Makala hii itakuwa muhimu kwa wale wanaofahamu teknolojia Check Point kwa kuiga faili (Uigaji wa Tishio) na kusafisha faili kwa uangalifu (Uchimbaji wa Tishio) na anataka kuchukua hatua kuelekea uwekaji kazi hizi kiotomatiki. Check Point ina , ambayo inaendesha wote katika wingu na kwenye vifaa vya ndani, na kiutendaji ni sawa na kuangalia faili kwenye mitiririko ya trafiki ya wavuti/smtp/ftp/smb/nfs. Makala haya kwa sehemu ni tafsiri ya mwandishi wa seti ya makala kutoka kwa nyaraka rasmi, lakini kulingana na uzoefu wangu wa uendeshaji na mifano yangu mwenyewe. Pia katika kifungu hicho utapata makusanyo ya Postman ya mwandishi kwa kufanya kazi na API ya Kuzuia Tishio.
Vifupisho vya msingi
API ya Kuzuia Tishio inafanya kazi na sehemu kuu tatu, ambazo huitwa katika API kupitia maadili yafuatayo ya maandishi:
av - Sehemu ya Anti-Virus, inayohusika na uchambuzi wa saini ya vitisho vinavyojulikana.
te - Kipengele cha Uigaji wa Tishio, kinachowajibika kwa kuangalia faili kwenye kisanduku cha mchanga, na kutoa uamuzi mbaya au mbaya baada ya kuigwa.
uchimbaji - Kipengele cha Uchimbaji wa Tishio, kinachohusika na kubadilisha hati za ofisi kwa haraka kuwa fomu salama (ambapo maudhui yote yanayoweza kuwa mbaya huondolewa), ili kuyawasilisha kwa haraka kwa watumiaji/mifumo.
Muundo wa API na mapungufu kuu
API ya Kuzuia Tishio hutumia maombi 4 pekee - pakia, hoji, pakua na kiasi. Kwenye kichwa cha maombi yote manne unahitaji kupitisha kitufe cha API kwa kutumia parameta Idhini. Kwa mtazamo wa kwanza, muundo unaweza kuonekana kuwa rahisi zaidi kuliko ndani , lakini idadi ya sehemu katika upakiaji na maombi ya hoja na muundo wa maombi haya ni changamano sana. Hizi zinaweza kulinganishwa kiutendaji na wasifu wa Kuzuia Tishio katika sera ya usalama ya lango/sanduku la mchanga.
Kwa sasa, toleo pekee la API ya Kuzuia Tishio limetolewa - 1.0; URL ya simu za API inapaswa kujumuisha v1 katika sehemu ambayo unahitaji kutaja toleo. Tofauti na API ya Usimamizi, ni muhimu kuonyesha toleo la API katika URL, vinginevyo ombi halitatekelezwa.
Kijenzi cha Kinga-Virusi, kinapoitwa bila vijenzi vingine (te, uchimbaji), kwa sasa kinaauni maombi ya hoja na jumla ya hashi ya md5. Uigaji wa Tishio na Uchimbaji wa Tishio pia unaauni pesa za sha1 na sha256 za hashi.
Ni muhimu sana kutofanya makosa katika maswali! Ombi linaweza kutekelezwa bila kosa, lakini sio kabisa. Kuangalia mbele kidogo, hebu tuangalie nini kinaweza kutokea kunapokuwa na makosa/aina katika hoja.
Omba kwa kuandika kwa neno ripoti (ripoti)
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reportss: ["tar", "pdf", "xml"]
}
}
]
}Hakutakuwa na hitilafu katika jibu, lakini hakutakuwa na taarifa kuhusu ripoti hata kidogo
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Lakini kwa ombi bila typo katika ufunguo wa ripoti
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reports: ["tar", "pdf", "xml"]
}
}
]
}Tunapokea jibu ambalo tayari lina kitambulisho cha kupakua ripoti
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "b684066e-e41c-481a-a5b4-be43c27d8b65",
"pdf_report": "e48f14f1-bcc7-4776-b04b-1a0a09335115",
"xml_report": "d416d4a9-4b7c-4d6d-84b9-62545c588963"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Tukituma ufunguo wa API usio sahihi/ ulioisha muda wake, tutapokea hitilafu ya 403 katika jibu.
