|
The Task object contains data about a task. Task is a file analysis on a single platform. Task can contain a various set of keys: TaskBasic, TaskFinished, or TaskProcessing.
TaskBasic
The TaskBasic object contains general information about a task. Such an object with the basic set of keys is used in a list of Analysis objects.
Structure
Key
|
Type
|
Description
|
id
|
integer
|
Task ID.
|
status
|
string
|
Task status. Available values: in queue, failed, processing, deleted, successful.
|
platform_code
|
string
|
Platform.code.
|
start_date
|
string (datetime.iso8601)
|
Date and time the task was started.
|
end_date
|
string/null (datetime.iso8601)
|
Date and time the task was completed.
|
maliciousness
|
integer/null
|
Maliciousness, from 0 to 100.
|
Example
{
"id": 20,
"status": "failed",
"platform_code": "winxpx86",
"start_date": "2018-07-30T16:54:07.156371",
"end_date": "2018-07-30T16:55:07.156371",
"maliciousness": null
}
|
TaskFinished
The TaskFinished object contains the keys of the TaskBasic object and analysis results for the specified platform.
Structure
Key
|
Type
|
Description
|
detects
|
string[]
|
A list of detected threats. The list can include the following strings:
yara: a YARA rule has triggered;
behavior: malicious or suspicious behavior for a file has been detected;
files_dumps: the threats have been detected in created files or/and memory dumps.
|
end_date
|
string/null (datetime.iso8601)
|
Date and time the task was completed.
|
id
|
integer
|
Task ID.
|
maliciousness
|
integer/null
|
Maliciousness, from 0 to 100.
|
platform_code
|
string
|
Platform.code.
|
rules
|
object/null
|
List of triggered rules.
|
|
malicious
|
string[]
|
List of rules that have been triggered due to malicious activity of the sample.
|
|
neutral
|
string[]
|
List of rules that have been triggered due to neutral activity of the sample.
|
|
suspicious
|
string[]
|
List of rules that have been triggered due to suspicious activity of the sample.
|
sample_detect
|
string/null
|
Name of the threat detected using signature databases.
|
start_date
|
string (datetime.iso8601)
|
Date and time the task was started.
|
status
|
string
|
The current status of the task. Available values: in queue, failed, processing, deleted, successful.
|
tags
|
string[]
|
The list of tags retrieved from the triggered YARA rules.
|
verdict
|
string
|
Overall result of the file maliciousness corresponding to one of three categories. The higher number corresponds to the higher level of the maliciousness probability. Available values: none, clean1, clean2, suspicious1, suspicious2, malware1, malware2.
|
yara_rules
|
object[]
|
List of triggered YARA rules.
|
|
name
|
string
|
The name of the YARA rule
|
|
rule_type
|
string
|
The type of the YARA rule. Available values: user (a user-defined rule) and system (a system-defined rule).
|
|
severity
|
string
|
The file behavior category. When adding a YARA rule, you should specify the behavior category that will be assigned to the sample if the YARA rule is triggered. The specified category appears in the severity field. Available values: neutral, suspicious, malware. More about adding a YARA rule…
|
Example
{
"id": 16916,
"status": "successful",
"maliciousness": 100,
"platform_code": "winxpx86",
"start_date": "2018-12-12T11:29:44.645968+00:00",
"end_date": "2018-12-12T11:33:37.490050+00:00",
"verdict": "malware2",
"rules": null,
"detects": [
"files_dumps"
],
"platform_code": "win7x64"
}
|
TaskProcessing
TaskFinished contains the keys of the TaskBasic object and data about the analysis process.
Structure
Key
|
Type
|
Description
|
end_date
|
string
|
Date and time the task was completed.
|
id
|
integer
|
Task ID.
|
maliciousness
|
integer/null
|
Maliciousness, from 0 to 100.
|
message
|
string/null
|
Message about the task progress.
|
platform_code
|
string
|
Platform.code.
|
progress
|
integer
|
Task progress, in percent.
|
start_date
|
string (datetime.iso8601)
|
Date and time the task was started.
|
status
|
string
|
The current status of the task. Available values: in queue, failed, processing, deleted, successful.
|
Example
{
"id": 18656,
"status": "processing",
"maliciousness": null,
"platform_code": "win7x86",
"start_date": "2019-02-07T09:39:11.517117+00:00",
"end_date": null,
"message": "Waiting while the file is running (60 sec)…",
"progress": 19
}
|
|