|
4 | 4 | "cell_type": "markdown", |
5 | 5 | "source": [ |
6 | 6 | "# TitaniumCloud Dynamic Analysis API-s\n", |
7 | | - "This notebook demonstrates how to use the Dynamic Analysis API-s, namely the Dynamic Analysis and Dynamic Analysis Report. The first one mentioned here handles submitting a cloud sample to dynamic analysis and the second one handles returning a comprehensive report.\n", |
| 7 | + "This notebook demonstrates how to use the Dynamic Analysis API-s, namely the Dynamic Analysis and Dynamic Analysis Report. The first one mentioned here handles submitting a cloud sample or a URL to dynamic analysis and the second one handles returning a comprehensive report.\n", |
8 | 8 | "**NOTE:** If pasted into a Python file in the displayed order, all code cells can also work as a Python script." |
9 | 9 | ], |
10 | 10 | "metadata": { |
|
153 | 153 | { |
154 | 154 | "cell_type": "markdown", |
155 | 155 | "source": [ |
156 | | - "### 5. Getting the Dynamic Analysis results\n", |
| 156 | + "### 5. Getting the Dynamic Analysis results for a sample\n", |
157 | 157 | "After the Dynamic Analysis is finished, we can move on to getting the results for our sample." |
158 | 158 | ], |
159 | 159 | "metadata": { |
|
300 | 300 | "collapsed": false |
301 | 301 | }, |
302 | 302 | "id": "fa928c5d6108a5cc" |
| 303 | + }, |
| 304 | + { |
| 305 | + "cell_type": "markdown", |
| 306 | + "source": [ |
| 307 | + "### 7. Submitting a URL for Dynamic Analysis\n", |
| 308 | + "Apart from submitting only samples for Dynamic Analysis, we can also do the same for URL-s. \n", |
| 309 | + "The procedure is, for the most part, the same, with the0 difference being in using a different \"detonate\" method and a different method parameter while fetching the results. To see how it differs from detonation and result fetching for samples, see the examples below.\n", |
| 310 | + "\n", |
| 311 | + "**Note:** It is highly recommended **not to open the URL-s** used as examples in this cookbook as many of them may be classified as containing malicious software and/or indicators and can be **harmful for you computer**. For this example, we used a placeholder URL." |
| 312 | + ], |
| 313 | + "metadata": { |
| 314 | + "collapsed": false |
| 315 | + }, |
| 316 | + "id": "1b01d3239862ff90" |
| 317 | + }, |
| 318 | + { |
| 319 | + "cell_type": "code", |
| 320 | + "execution_count": null, |
| 321 | + "outputs": [], |
| 322 | + "source": [ |
| 323 | + "detonate3 = dynamic_analysis.detonate_url(\n", |
| 324 | + " url_string=\"http://some.example.url./aaa\",\n", |
| 325 | + " platform=\"windows10\"\n", |
| 326 | + ")\n", |
| 327 | + "\n", |
| 328 | + "print(detonate3.text)" |
| 329 | + ], |
| 330 | + "metadata": { |
| 331 | + "collapsed": false |
| 332 | + }, |
| 333 | + "id": "ab411ebc51fe8576" |
| 334 | + }, |
| 335 | + { |
| 336 | + "cell_type": "markdown", |
| 337 | + "source": [ |
| 338 | + "The response text that we received tells us the following info:\n", |
| 339 | + "- The analysis started.\n", |
| 340 | + "- We got the SHA-1, the Base64 and the actual string of our submitted URL.\n", |
| 341 | + "- We also got the ID of the started analysis.\n", |
| 342 | + "\n", |
| 343 | + "It is useful to save those values since we will be using them to access the URL Dynamic Analysis report." |
| 344 | + ], |
| 345 | + "metadata": { |
| 346 | + "collapsed": false |
| 347 | + }, |
| 348 | + "id": "8978610cb7f52f73" |
| 349 | + }, |
| 350 | + { |
| 351 | + "cell_type": "markdown", |
| 352 | + "source": [ |
| 353 | + "### 8. Getting the Dynamic Analysis results for a URL\n", |
| 354 | + "To fetch the Dynamic Analysis results for our submitted URL, we can use one of the following as an input parameter:\n", |
| 355 | + "- The SHA-1 of the URL.\n", |
| 356 | + "- The URL string itself.\n", |
| 357 | + "\n", |
| 358 | + "For demonstration purposes, we will show you how to use both - in the order written above." |
| 359 | + ], |
| 360 | + "metadata": { |
| 361 | + "collapsed": false |
| 362 | + }, |
| 363 | + "id": "68d86bc7cc7a7468" |
| 364 | + }, |
| 365 | + { |
| 366 | + "cell_type": "code", |
| 367 | + "execution_count": null, |
| 368 | + "outputs": [], |
| 369 | + "source": [ |
| 370 | + "# Example 1\n", |
| 371 | + "results_sha1 = dynamic_analysis.get_dynamic_analysis_results(\n", |
| 372 | + " url_sha1=\"27c5d0351a92e7be52884c6aa863d25665cb6b32\",\n", |
| 373 | + " analysis_id=\"6c8d9c60-2d9c-4c27-bc15-150b7e364d6c\"\n", |
| 374 | + ")\n", |
| 375 | + "\n", |
| 376 | + "# Example 2\n", |
| 377 | + "results_url = dynamic_analysis.get_dynamic_analysis_results(\n", |
| 378 | + " url=\"http://some.example.url./aaa\",\n", |
| 379 | + " latest=True\n", |
| 380 | + ")\n", |
| 381 | + "\n", |
| 382 | + "print(results_sha1.text)\n", |
| 383 | + "print(results_url.text)" |
| 384 | + ], |
| 385 | + "metadata": { |
| 386 | + "collapsed": false |
| 387 | + }, |
| 388 | + "id": "fb257b06a907e5a5" |
| 389 | + }, |
| 390 | + { |
| 391 | + "cell_type": "markdown", |
| 392 | + "source": [ |
| 393 | + "Keep in mind that these are all placeholder values that serve only as examples of use. We did not use actual malicious URL-s for security purposes. \n", |
| 394 | + "What did we do in these two examples?\n", |
| 395 | + "\n", |
| 396 | + "Example 1:\n", |
| 397 | + "- We used the URL-s SHA-1 as input.\n", |
| 398 | + "- We used the analysis ID to define which analysis we need.\n", |
| 399 | + "\n", |
| 400 | + "Example 2:\n", |
| 401 | + "- We used the actual URL string as input.\n", |
| 402 | + "- We stated that we want the latest analysis returned.\n", |
| 403 | + "\n", |
| 404 | + "Apart from defining the desired analysis using the `analysis_id` and `latest` parameters, we can also omit them completely and receive a merged report from all the analyses for this URL so far. However, keep in mind that, if the report is not yet ready, you will receive `404` as a status code." |
| 405 | + ], |
| 406 | + "metadata": { |
| 407 | + "collapsed": false |
| 408 | + }, |
| 409 | + "id": "e7f2de25dca23fde" |
303 | 410 | } |
304 | 411 | ], |
305 | 412 | "metadata": { |
|
0 commit comments