Lesi sihloko sizoba usizo kulabo abajwayele ubuchwepheshe Hlola i-Point ngokulingisa ifayela (Ukulingisa Usongo) nokuhlanza ifayela okusebenzayo (Ukukhipha Usongo) futhi ifuna ukuthatha isinyathelo esibheke ekwenzeni le misebenzi ngokuzenzakalelayo. I-Check Point ine , esebenza kokubili efwini nakumadivayisi wendawo, futhi ngokusebenza kuyafana nokuhlola amafayela ku-web/smtp/ftp/smb/nfs traffic streams. Lesi sihloko ngokwengxenye siyincazelo yombhali yesethi yama-athikili avela kumadokhumenti asemthethweni, kodwa ngokusekelwe kokuhlangenwe nakho kwami kokusebenza kanye nezibonelo zami. Futhi esihlokweni uzothola amaqoqo ombhali we-Postman ukuze asebenze ne-Threat Prevention API.
Izifinyezo eziyisisekelo
I-Threat Prevention API isebenza nezingxenye ezintathu ezibalulekile, ezibizwa ku-API ngamavelu ombhalo alandelayo:
av - Ingxenye ye-Anti-Virus, ebhekele ukuhlaziywa kwesiginesha kwezinsongo ezaziwayo.
te - Ingxenye Yokulingisa Okusongelayo, enesibopho sokuhlola amafayela ku-sandbox, nokwenza isinqumo esinonya/esibi ngemva kokulingisa.
ukukhipha - Ingxenye ye-Treat Extraction, enesibopho sokuguqula ngokushesha amadokhumenti ehhovisi abe ifomu eliphephile (lapho kususwa konke okuqukethwe okunonya), ukuze kuhanjiswe ngokushesha kubasebenzisi/amasistimu.
Isakhiwo se-API kanye nemikhawulo eyinhloko
I-Threat Prevention API isebenzisa izicelo ezi-4 kuphela − layisha, buza, landa kanye nesabelo. Kunhlokweni kuzo zonke izicelo ezine udinga ukudlulisa ukhiye we-API usebenzisa ipharamitha Ukugunyazwa. Uma uthi nhlá, isakhiwo singase sibonakale silula kakhulu kunasesikuyo , kodwa inani lezinkambu ekulayishweni nasekuceleni imibuzo kanye nesakhiwo salezi zicelo kuyinkimbinkimbi. Lokhu kungaqhathaniseka ngokusebenza namaphrofayili Okuvikela Usongo kunqubomgomo yokuphepha yesango/lebhokisi lesihlabathi.
Okwamanje, okuwukuphela kwenguqulo ye-Threat Prevention API isikhishiwe - 1.0; i-URL yamakholi we-API kufanele ihlanganise v1 engxenyeni lapho udinga ukucacisa khona inguqulo. Ngokungafani ne-API Yokuphatha, kuyadingeka ukukhombisa inguqulo ye-API ku-URL, ngaphandle kwalokho isicelo ngeke senziwe.
Ingxenye ye-Anti-Virus, uma ibizwa ngaphandle kwezinye izingxenye (te, extraction), okwamanje isekela kuphela izicelo zemibuzo nge-md5 hash sums. Ukulingisa Usongo kanye Nokukhishwa Kosongo nakho kusekela i-sha1 ne-sha256 hashi sums.
Kubaluleke kakhulu ukuthi ungawenzi amaphutha emibuzweni! Isicelo singenziwa ngaphandle kwephutha, kodwa hhayi ngokuphelele. Uma sibheka phambili kancane, ake sibheke ukuthi yini engenzeka uma kukhona amaphutha/ukuthayipha emibuzweni.
