### DataChangeSubscription Class Example Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Illustrates the DataChangeSubscription class for subscribing to and retrieving data change notifications for samples. ```python class DataChangeSubscription(TiCloudAPI) ```` ``` -------------------------------- ### Upload Sample and Get Results (Spectra Detect) Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Submit a file to Spectra Detect for analysis using a token for authentication. This snippet shows how to open a file in binary read mode and set the full_report flag to True for comprehensive results. ```python from ReversingLabs.SDK.tiscale import TitaniumScale titanium_scale = TitaniumScale( host="https://tiscale.address", token="examplesecrettoken", # replace with a proper token verify=True, wait_time_seconds=5, retries=6 ) results = titanium_scale.upload_sample_and_get_results( file_source=open("/path/to/file.exe", "rb"), full_report=True ) ``` -------------------------------- ### NewMalwarePlatformFiltered Class Example Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Shows the NewMalwarePlatformFiltered class for querying and retrieving malware samples filtered by platform and time. ```python class NewMalwarePlatformFiltered(TiCloudAPI) ```` ``` -------------------------------- ### FileAnalysisNonMalicious Class Example Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Demonstrates the usage of the FileAnalysisNonMalicious class to retrieve analysis results for goodware samples. ```python class FileAnalysisNonMalicious(TiCloudAPI) ```` ``` -------------------------------- ### Scan File using File Path (File Inspection Engine) Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Utilize the File Inspection Engine to scan a local file by its path. This example initializes the engine and calls the scan function, then prints the JSON results. ```python from ReversingLabs.SDK.fie import FileInspectionEngine fie = FileInspectionEngine( host="http://fie.address", verify=True ) results = fie.scan_using_file_path( file_path="/local/path/to/file.exe" ) print(results.json()) ``` -------------------------------- ### CustomerUsage Class Example Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Represents the CustomerUsage class within the TiCloudAPI. ```python class CustomerUsage(TiCloudAPI) ```` ``` -------------------------------- ### List Extracted Files (Spectra Analyze - Token Auth) Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md This example demonstrates how to list extracted files from Spectra Analyze using token-based authentication. Configure the A1000 client with the host, token, and adjust verification and retry settings as needed. ```python from ReversingLabs.SDK.a1000 import A1000 # Using the token for authorization a1000 = A1000( host="http://a1000.address", token="1js76asmklaslk288japj29s89z", verify=False, wait_time_seconds=2, retries=15 ) response = a1000.list_extracted_files_v2( sample_hash="cf23df2207d99a74fbe169e3eba035e633b65d94", page_size=30 ) json_report = response.json() ``` -------------------------------- ### list_containers_for_hashes Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Gets a list of all top-level containers from which the requested sample has been extracted during analysis. This is a bulk API. ```APIDOC ## list_containers_for_hashes ### Description Gets a list of all top-level containers from which the requested sample has been extracted during analysis. This is a bulk API, meaning that a single request can be used to simultaneously query containers for multiple file hashes. ### Method POST (assumed) ### Endpoint /list_containers_for_hashes (assumed) ### Parameters #### Request Body - **hashes** (list of strings) - Required - A list of file hashes to query. ``` -------------------------------- ### FileReputation Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Represents the File Reputation API. Use this class to get the reputation of files based on their hashes. ```python class FileReputation(TiCloudAPI) ``` -------------------------------- ### Submit File and Get Report (Spectra Analyze - Username/Password) Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Use this snippet to submit a file to Spectra Analyze using username and password authentication and retrieve a detailed report. Ensure the A1000 client is configured with correct host, credentials, and desired wait times. ```python from ReversingLabs.SDK.a1000 import A1000 # Using username and password for authorization a1000 = A1000( host="https://a1000.address", username="username", password="password", verify=True, wait_time_seconds=3, retries=10 ) response = a1000.submit_file_and_get_detailed_report( file_path="/path/to/file.exe", retry=True, custom_filename="CustomName", tags="custom,tags,go,here", ) json_report = response.json() ``` -------------------------------- ### Initialize FileInspectionEngine Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Instantiate the FileInspectionEngine class with connection details. Ensure to provide the FIE host address and optionally configure SSL verification, proxies, and user agent. ```python class FileInspectionEngine(object): def __init__(self, host, verify, proxies, user_agent) ``` -------------------------------- ### get_yara_local_retro_scan_status Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Gets the current status of the Local Retro scan on the Spectra Analyze appliance. ```APIDOC ## get_yara_local_retro_scan_status ### Description Gets the status of Local Retro scan on the Spectra Analyze appliance. ### Method Not specified (assumed to be a SDK method call) ### Endpoint Not specified ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example None ### Response #### Success Response - **status** (string) - The current status of the Local Retro scan. ``` -------------------------------- ### Instantiate NewWhitelistedFiles Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md This snippet shows how to instantiate the NewWhitelistedFiles class for querying newly whitelisted files. ```python class NewWhitelistedFiles(TiCloudAPI) ``` -------------------------------- ### Initialize SpectraAssureScenarios Client Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Initializes the SpectraAssureScenarios client, which is used for managing ReversingLabs Spectra Assure scenarios. ```python class SpectraAssureScenarios(object): def __init__(self, spectra_assure_client, verify_certs) ``` -------------------------------- ### get_yara_ruleset_synchronization_time Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Gets information about the current synchronization status for Spectra Intelligence-enabled YARA rulesets. ```APIDOC ## get_yara_ruleset_synchronization_time ### Description Gets information about the current synchronization status for Spectra Intelligence-enabled rulesets. ### Method Not specified (assumed to be a SDK method call) ### Endpoint Not specified ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example None ### Response #### Success Response - **synchronization_info** (object) - Information about the synchronization status. ``` -------------------------------- ### Initialize SpectraAssureClient Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Initializes the SpectraAssureClient for interacting with the ReversingLabs Spectra Assure API. ```python class SpectraAssureClient(object): def __init__(self, host, token, organization, group) ``` -------------------------------- ### Initialize TitaniumScale Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Instantiates the TitaniumScale class with connection and retry parameters for the Spectra Detect appliance. ```python class TitaniumScale(object): def __init__(self, host, token, wait_time_seconds, retries, verify, proxies, user_agent) ``` -------------------------------- ### get_yara_cloud_retro_scan_status Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Gets the status of Cloud Retro for a specified YARA ruleset. The response indicates the status of the scan. ```APIDOC ## get_yara_cloud_retro_scan_status ### Description Gets the status of Cloud Retro for the specified YARA ruleset. The response indicates the status of the scan. ### Method Not specified (assumed to be a SDK method call) ### Endpoint Not specified ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **ruleset_name** (string) - Required - The name of the YARA ruleset. ### Request Example ```json { "ruleset_name": "my_ruleset" } ``` ### Response #### Success Response - **status** (string) - The status of the Cloud Retro scan for the specified ruleset. ``` -------------------------------- ### FileDownload.download_sample Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Accepts a hash string and downloads the related sample from Spectra Intelligence. ```APIDOC ## FileDownload.download_sample ### Description Accepts a hash string and downloads the related sample from Spectra Intelligence. ### Method Not specified (SDK method) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **hash_string** (string) - Required - The hash string. ``` -------------------------------- ### Instantiate FilesWithDetectionChanges Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md This snippet shows how to instantiate the FilesWithDetectionChanges class, used for retrieving files with changes in their detection status. ```python class FilesWithDetectionChanges(TiCloudAPI) ``` -------------------------------- ### Instantiate ChangesWhitelistedFiles Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md This snippet shows how to instantiate the ChangesWhitelistedFiles class for querying files whose whitelist status has changed. ```python class ChangesWhitelistedFiles(TiCloudAPI) ``` -------------------------------- ### start_or_stop_yara_cloud_retro_scan Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Starts, stops, or clears Cloud Retro results for a specified YARA ruleset on the Spectra Analyze appliance. ```APIDOC ## start_or_stop_yara_cloud_retro_scan ### Description Allows users to start and stop a Cloud Retro scan for a specified ruleset on the Spectra Analyze appliance, as well as to clear all Cloud Retro results for the ruleset. ### Method Not specified (assumed to be a SDK method call) ### Endpoint Not specified ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **ruleset_name** (string) - Required - The name of the YARA ruleset. - **action** (string) - Required - The action to perform: 'start', 'stop', or 'clear'. ### Request Example ```json { "ruleset_name": "my_ruleset", "action": "start" } ``` ### Response #### Success Response - A confirmation message indicating the action has been performed. ``` -------------------------------- ### Instantiate ImpHashSimilarity Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md This snippet shows how to instantiate the ImpHashSimilarity class for querying files based on ImpHash. ```python class ImpHashSimilarity(TiCloudAPI) ``` -------------------------------- ### URIStatistics Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Represents the URI Statistics API. Use this class to get statistics of files associated with a given URI. ```python class URIStatistics(TiCloudAPI) ``` -------------------------------- ### RHA1Analytics Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Represents the RHA1 Analytics API. Use this class to get counts of functionally similar hashes grouped by classification. ```python class