Intezer Analyze SDK

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for AvihayST from gravatar.com AvihayST Avatar for Intezer from gravatar.com Intezer

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Intezer Labs ltd.
  • Tags intezer
  • Requires: Python !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*, !=3.6.*, !=3.7.*
Classifiers

Project description

PyPI Build

Intezer SDK

The SDK wraps Intezer Analyze API 2.0 (View full API documentation)

Currently, the following options are available in the SDK:

  • Analyze by file
  • Analyze by SHA256
  • Analyze Url
  • Index by file
  • Index by SHA256
  • Get Latest Analysis
  • Account and file related samples
  • Code reuse and Metadata
  • IOCs, Dynamic TTPs and Capabilities
  • Strings related samples
  • Search a family
  • Ingest an alert from any source
  • Ingest a raw email alert (.msg or .eml file)

Installation

pip install intezer-sdk

Using Intezer SDK

Set global api key

Before using the SDK functionality we should set the api key:

    api.set_global_api('<api_key>')

Analyze By File

analysis = FileAnalysis(file_path=<file_path>,
                    dynamic_unpacking=<force_dynamic_unpacking>, # optional
                    static_unpacking=<force_static_unpacking>)   # optional
analysis.send(wait=True) 
result = analysis.result()

Analyze By SHA256

analysis = FileAnalysis(file_hash=<file_sha256>)
analysis.send(wait=True)
result = analysis.result()

File Analysis result example

{
  'analysis_id': '00000000-0000-0000-0000-000000000000', 
  'analysis_time': 'Sun, 04 Aug 2019 09:38:16 GMT', 
  'analysis_url': 'https://analyze.intezer.com/#/analyses/00000000-0000-0000-0000-000000000000', 
  'family_name': 'Ramnit', 
  'is_private': True, 
  'sha256': '4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356', 
  'sub_verdict': 'malicious', 
  'verdict': 'malicious'
}

Analyze Url

analysis = UrlAnalysis(url=<url>)
analysis.send(wait=True)
result = analysis.result()

Url Analysis result example

{
    'analysis_id': '70d09f68-c7a3-43a3-a8de-07ec31fbf4ed',
    'domain_info': {
        'creation_date': '1997-08-13 04:00:00.000000',
        'domain_name': 'foo.com',
        'registrar': 'TUCOWS, INC.'
    },
    'indicators': [
    {
        'classification': 'informative',
        'text': 'URL is accessible'
    },
    {
        'classification': 'informative',
        'text': 'Assigned IPv4 domain'
    },
    {
        'classification': 'informative',
        'text': 'Vaild IPv4 domain'
    }
    ],
    'ip': '34.206.39.153',
    'redirect_chain': [
    {
        'response_status': 301,
        'url': 'https://foo.com/'
    },
    {
        'response_status': 200,
        'url': 'http://www.foo.com/'
    }
    ],
    'scanned_url': 'http://www.foo.com/',
    'submitted_url': 'foo.com',
    'downloaded_file': {
        'analysis_id': '8db9a401-a142-41be-9a31-8e5f3642db62',
        'analysis_summary': {
           'verdict_description': 'This file contains code from malicious software, therefore it's very likely that it's malicious.',
           'verdict_name': 'malicious',
           'verdict_title': 'Malicious',
           'verdict_type': 'malicious'
        },
        'sha256': '4293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7'
     },
    'summary': {
        'description': 'No suspicious activity was detected for this URL',
        'title': 'No Threats',
        'verdict_name': 'no_threats',
        'verdict_type': 'no_threats'
    }
}

Index By File

from intezer_sdk import consts

index = Index(file_path=<file_path>, 
              index_as=consts.IndexType.MALICIOUS, 
              family_name=<family_name>)
index.send(wait=True)
index_id = index.index_id

Index By SHA256

from intezer_sdk import consts

index = Index(sha256=<file_sha256>, 
              index_as=consts.IndexType.TRUSTED)
index.send(wait=True)
index_id = index.index_id

Get Latest File Analysis

analysis = FileAnalysis.from_latest_hash_analysis(file_hash: <file_sha256>)
result = analysis.result()

Get Sub Analyses

Root File Analysis

root_analysis = analysis.get_root_analysis()

Sub Analyses

sub_analyses = analysis.get_sub_analyses()

Code Reuse and Metadata

root_analysis_code_reuse = root_analysis.code_reuse
root_analysis_metadata = root_analysis.metadata

for sub_analysis in sub_analyses:
    sub_analyses_code_reuse = sub_analysis.code_reuse
    sub_analyses_metadata = sub_analysis.metadata

Related Files by Family

root_analysis_code_reuse = root_analysis.code_reuse

for family in root_analysis_code_reuse['families']:
    operation = root_analysis.find_related_files(family['family_id'], wait=True)
    related_files = operation.get_result()

Account Related Samples

operation = root_analysis.get_account_related_samples()
related_samples = operation.get_result()