SandBlast API: katika wingu na kwenye vifaa vya ndani
Maombi ya API yanaweza kutumwa kwa vifaa vya Check Point ambavyo vimewasha kipengele cha Uigaji wa Tishio (blade). Kama anwani ya maombi, unahitaji kutumia ip/url ya kifaa na mlango 18194 (kwa mfano, https://10.10.57.19:18194/tecloud/api/v1/file/query). Unapaswa pia kuhakikisha kuwa sera ya usalama kwenye kifaa inaruhusu muunganisho huu. Uidhinishaji kupitia ufunguo wa API kwenye vifaa vya ndani kwa chaguo-msingi imezimwa na ufunguo wa Uidhinishaji katika vichwa vya ombi hauwezi kutumwa kabisa.
Maombi ya API kwa wingu ya CheckPoint yanapaswa kutumwa kwa te.checkpoint.com (kwa mfano - https://te.checkpoint.com/tecloud/api/v1/file/query). Ufunguo wa API unaweza kupatikana kama leseni ya majaribio kwa siku 60 kwa kuwasiliana na washirika wa Check Point au ofisi ya ndani ya kampuni.
Kwenye vifaa vya ndani, Uchimbaji wa Tishio bado hautumiki kama kawaida. na inapaswa kutumika (tutazungumza juu yake kwa undani zaidi mwishoni mwa kifungu).
Vifaa vya ndani havitumii ombi la mgao.
Vinginevyo, hakuna tofauti kati ya maombi kwa vifaa vya ndani na kwa wingu.
Pakia simu ya API
Mbinu iliyotumika - POST
Anwani ya simu - https:///tecloud/api/v1/file/upload
Ombi lina sehemu mbili (fomu-data): faili iliyokusudiwa kuigwa/kusafisha na shirika la ombi lenye maandishi.
Ombi la maandishi haliwezi kuwa tupu, lakini linaweza lisiwe na usanidi wowote. Ili ombi lifanikiwe, lazima utume angalau maandishi yafuatayo katika ombi:
Kima cha chini zaidi kinahitajika kwa ombi la kupakia
HTTP POST
https:///tecloud/api/v1/file/upload
Vichwa vya habari:
Uidhinishaji:
Mwili
{
"ombi": {
}
}
File
File
Katika kesi hii, faili itashughulikiwa kwa mujibu wa vigezo vya msingi: sehemu - te, picha za OS - Shinda XP na Shinda 7, bila kutoa ripoti.
Maoni juu ya nyanja kuu katika ombi la maandishi:
jina la faili ΠΈ faili_aina Unaweza kuziacha tupu au usizitume kabisa, kwani hii sio habari muhimu sana wakati wa kupakia faili. Katika majibu ya API, sehemu hizi zitajazwa kiotomatiki kulingana na jina la faili iliyopakuliwa, na habari iliyo kwenye kache bado italazimika kutafutwa kwa kutumia md5/sha1/sha256 kiasi cha hashi.
Mfano ombi na faili_name tupu na file_type
{
"request": {
"file_name": "",
"file_type": "",
}
}vipengele β orodha inayoonyesha utendakazi muhimu wakati wa kusindika kwenye sanduku la mchanga - av (Anti-Virus), te (Uigaji wa Tishio), uchimbaji (Uchimbaji wa Tishio). Ikiwa parameter hii haijapitishwa kabisa, basi tu sehemu ya msingi itatumika - te (Emulation ya Tishio).
Ili kuwezesha kuangalia katika vipengele vitatu vinavyopatikana, unahitaji kutaja vipengele hivi katika ombi la API.
Mfano wa ombi kwa kuangalia katika av, te na uchimbaji
{ "request": [
{
"sha256": {{sha256}},
"features": ["av", "te", "extraction"]
}
]
}Vifunguo katika sehemu ya te
picha - orodha iliyo na kamusi zilizo na kitambulisho na nambari ya marekebisho ya mifumo ya uendeshaji ambayo ukaguzi utafanywa. Vitambulisho na nambari za marekebisho ni sawa kwa vifaa vyote vya ndani na wingu.