RHA1Analytics(TiCloudAPI) ``` -------------------------------- ### URLThreatIntelligence Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Represents the URL Threat Intelligence API. Use this class to get URL analysis reports and related file information. ```python class URLThreatIntelligence(TiCloudAPI) ``` -------------------------------- ### Instantiate NewExploitAndCveSamplesFoundInWildDaily Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md This snippet shows how to instantiate the NewExploitAndCveSamplesFoundInWildDaily class for daily exploit and CVE sample queries. ```python class NewExploitAndCveSamplesFoundInWildDaily(TiCloudAPI) ``` -------------------------------- ### Get Daily CVE Report Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Retrieves a daily report of malware hashes, threat names, and counts associated with CVE identifiers for a specified day. ```python pull_daily_cve_report ``` -------------------------------- ### Instantiate NewFilesFirstAndRescan Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md This snippet shows how to instantiate the NewFilesFirstAndRescan class, which is used to query for newly scanned or rescanned files. ```python class NewFilesFirstAndRescan(TiCloudAPI) ``` -------------------------------- ### Get Latest CVE Report Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Retrieves the latest available daily report containing malware hashes, threat names, and counts associated with CVE identifiers. ```python pull_latest_cve_report ``` -------------------------------- ### Instantiate NewExploitOrCveSamplesFoundInWildHourly Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md This snippet shows how to instantiate the NewExploitOrCveSamplesFoundInWildHourly class for hourly exploit and CVE sample queries. ```python class NewExploitOrCveSamplesFoundInWildHourly(TiCloudAPI) ``` -------------------------------- ### YARA Retro Hunting Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Enable, start, check status, and cancel YARA retro hunts. This functionality requires YARA rulesets to be submitted to Spectra Intelligence prior to deployment. ```python class YARARetroHunting(TiCloudAPI) # Methods: enable_retro_hunt, start_retro_hunt, check_status, cancel_retro_hunt, yara_retro_matches_feed ``` -------------------------------- ### TitaniumScale Class Initialization Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Initializes the TitaniumScale client to interact with the Spectra Detect appliance. It requires connection details and configuration for retries and timeouts. ```APIDOC ## TitaniumScale ### Description Initializes the TitaniumScale client to interact with the Spectra Detect appliance. It requires connection details and configuration for retries and timeouts. ### Parameters - **host** (string) - Required - Spectra Detect address - **token** (string) - Required - Spectra Detect user token for the REST API - **wait_time_seconds** (integer) - Required - wait time between each report fetching retry - **retries** (integer) - Required - number of report fetching retries - **verify** (boolean) - Required - verify SSL certificate - **proxies** (dict) - Optional - optional proxies in use - **user_agent** (string) - Optional - optional user agent string ``` -------------------------------- ### SupplyChainIoCFeed Methods Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Methods for pulling supply chain Indicators of Compromise (IoC) data, with options to set start times, pull from the latest data, or pull within specific timeframes or relative time periods. ```APIDOC ## set_start_time ### Description Set starting time cursor for pulling indicators. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example None ### Response #### Success Response Not specified #### Response Example None ``` ```APIDOC ## pull_from_feed ### Description Retrieve latest feed data, starting from the set start time. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example None ### Response #### Success Response Latest feed data. #### Response Example None ``` ```APIDOC ## pull_with_timestamp ### Description Retrieve feed data starting from a time specified in this request. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example None ### Response #### Success Response Feed data starting from a specified timestamp. #### Response Example None ``` ```APIDOC ## pull_with_timeframe ### Description Accepts a time format definition and a start and end time written in the defined format. Returns a Python list of indicators for the selected time period. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example None ### Response #### Success Response A Python list of indicators for the selected time period. #### Response Example None ``` ```APIDOC ## pull_with_relative_time ### Description Pulls the indicators from the last . e.g. Last 5 days worth of indicators. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example None ### Response #### Success Response Indicators from the last specified amount and unit of time. #### Response Example None ``` -------------------------------- ### TiCloudAPI Initialization Parameters Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Defines the parameters required to instantiate any class within the ticloud module, which represents the ReversingLabs Spectra Intelligence API. ```python def __init__(self, host, username, password, verify, proxies, user_agent, allow_none_return) ``` -------------------------------- ### Instantiate CvesExploitedInTheWild Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md This snippet shows how to instantiate the CvesExploitedInTheWild class, which is used to query for CVEs exploited in the wild. ```python class CvesExploitedInTheWild(TiCloudAPI) ``` -------------------------------- ### Define