Eli nqaku liya kuba luncedo kwabo baqhelene neteknoloji Hlola indawo ngokulinganisa ifayile (Ukulinganisa Usoyikiso) kunye nokucoca ifayile esebenzayo (Ukutsalwa kwesoyikiso) kwaye ifuna ukuthatha inyathelo elibhekiselele ekuzenzeni le misebenzi. Indawo yokuKhangela ine , eqhuba zombini kwilifu nakwizixhobo zendawo, kunye ngokusebenza kuyafana nokujonga iifayile kwiwebhu/smtp/ftp/smb/nfs imijelo yetrafikhi. Eli nqaku liyinxalenye yokutolikwa kombhali kwisethi yamanqaku avela kumaxwebhu asemthethweni, kodwa ngokusekelwe kumava am okusebenza kunye nemizekelo yam. Kwakhona kwinqaku uya kufumana ukuqokelelwa kwePostman yombhali ngokusebenza kunye ne-API yoThintelo lweTreat.
Izishunqulelo ezisisiseko
I-API yoThintelo lwe-Threat isebenza kunye nezinto ezintathu eziphambili, ezibizwa kwi-API ngokusebenzisa la maxabiso alandelayo abhaliweyo:
av - Icandelo le-Anti-Virus, elijongene nokuhlalutya utyikityo lwezoyikiso ezaziwayo.
te -Icandelo le-Emulation yesisongelo, elinoxanduva lokukhangela iifayile kwibhokisi yesanti, kunye nokwenza isigwebo esibi / esibi emva kokulinganisa.
ukukhupha - Icandelo le-Treat Extraction, elijongene nokuguqula ngokukhawuleza amaxwebhu eofisi kwifomu ekhuselekileyo (apho yonke into enokuthi ikhutshwe ngayo), ukwenzela ukuba ihanjiswe ngokukhawuleza kubasebenzisi / iinkqubo.
Ubume be-API kunye nemida ephambili
I-Threat Prevention API isebenzisa kuphela izicelo ezi-4 β layisha, buza, khuphela kunye nesabelo. Kwisihloko kuzo zonke izicelo ezine kufuneka udlulise isitshixo se-API usebenzisa iparameter Ugunyaziso. Ekuboneni kokuqala, isakhiwo sinokubonakala silula kakhulu kuneso , kodwa inani leenkalo ekufakweni kunye nezicelo zemibuzo kunye nesakhiwo sezi zicelo zinzima kakhulu. Ezi zinokuthelekiswa ngokusebenzayo kunye neeprofayili zokuThintela iTreat kumgaqo-nkqubo wokhuseleko wesango / ibhokisi yesanti.
Okwangoku, ekuphela kwenguqulelo ye-API yoThintelo lweTreat ikhutshiwe - 1.0; i-URL yeefowuni ze-API kufuneka ibandakanye. v1 kwindawo apho ufuna ukukhankanya uguqulelo. Ngokungafaniyo ne-API yoLawulo, kuyimfuneko ukubonisa inguqulo ye-API kwi-URL, ngaphandle koko isicelo asiyi kuphunyezwa.
Icandelo leAnti-Virus, xa libizwa ngaphandle kwamanye amacandelo (te, extraction), okwangoku ixhasa kuphela izicelo zemibuzo nge-md5 hash sums. Ukoyikiswa koMsongelo kunye nokutsalwa koMsongelo kukwaxhasa i-sha1 kunye ne-sha256 hash sums.
Kubaluleke kakhulu ukuba ungazenzi iimpazamo kwimibuzo! Isicelo sinokwenziwa ngaphandle kwempazamo, kodwa hayi ngokupheleleyo. Sijonge phambili kancinci, makhe sijonge into enokwenzeka xa kukho iimpazamo/iimpazamo kwimibuzo.