Cela nge-typo ngegama elithi imibiko(imibiko)
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reportss: ["tar", "pdf", "xml"]
}
}
]
}Ngeke kube nephutha empendulweni, kodwa ngeke libe khona nhlobo ulwazi mayelana nemibiko
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Kodwa ngesicelo ngaphandle kokuthayipha kukhiye wemibiko
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reports: ["tar", "pdf", "xml"]
}
}
]
}Sithola impendulo esivele iqukethe i-id yokulanda imibiko
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "b684066e-e41c-481a-a5b4-be43c27d8b65",
"pdf_report": "e48f14f1-bcc7-4776-b04b-1a0a09335115",
"xml_report": "d416d4a9-4b7c-4d6d-84b9-62545c588963"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Uma sithumela ukhiye we-API ongalungile/ophelelwe yisikhathi, sizothola iphutha le-403 ekuphenduleni.
I-SandBlast API: emafini nakumadivayisi asendaweni
Izicelo ze-API zingathunyelwa kumadivayisi Wokuhlola Anengxenye Yokulingisa Usongo enikwe amandla (i-blade). Njengekheli lezicelo, udinga ukusebenzisa i-ip/url yocingo kanye nembobo 18194 (isibonelo, https://10.10.57.19:18194/tecloud/api/v1/file/query). Kufanele futhi uqinisekise ukuthi inqubomgomo yezokuphepha kudivayisi ivumela lokhu kuxhumeka. Ukugunyazwa ngokhiye we-API kumadivayisi asendaweni ngokuzenzakalelayo icishiwe kanye nokhiye Wokugunyaza kumaheda esicelo angase angathunyelwa nhlobo.
Izicelo ze-API efwini le-CheckPoint kufanele zithunyelwe kulo te.checkpoint.com (isibonelo - https://te.checkpoint.com/tecloud/api/v1/file/query). Ukhiye we-API ungatholwa njengelayisense yesilingo izinsuku ezingama-60 ngokuthinta ozakwethu be-Check Point noma ihhovisi lendawo lenkampani.
Kumadivayisi asendaweni, i-Threat Extraction ayikasekelwa njengokujwayelekile. futhi kufanele isetshenziswe (sizokhuluma ngakho ngokuningiliziwe ekupheleni kwesihloko).
Imishini yasendaweni ayisekeli isicelo sesabelo.
Uma kungenjalo, awukho umehluko phakathi kwezicelo eziya kumadivayisi wendawo kanye nefu.
Layisha ikholi ye-API
Indlela esetshenzisiwe - I-POST
Ikheli lekholi - https:///tecloud/api/v1/file/upload
Isicelo siqukethe izingxenye ezimbili (idatha yefomu): ifayela elihloselwe ukulingisa/ukuhlanza kanye nendikimba yesicelo enombhalo.
Isicelo sombhalo asikwazi ukungabi nalutho, kodwa singase singaqukathi noma yikuphi ukucushwa. Ukuze isicelo siphumelele, kufanele uthumele okungenani umbhalo olandelayo esicelweni:
Kudingeka ubuncane besicelo sokulayisha
I-HTTP POST
https:///tecloud/api/v1/file/upload
Izihloko:
Ukugunyazwa:
umzimba
{
"sicelo": {
}
}
Ifayela
Ifayela
Kulokhu, ifayela lizocutshungulwa ngokuhambisana nemingcele ezenzakalelayo: ingxenye - te, izithombe ze-OS - Win XP bese Win 7, ngaphandle kokwenza umbiko.
Amazwana ezinkambini eziyinhloko esicelweni sombhalo:
igama lefayela и uhlobo_lwefayela Ungawashiya engenalutho noma ungawathumeli nhlobo, njengoba lokhu akulona ulwazi oluwusizo ngokukhethekile lapho ulayisha ifayela. Empendulweni ye-API, lezi zinkambu zizogcwaliswa ngokuzenzakalelayo ngokusekelwe egameni lefayela elilandiwe, futhi ulwazi olugcinwe kunqolobane kusazodingeka luseshwe kusetshenziswa amanani we-md5/sha1/sha256 hashi.
