The Falcon Sandbox Python API Connector (e.g. for https://www.hybrid-analysis.com/).

• Python >= 3.4.0
• python-requests module
• python-colorama module

To install some of the required python modules, please use the pip module manager Using Debian/Ubuntu OS, this can be done by calling sudo apt-get install python3-pip. It will then be available via pip3 Using Windows, this can be done automatically when installing python (proper checkbox on the installer has to be checked). It should be available via pip

Copy the config_tpl.py and name it config.py.

The configuration file specifies a triplet of api key/secret and server:

• api_key
• api_secret
• server - full url of the WebService e.g. https://www.hybrid-analysis.com

Please fill them with the appropriate data. You can generate a public (restricted) API key by following these instructions: https://www.hybrid-analysis.com/apikeys/info

If you have the full version of Falcon Sandbox, create any kind of API key in the admin area: https://www.hybrid-analysis.com/apikeys

Debian/Ubuntu OS:

sudo apt-get install python3-requests

or

pip3 install requests

Windows:

pip install requests

Debian/Ubuntu OS:

pip3 install colorama

Windows:

pip install colorama

Depending on your API Key privileges, you will see different options. Few actions connected with system state and file submit, are only available while using premium API Key. If you are interested in obtaining one, please contact with our support.

python3 vxapi.py -h

After choosing the action_name

python3 vxapi.py action_name -h

python3 vxapi.py action_name -v

Most Linux OSes have two versions of python installed. To ensure that the program will work correctly, please use python3. In Windows after having installed python, please add the parent folder to PATH environment variable. Now use python to callout the script.

Licensed GNU GENERAL PUBLIC LICENSE, Version 3, 29 June 2007 see https://github.com/PayloadSecurity/VxAPI/blob/master/LICENSE.md

Copyright (C) 2017 Hybrid Analysis GmbH