|
Get API key
To get an API key, send the POST login request with the login and password:
Get API key created earlier
To get one of the created API keys, specify the parameter value new_key: false or just do not specify the parameter:
curl -X POST https://vxcube.drweb.com/api-2.0/login \
-H "Content-Type: application/json" \
-d "{\"login\":\"example@drweb.com\", \"password\":\"secret_password\"}"
|
You receive a response with the API key (the API key is required to be specified in the header of each subsequent request):
{
"new_key": false,
"api_key": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
"start_date": "2019-02-08T04:08:15.162342+00:00"
}
|
Create API key
To create a new API key, specify the parameter value new_key: true (if you have not got any API keys created, you do not have to specify the parameter—API key will be created anyway):
curl -X POST https://vxcube.drweb.com/api-2.0/login \
-H "Content-Type: application/json" \
-d "{\"login\":\"example@drweb.com\", \"password\":\"secret_password\", \"new_key\": true, \"name\":\"example_name_api"}"
|
You receive a response with the API key (the API key is required to be specified in the header of each subsequent request):
{
"new_key": true,
"api_key": "bbbbbbbb-cccc-dddd-eeee-ffffffffffff",
"start_date": "2019-03-08T04:08:15.162342+00:00",
"name": "example_name_api"
}
|
Upload a sample to the Dr.Web vxCube server
To upload a sample to the server, send the POST samples request:
curl -X POST https://vxcube.drweb.com/api-2.0/samples \
-F "file=@testfile.pdf" \
-H "Authorization: api-key aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
|
In response, you receive the Sample object that contains data about the uploaded file including the file format identified automatically and a list of supported platforms. Use the received data for the further file analysis.
Response:
{
"id": 6784,
"size": 10881846,
"name": "testfile.pdf",
"is_x64": null,
"format_name": "pdf",
"upload_date": "2019-02-08T04:08:15.162343+00:00",
"md5": "34fb8ae3c01653985085ee7e2f749ea5",
"sha1": "00a610100a3516f4d0daa33e7de317d2ddb6c2c6",
"sha256": "11bd131be00cbe1c43b4444ec4300dc7651805ea36393b1cca1675983dc275bc",
"platforms": [
"acrobat_xp_10",
"acrobat_7_32_11",
"acrobat_7_64_15",
"acrobat_10_64_15"
]
}
|
Start analysis
To start analysis of a sample, send the POST analyses request:
curl -X POST https://vxcube.drweb.com/api-2.0/analyses \
-H "Content-Type: application/json" \
-H "Authorization: api-key aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" \
-d "{\"sample_id\":\"6784\", \"platforms\":[\"acrobat_7_32_11\", \"acrobat_7_64_15\"]}"
|
In the request, the uploaded file ID and the list of platforms are specified. The values are taken from the response for the previous request.
To start analysis of a sample using network traffic redirection, send the POST analyses request:
curl -X POST https://<IP address/domain name of the server>/api-2.0/analyses \
-H "Content-Type: application/json" \
-H "Authorization: api-key aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" \
-d "{\"sample_id\":\"6784\", \"platforms\":[\"acrobat_7_32_11\", \"acrobat_7_64_15\",
\"net\": \"socks5://username:password@<proxyaddress>:1080?udp=on\"}"]}"
|
In response, you receive the Analysis object that contains general analysis information:
{
"id": 6260,
"sample_id": 6784,
"size": 10881846,
"sha1": "00a610100a3516f4d0daa33e7de317d2ddb6c2c6",
"start_date": "2019-02-08T04:08:15.162343+00:00",
"format_name": "pdf",
"user_name": "example@drweb.com",
"tasks": [{
"message": null,
"end_date": null,
"platform_code": "acrobat_7_64_15",
"maliciousness": null,
"progress": 0,
"id": 18676,
"status": "in queue",
"start_date": "2019-02-08T04:08:15.643122+00:00"
}, {
"message": null,
"end_date": null,
"platform_code": "acrobat_7_32_11",
"maliciousness": null,
"progress": 0,
"id": 18675,
"status": "in queue",
"start_date": "2019-02-08T04:08:15.632924+00:00"
}]
}
|
Get information about analysis
To get detailed information about analysis, wait for the analysis to finish, and then send the GET analyses/<analysis_id:uuid>> request. In the request, specify the analysis ID:
curl -X GET https://vxcube.drweb.com/api-2.0/analyses/60e21c98-7c2a-4112-81b5-a577f6cdf4db \
-H "Content-Type: application/json" \
-H "Authorization: api-key aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
|
In response, you receive the Analysis object:
{
"id": 60e21c98-7c2a-4112-81b5-a577f6cdf4db,
"sample_id": 6784,
"size": 10881846,
"sha1": "00a610100a3516f4d0daa33e7de317d2ddb6c2c6",
"start_date": "2019-02-08T04:08:15.162343+00:00",
"format_name": "pdf",
"user_name": "example@drweb.com",
"tasks": [{
"rules": {
"neutral": [
"Creating a window",
"Launching a process"
]
},
"end_date": "2019-02-08T15:51:05.186896+00:00",
"platform_code": "acrobat_7_64_15",
"maliciousness": 6,
"id": 18676,
"status": "successful",
"start_date": "2019-02-08T15:32:50.643122+00:00",
"verdict": "clean1"
}, {
"end_date": "2019-02-08T15:50:01.943030+00:00",
"platform_code": "acrobat_7_32_11",
"maliciousness": 6,
"id": 18675,
"status": "successful",
"start_date": "2019-02-08T04:08:15.632924+00:00",
"rules": {
"neutral": [
"Creating a window",
"Creating a file in the %temp% directory"
]
},
"verdict": "clean1"
}
],
"sha1": "00a610186a3526f4d0daa28e7de317d2ddb6c2c6"
}
|
Download report
To download an archived analysis report, send the GET analyses/<analysis_id:uuid>/archive request:
curl -X GET https://vxcube.drweb.com/api-2.0/analyses/40e2fc98-1c2a-4112-81b5-a57df2cd22db/archive \
-H "Content-Type: application/json" \
-H "Authorization: api-key aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" \
-o <output_archive>
|
To download one of the report files, send the GET tasks/<task_id:number>/archive_storage request. A request example for downloading the PCAP file:
curl -X GET https://vxcube.drweb.com/api-2.0/tasks/18681/archive_storage \
-H "Content-Type: application/json" \
-H "Authorization: api-key aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" \
-d "{\"path\": \"network.pcap\"}" \
-o some_file
|
|