Skip to content

Commit

Permalink
APIs refactoring
Browse files Browse the repository at this point in the history 
- Modified sandbox.sample_result , migrated to intel.sample_result
- Modified sandbox.sample_report , now downloads full sample report, it
doesn't accept anymore filters
+ Added intel.sample_info, accepting report filters previously handled
by the previous sandbox.sample_report
  • Loading branch information
marcobizzarr1 committed Apr 28, 2016
1 parent 5d38267 commit f7483e8
Show file tree
Hide file tree
Showing 5 changed files with 150 additions and 139 deletions.
35 changes: 11 additions & 24 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,24 +69,27 @@ if result.status == SUCCESS:
time.sleep(1)
```

To retrieve scan result of a specific MD5
To retrieve full scan report for a specific MD5

```python
from deepviz import sandbox
sbx = sandbox.Sandbox()
result = sbx.sample_result(md5="MD5-hash", api_key="my-api-key")
status = result.msg['classification']['result']
accuracy = result.msg['classification']['accuracy']
print "STATUS: %s ACCURACY: %s" % (status, accuracy)
result = sbx.sample_report(md5="MD5-hash", api_key="my-api-key")
print result
```

To retrieve full scan report for a specific MD5
# Threat Intelligence SDK API

To retrieve scan result of a specific MD5

```python
from deepviz import sandbox
sbx = sandbox.Sandbox()
result = sbx.sample_report(md5="MD5-hash", api_key="my-api-key")
print result
result = sbx.sample_result(md5="MD5-hash", api_key="my-api-key")
status = result.msg['classification']['result']
accuracy = result.msg['classification']['accuracy']

print "STATUS: %s ACCURACY: %s" % (status, accuracy)
```

To retrieve only specific parts of the report of a specific MD5 scan
Expand All @@ -95,24 +98,8 @@ To retrieve only specific parts of the report of a specific MD5 scan
from deepviz import sandbox
sbx = sandbox.Sandbox()
result = sbx.sample_report(md5="MD5-hash", api_key="my-api-key", filters=["classification","rules"])

# List of the optional filters - they can be combined together
# "network_ip",
# "network_ip_tcp",
# "network_ip_udp",
# "rules",
# "classification",
# "created_process",
# "hook_user_mode",
# "strings",
# "created_files",
# "hash",
# "info",
# "code_injection"

print result
```
# Threat Intelligence SDK API

To retrieve intel data about one or more IPs:

Expand Down
57 changes: 57 additions & 0 deletions deepviz/intel.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import simplejson as json


URL_INTEL_REPORT = "https://api.deepviz.com/intel/report"
URL_INTEL_SEARCH = "https://api.deepviz.com/intel/search"
URL_INTEL_IP = "https://api.deepviz.com/intel/network/ip"
URL_INTEL_DOMAIN = "https://api.deepviz.com/intel/network/domain"
Expand All @@ -19,6 +20,62 @@ class Intel:
def __init__(self):
pass

def sample_info(self, md5=None, api_key=None, filters=None):
if not api_key:
return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String")

if not md5:
return Result(status=INPUT_ERROR, msg="MD5 cannot be null or empty String")

if not filters:
return Result(status=INPUT_ERROR, msg="filters cannot be null or empty")

if len(filters) > 10:
return Result(status=INPUT_ERROR, msg="Parameter 'filters' takes at most 10 values ({count} given).".format(count=len(filters)))

body = json.dumps(
{
"md5": md5,
"api_key": api_key,
"output_filters": filters
}
)

try:
r = requests.post(URL_INTEL_REPORT, data=body)
except Exception as e:
return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e)

try:
data = json.loads(r.content)
except Exception as e:
return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)

if r.status_code == 428:
return Result(status=PROCESSING, msg="Analysis is running")
else:
try:
data = json.loads(r.content)
except Exception as e:
return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)

if r.status_code == 200:
return Result(status=SUCCESS, msg=data['data'])
else:
if r.status_code >= 500:
return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg']))
else:
return Result(status=CLIENT_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg']))

def sample_result(self, md5=None, api_key=None):
if not api_key:
return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String")

if not md5:
return Result(status=INPUT_ERROR, msg="MD5 cannot be null or empty String")

return self.sample_info(md5, api_key, ["classification"])

def ip_info(self, api_key=None, ip=None, time_delta=None, history=False):
if not api_key:
return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String")
Expand Down
124 changes: 42 additions & 82 deletions deepviz/sandbox.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
except:
import simplejson as json