Isicelo esiyisibonelo esinegama_lefayela_elingenalutho kanye nohlobo_lwefayela
{
"request": {
"file_name": "",
"file_type": "",
}
}izici — uhlu olubonisa ukusebenza okudingekayo lapho kucutshungulwa ku-sandbox - av (Anti-Virus), te (Ukulingisa Okusongelayo), ukukhishwa (Ukukhishwa Okusongelayo). Uma le pharamitha ingadluliswanga nhlobo, khona-ke ingxenye ezenzakalelayo kuphela ezosetshenziswa - te (Ukulingisa Okusongelayo).
Ukuze unike amandla ukuhlola izingxenye ezintathu ezitholakalayo, udinga ukucacisa lezi zingxenye esicelweni se-API.
Isibonelo sesicelo ngokungena ku-av, te kanye nokukhipha
{ "request": [
{
"sha256": {{sha256}},
"features": ["av", "te", "extraction"]
}
]
}Okhiye esigabeni sika-te
izithombe — uhlu oluqukethe izichazamazwi ezine-id nenombolo yokubuyekeza yezinhlelo zokusebenza lapho ukuhlolwa kuzokwenziwa khona. Ama-ID nezinombolo zokubuyekeza ziyefana kuwo wonke amadivayisi asendaweni namafu.
Uhlu lwezinhlelo zokusebenza nezibuyekezo
I-ID yesithombe se-OS etholakalayo
Kubuyeketa
I-OS yesithombe kanye nohlelo lokusebenza
e50e99f3-5963-4573-af9e-e3f4750b55e2
1
Microsoft Windows: XP - 32bit SP3
Office: 2003, 2007
I-Adobe Acrobat Reader: 9.0
Flash Player 9r115 futhi I-ActiveX 10.0
Isikhathi sokusebenza se-Java: 1.6.0u22
7e6fe36e-889e-4c25-8704-56378f0830df
1
Microsoft Windows: 7 - 32 bit
Office: 2003, 2007
I-Adobe Acrobat Reader: 9.0
I-Flash Player: 10.2r152 (Xhuma& I-ActiveX)
Isikhathi sokusebenza se-Java: 1.6.0u0
8d188031-1010-4466-828b-0cd13d4303ff
1
Microsoft Windows: 7 - 32 bit
Office: 2010
I-Adobe Acrobat Reader: 9.4
I-Flash Player: 11.0.1.152 (Xhuma & I-ActiveX)
Isikhathi sokusebenza se-Java: 1.7.0u0
5e5de275-a103-4f67-b55b-47532918fa59
1
Microsoft Windows: 7 - 32 bit
Office: 2013
I-Adobe Acrobat Reader: 11.0
I-Flash Player: 15 (Xhuma & I-ActiveX)
Isikhathi sokusebenza se-Java: 1.7.0u9
3ff3ddae-e7fd-4969-818c-d5f1a2be336d
1
Microsoft Windows: 7 - 64 bit
Office: 2013 (32bit)
I-Adobe Acrobat Reader: 11.0.01
I-Flash Player: 13 (Xhuma & I-ActiveX)
Isikhathi sokusebenza se-Java: 1.7.0u9
6c453c9b-20f7-471a-956c-3198a868dc92
1
Microsoft Windows: 8.1 - 64 bit
Office: 2013 (64bit)
I-Adobe Acrobat Reader: 11.0.10
I-Flash Player: 18.0.0.160 (Xhuma & I-ActiveX)
Isikhathi sokusebenza se-Java: 1.7.0u9
10b4a9c6-e414-425c-ae8b-fe4dd7b25244
1
Microsoft Windows: 10
Office: Professional Plus 2016 en-us
I-Adobe Acrobat Reader: DC 2015 MUI
I-Flash Player: 20 (Xhuma & I-ActiveX)
Isikhathi sokusebenza se-Java: 1.7.0u9
Uma ukhiye wezithombe ungacacisiwe nhlobo, khona-ke ukulingisa kuzokwenzeka ezithombeni ezinconywe i-Check Point (okwamanje Win XP kanye ne-Win 7). Lezi zithombe zinconywa ngokusekelwe ekucatshangelweni kwebhalansi engcono kakhulu yokusebenza nezinga lokubamba.