Orodha ya mifumo ya uendeshaji na marekebisho
Kitambulisho cha Picha cha Mfumo wa Uendeshaji kinapatikana
Marekebisho
Mfumo wa Uendeshaji wa Picha na Utumiaji
e50e99f3-5963-4573-af9e-e3f4750b55e2
1
Microsoft Windows: XP - 32bit SP3
Ofisi ya: 2003, 2007
Adobe Acrobat Reader: 9.0
Flash Player 9r115 na ActiveX 10.0
Java Runtime: 1.6.0u22
7e6fe36e-889e-4c25-8704-56378f0830df
1
Microsoft Windows: 7 - 32bit
Ofisi ya: 2003, 2007
Adobe Acrobat Reader: 9.0
Flash Player: 10.2r152 (Chomeka& ActiveX)
Java Runtime: 1.6.0u0
8d188031-1010-4466-828b-0cd13d4303ff
1
Microsoft Windows: 7 - 32bit
Ofisi ya: 2010
Adobe Acrobat Reader: 9.4
Flash Player: 11.0.1.152 (Chomeka & ActiveX)
Java Runtime: 1.7.0u0
5e5de275-a103-4f67-b55b-47532918fa59
1
Microsoft Windows: 7 - 32bit
Ofisi ya: 2013
Adobe Acrobat Reader: 11.0
Flash Player: 15 (Chomeka & ActiveX)
Java Runtime: 1.7.0u9
3ff3ddae-e7fd-4969-818c-d5f1a2be336d
1
Microsoft Windows: 7 - 64bit
Ofisi ya: 2013 (32bit)
Adobe Acrobat Reader: 11.0.01
Flash Player: 13 (Chomeka & ActiveX)
Java Runtime: 1.7.0u9
6c453c9b-20f7-471a-956c-3198a868dc92
1
Microsoft Windows: 8.1 - 64bit
Ofisi ya: 2013 (64bit)
Adobe Acrobat Reader: 11.0.10
Flash Player: 18.0.0.160 (Chomeka & ActiveX)
Java Runtime: 1.7.0u9
10b4a9c6-e414-425c-ae8b-fe4dd7b25244
1
Microsoft Windows: 10
Ofisi ya: Professional Plus 2016 en-us
Adobe Acrobat Reader: DC 2015 MUI
Flash Player: 20 (Chomeka & ActiveX)
Java Runtime: 1.7.0u9
Ikiwa ufunguo wa picha haujabainishwa kabisa, basi uigaji utafanyika katika picha zilizopendekezwa na Check Point (kwa sasa Shinda XP na Shinda 7). Picha hizi zinapendekezwa kwa kuzingatia ulinganifu bora wa utendakazi na kiwango cha kukamata.
taarifa - orodha ya ripoti ambazo tunaomba ikiwa faili itageuka kuwa mbaya. Chaguzi zifuatazo zinapatikana:
-
muhtasari - kumbukumbu ya .tar.gz iliyo na ripoti ya uigaji na kwa wote picha zilizoombwa (ukurasa wa html na vipengee kama vile video kutoka kwa kiigaji cha OS, utupaji wa trafiki ya mtandao, ripoti katika json, na sampuli yenyewe kwenye kumbukumbu iliyolindwa na nenosiri). Tunatafuta ufunguo katika jibu - muhtasari_ripoti kwa upakuaji unaofuata wa ripoti.
-
pdf - hati kuhusu uigaji ndani moja picha, ambayo wengi wamezoea kupokea kupitia Smart Console. Tunatafuta ufunguo katika jibu - pdf_ripoti kwa upakuaji unaofuata wa ripoti.
-
xml - hati kuhusu uigaji ndani moja picha, rahisi kwa uchanganuzi unaofuata wa vigezo kwenye ripoti. Tunatafuta ufunguo katika jibu - xml_ripoti kwa upakuaji unaofuata wa ripoti.
-
lami - kumbukumbu ya .tar.gz iliyo na ripoti ya uigaji ndani moja picha zilizoombwa (ukurasa wa html na vipengee kama vile video kutoka kwa kiigaji cha OS, utupaji wa trafiki ya mtandao, ripoti katika json, na sampuli yenyewe kwenye kumbukumbu iliyolindwa na nenosiri). Tunatafuta ufunguo katika jibu - ripoti_kamili kwa upakuaji unaofuata wa ripoti.
