The SDK wraps Intezer Analyze API 2.0 (View full API documentation)
Currently, the following options are available in the SDK:
pip install intezer-sdk
Before using the SDK functionality we should set the api key:
api.set_global_api('<api_key>')
analysis = FileAnalysis(file_path=<file_path>,
dynamic_unpacking=<force_dynamic_unpacking>, # optional
static_unpacking=<force_static_unpacking>) # optional
analysis.send(wait=True)
result = analysis.result()
analysis = FileAnalysis(file_hash=<file_sha256>)
analysis.send(wait=True)
result = analysis.result()
{
'analysis_id': '00000000-0000-0000-0000-000000000000',
'analysis_time': 'Sun, 04 Aug 2019 09:38:16 GMT',
'analysis_url': 'https://analyze.intezer.com/#/analyses/00000000-0000-0000-0000-000000000000',
'family_name': 'Ramnit',
'is_private': True,
'sha256': '4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356',
'sub_verdict': 'malicious',
'verdict': 'malicious'
}
analysis = UrlAnalysis(url=<url>)
analysis.send(wait=True)
result = analysis.result()
{
'analysis_id': '70d09f68-c7a3-43a3-a8de-07ec31fbf4ed',
'domain_info': {
'creation_date': '1997-08-13 04:00:00.000000',
'domain_name': 'foo.com',
'registrar': 'TUCOWS, INC.'
},
'indicators': [
{
'classification': 'informative',
'text': 'URL is accessible'
},
{
'classification': 'informative',
'text': 'Assigned IPv4 domain'
},
{
'classification': 'informative',
'text': 'Vaild IPv4 domain'
}
],
'ip': '34.206.39.153',
'redirect_chain': [
{
'response_status': 301,
'url': 'https://foo.com/'
},
{
'response_status': 200,
'url': 'http://www.foo.com/'
}
],
'scanned_url': 'http://www.foo.com/',
'submitted_url': 'foo.com',
'downloaded_file': {
'analysis_id': '8db9a401-a142-41be-9a31-8e5f3642db62',
'analysis_summary': {
'verdict_description': 'This file contains code from malicious software, therefore it's very likely that it's malicious.',
'verdict_name': 'malicious',
'verdict_title': 'Malicious',
'verdict_type': 'malicious'
},
'sha256': '4293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7'
},
'summary': {
'description': 'No suspicious activity was detected for this URL',
'title': 'No Threats',
'verdict_name': 'no_threats',
'verdict_type': 'no_threats'
}
}
from intezer_sdk import consts
index = Index(file_path=<file_path>,
index_as=consts.IndexType.MALICIOUS,
family_name=<family_name>)
index.send(wait=True)
index_id = index.index_id
from intezer_sdk import consts
index = Index(sha256=<file_sha256>,
index_as=consts.IndexType.TRUSTED)
index.send(wait=True)
index_id = index.index_id
analysis = FileAnalysis.from_latest_hash_analysis(file_hash: <file_sha256>)
result = analysis.result()
root_analysis = analysis.get_root_analysis()
sub_analyses = analysis.get_sub_analyses()
root_analysis_code_reuse = root_analysis.code_reuse
root_analysis_metadata = root_analysis.metadata
for sub_analysis in sub_analyses:
sub_analyses_code_reuse = sub_analysis.code_reuse
sub_analyses_metadata = sub_analysis.metadata
root_analysis_code_reuse = root_analysis.code_reuse
for family in root_analysis_code_reuse['families']:
operation = root_analysis.find_related_files(family['family_id'], wait=True)
related_files = operation.get_result()
operation = root_analysis.get_account_related_samples()
related_samples = operation.get_result()
operation = root_analysis.generate_vaccine()
vaccine = operation.get_result()
operation = root_analysis.get_string_related_samples('string_to_relate_to', wait=True)
string_related_samples = operation.get_result()
analysis = FileAnalysis(file_hash=<file_sha256>)
analysis.send(wait=True, wait_timeout=datetime.timedelta(minutes=1))
history_results = query_file_analyses_history(
start_date = <datetime>,
end_date= <datetime>,
api = <IntezerApi>
aggregated_view: <bool>,
sources=<source>
verdicts=<verdicts>,
file_hash=<file_hash>,
family_names=<family_names>,
file_name=<file_name>
)
for analyse in history_results:
print(analyse)
history_results = query_url_analyses_history(
start_date = <datetime>,
end_date=<datetime>,
aggregated_view=<bool>,
sources=<sources>,
verdicts=<verdicts>,
)
for analyse in history_results:
print(analyse)
history_results = query_endpoint_analyses_history(
start_date = <datetime>,
end_date=<datetime>,
aggregated_view=<bool>,
sources=<sources>,
verdicts=<verdicts>,
sub_verdicts=<verdicts>,
did_download_file=<bool>,
submitted_url=<submitted_url>
)
for analyse in history_results:
print(analyse)
alert = Alert.from_id(alert_id=alert_id,
fetch_scans=False,
wait=False)
history_results = query_file_analyses_history(
api = <IntezerApi>,
**filters
)
for analyse in history_results:
print(analyse)
You can find more code examples under analyze-python-sdk/examples/ directory
FAQs
Intezer Analyze SDK
We found that intezer-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.
Security News
Michigan TypeScript founder Dimitri Mitropoulos implements WebAssembly runtime in TypeScript types, enabling Doom to run after processing 177 terabytes of type definitions.
Security News
vlt's new "reproduce" tool verifies npm packages against their source code, outperforming traditional provenance adoption in the JavaScript ecosystem.