Cela ngochwethezo ngegama elithi iingxelo(iingxelo)
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reportss: ["tar", "pdf", "xml"]
}
}
]
}Akuyi kubakho mpazamo kwimpendulo, kodwa akuyi kubakho lwazi malunga neengxelo kuzo zonke
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Kodwa ngesicelo ngaphandle kokuchwetheza kwisitshixo seengxelo
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reports: ["tar", "pdf", "xml"]
}
}
]
}Sifumana impendulo esele iqulethe id yokukhuphela iingxelo
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "b684066e-e41c-481a-a5b4-be43c27d8b65",
"pdf_report": "e48f14f1-bcc7-4776-b04b-1a0a09335115",
"xml_report": "d416d4a9-4b7c-4d6d-84b9-62545c588963"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Ukuba sithumela isitshixo se-API esingalunganga / esiphelelwe lixesha, siya kufumana impazamo ye-403 ekuphenduleni.
ISandBlast API: efini nakwizixhobo zasekhaya
Izicelo ze-API zingathunyelwa kwi-Check Point izixhobo ezinecandelo le-Treat Emulation (i-blade) evuliwe. Njengedilesi yezicelo, kufuneka usebenzise ip/url yesixhobo kunye nezibuko 18194 (umzekelo, https://10.10.57.19:18194/tecloud/api/v1/file/query). Kufuneka uqinisekise kwakhona ukuba umgaqo-nkqubo wokhuseleko kwisixhobo uvumela olu xhulumaniso. Ugunyaziso nge API isitshixo kwizixhobo zasekuhlaleni ngokungagqibekanga icimile kunye neqhosha loGunyaziso kwimibhalo engasentla kwesicelo ayinakuthunyelwa kwaphela.
Izicelo ze-API kwilifu le-CheckPoint kufuneka zithunyelwe kuyo I-te.checkpoint.com (umzekelo - https://I-te.checkpoint.com/tecloud/api/v1/file/query). Isitshixo se-API sinokufumaneka njengelayisenisi yesilingo kwiintsuku ze-60 ngokuqhagamshelana nabalingani be-Check Point okanye iofisi yendawo yenkampani.
Kwizixhobo zasekhaya, ukutsalwa kweTreat ayikaxhaswa njengomgangatho. kwaye kufuneka isetyenziswe (siya kuthetha ngayo ngokubanzi ekupheleni kwenqaku).
Izixhobo zasekuhlaleni azisixhasi isicelo sekota.
Ngaphandle koko, akukho mahluko phakathi kwezicelo kwizixhobo zasekhaya kunye nelifu.
Layisha umnxeba we-API
Indlela esetyenziswayo - POST
Idilesi yomnxeba - https:///tecloud/api/v1/file/upload
Isicelo sinamacandelo amabini (ifom-data): ifayile elungiselelwe ukulinganisa/ukucoca kunye nequmrhu lesicelo elinombhalo.
Isicelo sokubhaliweyo asinakuba nanto, kodwa sisenokungaqulathanga naluphi na uqwalaselo. Ukuze isicelo siphumelele, kufuneka uthumele ubuncinci lo mbhalo ulandelayo kwisicelo:
Ubuncinane obufunekayo kwisicelo sokulayisha
HTTP POST
https:///tecloud/api/v1/file/upload
Okubhalwe ngasentla kwekhasi:
Ugunyaziso:
umzimba
{
"sicelo": {
}
}
ifayile
ifayile
Kule meko, ifayile iya kuqhutyelwa phambili ngokuhambelana neeparameters ezingagqibekanga: component - te, imifanekiso ye-OS - Phumelela iXP kwaye uphumelele 7, ngaphandle kokwenza ingxelo.
Izimvo kwiinkalo eziphambili kwisicelo sokubhaliweyo:
igama lefayile ΠΈ uhlobo_ lwefayile Ungazishiya zingenanto okanye ungazithumeli kwaphela, kuba oku akulolwazi luluncedo xa ufaka ifayile. Kwimpendulo ye-API, le mimandla iya kuzaliswa ngokuzenzekelayo ngokusekelwe kwigama lefayile ekhutshiweyo, kwaye ulwazi olukwi-cache luya kusafuneka lusetshwe usebenzisa i-md5/sha1/sha256 hash mali.