Nini ndani ya ripoti ya muhtasari
Vifunguo full_report, pdf_report, xml_report ziko kwenye kamusi kwa kila OS
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9e6f07d03b37db0d3902bde4e239687a9e3d650e8c368188c7095750e24ad2d5",
"file_type": "html",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "8d18067e-b24d-4103-8469-0117cd25eea9",
"pdf_report": "05848b2a-4cfd-494d-b949-6cfe15d0dc0b",
"xml_report": "ecb17c9d-8607-4904-af49-0970722dd5c8"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "d7c27012-8e0c-4c7e-8472-46cc895d9185",
"pdf_report": "488e850c-7c96-4da9-9bc9-7195506afe03",
"xml_report": "e5a3a78d-c8f0-4044-84c2-39dc80ddaea2"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Lakini summary_report muhimu - kuna moja ya kuiga kwa ujumla
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "d57eadb7b2f91eea66ea77a9e098d049c4ecebd5a4c70fb984688df08d1fa833",
"file_type": "exe",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "c9a1767b-741e-49da-996f-7d632296cf9f",
"xml_report": "cc4dbea9-518c-4e59-b6a3-4ea463ca384b"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "ba520713-8c0b-4672-a12f-0b4a1575b913",
"xml_report": "87bdb8ca-dc44-449d-a9ab-2d95e7fe2503"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"summary_report": "7e7db12d-5df6-4e14-85f3-2c1e29cd3e34",
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Unaweza kuomba ripoti za tar na xml na pdf kwa wakati mmoja, unaweza kuomba muhtasari na tar na xml. Haitawezekana kuomba ripoti ya muhtasari na pdf kwa wakati mmoja.
Vifunguo katika sehemu ya uchimbaji
Kwa uchimbaji wa tishio, funguo mbili tu hutumiwa:
mbinu β pdf (badilisha kuwa pdf, iliyotumiwa na chaguo-msingi) au safi (kusafisha yaliyomo amilifu).
misimbo_ya_sehemu_iliyotolewa - orodha ya misimbo ya kuondoa yaliyomo amilifu, inayotumika tu kwa njia safi
Misimbo ya kuondoa yaliyomo kwenye faili
Kanuni
Maelezo
1025
Vipengee Vilivyounganishwa
1026
Macros na Kanuni
1034
Viungo Nyeti
1137
Vitendo vya GoToR ya PDF
1139
Vitendo vya Uzinduzi wa PDF
1141
Vitendo vya URI ya PDF
1142
PDF Vitendo vya Sauti
1143
Vitendo vya Sinema ya PDF
1150
Vitendo vya JavaScript ya PDF
1151
PDF Wasilisha Vitendo vya Fomu
1018
Maswala ya Hifadhidata
1019
Vipengee Vilivyopachikwa
1021
Hifadhi Data Haraka
1017
Sifa Maalum
1036
Sifa za Takwimu
1037
Muhtasari wa Sifa
Ili kupakua nakala iliyosafishwa, utahitaji pia kufanya ombi la swali (ambalo litajadiliwa hapa chini) baada ya sekunde chache, kubainisha kiasi cha hashi cha faili na sehemu ya uchimbaji katika maandishi ya ombi. Unaweza kuchukua faili iliyosafishwa kwa kutumia kitambulisho kutoka kwa jibu la swali - extracted_file_download_id. Kwa mara nyingine tena, nikitazama mbele kidogo, ninatoa mifano ya ombi na jibu la swali la kutafuta kitambulisho cha kupakua hati iliyosafishwa.