SupplyChainIoCFeed Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md This class inherits from TiCloudAPI and provides methods for pulling supply chain IoC data based on various time parameters, including start time, specific timestamps, timeframes, and relative timeframes. ```python class SupplyChainIoCFeed(TiCloudAPI) ``` -------------------------------- ### URLThreatIntelligence.get_url_analysis_feed_from_date_aggregated Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Accepts time format and a start time and returns URL analysis reports from that defined time onward. It is possible to list analyses up to 90 days into the past. Returns a list of results aggregated through multiple paginated requests. ```APIDOC ## URLThreatIntelligence.get_url_analysis_feed_from_date_aggregated ### Description Accepts time format and a start time and returns URL analysis reports from that defined time onward. It is possible to list analyses up to 90 days into the past. Returns a list of results aggregated through multiple paginated requests. ### Method Not specified (SDK method) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **time_format** (string) - Required - The time format. - **start_time** (string) - Required - The start time. ``` -------------------------------- ### create_pdf_report Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Initiates the creation of a PDF analysis report for a given sample hash. The response provides links to check the creation status and download the report. ```APIDOC ## create_pdf_report ### Description Accepts a single hash string and initiates the creation of a PDF analysis report for the requested sample. ### Method Not specified (assumed to be a SDK method call) ### Endpoint Not specified ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **hash_string** (string) - Required - The hash of the sample for which to create a PDF report. ### Request Example ```json { "hash_string": "sample_hash_value" } ``` ### Response #### Success Response - **status_link** (string) - Link to the PDF creation status endpoint. - **download_link** (string) - Link to the PDF download endpoint. ``` -------------------------------- ### Initialize AdvancedActions Client Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Initializes the AdvancedActions client with connection and authentication details for Spectra Intelligence. ```python class AdvancedActions(object): def __init__(self, host, verify, proxies, user_agent) ``` -------------------------------- ### URLThreatIntelligence.get_url_analysis_feed_from_date Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Accepts time format and a start time and returns URL analysis reports from that defined time onward. It is possible to list analyses up to 90 days into the past. Returns only one defined page of results using one request. ```APIDOC ## URLThreatIntelligence.get_url_analysis_feed_from_date ### Description Accepts time format and a start time and returns URL analysis reports from that defined time onward. It is possible to list analyses up to 90 days into the past. Returns only one defined page of results using one request. ### Method Not specified (SDK method) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **time_format** (string) - Required - The time format. - **start_time** (string) - Required - The start time. ``` -------------------------------- ### Instantiate YARAHunting Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md This snippet shows how to instantiate the YARAHunting class for YARA rule-based hunting. ```python class YARAHunting(TiCloudAPI) ``` -------------------------------- ### Error Handling with Response Object (Spectra Intelligence) Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Demonstrates how to catch exceptions raised by the SDK and access the original response object for detailed error information. This pattern is applicable to Spectra Analyze and Spectra Detect as well. ```python from ReversingLabs.SDK.ticloud import FileReputation file_rep = FileReputation( host="https://data.reversinglabs.com", username="u/username", password="password" ) try: resp = file_rep.get_file_reputation(hash_input="cf23df2207d99a74fbe169e3eba035e633b65d94") except Exception as e: if hasattr(e, "response_object"): print(e.response_object.content) else: raise ``` -------------------------------- ### upload_sample_and_get_results Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Combines uploading a sample (via path or file object) and retrieving its analysis results. It handles retries and timeouts for result fetching. ```APIDOC ## upload_sample_and_get_results ### Description Combines uploading a sample (via path or file object) and retrieving its analysis results. It handles retries and timeouts for result fetching. ### Method POST (assumed) ### Endpoint /samples/analyze (assumed) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **file_input** (string or file) - Required - Either a file path string or a file object opened in 'rb' mode. ``` -------------------------------- ### upload_sample_from_file Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Uploads a sample to Spectra Detect using an opened file object. Returns a response containing the analysis task URL. ```APIDOC ## upload_sample_from_file ### Description Uploads a sample to Spectra Detect using an opened file object. Returns a response containing the analysis task URL. ### Method POST (assumed) ### Endpoint /samples (assumed) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **file_object** (file) - Required - The file object opened in 'rb' mode. ``` -------------------------------- ### FileDownload.get_download_status Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Accepts a hash string and returns the sample's availability for