def index_by_file_without_wait(file_path, index_as, family_name=None): # type: (str, IndexType, str) -> None
api.set_global_api('<api_key>')
index = Index(file_path=file_path, index_as=consts.IndexType.from_str(index_as), family_name=family_name)
index.send()
index.wait_for_completion()
pprint('Index operation:{}, Index ID:{}'.format(index.status.value, index.index_id))
def set_params(self, params):
# soft time limit
soft_time_limit = params.get("soft_time_limit", 100)
self.timeout = soft_time_limit - 5
# interval
self.poll_interval = 3
# read secret and set API key
intezer_api.set_global_api(api_key=self._secrets["api_key_name"])
def send_file_without_wait(
file_path, dynamic_unpacking,
static_unpacking): # type: (str, bool, bool) -> None
api.set_global_api('<api_key>')
analysis = Analysis(file_path=file_path,
dynamic_unpacking=dynamic_unpacking,
static_unpacking=static_unpacking)
analysis.send()
analysis.wait_for_completion()
pprint(analysis.result())
def send_file_with_wait(
file_path,
dynamic_unpacking=None,
static_unpacking=None): # type: (str, bool, bool) -> None
api.set_global_api('<api_key>')
analysis = Analysis(file_path=file_path,
dynamic_unpacking=dynamic_unpacking,
static_unpacking=static_unpacking)
analysis.send(wait=True)
pprint(analysis.result())
def setUp(self):
super(AnalysisSpec, self).setUp()
with responses.RequestsMock() as mock:
mock.add('POST',
url=self.full_url + '/get-access-token',
status=200,
json={'result': 'access-token'})
set_global_api()
get_global_api().set_session()
def setUp(self):
self.full_url = consts.BASE_URL + consts.API_VERSION
consts.CHECK_STATUS_INTERVAL = 0
self.patch_prop = 'builtins.open'
with responses.RequestsMock() as mock:
mock.add('POST',
url=self.full_url + '/get-access-token',
status=200,
json={'result': 'access-token'})
set_global_api()
get_global_api().set_session()
def login(api_key: str, api_url: str):
try:
if api_url:
key_store.store_default_url(api_url)
else:
api_url = default_config.api_url
key_store.delete_default_url()
api.set_global_api(api_key, default_config.api_version, api_url)
api.get_global_api().set_session()
key_store.store_api_key(api_key)
click.echo('You have successfully logged in')
except sdk_errors.InvalidApiKey:
click.echo('Invalid API key error, please contact us at [email protected] '
'and attach the log file in {}'.format(utilities.log_file_path))
raise click.Abort()
def intezer_upload():
if not len(config.INTEZER_APIKEY):
return jsonify({"error": "NO API KEY"}), 200
path = request.args.get('path', '')
if not os.path.isfile(path):
return jsonify({"error": "%s is not a valid file or the system could not access it" % path}), 200
try:
api.set_global_api(config.INTEZER_APIKEY)
analysis = Analysis(file_path=path,
dynamic_unpacking=None,
static_unpacking=None)
analysis.send(True)
except errors.IntezerError as e:
return jsonify({"error": "Error occurred: " + e.args[0]}), 200
return jsonify(analysis.result()), 200
def create_global_api():
try:
api_key = key_store.get_stored_api_key()
api_url = key_store.get_stored_default_url()
if not api_key:
logger.exception('Cant find API key')
click.echo('Cant find API key, please login')
raise click.Abort()
if api_url:
default_config.api_url = api_url
default_config.is_cloud = False
api.set_global_api(api_key, default_config.api_version, default_config.api_url)
sdk_consts.USER_AGENT += '/CLI-{}'.format(__version__)
except sdk_errors.InvalidApiKey:
logger.exception('Invalid api key error')
click.echo('Invalid API key error, please contact us at [email protected] '
'and attach the log file in {}'.format(utilities.log_file_path))
raise click.Abort()
def analysis_by_hash_with_wait(file_hash): # type: (str) -> None
api.set_global_api('<api_key>')
analysis = Analysis(file_hash=file_hash)
analysis.send(wait=True)
pprint(analysis.result())
def send_url_with_wait(url):
api.set_global_api('<api_key>')
analysis = UrlAnalysis(url=url)
analysis.send(wait=True)
pprint(analysis.result())
def analysis_by_hash_without_wait(file_hash: str):
api.set_global_api('<api_key>')
analysis = FileAnalysis(file_hash=file_hash)
analysis.send()
analysis.wait_for_completion()
pprint(analysis.result())
def analysis_by_hash_without_wait(file_hash): # type: (str) -> None
api.set_global_api('<api_key>')
analysis = Analysis(file_hash=file_hash)
analysis.send()
analysis.wait_for_completion()
pprint(analysis.result())
def analysis_by_hash_with_wait(file_hash: str):
api.set_global_api('<api_key>')
analysis = FileAnalysis(file_hash=file_hash)
analysis.send(wait=True)
pprint(analysis.result())
def get_latest_analysis_by_hash(file_hash: str):
api.set_global_api('<api_key>')
analysis = FileAnalysis.from_latest_hash_analysis(file_hash=file_hash)
pprint(analysis.result())
def send_file_with_wait(file_path):
api.set_global_api('<api_key>')
analysis = FileAnalysis(file_path=file_path)
analysis.send(wait=True)
pprint(analysis.result())
def query_threats(next_time_query: Optional[datetime.datetime]):
next_time_query = next_time_query or datetime.datetime.utcnow()
while True:
_logger.info('checking for new threats...')
