Intezer Analyze SDK
Project description
Intezer SDK
Basic SDK for Intezer Analyze API 2.0
View full API documentation (Notice - You must be logged in to Intezer Analyze to access the documentation)
Currently, the following options are available in the SDK:
- Analyze by file
- Analyze by SHA256
- Index by file
- Index by SHA256
- Get Latest Analysis
- Account and file related samples
- Code reuse and Metadata
- IOCs, Dynamic TTPs and Capabilities
- Strings related samples
- Search a family
Installation
pip install intezer-sdk
Using Intezer SDK
Set global api key
Before using the SDK functionality we should set the api key:
api.set_global_api('<api_key>')
Analyze By File
analysis = Analysis(file_path=<file_path>,
dynamic_unpacking=<force_dynamic_unpacking>, # optional
static_unpacking=<force_static_unpacking>) # optional
analysis.send(wait=True)
result = analysis.result()
Analyze By SHA256
analysis = Analysis(file_hash=<file_sha256>)
analysis.send(wait=True)
result = analysis.result()
Analysis result example
{
'analysis_id': '00000000-0000-0000-0000-000000000000',
'analysis_time': 'Sun, 04 Aug 2019 09:38:16 GMT',
'analysis_url': 'https://analyze.intezer.com/#/analyses/00000000-0000-0000-0000-000000000000',
'family_name': 'Ramnit',
'is_private': True,
'sha256': '4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356',
'sub_verdict': 'malicious',
'verdict': 'malicious'
}
Index By File
from intezer_sdk import consts
index = Index(file_path=<file_path>,
index_as=consts.IndexType.MALICIOUS,
family_name=<family_name>)
index.send(wait=True)
index_id = index.index_id
Index By SHA256
from intezer_sdk import consts
index = Index(sha256=<file_sha256>,
index_as=consts.IndexType.TRUSTED)
index.send(wait=True)
index_id = index.index_id
Get Latest Analysis
analysis = get_latest_analysis(file_hash: <file_sha256>)
result = analysis.result()
Get Sub Analyses
Root Analysis
root_analysis = analysis.get_root_analysis()
Sub Analyses
sub_analyses = analysis.get_sub_analyses()
Code Reuse and Metadata
root_analysis_code_reuse = root_analysis.code_reuse
root_analysis_metadata = root_analysis.metadata
for sub_analysis in sub_analyses:
sub_analyses_code_reuse = sub_analysis.code_reuse
sub_analyses_metadata = sub_analysis.metadata
Related Files by Family
root_analysis_code_reuse = root_analysis.code_reuse
for family in root_analysis_code_reuse['families']:
operation = root_analysis.find_related_files(family['family_id'], wait=True)
related_files = operation.get_result()
Account Related Samples
operation = root_analysis.get_account_related_samples()
related_samples = operation.get_result()
Vaccine
operation = root_analysis.generate_vaccine()
vaccine = operation.get_result()
Strings related samples
operation = root_analysis.get_string_related_samples('string_to_relate_to', wait=True)
string_related_samples = operation.get_result()
Wait with timeout
analysis = Analysis(file_hash=<file_sha256>)
analysis.send(wait=True, wait_timeout=datetime.timedelta(minutes=1))
Code examples
You can find more code examples under analyze-python-sdk/examples/ directory
Changelog
1.6.4
- Feat: Added functionality
1.6.3
- Fix: analysis summary didn't handle no code reuse report
1.6.2
- Fix: analysis summary didn't look for genes in root analysis
1.6.1
- Fix: Handle no iocs correctly
1.6
- Feat: Add analysis summary utility function
- Fix: Handle no ttps correctly
1.5
- Feat: Add family search
- Feat: Support for zip password
- Feat: Add iocs and dynamic ttps to analysis
- Feat: Add capabilities to sub analysis
1.4.5
- Feat: Add a timeout option when waiting for operation completion
1.4.4
- Feat: Add Verify SSL toggle to Intezer api to ignore ssl verification
1.4.2
- Fix: Sub analyses should get the API Class like Analysis
- Doc: Add description to pypi
Breaking changes in 1.0
- In
Analysis
: Changedynamic_unpacking
andstatic_unpacking
todisable_dynamic_unpacking
anddisable_static_unpacking
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
Close
Hashes for intezer_sdk-1.6.9-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b20a273b1d9d4c80e37ee3a62bee95138a35822d859417e5103769db0ed35622 |
|
MD5 | 0abd8e2ff47481c4368721cc34a56fa4 |
|
BLAKE2b-256 | 8618ddb9828a83001e568fa83392267eb08b23a2e4e4a900404eedfc7188cf29 |