imibiko - uhlu lwemibiko esiyicelayo uma kwenzeka ifayela liba nonya. Izinketho ezilandelayo ziyatholakala:
-
isifinyeto - Ingobo yomlando ye-.tar.gz equkethe umbiko wokulingisa ngo kubo bonke izithombe eziceliwe (kokubili ikhasi le-html kanye nezingxenye ezifana nevidiyo evela kusifanisi se-OS, indawo yokulahla ithrafikhi yenethiwekhi, umbiko ku-json, kanye nesampula ngokwalo kungobo yomlando evikelwe ngephasiwedi). Sifuna ukhiye empendulweni - isifinyezo_bika ukuze kulandwe umbiko.
-
PDF - idokhumenti mayelana nokulingisa ku eyodwa isithombe, abaningi abajwayele ukusithola nge-Smart Console. Sifuna ukhiye empendulweni - pdf_report ukuze kulandwe umbiko.
-
xml - idokhumenti mayelana nokulingisa ku eyodwa isithombe, esilungele ukuncozululwa okulandelayo kwamapharamitha embikweni. Sifuna ukhiye empendulweni - xml_report ukuze kulandwe umbiko.
-
i-tar - Ingobo yomlando ye-.tar.gz equkethe umbiko wokulingisa kuwo eyodwa izithombe eziceliwe (kokubili ikhasi le-html kanye nezingxenye ezifana nevidiyo evela kusifanisi se-OS, indawo yokulahla ithrafikhi yenethiwekhi, umbiko ku-json, kanye nesampula ngokwalo kungobo yomlando evikelwe ngephasiwedi). Sifuna ukhiye empendulweni - umbiko_ogcwele ukuze kulandwe umbiko.
Yini engaphakathi kombiko wesifinyezo
Okhiye full_report, pdf_report, xml_report bakusichazamazwi se-OS ngayinye
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9e6f07d03b37db0d3902bde4e239687a9e3d650e8c368188c7095750e24ad2d5",
"file_type": "html",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "8d18067e-b24d-4103-8469-0117cd25eea9",
"pdf_report": "05848b2a-4cfd-494d-b949-6cfe15d0dc0b",
"xml_report": "ecb17c9d-8607-4904-af49-0970722dd5c8"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "d7c27012-8e0c-4c7e-8472-46cc895d9185",
"pdf_report": "488e850c-7c96-4da9-9bc9-7195506afe03",
"xml_report": "e5a3a78d-c8f0-4044-84c2-39dc80ddaea2"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Kodwa ukhiye we-summary_report - kukhona owokulingisa ngokujwayelekile
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "d57eadb7b2f91eea66ea77a9e098d049c4ecebd5a4c70fb984688df08d1fa833",
"file_type": "exe",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "c9a1767b-741e-49da-996f-7d632296cf9f",
"xml_report": "cc4dbea9-518c-4e59-b6a3-4ea463ca384b"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "ba520713-8c0b-4672-a12f-0b4a1575b913",
"xml_report": "87bdb8ca-dc44-449d-a9ab-2d95e7fe2503"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"summary_report": "7e7db12d-5df6-4e14-85f3-2c1e29cd3e34",
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Ungacela i-tar ne-xml nemibiko ye-pdf ngesikhathi esifanayo, ungacela isifinyezo kanye ne-tar ne-xml. Ngeke kwenzeke ukucela umbiko ofinyeziwe kanye ne-pdf ngesikhathi esifanayo.
