Intezer Analyze SDK

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for AvihayST from gravatar.com AvihayST Avatar for Intezer from gravatar.com Intezer

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Intezer Labs ltd.
  • Tags intezer
  • Requires: Python !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*, !=3.6.*, !=3.7.*
Classifiers

Project description

PyPI Build

Intezer SDK

The SDK wraps Intezer Analyze API 2.0 (View full API documentation)

Currently, the following options are available in the SDK:

  • Analyze by file
  • Analyze by SHA256
  • Analyze Url
  • Index by file
  • Index by SHA256
  • Get Latest Analysis
  • Account and file related samples
  • Code reuse and Metadata
  • IOCs, Dynamic TTPs and Capabilities
  • Strings related samples
  • Search a family
  • Ingest an alert from any source
  • Ingest a raw email alert (.msg or .eml file)

Installation

pip install intezer-sdk

Using Intezer SDK

Set global api key

Before using the SDK functionality we should set the api key:

    api.set_global_api('<api_key>')

Analyze By File

analysis = FileAnalysis(file_path=<file_path>,
                    dynamic_unpacking=<force_dynamic_unpacking>, # optional
                    static_unpacking=<force_static_unpacking>)   # optional
analysis.send(wait=True) 
result = analysis.result()

Analyze By SHA256

analysis = FileAnalysis(file_hash=<file_sha256>)
analysis.send(wait=True)
result = analysis.result()

File Analysis result example

{
  'analysis_id': '00000000-0000-0000-0000-000000000000', 
  'analysis_time': 'Sun, 04 Aug 2019 09:38:16 GMT', 
  'analysis_url': 'https://analyze.intezer.com/#/analyses/00000000-0000-0000-0000-000000000000', 
  'family_name': 'Ramnit', 
  'is_private': True, 
  'sha256': '4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356', 
  'sub_verdict': 'malicious', 
  'verdict': 'malicious'
}

Analyze Url

analysis = UrlAnalysis(url=<url>)
analysis.send(wait=True)
result = analysis.result()

Url Analysis result example

{
    'analysis_id': '70d09f68-c7a3-43a3-a8de-07ec31fbf4ed',
    'domain_info': {
        'creation_date': '1997-08-13 04:00:00.000000',
        'domain_name': 'foo.com',
        'registrar': 'TUCOWS, INC.'
    },
    'indicators': [
    {
        'classification': 'informative',
        'text': 'URL is accessible'
    },
    {
        'classification': 'informative',
        'text': 'Assigned IPv4 domain'
    },
    {
        'classification': 'informative',
        'text': 'Vaild IPv4 domain'
    }
    ],
    'ip': '34.206.39.153',
    'redirect_chain': [
    {
        'response_status': 301,
        'url': 'https://foo.com/'
    },
    {
        'response_status': 200,
        'url': 'http://www.foo.com/'
    }
    ],
    'scanned_url': 'http://www.foo.com/',
    'submitted_url': 'foo.com',
    'downloaded_file': {
        'analysis_id': '8db9a401-a142-41be-9a31-8e5f3642db62',
        'analysis_summary': {
           'verdict_description': 'This file contains code from malicious software, therefore it's very likely that it's malicious.',
           'verdict_name': 'malicious',
           'verdict_title': 'Malicious',
           'verdict_type': 'malicious'
        },
        'sha256': '4293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7'
     },
    'summary': {
        'description': 'No suspicious activity was detected for this URL',
        'title': 'No Threats',
        'verdict_name': 'no_threats',
        'verdict_type': 'no_threats'
    }
}

Index By File

from intezer_sdk import consts

index = Index(file_path=<file_path>, 
              index_as=consts.IndexType.MALICIOUS, 
              family_name=<family_name>)
index.send(wait=True)
index_id = index.index_id

Index By SHA256

from intezer_sdk import consts

index = Index(sha256=<file_sha256>, 
              index_as=consts.IndexType.TRUSTED)
index.send(wait=True)
index_id = index.index_id

Get Latest File Analysis

analysis = FileAnalysis.from_latest_hash_analysis(file_hash: <file_sha256>)
result = analysis.result()

Get Sub Analyses

Root File Analysis

root_analysis = analysis.get_root_analysis()

Sub Analyses

sub_analyses = analysis.get_sub_analyses()

Code Reuse and Metadata

root_analysis_code_reuse = root_analysis.code_reuse
root_analysis_metadata = root_analysis.metadata

for sub_analysis in sub_analyses:
    sub_analyses_code_reuse = sub_analysis.code_reuse
    sub_analyses_metadata = sub_analysis.metadata

Related Files by Family

root_analysis_code_reuse = root_analysis.code_reuse

for family in root_analysis_code_reuse['families']:
    operation = root_analysis.find_related_files(family['family_id'], wait=True)
    related_files = operation.get_result()

Account Related Samples

operation = root_analysis.get_account_related_samples()
related_samples = operation.get_result()