download. ```APIDOC ## FileDownload.get_download_status ### Description Accepts a hash string and returns the sample's availability for download. ### Method Not specified (SDK method) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **hash_string** (string) - Required - The hash string. ``` -------------------------------- ### NewWhitelistedFiles Methods Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Provides methods to query for newly whitelisted samples since a requested time. ```APIDOC ## feed_query ### Description Accepts a time definition and a time value. Optional arguments are available for sample and result limit. Returns a list of newly whitelisted samples since the requested time. ### Method feed_query ### Parameters #### Path Parameters None #### Query Parameters - **time_format** (string) - Required - The format of the time value (e.g., 'YYYY-MM-DD'). - **time_value** (string) - Required - The starting time. - **sample** (string) - Optional - Sample identifier. - **result_limit** (integer) - Optional - Maximum number of results to return. ### Request Example ```json { "time_format": "YYYY-MM-DD", "time_value": "2023-01-01" } ``` ### Response #### Success Response (200) - **hashes** (list of strings) - A list of newly whitelisted sample hashes. #### Response Example ```json { "hashes": ["hash1", "hash2"] } ``` ``` ```APIDOC ## start_query ### Description Sets the starting timestamp for the pull_query. ### Method start_query ### Parameters #### Path Parameters None #### Query Parameters - **time_format** (string) - Required - The format of the time value (e.g., 'YYYY-MM-DD'). - **time_value** (string) - Required - The specific time value. ### Request Example ```json { "time_format": "YYYY-MM-DD", "time_value": "2023-01-01" } ``` ### Response #### Success Response (200) - **message** (string) - Confirmation that the start query has been set. #### Response Example ```json { "message": "Start query timestamp set." } ``` ``` ```APIDOC ## pull_query ### Description Returns the list of newly whitelisted samples, with the timestamp defined with the start_query. ### Method pull_query ### Parameters None ### Request Example ```json {} ``` ### Response #### Success Response (200) - **hashes** (list of strings) - A list of newly whitelisted sample hashes. #### Response Example ```json { "hashes": ["hash1", "hash2"] } ``` ``` -------------------------------- ### upload_sample_from_path Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Uploads a sample to Spectra Detect using its file path. Returns a response containing the analysis task URL. ```APIDOC ## upload_sample_from_path ### Description Uploads a sample to Spectra Detect using its file path. Returns a response containing the analysis task URL. ### Method POST (assumed) ### Endpoint /samples (assumed) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **file_path** (string) - Required - The path to the file to upload. ``` -------------------------------- ### FileDownload Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Represents the File Download API. Use this class to check sample availability and download samples. ```python class FileDownload(TiCloudAPI) ``` -------------------------------- ### NewMalwareFilesFeed Methods Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Methods for accessing the New Malware Files Feed. ```APIDOC ## NewMalwareFilesFeed ### Description Provides methods for accessing the New Malware Files Feed, which contains malware detections. ### Methods #### `pull_with_timestamp` ##### Description Accepts a time format definition and a time value. Returns malware detections from the requested time. ##### Method GET (Assumed) ##### Endpoint /feed/malware/files/timestamp (Assumed) ##### Parameters #### Query Parameters - **time_format** (string) - Required - The format of the time value. - **time_value** (string) - Required - The time value. ### Response #### Success Response (200) - **detections** (list[object]) - A list of malware detections. #### Response Example ```json { "detections": [ { "file_hash": "sha256_hash", "timestamp": "2023-10-27T10:00:00Z" } ] } ``` #### `pull` ##### Description Returns a list of malware detections since the point in time set by the `set_start` method. If the user has not previously used this method, nor has the `set_start` method been called, it will return records starting with the current timestamp. ##### Method GET (Assumed) ##### Endpoint /feed/malware/files (Assumed) #### `set_start` ##### Description This method sets the starting time for the `pull` method. ##### Method POST (Assumed) ##### Endpoint /feed/malware/files/start-time (Assumed) ##### Parameters #### Request Body - **start_time** (string) - Required - The starting time for the pull method. ``` -------------------------------- ### NewMalwareURIFeed Methods Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Methods for accessing the New Malware URI Feed. ```APIDOC ## NewMalwareURIFeed ### Description Provides methods for accessing the New Malware URI Feed, which contains IPs, domains, URLs, emails, and sample hashes extracted from malware samples. ### Methods #### `pull_with_timestamp` ##### Description Accepts a time format definition and a time value. Returns records with IPs, domains, URLs, emails, and sample hashes extracted from malware samples. ##### Method GET (Assumed) ##### Endpoint /feed/malware/uri/timestamp (Assumed) ##### Parameters #### Query Parameters - **time_format** (string) - Required - The format of the time value. - **time_value** (string) - Required - The time value. ### Response #### Success Response (200) - **records** (list[object]) - A list of records containing malware URIs and related information. #### Response Example ```json { "records": [ { "url": "http://malicious.com/payload.exe", "ip_address": "1.2.3.4", "domain": "malicious.com", "email": "abuse@malicious.com", "sample_hash": "sha256_hash" } ] } ``` #### `pull_latest` ##### Description Returns a maximum of 1000 latest records with IPs, domains, URLs, emails, and sample hashes extracted from malware samples. ##### Method GET (Assumed) ##### Endpoint /feed/malware/uri/latest (Assumed) ### Response #### Success Response (200) - **records** (list[object]) - A list of the latest records. #### Response Example ```json { "records": [ { "url": "http://malicious.com/payload.exe", "ip_address": "1.2.3.4", "domain": "malicious.com", "email": "abuse@malicious.com", "sample_hash": "sha256_hash" } ] } ``` ``` -------------------------------- ### NewExploitAndCveSamplesFoundInWildDaily Methods Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Provides methods to query for new file hashes containing CVE or exploit identification detected on a daily basis. ```APIDOC ## daily_exploit_list_query ### Description Accepts a time format definition and a time value. Optional arguments are available for sample and result limit. Returns a list of new file hashes that contain CVE or exploit identification and that are detected per day period in the Spectra Intelligence system. ### Method daily_exploit_list_query ### Parameters #### Path Parameters None #### Query Parameters - **time_format** (string) - Required - The format of the time value (e.g., 'YYYY-MM-DD'). - **time_value** (string) - Required - The specific day period. - **sample** (string) - Optional - Sample identifier. - **result_limit** (integer) - Optional - Maximum number of results to return. ### Request Example ```json { "time_format": "YYYY-MM-DD", "time_value": "2023-01-01" } ``` ### Response #### Success Response (200) - **hashes** (list of strings) - A list of new file hashes with CVE or exploit identification for the specified day. #### Response Example ```json { "hashes": ["hash1", "hash2"] } ``` ``` ```APIDOC ## latest_daily_exploit_list_query ### Description Returns the results from the latest day for which we have data. ### Method latest_daily_exploit_list_query ### Parameters None ### Request Example ```json {} ``` ### Response #### Success Response (200) - **hashes** (list of strings) - A list of new file hashes with CVE or exploit identification from the latest day. #### Response Example ```json { "hashes": ["hash1", "hash2"] } ``` ``` -------------------------------- ### FileInspectionEngine Class Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md The FileInspectionEngine class provides methods to interact with the ReversingLabs File Inspection Engine platform. It can be initialized with host, SSL verification settings, proxies, and a user agent. ```APIDOC ## Class: FileInspectionEngine ### Description A Python module representing the ReversingLabs File Inspection Engine platform. ### Initialization ```python class FileInspectionEngine(object): def __init__(self, host, verify, proxies, user_agent) ``` #### Parameters: - `host` (string) - File Inspection Engine address - `verify` (boolean) - verify SSL certificate - `proxies` (dict) - optional proxies in use - `user_agent` (string) - optional user agent string ### Methods: #### `test_connection` ##### Description Creates a lightweight request towards the FIE scan API to test the connection. #### `scan_using_file_path` ##### Description Sends a file to the FIE for inspection and returns a simple verdict in the submit response. Uses a file path string as input. #### `scan_using_open_file` ##### Description Sends a file to the FIE for inspection and returns a simple verdict in the submit response. Uses an open file handle as input. #### `report_using_file_path` ##### Description Sends a file to the FIE for inspection and returns a more complex analysis report in the submit response. Uses a file path string as input. #### `report_using_open_file` ##### Description Sends a file to the FIE for inspection and returns a more complex analysis report in the submit response. Uses an open file handle as input. ``` -------------------------------- ### NewExploitOrCveSamplesFoundInWildHourly Methods Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Provides methods to query for new file hashes containing CVE or exploit identification detected within a specific one-hour period. ```APIDOC ## hourly_exploit_list_query ### Description Accepts a time format definition and a time value. Optional arguments are available for sample and result limit. Returns a list of new file hashes that contain CVE or exploit identification and that are detected within the requested one-hour period in the Spectra Intelligence system. ### Method hourly_exploit_list_query ### Parameters #### Path Parameters None #### Query Parameters - **time_format** (string) - Required - The format of the time value (e.g., 'YYYY-MM-DD HH:MM:SS'). - **time_value** (string) - Required - The specific one-hour period. - **sample** (string) - Optional - Sample identifier. - **result_limit** (integer) - Optional - Maximum number of results to return. ### Request Example ```json { "time_format": "YYYY-MM-DD HH:MM:SS", "time_value": "2023-01-01 10:00:00" } ``` ### Response #### Success Response (200) - **hashes** (list of strings) - A list of new file hashes with CVE or exploit identification. #### Response Example ```json { "hashes": ["hash1", "hash2"] } ``` ``` ```APIDOC ## latest_hourly_exploit_list_query ### Description Returns the results from the latest hour for which we have data. ### Method latest_hourly_exploit_list_query ### Parameters None ### Request Example ```json {} ``` ### Response #### Success Response (200) - **hashes** (list of strings) - A list of new file hashes with CVE