Ombi la swali la kutafuta ufunguo wa extracted_file_download_id
{ "request": [
{
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"features": ["extraction"] ,
"extraction": {
"method": "pdf"
}
}
]
}Jibu la swali (tafuta ufunguo wa extracted_file_download_id)
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"file_type": "",
"file_name": "",
"features": [
"extraction"
],
"extraction": {
"method": "pdf",
"extract_result": "CP_EXTRACT_RESULT_SUCCESS",
"extracted_file_download_id": "b5f2b34e-3603-4627-9e0e-54665a531ab2",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"time": "0.013",
"extract_content": "Macros and Code",
"extraction_data": {
"input_extension": "xls",
"input_real_extension": "xls",
"message": "OK",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"protection_name": "Potential malicious content extracted",
"protection_type": "Conversion to PDF",
"protocol_version": "1.0",
"risk": 5.0,
"scrub_activity": "Active content was found - XLS file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0.0,
"scrub_time": "0.013",
"scrubbed_content": "Macros and Code"
},
"tex_product": false,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Overview
Katika simu moja ya API, unaweza kutuma faili moja tu kwa uthibitishaji.
Sehemu ya av haihitaji sehemu ya ziada na funguo, inatosha kutaja katika kamusi vipengele.
Hoji simu ya API
Mbinu iliyotumika - POST
Anwani ya simu - https:///tecloud/api/v1/file/query
Kabla ya kutuma faili ya kupakuliwa (ombi la upakiaji), inashauriwa kuangalia kashe ya sandbox (ombi la swali) ili kuboresha mzigo kwenye seva ya API, kwani seva ya API inaweza kuwa na habari na uamuzi kwenye faili iliyopakuliwa. Simu ina sehemu ya maandishi pekee. Sehemu inayohitajika ya ombi ni sha1/sha256/md5 hashi kiasi cha faili. Kwa njia, unaweza kuipata katika jibu la ombi la kupakia.
Kima cha chini zaidi kinahitajika kwa hoja
HTTP POST
https:///tecloud/api/v1/file/query
Vichwa vya habari:
Uidhinishaji:
Mwili
{
"ombi": {
"sha256":
}
}
Mfano wa jibu kwa ombi la kupakia, ambapo kiasi cha heshi cha sha1/md5/sha256 kinaonekana
{
"response": {
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
},
"sha1": "954b5a851993d49ef8b2412b44f213153bfbdb32",
"md5": "ac29b7c26e7dcf6c6fdb13ac0efe98ec",
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "",
"file_name": "kp-20-doc.doc",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
}
}
}
}Ombi la swali, pamoja na kiasi cha heshi, linapaswa kuwa sawa na ombi la upakiaji lilivyokuwa (au limepangwa kuwa), au hata "tayari" (lina sehemu chache katika ombi la hoja kuliko katika ombi la upakiaji). Katika hali ambapo ombi la swali lina sehemu nyingi zaidi kuliko zilizokuwa kwenye ombi la upakiaji, hutapokea taarifa zote zinazohitajika kwenye jibu.
Hapa kuna mfano wa jibu la swali ambapo sio data yote inayohitajika ilipatikana
{
"response": [
{
"status": {
"code": 1006,
"label": "PARTIALLY_FOUND",
"message": "The request cannot be fully answered at this time."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te",
"extraction"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
},
"extraction": {
"method": "pdf",
"tex_product": false,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Makini na mashamba kificho ΠΈ studio. Sehemu hizi zinaonekana mara tatu katika kamusi za hali. Kwanza tunaona ufunguo wa kimataifa "msimbo": 1006 na "lebo": "PARTIALLY_FOUND". Ifuatayo, funguo hizi zinapatikana kwa kila sehemu ya kibinafsi ambayo tuliomba - te na uchimbaji. Na ikiwa kwa te ni wazi kwamba data imepatikana, basi kwa uchimbaji hakuna taarifa.
Hivi ndivyo swali lilivyoonekana kwa mfano hapo juu
{ "request": [
{
"sha256": {{sha256}},
"features": ["te", "extraction"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Ukituma ombi la swali bila sehemu ya uchimbaji
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Kisha jibu litakuwa na habari kamili ("code": 1001, "lebo": "IMEPATIKANA")
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Ikiwa hakuna taarifa katika kache hata kidogo, basi jibu litakuwa "lebo": "HAIJAPATIKANA"
{
"response": [
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd91",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Katika simu moja ya API, unaweza kutuma kiasi cha heshi kadhaa mara moja kwa uthibitishaji. Majibu yatarejesha data kwa mpangilio uleule kama ilivyotumwa katika ombi.
Mfano ombi la swali na kiasi kadhaa cha sha256
{ "request": [
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81"
},
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82"
}
]
}Jibu swali kwa kiasi cha sha256 nyingi
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81",
"file_type": "dll",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
},
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Kuomba hela nyingi za heshi mara moja katika ombi la hoja pia kutakuwa na athari ya manufaa kwa utendakazi wa seva ya API.
Pakua simu ya API
Mbinu iliyotumika - POST (kulingana na nyaraka), GET pia inafanya kazi (na inaweza kuonekana kuwa ya kimantiki zaidi)
Anwani ya simu - https:///tecloud/api/v1/file/download?id=
Kichwa kinahitaji ufunguo wa API kupitishwa, mwili wa ombi hauna kitu, kitambulisho cha upakuaji kinapitishwa kwenye anwani ya URL.
Kwa kujibu ombi la swali, ikiwa uigaji umekamilika na ripoti ziliombwa wakati wa kupakua faili, kitambulisho cha kupakua ripoti kitaonekana. Ikiwa nakala iliyosafishwa imeombwa, unapaswa kutafuta kitambulisho ili kupakua hati iliyosafishwa.
Kwa jumla, funguo katika jibu la swali lililo na thamani ya id ya kupakia zinaweza kuwa:
-
muhtasari_ripoti
-
ripoti_kamili
-
pdf_ripoti
-
xml_ripoti
-
kitambulisho_cha_kupakua_faili
Bila shaka, ili kupokea funguo hizi kwa kukabiliana na ombi la swala, lazima zielezwe katika ombi (kwa ripoti) au kumbuka kufanya ombi kwa kutumia kazi ya uchimbaji (kwa hati zilizosafishwa)
Quota API simu
Mbinu iliyotumika - POST
Anwani ya simu - https:///tecloud/api/v1/file/quota
Ili kuangalia kiasi kilichosalia katika wingu, tumia hoja ya mgao. Mwili wa ombi ni tupu.
Mfano wa majibu kwa ombi la mgao
{
"response": [
{
"remain_quota_hour": 1250,
"remain_quota_month": 10000000,
"assigned_quota_hour": 1250,
"assigned_quota_month": 10000000,
"hourly_quota_next_reset": "1599141600",
"monthly_quota_next_reset": "1601510400",
"quota_id": "TEST",
"cloud_monthly_quota_period_start": "1421712300",
"cloud_monthly_quota_usage_for_this_gw": 0,
"cloud_hourly_quota_usage_for_this_gw": 0,
"cloud_monthly_quota_usage_for_quota_id": 0,
"cloud_hourly_quota_usage_for_quota_id": 0,
"monthly_exceeded_quota": 0,
"hourly_exceeded_quota": 0,
"cloud_quota_max_allow_to_exceed_percentage": 1000,
"pod_time_gmt": "1599138715",
"quota_expiration": "0",
"action": "ALLOW"
}
]
}API ya Kuzuia Tishio kwa Lango la Usalama
API hii iliundwa kabla ya API ya Kuzuia Tishio na inalenga vifaa vya ndani pekee. Kwa sasa inaweza kuwa muhimu tu ikiwa unahitaji API ya Uchimbaji wa Tishio. Kwa Uigaji wa Tishio ni bora kutumia API ya kawaida ya Kuzuia Tishio. Kuwasha TP API ya SG na usanidi ufunguo wa API unahitaji kufuata hatua kutoka . Ninapendekeza kuzingatia hatua ya 6b na kuangalia ufikiaji wa ukurasa https://<IPAddressofSecurityGateway>/UserCheck/TPAPI kwa sababu katika kesi ya matokeo mabaya, usanidi zaidi hauna maana. Simu zote za API zitatumwa kwa url hii. Aina ya simu (kupakia/hoja) inadhibitiwa katika kitufe cha simu - ombi_jina. Vifunguo pia vinahitajika - ufunguo wa api (unahitaji kukumbuka wakati wa mchakato wa usanidi) na itifaki_toleo (toleo la sasa ni 1.1). Unaweza kupata hati rasmi za API hii . Faida za jamaa ni pamoja na uwezo wa kutuma faili kadhaa mara moja kwa ajili ya kuigwa wakati wa kuzipakia, kwani faili hutumwa kama mfuatano wa maandishi wa base64. Ili kusimba/kusimbua faili hadi/kutoka base64 unaweza kutumia kibadilishaji cha mtandaoni katika Postman kwa madhumuni ya onyesho, kwa mfano - . Kwa madhumuni ya vitendo, unapaswa kutumia njia za kusimba zilizojengewa ndani na kusimbua unapoandika msimbo.