Umzekelo wesicelo esingenanto yefayile_name kunye nohlobo lwefayile
{
"request": {
"file_name": "",
"file_type": "",
}
}Iimbonakalo β uluhlu olubonisa ukusebenza okuyimfuneko xa kucutshungulwa kwibhokisi yesanti - av (Anti-Virus), te (Threat Emulation), extraction (Threat Extraction). Ukuba le parameter ayigqithiswanga konke konke, ngoko ke kuphela icandelo elingagqibekanga eliya kusetyenziswa - te (Ukulinganisa iTreat Emulation).
Ukuvumela ukujonga kumacandelo amathathu akhoyo, kufuneka ucacise la macandelo kwisicelo se-API.
Umzekelo wesicelo ngokujonga ku-av, te kunye nokutsalwa
{ "request": [
{
"sha256": {{sha256}},
"features": ["av", "te", "extraction"]
}
]
}Izitshixo kwicandelo le
imifanekiso - Uluhlu oluqulethe izichazi-magama ezine-id kunye nenombolo yokuhlaziywa kweenkqubo zokusebenza apho ukukhangela kuya kwenziwa khona. Izazisi kunye neenombolo zohlaziyo ziyafana kuzo zonke izixhobo zasekhaya kunye nelifu.
Uluhlu lweenkqubo zokusebenza kunye nohlaziyo
I-ID yoMfanekiso we-OS ekhoyo
Ukuhlaziya
I-OS yoMfanekiso kunye neSicelo
e50e99f3-5963-4573-af9e-e3f4750b55e2
1
Microsoft Windows: XP - 32bit SP3
iofisi: 2003, 2007
Adobe Acrobat Reader: 9.0
Flash Player 9r115 kunye I-X esebenzayo 10.0
Ixesha lokuSebenza kweJava: 1.6.0u22
7e6fe36e-889e-4c25-8704-56378f0830df
1
Microsoft Windows: 7 - 32bit
iofisi: 2003, 2007
Adobe Acrobat Reader: 9.0
Isidlali sokukhanya: 10.2r152 (Plugin& I-X esebenzayo)
Ixesha lokuSebenza kweJava: 1.6.0u0
8d188031-1010-4466-828b-0cd13d4303ff
1
Microsoft Windows: 7 - 32bit
iofisi: 2010
Adobe Acrobat Reader: 9.4
Isidlali sokukhanya: 11.0.1.152 (Plugin & I-X esebenzayo)
Ixesha lokuSebenza kweJava: 1.7.0u0
5e5de275-a103-4f67-b55b-47532918fa59
1
Microsoft Windows: 7 - 32bit
iofisi: 2013
Adobe Acrobat Reader: 11.0
Isidlali sokukhanya: 15 (Plugin & I-X esebenzayo)
Ixesha lokuSebenza kweJava: 1.7.0u9
3ff3ddae-e7fd-4969-818c-d5f1a2be336d
1
Microsoft Windows: 7 - 64bit
iofisi: 2013 (32bit)
Adobe Acrobat Reader: 11.0.01
Isidlali sokukhanya: 13 (Plugin & I-X esebenzayo)
Ixesha lokuSebenza kweJava: 1.7.0u9
6c453c9b-20f7-471a-956c-3198a868dc92
1
Microsoft Windows: 8.1 - 64bit
iofisi: 2013 (64bit)
Adobe Acrobat Reader: 11.0.10
Isidlali sokukhanya: 18.0.0.160 (Plugin & I-X esebenzayo)
Ixesha lokuSebenza kweJava: 1.7.0u9
10b4a9c6-e414-425c-ae8b-fe4dd7b25244
1
Microsoft Windows: 10
iofisi: Professional Plus 2016 en-us
Adobe Acrobat Reader: DC 2015 MUI
Isidlali sokukhanya: 20 (Plugin & I-X esebenzayo)
Ixesha lokuSebenza kweJava: 1.7.0u9
Ukuba isitshixo semifanekiso asichazwanga konke konke, ngoko ukulinganisa kuya kwenzeka kwimifanekiso ekhuthazwa yi-Check Point (okwangoku Win XP kwaye Win 7). Le mifanekiso inconywa ngokusekelwe kwingqwalasela ye-balance balance of performance kunye nereyithi yokubamba.