Okhiye esigabeni sokukhipha
Ukuze kukhishwe izinsongo, kusetshenziswa okhiye ababili kuphela:
indlela — pdf (guqulela ku-pdf, esetshenziswa ngokuzenzakalelayo) noma hlanza (ukuhlanza okuqukethwe okusebenzayo).
amakhodi_ezingxenye_ezikhishiwe - Uhlu lwamakhodi okukhipha okuqukethwe okusebenzayo, olusebenza kuphela endleleni ehlanzekile
Amakhodi okukhipha okuqukethwe kumafayela
Ikhodi
Incazelo
1025
Izinto Ezixhunyiwe
1026
Amakhrosi namakhodi
1034
Izixhumanisi Ezizwelayo
1137
PDF GoToR Izenzo
1139
Izenzo Zokwethula I-PDF
1141
PDF URI Izenzo
1142
Izenzo Zomsindo we-PDF
1143
PDF Movie Izenzo
1150
PDF JavaScript Actions
1151
I-PDF Thumela Izenzo Zefomu
1018
Imibuzo Yesizindalwazi
1019
Izinto Ezishumekiwe
1021
Fast Londoloza Idatha
1017
Izakhiwo Zokwezifiso
1036
Izakhiwo Zezibalo
1037
Izakhiwo ezifingqiwe
Ukuze ulande ikhophi ehlanziwe, uzodinga futhi ukwenza isicelo sombuzo (okuzoxoxwa ngakho ngezansi) ngemva kwemizuzwana embalwa, ucacise inani le-hash lefayela kanye nengxenye yokukhipha embhalweni wesicelo. Ungathatha ifayela elihlanziwe usebenzisa i-id empendulweni yombuzo - extracted_file_download_id. Nakulokhu, ngibheka phambili kancane, nginikeza izibonelo zesicelo kanye nempendulo yombuzo ukucinga i-id yokulanda idokhumenti esuliwe.
Isicelo sombuzo sokucinga ukhiye_wefayela_yokulanda_okukhishwayo
{ "request": [
{
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"features": ["extraction"] ,
"extraction": {
"method": "pdf"
}
}
]
}Impendulo embuzweni (bheka ukhiye_wefayela_wokulanda_okhishiwe)
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"file_type": "",
"file_name": "",
"features": [
"extraction"
],
"extraction": {
"method": "pdf",
"extract_result": "CP_EXTRACT_RESULT_SUCCESS",
"extracted_file_download_id": "b5f2b34e-3603-4627-9e0e-54665a531ab2",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"time": "0.013",
"extract_content": "Macros and Code",
"extraction_data": {
"input_extension": "xls",
"input_real_extension": "xls",
"message": "OK",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"protection_name": "Potential malicious content extracted",
"protection_type": "Conversion to PDF",
"protocol_version": "1.0",
"risk": 5.0,
"scrub_activity": "Active content was found - XLS file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0.0,
"scrub_time": "0.013",
"scrubbed_content": "Macros and Code"
},
"tex_product": false,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Ulwazi jikelele
Kwikholi eyodwa ye-API, ungathumela ifayela elilodwa kuphela ukuze liqinisekiswe.
Ingxenye ye-av ayidingi ingxenye eyengeziwe enokhiye, kwanele ukuyicacisa kusichazamazwi izici.
Ikholi ye-API yombuzo
Indlela esetshenzisiwe - I-POST
Ikheli lekholi - https:///tecloud/api/v1/file/query
Ngaphambi kokuthumela ifayela ukuze lilandwe (isicelo sokulayisha), kuyatuseka ukuthi uhlole inqolobane ye-sandbox (isicelo sombuzo) ukuze ukwandise umthwalo kuseva ye-API, njengoba iseva ye-API kungenzeka isivele inolwazi kanye nesinqumo efayeleni elilandiwe. Ucingo luqukethe kuphela ingxenye yombhalo. Ingxenye edingekayo yesicelo inani le-hash elingu-sha1/sha256/md5 lefayela. Ngendlela, ungayithola empendulweni yesicelo sokulayisha.