Vaccine

operation = root_analysis.generate_vaccine()
vaccine = operation.get_result()

Strings related samples

operation = root_analysis.get_string_related_samples('string_to_relate_to', wait=True)
string_related_samples = operation.get_result()

Wait with timeout

analysis = FileAnalysis(file_hash=<file_sha256>)
analysis.send(wait=True, wait_timeout=datetime.timedelta(minutes=1))

Analyses History

  • File
history_results = query_file_analyses_history(
    start_date = <datetime>,
    end_date= <datetime>,
    api = <IntezerApi>
    aggregated_view: <bool>,
    sources=<source>
    verdicts=<verdicts>,
    file_hash=<file_hash>,
    family_names=<family_names>,
    file_name=<file_name>
)
for analyse in history_results:
    print(analyse)
  • URL
history_results = query_url_analyses_history(
    start_date = <datetime>,
    end_date=<datetime>,
    aggregated_view=<bool>,
    sources=<sources>,
    verdicts=<verdicts>,
)
for analyse in history_results:
    print(analyse)
  • End Point
history_results = query_endpoint_analyses_history(
    start_date = <datetime>,
    end_date=<datetime>,
    aggregated_view=<bool>,
    sources=<sources>,
    verdicts=<verdicts>,
    sub_verdicts=<verdicts>,
    did_download_file=<bool>,
    submitted_url=<submitted_url>
)
for analyse in history_results:
    print(analyse)

Alerts

Get alert by id

alert = Alert.from_id(alert_id=alert_id,
                      fetch_scans=False,
                      wait=False)

Alerts History

history_results = query_file_analyses_history(
    api = <IntezerApi>,
    **filters
)
for analyse in history_results:
    print(analyse)

Code examples

You can find more code examples under analyze-python-sdk/examples/ directory

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for AvihayST from gravatar.com AvihayST Avatar for Intezer from gravatar.com Intezer

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Intezer Labs ltd.
  • Tags intezer
  • Requires: Python !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*, !=3.6.*, !=3.7.*
Classifiers

Release history Release notifications | RSS feed

1.21.6

This version

1.21.5

1.21.4

1.21.3

1.21.2

1.21

1.20

1.19.18

1.19.17

1.19.16

1.19.15

1.19.14

1.19.13

1.19.12

1.19.11

1.19.10

1.19.9

1.19.8

1.19.7

1.19.6

1.19.5

1.19.4

1.19.3

1.19.2

1.19.1

1.19

1.18.9

1.18.8

1.18.7

1.18.6

1.18.5

1.18.4

1.18.3

1.18.2

1.18.1

1.18

1.17.4

1.17.3

1.17.2

1.17.1

1.17

1.16.9

1.16.8

1.16.7

1.16.6

1.16.5

1.16.4

1.16.3

1.16.2

1.16.1

1.16.0

1.15.2

1.15.1

1.15.0

1.14.4

1.14.3

1.14.2

1.14.1

1.14

1.13

1.12

1.11.3

1.11.2

1.11.1

1.11

1.10

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.3

1.8.2

1.8.1

1.8.0

1.7.1

1.7.0

1.6.10

1.6.9

1.6.8

1.6.7

1.6.6

1.6.5

1.6.4

1.6.3

1.6.2

1.6.1

1.6

1.5

1.4.5.2

1.4.5.1

1.4.5

1.4.4

1.4.3.1

1.4.3

1.4.2.1

1.4.2

1.4.1

1.4.0

1.3.0

1.2.0

1.1.1

1.1

0.15

0.14

0.13

0.12

0.11

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

intezer_sdk-1.21.5.tar.gz (43.6 kB view details)

Uploaded Source

Built Distribution

intezer_sdk-1.21.5-py3-none-any.whl (50.2 kB view details)

Uploaded Python 3

File details

Details for the file intezer_sdk-1.21.5.tar.gz.

File metadata

  • Download URL: intezer_sdk-1.21.5.tar.gz
  • Upload date:
  • Size: 43.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.9.20

File hashes

Hashes for intezer_sdk-1.21.5.tar.gz
Algorithm Hash digest
SHA256 14a024493b6862aa7238371b077e4a46f8dd0bb6b4be24f23dcd30d5be3ce65b
MD5 9d0c2b461001abd266bffdd57335e311
BLAKE2b-256 c99bed9a8bda976b9b01f5b63bbe019ebdccd55dcb16e29f8620decfe53a9f18

See more details on using hashes here.

File details

Details for the file intezer_sdk-1.21.5-py3-none-any.whl.

File metadata

File hashes

Hashes for intezer_sdk-1.21.5-py3-none-any.whl
Algorithm Hash digest
SHA256 e4ed450a46a27f2340bdba5f83afe4ba390106da7cc32fd23b1a1fe423d2656b
MD5 8eee121dc5c5a69422b88b9b918c8e41
BLAKE2b-256 5ead97472e4ce56cfd49a864a5354fd5df7918255af7b33794e5330a15b697dc

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page