Iingxelo - Uluhlu lweengxelo esizicelayo xa ifayile ijika ibe yingozi. Olu khetho lulandelayo luyafumaneka:
-
isishwankathelo - .tar.gz uvimba oqulethe ingxelo ngokulinganisa ngo kubo bonke imifanekiso eceliweyo (zombini iphepha le-html kunye namacandelo afana nevidiyo esuka kumlingisi OS, indawo yokulahlwa yetrafikhi yomsebenzi womnatha, ingxelo kwi-json, kunye nesampulu ngokwayo kwindawo yokugcina igama eliyimfihlo elikhuselweyo). Sikhangela isitshixo kwimpendulo - isishwankathelo_ingxelo ukuze kukhutshelwe ingxelo elandelayo.
-
pdf - uxwebhu malunga nokulinganisa kwi enye umfanekiso, abaninzi abaqhele ukuwufumana nge-Smart Console. Sikhangela isitshixo kwimpendulo - pdf_ingxelo ukuze kukhutshelwe ingxelo elandelayo.
-
XML - uxwebhu malunga nokulinganisa kwi enye umfanekiso, olungele ukwahlulwa okulandelayo kweeparamitha kwingxelo. Sikhangela isitshixo kwimpendulo - xml_ingxelo ukuze kukhutshelwe ingxelo elandelayo.
-
ithala - .tar.gz uvimba oqulethe ingxelo yokulinganisa kuyo enye imifanekiso eceliweyo (zombini iphepha le-html kunye namacandelo afana nevidiyo esuka kumlingisi OS, indawo yokulahlwa yetrafikhi yomsebenzi womnatha, ingxelo kwi-json, kunye nesampulu ngokwayo kwindawo yokugcina igama eliyimfihlo elikhuselweyo). Sikhangela isitshixo kwimpendulo - ingxelo_egcweleyo ukuze kukhutshelwe ingxelo elandelayo.
Yintoni engaphakathi kwingxelo yesishwankathelo
Izitshixo full_report, pdf_report, xml_report zikwidikshinari yeOS nganye
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9e6f07d03b37db0d3902bde4e239687a9e3d650e8c368188c7095750e24ad2d5",
"file_type": "html",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "8d18067e-b24d-4103-8469-0117cd25eea9",
"pdf_report": "05848b2a-4cfd-494d-b949-6cfe15d0dc0b",
"xml_report": "ecb17c9d-8607-4904-af49-0970722dd5c8"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "d7c27012-8e0c-4c7e-8472-46cc895d9185",
"pdf_report": "488e850c-7c96-4da9-9bc9-7195506afe03",
"xml_report": "e5a3a78d-c8f0-4044-84c2-39dc80ddaea2"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Kodwa isitshixo se-summary_report - kukho enye yokulinganisa ngokubanzi
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "d57eadb7b2f91eea66ea77a9e098d049c4ecebd5a4c70fb984688df08d1fa833",
"file_type": "exe",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "c9a1767b-741e-49da-996f-7d632296cf9f",
"xml_report": "cc4dbea9-518c-4e59-b6a3-4ea463ca384b"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "ba520713-8c0b-4672-a12f-0b4a1575b913",
"xml_report": "87bdb8ca-dc44-449d-a9ab-2d95e7fe2503"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"summary_report": "7e7db12d-5df6-4e14-85f3-2c1e29cd3e34",
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Unokucela itar kunye ne-xml kunye neengxelo ze-pdf ngaxeshanye, ungacela isishwankathelo kunye netar kunye ne-xml. Akunakwenzeka ukucela ingxelo yesishwankathelo kunye nepdf ngexesha elifanayo.