response = _s1_session.get('/web/api/v2.1/threats', params={'createdAt__gte': next_time_query.isoformat()})
next_time_query = datetime.datetime.utcnow()
assert_s1_response(response)
threats = response.json()['data']
for threat in threats:
analyze_threat(threat['id'], threat)
if not threats:
_logger.info('no new threats found')
time.sleep(10)
if __name__ == '__main__':
_args = parse_argparse_args()
api.set_global_api(_args.intezer_api_key)
init_s1_requests_session(_args.s1_api_key, _args.s1_base_address, _args.skip_ssl_verification)
_init_logger()
if _args.subcommand == 'threat':
analyze_threat(_args.threat_id)
elif _args.subcommand == 'query':
query_threats(_args.since)
else:
print('error: the following arguments are required: subcommand')
sys.exit(1)
def send_file_without_wait(file_path):
api.set_global_api('<api_key>')
analysis = FileAnalysis(file_path=file_path)
analysis.send()
analysis.wait_for_completion()
pprint(analysis.result())
def analysis_by_hash_with_wait_timeout(file_hash: str):
api.set_global_api('<api_key>')
analysis = FileAnalysis(file_hash=file_hash)
analysis.send(wait=True, wait_timeout=datetime.timedelta(minutes=1))
pprint(analysis.result())
def index_by_sha256_with_wait(sha256, index_as, family_name=None): # type: (str, str, str) -> None
api.set_global_api('<api_key>')
index = Index(sha256=sha256, index_as=consts.IndexType.from_str(index_as), family_name=family_name)
index.send(wait=True)
pprint('Index operation:{}, Index ID:{}'.format(index.status.value, index.index_id))
def get_url_by_id(analysis_id):
api.set_global_api('<api_key>')
analysis = UrlAnalysis.from_analysis_id(analysis_id)
pprint(analysis.result())
def send_url_without_wait(url):
api.set_global_api('<api_key>')
analysis = UrlAnalysis(url=url)
analysis.send()
analysis.wait_for_completion()
pprint(analysis.result())
def search_family(family_name: str):
api.set_global_api('<api_key>')
family = intezer_family.get_family_by_name(family_name)
print(family.name)
print(family.type)
malicious_and_suspicious_analyses_results.append(analysis_result)
return malicious_and_suspicious_analyses_results
def print_analysis_result(analysis_result: dict):
print("\nanalysis_id:\t{0}\n"
"\tanalysis_url:\t{1}\n"
"\tverdict:\t{2}\n"
"\tsha256:\t{3}".format(analysis_result['analysis_id'],
analysis_result['analysis_url'],
analysis_result['verdict'],
analysis_result['sha256']))
if 'family_name' in analysis_result:
print("\tfamily_name:\t{}".format(analysis_result['family_name']))
if __name__ == '__main__':
if not DIRECTORY_PATH:
print("Please change the DIRECTORY_PATH variable")
sys.exit()
if not API_KEY:
print("Set your Intezer API key in the environment variable")
sys.exit()
api.set_global_api(API_KEY)
analyses_list = collect_suspicious_and_malicious_analyses()
for analysis in analyses_list:
print_analysis_result(analysis)