Kudingeka ubuncane bombuzo
I-HTTP POST
https:///tecloud/api/v1/file/query
Izihloko:
Ukugunyazwa:
umzimba
{
"sicelo": {
"sha256":
}
}
Isibonelo sempendulo esicelweni sokulayisha, lapho amanani ka-sha1/md5/sha256 hashi abonakala
{
"response": {
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
},
"sha1": "954b5a851993d49ef8b2412b44f213153bfbdb32",
"md5": "ac29b7c26e7dcf6c6fdb13ac0efe98ec",
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "",
"file_name": "kp-20-doc.doc",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
}
}
}
}Isicelo sombuzo, ngaphezu kwenani le-hashi, kufanele sifane nesicelo sokulayisha (noma esihlelelwe ukuba sibe njalo), noma “sesivele vele” (siqukathe izinkambu ezimbalwa esicelweni sombuzo kunesicelo sokulayisha). Esimeni lapho isicelo sombuzo siqukethe izinkambu eziningi kunalezo ebezisesicelweni sokulayisha, ngeke uthole lonke ulwazi oludingekayo empendulweni.
Nasi isibonelo sempendulo embuzweni lapho kungatholwanga yonke idatha edingekayo
{
"response": [
{
"status": {
"code": 1006,
"label": "PARTIALLY_FOUND",
"message": "The request cannot be fully answered at this time."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te",
"extraction"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
},
"extraction": {
"method": "pdf",
"tex_product": false,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Naka amasimu Ikhodi и ilebula. Lezi zindawo zivela kathathu ezichazamazwini zesimo. Okokuqala sibona ukhiye womhlaba wonke “ikhodi”: 1006 kanye “nelebula”: “PARTIALLY_FOUND”. Okulandelayo, lezi zihluthulelo zitholwa engxenyeni ngayinye ngayinye esiyicelile - te kanye nokukhipha. Futhi uma ngenxa ye-te kusobala ukuthi idatha itholakele, khona-ke ukukhishwa akukho lwazi.
Yile ndlela umbuzo obubukeka ngayo kulesi sibonelo esingenhla
{ "request": [
{
"sha256": {{sha256}},
"features": ["te", "extraction"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Uma uthumela isicelo sombuzo ngaphandle kwengxenye yokukhipha
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}Ngemva kwalokho impendulo izoqukatha ulwazi oluphelele (“ikhodi”: 1001, “ilebula”: “ITHOLAKALE”)
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}Uma lungekho nhlobo ulwazi kunqolobane, impendulo izoba “ilebula”: “AKUTHOLAKALI”
{
"response": [
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd91",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Kwikholi eyodwa ye-API, ungathumela amanani ama-hashi ambalwa ngesikhathi esisodwa ukuze kuqinisekiswe. Impendulo izobuyisela idatha ngendlela efanayo naleyo ethunyelwe ngayo esicelweni.
Isicelo sombuzo wesibonelo esinamanani amaningana we-sha256
{ "request": [
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81"
},
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82"
}
]
}Impendulo embuzweni onamanani amaningi we-sha256
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81",
"file_type": "dll",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
},
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}Ukucela izilinganiso ze-hashi ezimbalwa ngesikhathi esisodwa esicelweni sombuzo nakho kuzoba nomthelela omuhle ekusebenzeni kweseva ye-API.
Landa ikholi ye-API
Indlela esetshenzisiwe - I-POST (ngokusho kwemibhalo), Thola futhi iyasebenza (futhi ingase ibonakale inengqondo)
Ikheli lekholi - https:///tecloud/api/v1/file/download?id=
Unhlokweni udinga ukuthi ukhiye we-API uphasiswe, umzimba wesicelo awunalutho, i-id yokulanda idluliswa ekhelini le-URL.
Ngempendulo yesicelo sombuzo, uma ukulingisa kuqediwe futhi imibiko iceliwe ngenkathi kulandwa ifayela, i-id yokulanda imibiko izobonakala. Uma ikhophi ehlanzekile iceliwe, kufanele ubheke i-id ukuze ulande idokhumenti ehlanziwe.
