analyses

Use the endpoint to manage analyses.

DELETE analyses/<analysis_id:uuid>

Description

Parameters

Result

Delete analysis.

Analysis is deleted, code 204.

GET analyses

Description

Result

Get data about analyses.

List of Analysis objects.

Parameters

Parameter

Type

Description

Required

count

integer

Number of returning objects, 1…100. To get more objects, use several requests and the offset parameter. By default, count=10.

No

offset

integer

Offset, 0…+∞. By default, offset=0.

No

format_group_name

string

Filter by file type.

No

GET analyses/<analysis_id:uuid>

Description

Parameters

Result

Get detailed information about analysis.

Analysis object.

Usage example

GET analyses/<analysis_id:uuid>/archive

Description

Parameters

Result

Download archive with analysis results.

Archive that contains analysis results on all tasks.

Usage example

GET analyses/<analysis_id:uuid>/sample

Description

Parameters

Result

Download sample.

Sample.

POST analyses

Description

Result

Start the file analysis.

Analysis object.

Parameters

Parameter

Type

Description

Required

sample_id

integer

Sample ID.

Yes

analysis_time

integer

Sample run time in seconds, from 30 to 300 . By default, analysis_time=60.

No

format_name

string

File format.

Yes if the format is not identified automatically

platforms

array [string]/null

Platforms to run the sample.

No

custom_cmd

string/null

Command to run the sample.

No

net

string

Command to redirect virtual machine network traffic according to specified settings.

VPN = vpn:// (used by default if the net parameter is not specified)

TOR = tor://

Socks4 = socks4://host:port

Socks5 = socks5://[login:password@]host:port?parameters

Shadowsocks = shadowsocks://[login:password@]host:port?parameters

Possible values for parameters:

udp—UDP protocol behavior (udp=on redirects all UDP traffic, udp=off does not redirect traffic);

login:password—proxy server authorization parameters (optional for Socks5, required for Shadowsocks).

No

dump_size_limit

integer

Maximum size of collectable drops.

No

copylog

boolean

Copy full raw hypervisor log.

No

crypto_api_limit

integer

Crypto API buffers limit in MB.

No

drop_size_limit

integer

Total size limit for created files.

No

flex_time

boolean

Sample flex time.

No

forwards

string/null

Forward the specified ports from guest VM.

No

get_lib

boolean

Get *.lib files and raw dumps.

No

injects_limit

integer

Injects count limit.

No

monkey_clicker

boolean

Enable auto clicker.

No

dump_browsers

string

Dump browser modules.

No

dump_mapped

boolean

Dump memory-mapped files (only after execution).

No

dump_ssdt

boolean

Dump SSDT.

No

dump_processes

boolean

Dump processes (only after execution).

No

no_clean

boolean

Get all allocs and drops.

No

optional_count

integer/null

Maximum number of triggered breakpoints.

No

proc_lifetime

string/null

Lifetime of processes in seconds.

Example:

'notepad.exe,35,winword.exe,20

No

set_date

string

Set system date (format: 17.03.2022).

No

write_file_limit

integer

WriteFile buffers limit in MB.

No

Usage example

POST analyses/<analysis_id:uuid>/restart

Description

Parameters

Result

Restart all deleted or failed tasks of the specified analysis.

Restart of deleted or failed tasks.