Intezer Analyze SDK
Project description
Intezer SDK
Basic SDK for Intezer Analyze API 2.0
View full API documentation (Notice - You must be logged in to Intezer Analyze to access the documentation)
Currently the following options are available in the SDK:
- Analyze by file
- Analyze by SHA256
- Index by file
- Index by SHA256
- Get Latest Analysis
- Account and file related samples
- Code reuse and metadata
- Strings related samples
- Search a family
Installation
pip install intezer-sdk
Using Intezer SDK
Set global api key
Before using the SDK functionality we should set the api key:
api.set_global_api('<api_key>')
Analyze By File
analysis = Analysis(file_path=<file_path>,
dynamic_unpacking=<force_dynamic_unpacking>, # optional
static_unpacking=<force_static_unpacking>) # optional
analysis.send(wait=True)
result = analysis.result()
Analyze By SHA256
analysis = Analysis(file_hash=<file_sha256>)
analysis.send(wait=True)
result = analysis.result()
Analysis result example
{
'analysis_id': '00000000-0000-0000-0000-000000000000',
'analysis_time': 'Sun, 04 Aug 2019 09:38:16 GMT',
'analysis_url': 'https://analyze.intezer.com/#/analyses/00000000-0000-0000-0000-000000000000',
'family_name': 'Ramnit',
'is_private': True,
'sha256': '4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356',
'sub_verdict': 'malicious',
'verdict': 'malicious'
}
Index By File
from intezer_sdk import consts
index = Index(file_path=<file_path>,
index_as=consts.IndexType.MALICIOUS,
family_name=<family_name>)
index.send(wait=True)
index_id = index.index_id
Index By SHA256
from intezer_sdk import consts
index = Index(sha256=<file_sha256>,
index_as=consts.IndexType.TRUSTED)
index.send(wait=True)
index_id = index.index_id
Get Latest Analysis
analysis = get_latest_analysis(file_hash: <file_sha256>)
result = analysis.result()
Get Sub Analyses
Root Analysis
root_analysis = analysis.get_root_analysis()
Sub Analyses
sub_analyses = analysis.get_sub_analyses()
Code Reuse and Metadata
root_analysis_code_reuse = root_analysis.code_reuse
root_analysis_metadata = root_analysis.metadata
for sub_analysis in sub_analyses:
sub_analyses_code_reuse = sub_analysis.code_reuse
sub_analyses_metadata = sub_analysis.metadata
Related Files by Family
root_analysis_code_reuse = root_analysis.code_reuse
for family in root_analysis_code_reuse['families']:
operation = root_analysis.find_related_files(family['family_id'], wait=True)
related_files = operation.get_result()
Account Related Samples
operation = root_analysis.get_account_related_samples()
related_samples = operation.get_result()
Vaccine
operation = root_analysis.generate_vaccine()
vaccine = operation.get_result()
Strings related samples
operation = root_analysis.get_string_related_samples('string_to_relate_to', wait=True)
string_related_samples = operation.get_result()
Code examples
You can find more code examples under analyze-python-sdk/examples/ directory
Changelog
1.4.2
- Fix: Sub analyses should get the API Class like Analysis
- Doc: Add description to pypi
Breaking changes in 1.0
- In
Analysis: Changedynamic_unpackingandstatic_unpackingtodisable_dynamic_unpackinganddisable_static_unpacking
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
intezer_sdk-1.4.3.1.tar.gz
(10.3 kB
view details)
File details
Details for the file intezer_sdk-1.4.3.1.tar.gz.
File metadata
- Download URL: intezer_sdk-1.4.3.1.tar.gz
- Upload date:
- Size: 10.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.23.0 setuptools/41.0.1 requests-toolbelt/0.9.1 tqdm/4.43.0 CPython/3.6.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5b7ff3c79dd35a2fe8c5940ed4a76fdd5eb0e7c2c835c5d24135b87bd44371a9
|
|
| MD5 |
58c80ba6fe4f0cfc212448ae8f54ad22
|
|
| BLAKE2b-256 |
d0e99d8e5dc7f23e0610f343aa337ad51f36b7bfe9db4f242a822c02186fd3e5
|