URL_SAMPLE_REPORT = "https://api.deepviz.com/general/report"
URL_UPLOAD_SAMPLE = "https://api.deepviz.com/sandbox/submit"
URL_DOWNLOAD_REPORT = "https://api.deepviz.com/general/report"
URL_DOWNLOAD_SAMPLE = "https://api.deepviz.com/sandbox/sample"
URL_DOWNLOAD_BULK = "https://api.deepviz.com/sandbox/sample/bulk/retrieve"
URL_REQUEST_BULK = "https://api.deepviz.com/sandbox/sample/bulk/request"
Expand All @@ -19,6 +19,47 @@ class Sandbox:
def __init__(self):
pass

def sample_report(self, md5=None, api_key=None):
if not api_key:
return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String")

if not md5:
return Result(status=INPUT_ERROR, msg="MD5 cannot be null or empty String")

body = json.dumps(
{
"md5": md5,
"api_key": api_key
}
)

try:
r = requests.post(URL_SAMPLE_REPORT, data=body)
except Exception as e:
return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e)

try:
data = json.loads(r.content)
except Exception as e:
return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)

if r.status_code == 428:
return Result(status=PROCESSING, msg="Analysis is running")
else:
try:
data = json.loads(r.content)
except Exception as e:
return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)

if r.status_code == 200:
return Result(status=SUCCESS, msg=data['data'])
else:
if r.status_code >= 500:
return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg']))
else:
return Result(status=CLIENT_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg']))


def upload_sample(self, path=None, api_key=None):
if not path:
return Result(status=INPUT_ERROR, msg="File path cannot be null or empty String")
Expand Down Expand Up @@ -150,87 +191,6 @@ def download_sample(self, md5=None, path=None, api_key=None):
return Result(status=CLIENT_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg']))


def sample_result(self, md5=None, api_key=None):
if not api_key:
return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String")

if not md5:
return Result(status=INPUT_ERROR, msg="MD5 cannot be null or empty String")

body = json.dumps(
{
"api_key": api_key,
"md5": md5,
"output_filters": ["classification"]
}
)
try:
r = requests.post(URL_DOWNLOAD_REPORT, data=body)
except Exception as e:
return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e)

if r.status_code == 428:
return Result(status=PROCESSING, msg="Analysis is running")
else:
try:
data = json.loads(r.content)
except Exception as e:
return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)

if r.status_code == 200:
return Result(status=SUCCESS, msg=data['data'])
else:
if r.status_code >= 500:
return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg']))
else:
return Result(status=CLIENT_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg']))


def sample_report(self, md5=None, api_key=None, filters=None):
if not api_key:
return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String")

if not md5:
return Result(status=INPUT_ERROR, msg="MD5 cannot be null or empty String")

if not filters:
body = json.dumps(
{
"api_key": api_key,
"md5": md5
}
)
else:
body = json.dumps(
{
"md5": md5,
"api_key": api_key,
"output_filters": filters
}
)

try:
r = requests.post(URL_DOWNLOAD_REPORT, data=body)
except Exception as e:
return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e)

if r.status_code == 428:
return Result(status=PROCESSING, msg="Analysis is running")
else:
try:
data = json.loads(r.content)
except Exception as e:
return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)

if r.status_code == 200:
return Result(status=SUCCESS, msg=data['data'])
else:
if r.status_code >= 500:
return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg']))
else:
return Result(status=CLIENT_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg']))


def bulk_download_request(self, md5_list=None, api_key=None):
if not api_key:
return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String")
Expand Down
Loading

0 comments on commit f7483e8

Please sign in to comment.