Sekukonke, okhiye empendulweni yombuzo oqukethe inani le-id lokulayisha bangaba:
-
isifinyezo_bika
-
umbiko_ogcwele
-
pdf_report
-
xml_report
-
i-id_yokulanda_yefayela_ekhishiwe
Yiqiniso, ukuze uthole lezi zihluthulelo ekuphenduleni isicelo sombuzo, kufanele zicaciswe esicelweni (semibiko) noma ukhumbule ukwenza isicelo usebenzisa umsebenzi wokukhipha (kumadokhumenti ahlanziwe)
Ikholi ye-Quota API
Indlela esetshenzisiwe - I-POST
Ikheli lekholi - https:///tecloud/api/v1/file/quota
Ukuze uhlole isabelo esisele efwini, sebenzisa umbuzo we-quota. Umzimba wesicelo awunalutho.
Isibonelo sempendulo esicelweni sesabelo
{
"response": [
{
"remain_quota_hour": 1250,
"remain_quota_month": 10000000,
"assigned_quota_hour": 1250,
"assigned_quota_month": 10000000,
"hourly_quota_next_reset": "1599141600",
"monthly_quota_next_reset": "1601510400",
"quota_id": "TEST",
"cloud_monthly_quota_period_start": "1421712300",
"cloud_monthly_quota_usage_for_this_gw": 0,
"cloud_hourly_quota_usage_for_this_gw": 0,
"cloud_monthly_quota_usage_for_quota_id": 0,
"cloud_hourly_quota_usage_for_quota_id": 0,
"monthly_exceeded_quota": 0,
"hourly_exceeded_quota": 0,
"cloud_quota_max_allow_to_exceed_percentage": 1000,
"pod_time_gmt": "1599138715",
"quota_expiration": "0",
"action": "ALLOW"
}
]
}I-Threat Prevention API ye-Security Gateway
Le API yasungulwa ngaphambi kwe-Threat Prevention API futhi ihloselwe amadivayisi endawo kuphela. Okwamanje kungaba usizo kuphela uma udinga i-Threat Extraction API. Ngokulingisa Usongo kungcono ukusebenzisa i-Threat Prevention API evamile. Ukuze uvule I-TP API ye-SG futhi ulungiselele ukhiye we-API odinga ukulandela izinyathelo ukusuka kuwo . Ngincoma ukuthi unake isinyathelo 6b futhi uhlole ukufinyeleleka kwekhasi https://<IPAddressofSecurityGateway>/UserCheck/TPAPI ngoba uma kuba nomphumela ongemuhle, ukucushwa okwengeziwe akuwenzi umqondo. Wonke amakholi we-API azothunyelwa kule-url. Uhlobo lwekholi (ukulayisha/umbuzo) lulawulwa kukhiye womzimba wekholi − isicelo_igama. Okhiye abadingekayo nabo - api_key (udinga ukuyikhumbula ngesikhathi senqubo yokumisa) futhi inguqulo_yephrothokholi (inguqulo yamanje ithi 1.1). Ungathola imibhalo esemthethweni yale API kokuthi . Izinzuzo ezihlobene zifaka phakathi ikhono lokuthumela amafayela amaningana ngesikhathi esisodwa ukuze alingise lapho elayisha, njengoba amafayela athunyelwa njengeyunithi yezinhlamvu yombhalo ye-base64. Ukufaka ikhodi/ukukhipha ikhodi amafayela kuye/kusuka ku-base64 ungasebenzisa isiguquli esiku-inthanethi ku-Postman ngezinjongo zokubonisa, isibonelo - . Ngezinjongo ezingokoqobo, kufanele usebenzise i-encode eyakhelwe ngaphakathi futhi unqume izindlela lapho ubhala ikhodi.
Manje ake sibhekisise imisebenzi te и ukukhipha kule API.
