CP_1.0_R77_ThreatPreventionAPI_APIRefGuide.pdf

Field type value notes status json object code label

  • No School
  • AA 1
  • 31

This preview shows page 15 - 19 out of 31 pages.

Field Type Value Notes status JSON Object code , label , message Status of Threat Emulation on the requested file. > code Integer Status Code > label String Readable code label > message String Readable status message
Image of page 15

Subscribe to view the full document.

Query API Threat Prevention API Reference Guide 1.0 | 16 Field Type Value Notes combined_verdict String benign | malicious Combined verdict of all the images. Note - Benign reports are not supported for local gateways. severity Integer { 1 - 4 } Combined severity of threats found. If none found, this field is not given. confidence Integer { 1 - 3} Rating of the threat data and its relevance to this instance. images JSON object Data for each image See next section. Images Object Format Field Type Value Notes status String found | not_found id String Image identification string revision Integer Image revision number report JSON object Image verdict and all requested reports Each report is an ID string for the Download API (on page 29 ). > verdict String benign | malicious > xml_report String XML report ID In response if requested. If not requested, omitted. > tar_report String TAR report ID In response if requested. If not requested, omitted. The * tar.gz file has XML report, VM snapshots of the emulation images. Note - On local gateways, only requests for tar.gz reports are supported.
Image of page 16
Query API Threat Prevention API Reference Guide 1.0 | 17 Available OS Image ID Revision Image OS and Application e50e99f3-5963-4573-af9e-e3 f4750b55e2 1 Microsoft Windows : XP - 32bit SP3 Office : 2003, 2007 Adobe Acrobat Reader : 9.0 Flash Player 9r115 and ActiveX 10.0 Java Runtime: 1.6.0u22 7e6fe36e-889e-4c25-8704-5 6378f0830df 1 Microsoft Windows : 7 - 32bit Office : 2003, 2007 Adobe Acrobat Reader : 9.0 Flash Player: 10.2r152 ( Plugin & ActiveX ) Java Runtime: 1.6.0u0 8d188031-1010-4466-828b-0 cd13d4303ff 1 Microsoft Windows : 7 - 32bit Office : 2010 Adobe Acrobat Reader : 9.4 Flash Player: 11.0.1.152 ( Plugin & ActiveX ) Java Runtime: 1.7.0u0 5e5de275-a103-4f67-b55b-4 7532918fa59 1 Microsoft Windows : 7 - 32bit Office : 2013 Adobe Acrobat Reader : 11.0 Flash Player: 15 ( Plugin & ActiveX ) Java Runtime: 1.7.0u9 3ff3ddae-e7fd-4969-818c-d5 f1a2be336d 1 Microsoft Windows : 7 - 64bit Office : 2013 (32bit) Adobe Acrobat Reader : 11.0.01 Flash Player: 13 ( Plugin & ActiveX ) Java Runtime: 1.7.0u9
Image of page 17

Subscribe to view the full document.

Query API Threat Prevention API Reference Guide 1.0 | 18 XML Report Structure <?xml version="1.0" encoding="UTF-8"?> <report> <reporttype>Summary</reporttype> <operating_system_reports> <operating_system_report> <osid> image id event profile id </osid> <Document> <FileName> file name </FileName> <FileType> file type </FileType> <Md5> md5 </Md5> <Sha1> sha1 </Sha1> <FileSize> file size </FileSize> <FileLink> name of tar.gz with malicious file </FileLink> <Verdict> verdict </Verdict> <Score> score </Score> </Document> <System> <Osname> image name, file name </Osname>* <OsInfo> image description </OsInfo> </System> <Activities> <Command> <CommandName>FileSystemEvent</CommandName> <ID>6</ID> <Time>00:00:17</Time> <Src>C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE</Src> <Dst>C:param.txt</Dst> <Action>Create</Action> </Command> ....
Image of page 18
Image of page 19
  • Fall '19
  • File format, HTTP 404, Hypertext Transfer Protocol, HTTP, Check Point, Threat Extraction

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern