa ho ntšoa ha ho na tlhahisoleseding.
Ke kamoo potso e neng e shebahala kateng mohlaleng o ka holimo
{ "request": [
{
"sha256": {{sha256}},
"features": ["te", "extraction"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Haeba o romella kopo ea potso ntle le karolo ea ho ntša
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Joale karabo e tla ba le lintlha tse felletseng (“khoutu”: 1001, “label”: “FUMANE”)
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Haeba ho se na tlhahisoleseling ho cache ho hang, karabo e tla ba "label": "HA E FUMANE"
{
"response": [
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd91",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Ka mohala o le mong oa API, o ka romella li-hash tse 'maloa hang-hang bakeng sa netefatso. Karabo e tla khutlisa data ka tatellano e tšoanang le eo e rometsoeng ka eona kopo.
Mohlala oa kopo ea potso ka lichelete tse 'maloa tsa sha256
{ "request": [
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81"
},
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82"
}
]
}Karabo ho potso ka lipalo tse ngata tsa sha256
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81",
"file_type": "dll",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
},
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Ho kopa lichelete tse 'maloa tsa hash hang ha u botsa potso ho tla boela ho be le phello e ntle mosebetsing oa seva sa API.
Khoasolla mohala oa API
Mokhoa o sebelisitsoeng - POST (ho ea ka litokomane), Fumana e boetse e sebetsa (mme e ka bonahala e utloahala haholoanyane)
Aterese ea mohala - https:///tecloud/api/v1/file/download?id=
Sehlooho se hloka hore senotlolo sa API se fetisetsoe, 'mele oa kopo ha o na letho, ID ea ho jarolla e fetisetsoa atereseng ea URL.
Ho arabela kopo ea potso, haeba ketsiso e phethiloe 'me litlaleho li kopuoa ha u khoasolla faele, id ea ho khoasolla litlaleho e tla bonahala. Haeba kopi e hloekisitsoeng e kopuoa, u lokela ho batla id ho khoasolla tokomane e hloekisitsoeng.
Ka kakaretso, linotlolo karabong ea potso e nang le boleng ba id bakeng sa ho kenya e ka ba:
-
kakaretso_tlaleho
-
tlale_tlaleho
-
pdf_tlaleho
-
xml_report
-
extract_file_download_id
Ha e le hantle, e le hore u fumane linotlolo tsena ho arabela kopo ea potso, li tlameha ho hlalosoa ka kopo (bakeng sa litlaleho) kapa u hopole ho etsa kopo ho sebelisa mosebetsi oa ho ntša (bakeng sa litokomane tse hloekisitsoeng)
Quota API call
Mokhoa o sebelisitsoeng - POST
Aterese ea mohala - https:///tecloud/api/v1/file/quota
Ho sheba quota e setseng marung, sebelisa potso ea quota. 'Mele oa kopo ha o na letho.
Mohlala oa karabo ho kopo ea quota
{
"response": [
{
"remain_quota_hour": 1250,
"remain_quota_month": 10000000,
"assigned_quota_hour": 1250,
"assigned_quota_month": 10000000,
"hourly_quota_next_reset": "1599141600",
"monthly_quota_next_reset": "1601510400",
"quota_id": "TEST",
"cloud_monthly_quota_period_start": "1421712300",
"cloud_monthly_quota_usage_for_this_gw": 0,
"cloud_hourly_quota_usage_for_this_gw": 0,
"cloud_monthly_quota_usage_for_quota_id": 0,
"cloud_hourly_quota_usage_for_quota_id": 0,
"monthly_exceeded_quota": 0,
"hourly_exceeded_quota": 0,
"cloud_quota_max_allow_to_exceed_percentage": 1000,
"pod_time_gmt": "1599138715",
"quota_expiration": "0",
"action": "ALLOW"
}
]
}Threat Prevention API for Security Gateway
API ena e entsoe pele ho Threat Prevention API mme e etselitsoe lisebelisoa tsa lehae feela. Hajoale e ka ba molemo ha feela o hloka Threat Extraction API. Bakeng sa Emulation ea Tšokelo ho molemo ho sebelisa API ea kamehla ea Thibelo ea Tšokelo. Ho bulela TP API bakeng sa SG 'me u lokise senotlolo sa API seo u se hlokang ho latela mehato ho tloha . Ke khothaletsa ho ela hloko mohato oa 6b le ho hlahloba ho fumaneha ha leqephe https://<IPAddressofSecurityGateway>/UserCheck/TPAPI hobane haeba ho na le sephetho se fosahetseng, tlhophiso e eketsehileng ha e utloahale. Mehala eohle ea API e tla romelloa ho url ena. Mofuta oa mohala (upload/potso) o laoloa ka har'a konopo ea call body − kopo_lebitso. Hape ho hlokahala linotlolo - api_key (o hloka ho e hopola nakong ea ts'ebetso ea tlhophiso) le protocol_version (hajoale mofuta oa hajoale ke 1.1). U ka fumana litokomane tsa molao tsa API ena ho . Melemo e amanang le eona e kenyelletsa bokhoni ba ho romella lifaele tse 'maloa ka nako e le ngoe bakeng sa emulation ha u li kenya, kaha lifaele li romelloa e le khoele ea mongolo oa base64. Ho encode/decode files ho/ho tloha base64 o ka sebelisa converter ea inthaneteng ho Postman molemong oa lipontšo, mohlala - . Bakeng sa merero e sebetsang, o lokela ho sebelisa mekhoa ea encode le ho khetholla ha o ngola khoutu.