Izitshixo kwicandelo lokutsalwa
Ukukhupha isoyikiso, zimbini kuphela izitshixo ezisetyenziswayo:
indlela β pdf (guqulela kwi-pdf, esetyenziswa ngokungagqibekanga) okanye ucoce (ukucoca umxholo osebenzayo).
iikhowudi_zamacandelo - uluhlu lweekhowudi zokususa umxholo osebenzayo, osebenzayo kuphela kwindlela ecocekileyo
Iikhowudi zokususa umxholo kwiifayile
ikhowudi
inkcazelo
1025
Izinto ezinxulumeneyo
1026
IiMacros kunye neKhowudi
1034
Ii-Hyperlinks ezinovakalelo
1137
PDF GoToR Actions
1139
Iintshukumo zokuQalisa PDF
1141
PDF Iintshukumo URI
1142
Iintshukumo zesandi sePDF
1143
Iintshukumo zemuvi yePDF
1150
PDF JavaScript Actions
1151
PDF Ngenisa iintshukumo
1018
Database Imibuzo
1019
Izinto ezizinzisiweyo
1021
Fast Gcina Data
1017
Iipropati eziSiko
1036
Iinkcazelo ngeenkcukacha-manani
1037
Iipropati zesishwankathelo
Ukukhuphela ikopi ecocekileyo, kuya kufuneka kwakhona wenze isicelo sombuzo (esiya kuxutyushwa ngezantsi) emva kwemizuzwana embalwa, uchaza inani le-hash yefayile kunye necandelo lokukhutshwa kwisicatshulwa sesicelo. Unokuthatha ifayile ecociweyo usebenzisa i-id ukusuka kwimpendulo yombuzo-extracted_file_download_id. Kwakhona, ndijonge phambili kancinci, ndinika imizekelo yesicelo kunye nempendulo yombuzo ukukhangela id yokukhuphela uxwebhu olucinyiweyo.
Isicelo sombuzo wokukhangela iqhosha le-extracted_file_download_id
{ "request": [
{
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"features": ["extraction"] ,
"extraction": {
"method": "pdf"
}
}
]
}Impendulo kumbuzo (jonga i-extracted_file_download_id key)
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"file_type": "",
"file_name": "",
"features": [
"extraction"
],
"extraction": {
"method": "pdf",
"extract_result": "CP_EXTRACT_RESULT_SUCCESS",
"extracted_file_download_id": "b5f2b34e-3603-4627-9e0e-54665a531ab2",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"time": "0.013",
"extract_content": "Macros and Code",
"extraction_data": {
"input_extension": "xls",
"input_real_extension": "xls",
"message": "OK",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"protection_name": "Potential malicious content extracted",
"protection_type": "Conversion to PDF",
"protocol_version": "1.0",
"risk": 5.0,
"scrub_activity": "Active content was found - XLS file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0.0,
"scrub_time": "0.013",
"scrubbed_content": "Macros and Code"
},
"tex_product": false,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Ulwazi jikelele
Kwifowuni enye ye-API, ungathumela ifayile enye kuphela yokuqinisekisa.
Icandelo le-av alifuni icandelo elongezelelweyo kunye nezitshixo, kwanele ukulicacisa kwisichazi-magama Iimbonakalo.
Umbuzo API umnxeba
Indlela esetyenziswayo - POST
Idilesi yomnxeba - https:///tecloud/api/v1/file/query
Ngaphambi kokuthumela ifayile yokukhuphela (isicelo sokulayisha), kuyacetyiswa ukuba ukhangele i-cache ye-sandbox (isicelo sombuzo) ukwenzela ukuba kulungiswe umthwalo kwiseva ye-API, ekubeni umncedisi we-API usenokuba nolwazi kunye nesigwebo kwifayile ekhutshiweyo. Umnxeba unenxalenye yombhalo kuphela. Inxalenye efunekayo yesicelo ngu-sha1/sha256/md5 hash isixa sefayile. Ngendlela, ungayifumana kwimpendulo yesicelo sokulayisha.
