diff --git a/.gitignore b/.gitignore index 00f2b5e..43cf8b3 100644 --- a/.gitignore +++ b/.gitignore @@ -4,5 +4,6 @@ __pycache__/ *.egg* *.py[cod] +.idea/ .vscode/ .DS_Store diff --git a/ReversingLabs/SDK/a1000.py b/ReversingLabs/SDK/a1000.py index ccdb5ce..eb8f185 100644 --- a/ReversingLabs/SDK/a1000.py +++ b/ReversingLabs/SDK/a1000.py @@ -16,13 +16,11 @@ RequestTimeoutError, WrongInputError, \ validate_hashes - CLASSIFICATIONS = ("MALICIOUS", "SUSPICIOUS", "GOODWARE", "UNKNOWN") AVAILABLE_PLATFORMS = ("windows7", "windows10", "macos_11") class A1000(object): - __TOKEN_ENDPOINT = "/api-token-auth/" __UPLOAD_ENDPOINT = "/api/uploads/" __CHECK_STATUS_ENDPOINT = "/api/samples/status/" @@ -634,12 +632,13 @@ def get_classification_v3(self, sample_hash, local_only=False, av_scanners=False return response def reanalyze_samples_v2(self, hash_input, titanium_cloud=False, titanium_core=False, rl_cloud_sandbox=False, - cuckoo_sandbox=False, fireeye=False, joe_sandbox=False, cape=False, + assemblyline=False, cape=False, cisco_secure_malware_analytics=False, + cuckoo_sandbox=False, fireeye=False, joe_sandbox=False, vmray_tcbase=False, rl_cloud_sandbox_platform=None): """Accepts a single hash or a list of hashes of various types and reanalyzes the corresponding sample(s). This method can be used for reanalyzing a single sample or a batch of samples, depending on the data type passed. - AT least one analysis type must be used (set to True). + At least one analysis type must be used (set to True). If rl_cloud_sandbox is used as an analysis type, rl_cloud_sandbox_platform must be defined. :param hash_input: single hash or a list of hashes :type hash_input: str or list[str] @@ -649,14 +648,20 @@ def reanalyze_samples_v2(self, hash_input, titanium_cloud=False, titanium_core=F :type titanium_core: bool :param rl_cloud_sandbox: use RL cloud sandbox :type rl_cloud_sandbox: bool + :param assemblyline: use Assemblyline + :type assemblyline: bool + :param cape: use Cape + :type cape: bool + :param cisco_secure_malware_analytics: use Cisco Secure Malware Analytics + :type cisco_secure_malware_analytics: bool :param cuckoo_sandbox: use Cuckoo sandbox :type cuckoo_sandbox: bool :param fireeye: use FireEye :type fireeye: bool :param joe_sandbox: use Joe sandbox :type joe_sandbox: bool - :param cape: use Cape - :type cape: bool + :param vmray_tcbase: use VMRay Cloud + :type vmray_tcbase: bool :param rl_cloud_sandbox_platform: desired platform on which the sample will be detonated; see ReversingLabs.SDK.helper.AVAILABLE PLATFORMS for options :type rl_cloud_sandbox_platform: str @@ -671,8 +676,16 @@ def reanalyze_samples_v2(self, hash_input, titanium_cloud=False, titanium_core=F allowed_hash_types=(MD5, SHA1, SHA256, SHA512) ) - analysis_type_dict = {"cloud": titanium_cloud, "core": titanium_core, "rl_cloud_sandbox": rl_cloud_sandbox, - "cuckoo": cuckoo_sandbox, "fireeye": fireeye, "joe": joe_sandbox, "cape": cape} + analysis_type_dict = {"cloud": titanium_cloud, + "core": titanium_core, + "rl_cloud_sandbox": rl_cloud_sandbox, + "assemblyline": assemblyline, + "cape": cape, + "cisco_secure_malware_analytics": cisco_secure_malware_analytics, + "cuckoo": cuckoo_sandbox, + "fireeye": fireeye, + "joe": joe_sandbox, + "vmray_tcbase": vmray_tcbase,} if not all(isinstance(analysis_type, bool) for analysis_type in analysis_type_dict.values()): raise WrongInputError("All analysis type parameters must be boolean.") @@ -1248,7 +1261,8 @@ def delete_user_tags(self, sample_hash, tags): return response - def get_yara_rulesets_on_the_appliance_v2(self, owner_type=None, status=None, source=None, page=None, page_size=None): + def get_yara_rulesets_on_the_appliance_v2(self, owner_type=None, status=None, source=None, page=None, + page_size=None): """Retrieves a list of YARA rulesets that are on the A1000 appliance. The list can be filtered by several criteria (ruleset status, source, and owner) using optional parameters. :param owner_type: supported values: my (default - currently authenticated user), user, system, all @@ -1609,8 +1623,8 @@ def advanced_search_v2(self, query_string, ticloud=False, page_number=1, records if sorting_criteria not in ADVANCED_SEARCH_SORTING_CRITERIA or sorting_order not in ("desc", "asc"): raise WrongInputError("Sorting criteria must be one of the following options: {criteria}. " "Sorting order needs to be 'desc' or 'asc'.".format( - criteria=ADVANCED_SEARCH_SORTING_CRITERIA - )) + criteria=ADVANCED_SEARCH_SORTING_CRITERIA + )) sorting_expression = "{criteria} {order}".format( criteria=sorting_criteria, order=sorting_order @@ -1624,7 +1638,7 @@ def advanced_search_v2(self, query_string, ticloud=False, page_number=1, records return response - def advanced_search_v2_aggregated(self, query_string, ticloud=False, max_results=5000, sorting_criteria=None, + def advanced_search_v2_aggregated(self, query_string, ticloud=False, max_results=5000, sorting_criteria=None, sorting_order="desc"): """THIS METHOD IS DEPRECATED. Use advanced_search_v3_aggregated instead. @@ -1744,8 +1758,8 @@ def advanced_search_v3(self, query_string, ticloud=False, start_search_date=None if sorting_criteria not in ADVANCED_SEARCH_SORTING_CRITERIA or sorting_order not in ("desc", "asc"): raise WrongInputError("Sorting criteria must be one of the following options: {criteria}. " "Sorting order needs to be 'desc' or 'asc'.".format( - criteria=ADVANCED_SEARCH_SORTING_CRITERIA - )) + criteria=ADVANCED_SEARCH_SORTING_CRITERIA + )) sorting_expression = "{criteria} {order}".format( criteria=sorting_criteria, order=sorting_order @@ -2179,7 +2193,7 @@ def __get_token(self, username, password): return token @staticmethod - def __create_post_payload(custom_filename=None, file_url=None, crawler=None, archive_password=None, + def __create_post_payload(custom_filename=None, file_url=None, crawler=None, archive_password=None, rl_cloud_sandbox_platform=None, tags=None, comment=None, cloud_analysis=True, classification=None, risk_score=None, threat_platform=None, threat_type=None, threat_name=None, name=None, content=None, publish=None, ticloud=None):