Files Scanning

scan

Request method: POST

Description: Uploads a file into the manual scanning system. The upload type must be multipart/form-data

Additional payloads: You may also supply the following query parameters: processArchive - unpacks the zipfile, expects a password of 'infected'. Can be true or falserewriteTimestamp`` - Can be true or false

Output: details; message

Response codes: 200 OK - The upload was successful

session-manual-incomplete

Request method: GET

Description: Returns a list of sessions that are queued for scanning

Additional payloads: Supports the Unified API query parameters through both the GET and POST HTTP methods.

Output: data: {id, time, start_time, source_sp, source_port, source_ip_country, source_longitude, source_latitude, destination_ip, destination_longitude, destination_latitude, event_count, unique_event_count, threat_score, threat_notes, vlan_id, sentry_name, protocol, workflow, workflow_id, workflow_owner, workflow_mtime}; extraPKValues; PositionInTable: {offset}

Response Codes: 200 OK - A list of sessions are returned

session-manual-complete

Request method: GET

Description: Returns a list of that have been manually scanned

Additional payloads: Supports the Unified API query parameters through both the GET and POST HTTP methods. This endpoint also supports quick searching for sessions when using the POST method, by using"q":"<term>" instead of the aq parameter of the Unified API Query. User must supply either an aq or a q parameter when searching.

Output: data: {id, time, start_time, source_sp, source_port, source_ip_country, source_longitude, source_latitude, destination_ip, destination_longitude, destination_latitude, event_count, unique_event_count, threat_score, threat_notes, vlan_id, sentry_name, protocol, workflow, workflow_id, workflow_owner, workflow_mtime}; extraPKValues; PositionInTable: {offset}

Response Codes: 200 OK - A list of sessions are returned

session-manual-complete/single

Request method: GET

Description: Returns the information about an uploaded session.

Additional payloads: User must supply an ID of an uploaded file/session.

Output: data: {id, time, start_time, source_sp, source_port, source_ip_country, source_longitude, source_latitude, destination_ip, destination_longitude, destination_latitude, event_count, unique_event_count, threat_score, threat_notes, vlan_id, sentry_name, protocol, workflow, workflow_id, workflow_owner, workflow_mtime, entity_protocol_details: [time, mtime, session_file_id, data, value, name], files: [session_id, start_time, time, mtime, id, attachment_name, mime_type, checksum_id, md5, sha1, sha256, sha512, ssdeep, entropy, first_seen_as, file_name, zip_rep,count, bytes, event_count, unique_event_count,info_count, unique_info_count, yara_details:(session_file_id,payload, offset, signature, eventid, severity, confidence)]}; extraPKValues; PositionInTable: {offset}

Response Codes: 200 OK - Uploaded session data is returned

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Common Search Request Parameters
On This Page
Files Scanningscansession-manual-incompletesession-manual-completesession-manual-complete/single