Ubuncinane obufunekayo kumbuzo
HTTP POST
https:///tecloud/api/v1/file/query
Okubhalwe ngasentla kwekhasi:
Ugunyaziso:
umzimba
{
"sicelo": {
"sha256":
}
}
Umzekelo wempendulo kwisicelo sokulayisha, apho i-sha1/md5/sha256 hash mali ibonakala
{
"response": {
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
},
"sha1": "954b5a851993d49ef8b2412b44f213153bfbdb32",
"md5": "ac29b7c26e7dcf6c6fdb13ac0efe98ec",
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "",
"file_name": "kp-20-doc.doc",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
}
}
}
}Isicelo sombuzo, ukongeza kwisixa-mali se-hash, kufuneka ngokufanelekileyo sifane nesicelo sokulayisha (okanye sicetywa ukuba sibe njalo), okanye nokuba "sele" (siqulethe iindawo ezimbalwa kwisicelo sombuzo kunesicelo sokulayisha). Kwimeko apho isicelo sombuzo sinemihlaba emininzi kunesicelo sokulayisha, awuyi kufumana lonke ulwazi olufunekayo kwimpendulo.
Nanku umzekelo wempendulo kumbuzo apho ingafunyanwanga yonke idatha efunekayo
{
"response": [
{
"status": {
"code": 1006,
"label": "PARTIALLY_FOUND",
"message": "The request cannot be fully answered at this time."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te",
"extraction"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
},
"extraction": {
"method": "pdf",
"tex_product": false,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Nikelani ingqalelo emasimini ikhowudi ΠΈ yokurekhoda. La macandelo avela kathathu kwizichazi-magama ezisemgangathweni. Okokuqala sibona iqhosha lehlabathi jikelele "ikhowudi": 1006 kunye ne "ileyibhile": "PARTIALLY_FOUND". Okulandelayo, ezi zitshixo zifunyenwe kwicandelo ngalinye ngalinye esilicelileyo - i kunye nokukhutshwa. Kwaye ukuba i-te icacile ukuba idatha ifunyenwe, ngoko ukutsalwa akukho lwazi.
Le yindlela umbuzo owawubukeka ngayo kumzekelo ongasentla
{ "request": [
{
"sha256": {{sha256}},
"features": ["te", "extraction"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Ukuba uthumela isicelo sombuzo ngaphandle kwecandelo lokutsalwa
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Emva koko impendulo iya kuba nolwazi olupheleleyo (βikhowudiβ: 1001, βileyibhileβ: βFUMANEβ)
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Ukuba akukho lwazi kwi-cache konke konke, impendulo iya kuba "ileyibhile": "AYIFUMANI"
{
"response": [
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd91",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Kwifowuni enye ye-API, ungathumela iimali ezininzi ze-hash ngaxeshanye ukuze uqinisekiswe. Impendulo iya kubuyisela idatha ngendlela efanayo njengoko ithunyelwe kwisicelo.
Umzekelo wombuzo wesicelo kunye neemali ezininzi ze-sha256
{ "request": [
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81"
},
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82"
}
]
}Impendulo kumbuzo ngeemali ezininzi ze-sha256
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81",
"file_type": "dll",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
},
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Ukucela i-hash sums ezininzi ngexesha elinye kwisicelo sombuzo kuya kuba nefuthe elihle ekusebenzeni komncedisi we-API.
Khuphela umnxeba we-API
Indlela esetyenziswayo - POST (ngokwamaxwebhu), GET iyasebenza (kwaye inokubonakala isengqiqweni ngakumbi)
Idilesi yomnxeba - https:///tecloud/api/v1/file/download?id=
I-header idinga ukuba isitshixo se-API sigqithiswe, umzimba wesicelo awunanto, i-id yokukhuphela idluliselwe kwidilesi ye-URL.
Ukuphendula kwisicelo sombuzo, ukuba ukulinganisa kugqityiwe kwaye iingxelo ziceliwe xa ukhuphela ifayile, i-id yokukhuphela iingxelo iya kubonakala. Ukuba ikopi ecociweyo iceliwe, kufuneka ujonge i-id ukukhuphela uxwebhu olucociweyo.