Sasa hebu tuangalie kwa karibu kazi te ΠΈ uchimbaji katika API hii.
Kwa sehemu te kamusi iliyotolewa te_chaguo katika maombi ya kupakia/ulizia, na funguo katika ombi hili sanjari kabisa na funguo za ndani .
Ombi la mfano la uigaji wa faili katika Win10 na ripoti
{
"request": [{
"protocol_version": "1.1",
"api_key": "<api_key>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "<filename>",
"te_options": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": ["summary", "xml"]
}
}
]
}Kwa sehemu uchimbaji kamusi iliyotolewa chaguzi_za_kusugua. Ombi hili linabainisha njia ya kusafisha: kubadilisha hadi PDF, futa maudhui yanayotumika, au chagua modi kwa mujibu wa wasifu wa Kuzuia Tishio (jina la wasifu limeonyeshwa). Jambo zuri juu ya kujibu ombi la API ya uchimbaji wa faili ni kwamba unapata nakala iliyosafishwa katika jibu la ombi hilo kama kamba iliyosimbwa ya msingi64 (huna haja ya kufanya ombi la swali na kutafuta kitambulisho ili kupakua hati)
Mfano wa ombi la kufuta faili
{
"request": [{
"protocol_version": "1.1",
"api_key": "<API_KEY>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "hi.txt",
"scrub_options": {
"scrub_method": 2
}
}]
}Jibu kwa ombi
{
"response": [{
"protocol_version": "1.1",
"src_ip": "<IP_ADDRESS>",
"scrub": {
"file_enc_data": "<base64_encoded_converted_to_PDF_file>",
"input_real_extension": "js",
"message": "OK",
"orig_file_url": "",
"output_file_name": "hi.cleaned.pdf",
"protection_name": "Extract potentially malicious content",
"protection_type": "Conversion to PDF",
"real_extension": "txt",
"risk": 0,
"scrub_activity": "TXT file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0,
"scrub_time": "0.011",
"scrubbed_content": ""
}
}]
} Licha ya ukweli kwamba maombi machache ya API yanahitajika ili kupata nakala iliyoidhinishwa, naona chaguo hili halipendelewi na linafaa kuliko ombi la fomu-data linalotumiwa katika .
Mikusanyiko ya Postman
Niliunda mikusanyiko katika Postman kwa API ya Kuzuia Tishio na API ya Kuzuia Tishio kwa Lango la Usalama, ambayo inawakilisha maombi ya kawaida ya API. Ili seva ya ip/url API na ufunguo kubadilishwa kiotomatiki kwa ombi, na kiasi cha hashi cha sha256 kukumbukwa baada ya kupakua faili, vijiti vitatu vimeundwa ndani ya makusanyo (unaweza kuvipata kwa kwenda kwenye mipangilio ya mkusanyiko. Hariri -> Vigezo): te_api (inahitajika), api_key (inahitajika kujazwa, isipokuwa wakati wa kutumia TP API na vifaa vya ndani), sha256 (acha tupu, haitumiki katika TP API ya SG).
Mifano ya matumizi
Katika jamii maandishi yaliyoandikwa katika Python yanawasilishwa ambayo huangalia faili kutoka kwa saraka inayotaka kupitia Na . Kupitia mwingiliano na API ya Kuzuia Tishio, uwezo wako wa kuchanganua faili unapanuliwa kwa kiasi kikubwa, kwani sasa unaweza kuchanganua faili katika majukwaa kadhaa mara moja (kuingia , na kisha kwenye sanduku la mchanga la Check Point), na upokea faili sio tu kutoka kwa trafiki ya mtandao, lakini pia uwachukue kutoka kwa anatoa yoyote ya mtandao na, kwa mfano, mifumo ya CRM.
Chanzo: mapenzi.com