Joale a re ke re hlahlobisiseng mesebetsi te и ho ntsha ho API ena.
Bakeng sa karolo te bukantswe e fanoe te_options likopong tsa ho kenya / ho botsa, 'me linotlolo tsa kopo ena li lumellana ka botlalo le linotlolo tsa te in .
Mohlala oa kopo ea ho etsisa faele ho Win10 ka litlaleho
{
"request": [{
"protocol_version": "1.1",
"api_key": "<api_key>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "<filename>",
"te_options": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": ["summary", "xml"]
}
}
]
}Bakeng sa karolo ho ntsha bukantswe e fanoe scrub_options. Kopo ena e totobatsa mokhoa oa ho hloekisa: fetolela ho PDF, hlakola litaba tse sebetsang, kapa khetha mokhoa ho latela profil ea Thibelo ea Tšokelo (lebitso la profil le bontšitsoe). Ntho e ntle ka ho arabela kopo ea API ea ho ntša faele ke hore o fumana kopi e hloekisitsoeng karabelong ea kopo eo e le khoele e kentsoeng ea base64 (ha ho hlokahale hore u etse kopo ea potso le ho sheba id ho khoasolla tokomane)
Mohlala oa kopo ea ho hlakola faele
{
"request": [{
"protocol_version": "1.1",
"api_key": "<API_KEY>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "hi.txt",
"scrub_options": {
"scrub_method": 2
}
}]
}Araba kopo
{
"response": [{
"protocol_version": "1.1",
"src_ip": "<IP_ADDRESS>",
"scrub": {
"file_enc_data": "<base64_encoded_converted_to_PDF_file>",
"input_real_extension": "js",
"message": "OK",
"orig_file_url": "",
"output_file_name": "hi.cleaned.pdf",
"protection_name": "Extract potentially malicious content",
"protection_type": "Conversion to PDF",
"real_extension": "txt",
"risk": 0,
"scrub_activity": "TXT file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0,
"scrub_time": "0.011",
"scrubbed_content": ""
}
}]
} Leha taba ea hore likopo tse fokolang tsa API li hlokahala ho fumana kopi e hlakotsoeng, ke fumana khetho ena e sa ratehe ebile e le bonolo ho feta kopo ea data e sebelisitsoeng ho .
Lipokello tsa Postman
Ke thehile likoleke ho Postman bakeng sa Threat Prevention API le Threat Prevention API for Security Gateway, e emelang likopo tse atileng haholo tsa API. E le hore seva sa ip/url API le senotlolo se nkeloe sebaka ka boiketsetso ho likopo, 'me palo ea sha256 hash e hopoloe ka mor'a ho khoasolla faele, ho entsoe mefuta e meraro ka har'a pokello (u ka e fumana ka ho ea ho litlhophiso tsa pokello. Fetola -> Liphetoho): te_api (ho hlokahala), api_key (e hlokehang ho tlatsoa, ntle le ha o sebelisa TP API ka lisebelisoa tsa lehae), sha256 (tloha e se na letho, ha e sebelisoe ho TP API bakeng sa SG).
Mehlala ea Ts'ebeliso
Sechabeng Lingoloa tse ngotsoeng ka Python li hlahisoa tse hlahlobang lifaele ho tsoa bukeng eo u e batlang ka le . Ka ho sebelisana le Threat Prevention API, bokhoni ba hau ba ho hlahloba lifaele bo atolosoa haholo, kaha joale u ka khona ho hlahloba lifaele ka li-platform tse 'maloa hang-hang (ho hlahloba , 'me joale ka lebokoseng la lehlabathe la Check Point),' me u fumane lifaele eseng feela ho tsoa ho sephethephethe sa marang-rang, empa hape u li nke ho tloha leha e le efe ea marang-rang le, ka mohlala, mekhoa ea CRM.
Source: www.habr.com