Intezer Analyze SDK
Project description
Intezer SDK
Basic SDK for Intezer Analyze API 2.0
View full API documentation (Notice - You must be logged in to Intezer Analyze to access the documentation)
Currently, the following options are available in the SDK:
- Analyze by file
- Analyze by SHA256
- Analyze Url
- Index by file
- Index by SHA256
- Get Latest Analysis
- Account and file related samples
- Code reuse and Metadata
- IOCs, Dynamic TTPs and Capabilities
- Strings related samples
- Search a family
Installation
pip install intezer-sdk
Using Intezer SDK
Set global api key
Before using the SDK functionality we should set the api key:
api.set_global_api('<api_key>')
Analyze By File
analysis = FileAnalysis(file_path=<file_path>,
dynamic_unpacking=<force_dynamic_unpacking>, # optional
static_unpacking=<force_static_unpacking>) # optional
analysis.send(wait=True)
result = analysis.result()
Analyze By SHA256
analysis = FileAnalysis(file_hash=<file_sha256>)
analysis.send(wait=True)
result = analysis.result()
File Analysis result example
{
'analysis_id': '00000000-0000-0000-0000-000000000000',
'analysis_time': 'Sun, 04 Aug 2019 09:38:16 GMT',
'analysis_url': 'https://analyze.intezer.com/#/analyses/00000000-0000-0000-0000-000000000000',
'family_name': 'Ramnit',
'is_private': True,
'sha256': '4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356',
'sub_verdict': 'malicious',
'verdict': 'malicious'
}
Analyze Url
analysis = UrlAnalysis(url=<url>)
analysis.send(wait=True)
result = analysis.result()
Url Analysis result example
{
'analysis_id': '70d09f68-c7a3-43a3-a8de-07ec31fbf4ed',
'domain_info': {
'creation_date': '1997-08-13 04:00:00.000000',
'domain_name': 'foo.com',
'registrar': 'TUCOWS, INC.'
},
'indicators': [
{
'classification': 'informative',
'text': 'URL is accessible'
},
{
'classification': 'informative',
'text': 'Assigned IPv4 domain'
},
{
'classification': 'informative',
'text': 'Vaild IPv4 domain'
}
],
'ip': '34.206.39.153',
'redirect_chain': [
{
'response_status': 301,
'url': 'https://foo.com/'
},
{
'response_status': 200,
'url': 'http://www.foo.com/'
}
],
'scanned_url': 'http://www.foo.com/',
'submitted_url': 'foo.com',
'downloaded_file': {
'analysis_id': '8db9a401-a142-41be-9a31-8e5f3642db62',
'analysis_summary': {
'verdict_description': 'This file contains code from malicious software, therefore it's very likely that it's malicious.',
'verdict_name': 'malicious',
'verdict_title': 'Malicious',
'verdict_type': 'malicious'
},
'sha256': '4293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7'
},
'summary': {
'description': 'No suspicious activity was detected for this URL',
'title': 'No Threats',
'verdict_name': 'no_threats',
'verdict_type': 'no_threats'
}
}
Index By File
from intezer_sdk import consts
index = Index(file_path=<file_path>,
index_as=consts.IndexType.MALICIOUS,
family_name=<family_name>)
index.send(wait=True)
index_id = index.index_id
Index By SHA256
from intezer_sdk import consts
index = Index(sha256=<file_sha256>,
index_as=consts.IndexType.TRUSTED)
index.send(wait=True)
index_id = index.index_id
Get Latest File Analysis
analysis = get_latest_analysis(file_hash: <file_sha256>)
result = analysis.result()
Get Sub Analyses
Root File Analysis
root_analysis = analysis.get_root_analysis()
Sub Analyses
sub_analyses = analysis.get_sub_analyses()
Code Reuse and Metadata
root_analysis_code_reuse = root_analysis.code_reuse
root_analysis_metadata = root_analysis.metadata
for sub_analysis in sub_analyses:
sub_analyses_code_reuse = sub_analysis.code_reuse
sub_analyses_metadata = sub_analysis.metadata
Related Files by Family
root_analysis_code_reuse = root_analysis.code_reuse
for family in root_analysis_code_reuse['families']:
operation = root_analysis.find_related_files(family['family_id'], wait=True)
related_files = operation.get_result()
Account Related Samples
operation = root_analysis.get_account_related_samples()
related_samples = operation.get_result()
Vaccine
operation = root_analysis.generate_vaccine()
vaccine = operation.get_result()
Strings related samples
operation = root_analysis.get_string_related_samples('string_to_relate_to', wait=True)
string_related_samples = operation.get_result()
Wait with timeout
analysis = FileAnalysis(file_hash=<file_sha256>)
analysis.send(wait=True, wait_timeout=datetime.timedelta(minutes=1))
Code examples
You can find more code examples under analyze-python-sdk/examples/ directory
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
intezer_sdk-1.9.0.tar.gz
(19.8 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file intezer_sdk-1.9.0.tar.gz.
File metadata
- Download URL: intezer_sdk-1.9.0.tar.gz
- Upload date:
- Size: 19.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.9.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fdabf9c03cbb8dd370ebd0cb3eccca8f191e4d72f3d14c9c60363bf3cc926f84
|
|
| MD5 |
688246f80140db7cc95adc798ea921a3
|
|
| BLAKE2b-256 |
d00dec00df58fafbb32a8d56022f8fec7354a31ed586aaaa31c604601057b8f7
|
File details
Details for the file intezer_sdk-1.9.0-py3-none-any.whl.
File metadata
- Download URL: intezer_sdk-1.9.0-py3-none-any.whl
- Upload date:
- Size: 22.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.9.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a35fa05422abcb13ffadf08d8e38e56189562145b22dad46f374eafa4c8dba6b
|
|
| MD5 |
08cfe8e81f0b8acf13d403750ca06a70
|
|
| BLAKE2b-256 |
4cda40b1df6d8531a93f4d0adf1d66f2276188e42140443c25f28226205028d3
|