Lilonke, izitshixo kwimpendulo kumbuzo oqulathe ixabiso le-id yokulayisha zinga:
-
isishwankathelo_ingxelo
-
ingxelo_egcweleyo
-
pdf_ingxelo
-
xml_ingxelo
-
id_yefayile_yokukhuphela_iid
Ngokuqinisekileyo, ukuze ufumane ezi zitshixo ekuphenduleni isicelo sombuzo, kufuneka zichazwe kwisicelo (kwiingxelo) okanye ukhumbule ukwenza isicelo usebenzisa umsebenzi wokukhupha (kumaxwebhu ahlambulukileyo)
Quota API call
Indlela esetyenziswayo - POST
Idilesi yomnxeba - https:///tecloud/api/v1/file/quota
Ukujonga umlinganiselo oseleyo efini, sebenzisa umbuzo womlinganiselo. Umzimba wesicelo awunanto.
Umzekelo impendulo kwisicelo sesabelo
{
"response": [
{
"remain_quota_hour": 1250,
"remain_quota_month": 10000000,
"assigned_quota_hour": 1250,
"assigned_quota_month": 10000000,
"hourly_quota_next_reset": "1599141600",
"monthly_quota_next_reset": "1601510400",
"quota_id": "TEST",
"cloud_monthly_quota_period_start": "1421712300",
"cloud_monthly_quota_usage_for_this_gw": 0,
"cloud_hourly_quota_usage_for_this_gw": 0,
"cloud_monthly_quota_usage_for_quota_id": 0,
"cloud_hourly_quota_usage_for_quota_id": 0,
"monthly_exceeded_quota": 0,
"hourly_exceeded_quota": 0,
"cloud_quota_max_allow_to_exceed_percentage": 1000,
"pod_time_gmt": "1599138715",
"quota_expiration": "0",
"action": "ALLOW"
}
]
}I-API yoThintelo lweNgozi yoKhuseleko lweSango
Le API yaphuhliswa phambi kwe-Treat Prevention API kwaye yenzelwe kuphela izixhobo zendawo. Okwangoku inokuba luncedo kuphela ukuba ufuna iTreat Extraction API. Ukulinganisa iTreat Emulation kungcono ukusebenzisa iAPI yoThintelo lweTreat rhoqo. Ukuvula TP API for SG kwaye uqwalasele isitshixo se-API ofuna ukulandela amanyathelo ukusuka . Ndincoma ukuba ubeke ingqalelo kwisinyathelo 6b kwaye ukhangele ukufikeleleka kwephepha https://<IPAddressofSecurityGateway>/UserCheck/TPAPI kuba kwimeko yesiphumo esibi, uqwalaselo olongezelelweyo alunangqiqo. Zonke iifowuni ze-API ziya kuthunyelwa kule url. Uhlobo lokufowuna (ukulayisha/umbuzo) lulawulwa kwiqhosha lomzimba wokufowuna - isicelo_igama. Kwakhona ezifunekayo izitshixo -api_isitshixo (kufuneka uyikhumbule ngexesha lenkqubo yoqwalaselo) kwaye iprotocol_version (inguqulelo yangoku yi-1.1). Ungafumana amaxwebhu asemthethweni ale API apha . Izibonelelo ezihambelanayo zibandakanya ukukwazi ukuthumela iifayile ezininzi ngexesha elinye ukuze zilinganiswe xa zilayishwa, kuba iifayile zithunyelwa njenge-base64 text string. Ukufaka ikhowudi/ukuguqula iifayile ukuya/ukusuka kwisiseko64 ungasebenzisa isiguquli se-intanethi kwi-Postman ngeenjongo zokubonisa, umzekelo - . Ngeenjongo eziphathekayo, kufuneka usebenzise i-encode eyakhelwe-ngaphakathi kunye neendlela zekhowudi xa ubhala ikhowudi.
Ngoku makhe sijonge ngakumbi kwimisebenzi te ΠΈ ukukhupha kule API.
Kwicandelo te isichazi-magama sinikezelwe ii_iinketho kwizicelo zokulayisha/umbuzo, kwaye izitshixo kwesi sicelo zingqinelana ngokupheleleyo nezitshixo ze-te ku .
Umzekelo wesicelo sokulinganisa ifayile kwiWin10 ngeengxelo
{
"request": [{
"protocol_version": "1.1",
"api_key": "<api_key>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "<filename>",
"te_options": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": ["summary", "xml"]
}
}
]
}Kwicandelo ukukhupha isichazi-magama sinikezelwe scrub_options. Esi sicelo sichaza indlela yokucoca: guqulela kwi-PDF, cacisa umxholo osebenzayo, okanye ukhethe imodi ngokuhambelana neprofayili yokuThintela iTreat (igama leprofayili libonisiwe). Into enkulu malunga nokuphendula kwisicelo se-API sokutsalwa kwefayile kukuba ufumana ikopi ecociweyo kwimpendulo yeso sicelo njengoluhlu olufihliweyo lwe-base64 (akuyomfuneko ukuba wenze isicelo sombuzo kwaye ujonge i-id ukukhuphela uxwebhu)
Umzekelo wesicelo sokucoca ifayile
{
"request": [{
"protocol_version": "1.1",
"api_key": "<API_KEY>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "hi.txt",
"scrub_options": {
"scrub_method": 2
}
}]
}Phendula isicelo
{
"response": [{
"protocol_version": "1.1",
"src_ip": "<IP_ADDRESS>",
"scrub": {
"file_enc_data": "<base64_encoded_converted_to_PDF_file>",
"input_real_extension": "js",
"message": "OK",
"orig_file_url": "",
"output_file_name": "hi.cleaned.pdf",
"protection_name": "Extract potentially malicious content",
"protection_type": "Conversion to PDF",
"real_extension": "txt",
"risk": 0,
"scrub_activity": "TXT file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0,
"scrub_time": "0.011",
"scrubbed_content": ""
}
}]
} Ngaphandle kwenyani yokuba izicelo ezimbalwa ze-API ezifunekayo ukufumana ikopi ecinyiweyo, ndifumana olu khetho lungathandeki kwaye lufanelekile kunesicelo sedatha-esetyenzisiweyo .
IiNgqokelela zePostman
Ndidale iingqokelela kwi-Postman kuzo zombini i-API yoThintelo lweTreat kunye ne-API yoThintelo lweTreat yoKhuseleko lweSango, emele ezona zicelo zixhaphakileyo ze-API. Ukuze umncedisi we-ip / url API kunye nesitshixo sifakwe ngokuzenzekelayo kwizicelo, kwaye inani le-hash ye-sha256 likhunjulwe emva kokukhuphela ifayile, izinto ezintathu eziguquguqukayo zenziwe ngaphakathi kweengqokelela (ungazifumana ngokuya kwizicwangciso zokuqokelela. Hlela -> Iiguquguquko): te_api (iyafuneka), api_key (ifuneka ukuba izaliswe, ngaphandle kwaxa usebenzisa i-TP API enezixhobo zasekuhlaleni), sha256 (shiya ingenanto, ayisetyenziswanga kwi-TP API yeSG).
Imizekelo yokuSebenzisa
Eluntwini izikripthi ezibhalwe kwiPython zinikezelwe ezijonga iifayile kulawulo olufunwayo ngokusebenzisa , kwaye . Ngokunxibelelana ne-API yoThintelo loMsongelo, ukukwazi kwakho ukuskena iifayile kwandiswa kakhulu, kuba ngoku ungaskena iifayile kumaqonga amaninzi ngexesha elinye (ukukhangela , kwaye emva koko kwibhokisi yesanti ye-Check Point), kwaye ufumane iifayile kungekhona kuphela kwi-traffic yenethiwekhi, kodwa kwakhona uzithathe kuyo nayiphi na i-network drives kwaye, umzekelo, iinkqubo zeCRM.
umthombo: www.habr.com