InQuest Integrations
InQuest Sandboxapi is minimal, consistent API for building integrations with malware sandboxes. Now, it has an integration with MetaDefender Sandbox (previously known as OPSWAT Filescan Sandbox) .
Usage
Here is an example of how to use it. In order for this sample code to work, it is necessary to paste the API-key in the place of INSERT-YOUR-APIKEY-HERE, as well as a bad_file.exe in the same directory. The default host address is the community site.
x
import sysimport timeimport pprintfrom sandboxapi import opswat# connect to the sandboxsandbox = opswat.MetaDefenderSandboxAPI("INSERT-YOUR-APIKEY-HERE")print("Does sandbox available?")print(sandbox.is_available())# verify connectivityif not sandbox.is_available(): print("sandbox is down, exiting") sys.exit(1)# submit a filewith open("bad_file.exe", "rb") as handle: file_id = sandbox.analyze(handle, "bad_file.exe") print("file {f} submitted for analysis, id {i}".format(f="bad_file.exe", i=file_id))# wait for the analysis to completewhile not sandbox.check(file_id): print("not done yet, sleeping 10 seconds...") time.sleep(10)# print the reportprint("analysis complete. fetching report...")report = sandbox.report(file_id)# pprint.pprint(report)for key, onereport in report.get("reports").items(): print( "Report verdict: {verdict}".format(verdict=onereport["finalVerdict"]["verdict"]) )print("Report Score: {score}".format(score=sandbox.score(report)))The output of the example code:
Does sandbox available?Truefile bad_file.exe submitted for analysis, id 668ff1c508c0fe0eb961b94cnot done yet, sleeping 10 seconds...not done yet, sleeping 10 seconds...not done yet, sleeping 10 seconds...not done yet, sleeping 10 seconds...not done yet, sleeping 10 seconds...analysis complete. fetching report...Report verdict: MALICIOUSReport Score: 100If you would like to use your own host address, modify the constructor:
sandbox = opswat.MetaDefenderSandboxAPI("INSERT-YOUR-APIKEY-HERE","INSERT-YOUR-HOST")To scanning a zip file, call analyze in this way:
file_id = sandbox.analyze(handle, "bad_file.exe", password="mypassword")If you would like to scan in a private way, use is_private option:
file_id = sandbox.analyze(handle, "bad_file.exe", is_private=True)Compatibility
| Tag | Sandbox 1.9.* | Sandbox 2.. |
|---|---|---|
| v1.1.0 - v1.7.1 |
Was this page helpful?