or exploit identification from the latest hour. #### Response Example ```json { "hashes": ["hash1", "hash2"] } ``` ``` -------------------------------- ### create_dynamic_analysis_report Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Initiates the creation of PDF or HTML reports for samples that have undergone dynamic analysis in the ReversingLabs Cloud Sandbox. The response includes links for status checking and report downloading. ```APIDOC ## create_dynamic_analysis_report ### Description Accepts a single hash string and initiates the creation of PDF or HTML reports for samples that have gone through dynamic analysis in the ReversingLabs Cloud Sandbox. The response includes links to the report creation status endpoint and report download ednpoint for the requested sample. ### Method Not specified (assumed to be a SDK method call) ### Endpoint Not specified ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **hash_string** (string) - Required - The hash of the sample for which to create a dynamic analysis report. - **report_format** (string) - Required - The desired format for the report (e.g., 'pdf', 'html'). ### Request Example ```json { "hash_string": "sample_hash_value", "report_format": "pdf" } ``` ### Response #### Success Response - **status_link** (string) - Link to the report creation status endpoint. - **download_link** (string) - Link to the report download endpoint. ``` -------------------------------- ### Account and User Management Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Methods for managing account-level information and users. ```APIDOC ## active_yara_rulesets ### Description This method returns information about the number of active YARA rulesets for the Spectra Intelligence account that sent the request. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ## quota_limits ### Description This method returns current quota limits for API-s accessible to the authenticated user. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ## get_company_information ### Description Returns the number of users and the company name for the company the authenticated user belongs to. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ## create_user ### Description Creates a new user. Make sure to store the returned password. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ## list_users ### Description Returns a list of all users in the company. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ## retrieve_user ### Description Retrieve the information of one user. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ## update_user ### Description Updates an existing user. Any of the fields from the Retrieve User response can be updated. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ## reset_password ### Description Resets the user's password. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ``` -------------------------------- ### NewFilesFirstAndRescan Methods Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Provides methods to query for files that have been scanned for the first time or rescanned within the Spectra Intelligence system. ```APIDOC ## feed_query ### Description Accepts a time format definition and a time value. Optional arguments are available for sample and result limit. Returns a continuous list of samples in the Spectra Intelligence system which have been scanned for the first time or rescanned. ### Method feed_query ### Parameters #### Path Parameters None #### Query Parameters - **sample** (string) - Optional - Sample identifier. - **result_limit** (integer) - Optional - Maximum number of results to return. ### Request Example ```json { "time_format": "YYYY-MM-DD", "time_value": "2023-01-01" } ``` ### Response #### Success Response (200) - **hashes** (list of strings) - A list of hashes for scanned samples. #### Response Example ```json { "hashes": ["hash1", "hash2"] } ``` ``` ```APIDOC ## start_query ### Description Accepts a time format definition and a time value. Sets the starting timestamp for the pull_query. ### Method start_query ### Parameters #### Path Parameters None #### Query Parameters - **time_format** (string) - Required - The format of the time value (e.g., 'YYYY-MM-DD'). - **time_value** (string) - Required - The specific time value. ### Request Example ```json { "time_format": "YYYY-MM-DD", "time_value": "2023-01-01" } ``` ### Response #### Success Response (200) - **message** (string) - Confirmation that the start query has been set. #### Response Example ```json { "message": "Start query timestamp set." } ``` ``` ```APIDOC ## pull_query ### Description Returns the list of hashes for scanned samples starting with the timestamp defined with start_query. ### Method pull_query ### Parameters None ### Request Example ```json {} ``` ### Response #### Success Response (200) - **hashes** (list of strings) - A list of hashes for scanned samples. #### Response Example ```json { "hashes": ["hash1", "hash2"] } ``` ``` -------------------------------- ### Usage Methods Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Methods for retrieving service usage information. ```APIDOC ## daily_usage ### Description Returns information about daily service usage for the Spectra Intelligence account that sent the request. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ## monthly_usage ### Description Returns information about monthly service usage for the Spectra Intelligence account that sent the request. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ## date_range_usage ### Description This method returns total usage for all product licenses with a fixed quota over a single date range. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ``` -------------------------------- ### download_dynamic_analysis_report Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Downloads a dynamic analysis report using the sample's hash string and report format parameters. These parameters must match those used in the initial report creation request. ```APIDOC ## download_dynamic_analysis_report ### Description Accepts a single hash string and report format parameters that should correspond to the parameters used in the request with create_dynamic_analysis_report method. ### Method Not specified (assumed to be a SDK method call) ### Endpoint Not specified ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **hash_string** (string) - Required - The hash of the sample for which to download the dynamic analysis report. - **report_format** (string) - Required - The format of the report to download. ### Request Example ```json { "hash_string": "sample_hash_value", "report_format": "pdf" } ``` ### Response #### Success Response - The response is the dynamic analysis report content. ``` -------------------------------- ### FilesWithDetectionChanges Methods Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Provides methods to query for scanned samples that have had their first scan or detection changes within the Spectra Intelligence system. ```APIDOC ## feed_query ### Description Accepts a time format definition and a time value. Optional arguments are available for sample and result limit. Returns a list of hashes for scanned samples (first time scan or detection changes), starting with the provided timestamp. ### Method feed_query ### Parameters #### Path Parameters None #### Query Parameters - **sample** (string) - Optional - Sample identifier. - **result_limit** (integer) - Optional - Maximum number of results to return. ### Request Example ```json { "time_format": "YYYY-MM-DD", "time_value": "2023-01-01" } ``` ### Response #### Success Response (200) - **hashes** (list of strings) - A list of hashes for scanned samples with detection changes. #### Response Example ```json { "hashes": ["hash1", "hash2"] } ``` ``` ```APIDOC ## start_query ### Description Accepts a time format definition and a time value. Sets the starting timestamp for the pull_query. ### Method start_query ### Parameters #### Path Parameters None #### Query Parameters - **time_format** (string) - Required - The format of the time value (e.g., 'YYYY-MM-DD'). - **time_value** (string) - Required - The specific time value. ### Request Example ```json { "time_format": "YYYY-MM-DD", "time_value": "2023-01-01" } ``` ### Response #### Success Response (200) - **message** (string) - Confirmation that the start query has been set. #### Response Example ```json { "message": "Start query timestamp set." } ``` ``` ```APIDOC ## pull_query ### Description Returns the list of hashes for scanned samples starting with the timestamp defined with the start_query. ### Method pull_query ### Parameters None ### Request Example ```json {} ``` ### Response #### Success Response (200) - **hashes** (list of strings) - A list of hashes for scanned samples. #### Response Example ```json { "hashes": ["hash1", "hash2"] } ``` ``` -------------------------------- ### License and Limit Management Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Methods for managing licenses and their associated limits. ```APIDOC ## list_licenses ### Description Returns a list of all licenses for the company. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ## create_limit ### Description Creates a new limit. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ## read_license_limits ### Description Returns a list of limits created for a specific license. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ## read_user_limits ### Description Returns a list of limits created for a specific user. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ## update_limit ### Description Updates an existing limit. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ## delete_limit ### Description Deletes an existing limit. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ``` -------------------------------- ### File Analysis Methods Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Methods for retrieving analysis results for files classified as goodware. ```APIDOC ## get_analysis_results ### Description Accepts a hash string or a list of hash strings and returns knowledge about the given samples if they are classified as goodware. ### Method Not specified (SDK method) ### Endpoint Not specified (SDK method) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example ```python # Example usage (actual SDK call) # client.get_analysis_results(hashes=['hash1', 'hash2']) ``` ### Response #### Success Response - Knowledge about the provided samples classified as goodware. #### Response Example ```json { "example": "[Analysis results for goodware samples]" } ``` ``` -------------------------------- ### submit_url Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Sends a URL for analysis on Spectra Analyze. ```APIDOC ## submit_url ### Description Sends a URL for analysis on Spectra Analyze. ### Method POST (assumed) ### Endpoint /submit_url (assumed) ### Parameters #### Request Body - **url** (string) - Required - The URL to submit for analysis. ``` -------------------------------- ### URLThreatIntelligence.get_downloaded_files Source: https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md Accepts a URL string and returns a list of files downloaded from that URL. ```APIDOC ## URLThreatIntelligence.get_downloaded_files ### Description Accepts a URL string and returns a list of files downloaded from that URL. ### Method Not specified (SDK method) ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **url_string** (string) - Required - The URL string. ```