Vaccine

operation = root_analysis.generate_vaccine()
vaccine = operation.get_result()

Strings related samples

operation = root_analysis.get_string_related_samples('string_to_relate_to', wait=True)
string_related_samples = operation.get_result()

Wait with timeout

analysis = FileAnalysis(file_hash=<file_sha256>)
analysis.send(wait=True, wait_timeout=datetime.timedelta(minutes=1))

Analyses History

  • File
history_results = query_file_analyses_history(
    start_date = <datetime>,
    end_date= <datetime>,
    api = <IntezerApi>
    aggregated_view: <bool>,
    sources=<source>
    verdicts=<verdicts>,
    file_hash=<file_hash>,
    family_names=<family_names>,
    file_name=<file_name>
)
for analyse in history_results:
    print(analyse)
  • URL
history_results = query_url_analyses_history(
    start_date = <datetime>,
    end_date=<datetime>,
    aggregated_view=<bool>,
    sources=<sources>,
    verdicts=<verdicts>,
)
for analyse in history_results:
    print(analyse)
  • End Point
history_results = query_endpoint_analyses_history(
    start_date = <datetime>,
    end_date=<datetime>,
    aggregated_view=<bool>,
    sources=<sources>,
    verdicts=<verdicts>,
    sub_verdicts=<verdicts>,
    did_download_file=<bool>,
    submitted_url=<submitted_url>
)
for analyse in history_results:
    print(analyse)

Alerts

Get alert by id

alert = Alert.from_id(alert_id=alert_id,
                      fetch_scans=False,
                      wait=False)

Alerts History

history_results = query_file_analyses_history(
    api = <IntezerApi>,
    **filters
)
for analyse in history_results:
    print(analyse)

Code examples

You can find more code examples under analyze-python-sdk/examples/ directory

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for AvihayST from gravatar.com AvihayST Avatar for Intezer from gravatar.com Intezer

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Intezer Labs ltd.
  • Tags intezer
  • Requires: Python !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*, !=3.6.*, !=3.7.*
Classifiers

Release history Release notifications | RSS feed

This version

1.21.6

1.21.5

1.21.4

1.21.3

1.21.2

1.21

1.20

1.19.18

1.19.17

1.19.16

1.19.15

1.19.14

1.19.13

1.19.12

1.19.11

1.19.10

1.19.9

1.19.8

1.19.7

1.19.6

1.19.5

1.19.4

1.19.3

1.19.2

1.19.1

1.19

1.18.9

1.18.8

1.18.7

1.18.6

1.18.5

1.18.4

1.18.3

1.18.2

1.18.1

1.18

1.17.4

1.17.3

1.17.2

1.17.1

1.17

1.16.9

1.16.8

1.16.7

1.16.6

1.16.5

1.16.4

1.16.3

1.16.2

1.16.1

1.16.0

1.15.2

1.15.1

1.15.0

1.14.4

1.14.3

1.14.2

1.14.1

1.14

1.13

1.12

1.11.3

1.11.2

1.11.1

1.11

1.10

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.3

1.8.2

1.8.1

1.8.0

1.7.1

1.7.0

1.6.10

1.6.9

1.6.8

1.6.7

1.6.6

1.6.5

1.6.4

1.6.3

1.6.2

1.6.1

1.6

1.5

1.4.5.2

1.4.5.1

1.4.5

1.4.4

1.4.3.1

1.4.3

1.4.2.1

1.4.2

1.4.1

1.4.0

1.3.0

1.2.0

1.1.1

1.1

0.15

0.14

0.13

0.12

0.11

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

intezer_sdk-1.21.6.tar.gz (43.6 kB view details)

Uploaded Source

Built Distribution

intezer_sdk-1.21.6-py3-none-any.whl (50.2 kB view details)

Uploaded Python 3

File details

Details for the file intezer_sdk-1.21.6.tar.gz.

File metadata

  • Download URL: intezer_sdk-1.21.6.tar.gz
  • Upload date:
  • Size: 43.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.9.20

File hashes

Hashes for intezer_sdk-1.21.6.tar.gz
Algorithm Hash digest
SHA256 cca09d15d1f748b14cb0f5ec76abab7a275da0eaf3fffdbdb19bf5b8a4b934b6
MD5 307edd33f04e00ca0e5544c408acb264
BLAKE2b-256 1c3b81dacf422eca70371e949c5ef4ae94d634dc073a86f1fb8d8686fd936ed6

See more details on using hashes here.

File details

Details for the file intezer_sdk-1.21.6-py3-none-any.whl.

File metadata

File hashes

Hashes for intezer_sdk-1.21.6-py3-none-any.whl
Algorithm Hash digest
SHA256 d336303192e8389b4ee7e3f0b34967d798d742a7dcd9f7fc5141fdd164294584
MD5 9bb6dae910b7592f34076e6b658eae9b
BLAKE2b-256 63ead1955fc39977dddfc58f3b79bb685c8da4b4a0e510de13255b1f81485b32

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page