Okwengxenye te isichazamazwi esinikeziwe te_options ezicelweni zokulayisha/umbuzo, futhi okhiye kulesi sicelo baqondana ngokuphelele nokhiye be-te ku .
Isibonelo sesicelo sokulingisa ifayela kuWin10 ngemibiko
{
"request": [{
"protocol_version": "1.1",
"api_key": "<api_key>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "<filename>",
"te_options": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": ["summary", "xml"]
}
}
]
}Okwengxenye ukukhipha isichazamazwi esinikeziwe khuhla_izinketho. Lesi sicelo sicacisa indlela yokuhlanza: guqulela ku-PDF, sula okuqukethwe okusebenzayo, noma khetha imodi ngokuvumelana nephrofayela Yokuvimbela Usongo (igama lephrofayela liyaboniswa). Into enhle mayelana nokuphendula isicelo se-API sokukhipha ifayela ukuthi uthola ikhophi ehlanzekile empendulweni yaleso sicelo njengeyunithi yezinhlamvu ebethelwe ye-base64 (awudingi ukwenza isicelo bese ubheka i-id ukuze ulande idokhumenti)
Isibonelo sesicelo sokusula ifayela
{
"request": [{
"protocol_version": "1.1",
"api_key": "<API_KEY>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "hi.txt",
"scrub_options": {
"scrub_method": 2
}
}]
}Phendula isicelo
{
"response": [{
"protocol_version": "1.1",
"src_ip": "<IP_ADDRESS>",
"scrub": {
"file_enc_data": "<base64_encoded_converted_to_PDF_file>",
"input_real_extension": "js",
"message": "OK",
"orig_file_url": "",
"output_file_name": "hi.cleaned.pdf",
"protection_name": "Extract potentially malicious content",
"protection_type": "Conversion to PDF",
"real_extension": "txt",
"risk": 0,
"scrub_activity": "TXT file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0,
"scrub_time": "0.011",
"scrubbed_content": ""
}
}]
} Ngaphandle kweqiniso lokuthi izicelo ze-API ezimbalwa ezidingekayo ukuze uthole ikhophi esuliwe, ngithola le nketho ingathandeki futhi ilula kunesicelo sedatha yefomu esetshenziswa .
Amaqoqo e-postman
Ngidale amaqoqo ku-Postman kukho kokubili i-Threat Prevention API kanye ne-Threat Prevention API ye-Security Gateway, emele izicelo ezivame kakhulu ze-API. Ukuze iseva ye-ip/url API kanye nokhiye kufakwe ngokuzenzakalelayo esikhundleni sezicelo, kanye nenani le-sha256 hash okufanele likhunjulwe ngemva kokulanda ifayela, kudalwe okuguquguqukayo okuthathu ngaphakathi kwamaqoqo (ungawathola ngokuya kuzilungiselelo zeqoqo. Hlela -> Okuguquguqukayo): i-te_api (iyadingeka), api_key (iyadingeka ukuthi igcwaliswe, ngaphandle kwalapho usebenzisa i-TP API ngamadivayisi endawo), sha256 (shiya kungenalutho, ayisetshenziswa ku-TP API ye-SG).
Izibonelo Zokusebenzisa
Emphakathini imibhalo ebhalwe ngePython yethulwa ehlola amafayela kusuka kuhla lwemibhalo olufunayo nge , futhi . Ngokusebenzisana ne-Threat Prevention API, amandla akho okuskena amafayela anwetshwa kakhulu, njengoba manje usungakwazi ukuskena amafayela ezisekelweni eziningana ngesikhathi esisodwa (ukungena , bese ku-sandbox ye-Check Point), futhi wamukele amafayela hhayi kuphela kuthrafikhi yenethiwekhi, kodwa futhi uwathathe kunoma iyiphi idrayivu yenethiwekhi futhi, isibonelo, izinhlelo ze-CRM.
Source: www.habr.com