{ "produces": [ "application/json" ], "schemes": [ "http" ], "swagger": "2.0", "info": { "description": "Sky ATP Public API", "title": "Sky ATP Open API", "contact": { "name": "SkyATP support", "url": "https://api.sky.junipersecurity.net" }, "license": { "name": "Juniper Networks, Inc.", "url": "https://sky.junipersecurity.net" }, "version": "2.0" }, "host": "api.sky.junipersecurity.net", "basePath": "/v2/skyatp", "paths": { "/infected_hosts": { "get": { "description": "Returns all Infected hosts feed entries.", "tags": [ "infected_hosts_blwl" ], "operationId": "get_infected_hosts_feed", "security": [ { "Bearer": [] } ], "parameters": [ { "$ref": "#/parameters/auth_header" }, { "$ref": "#/parameters/forward_header" } ], "responses": { "200": { "description": "List of infected host entries", "schema": { "$ref": "#/definitions/InfectedHostsBlwlResult" } }, "400": { "description": "Request parameters are invalid", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Invalid/Expired API key", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Access denied for this API key", "schema": { "$ref": "#/definitions/Error" } }, "422": { "description": "Unprocessable Entity. Input is syntactically correct but semantically incorrect.", "schema": { "$ref": "#/definitions/Error" } }, "429": { "description": "Client has sent too many requests in a given amount of time, api quota exceeded.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server error", "schema": { "$ref": "#/definitions/Error" } }, "503": { "description": "Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting client.", "schema": { "$ref": "#/definitions/Error" } } } } }, "/infected_hosts/{list_type}": { "get": { "description": "Returns Infected hosts blacklist/whitelist IPs.", "tags": [ "infected_hosts_blwl" ], "operationId": "get_infected_hosts_blwl", "security": [ { "Bearer": [] } ], "parameters": [ { "$ref": "#/parameters/list_type_path" }, { "$ref": "#/parameters/auth_header" }, { "$ref": "#/parameters/forward_header" } ], "responses": { "200": { "description": "List of infected host entries", "schema": { "$ref": "#/definitions/InfectedHostsBlwlResult" } }, "400": { "description": "Request parameters are invalid", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Invalid/Expired API key", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Access denied for this API key", "schema": { "$ref": "#/definitions/Error" } }, "422": { "description": "Unprocessable Entity. Input is syntactically correct but semantically incorrect.", "schema": { "$ref": "#/definitions/Error" } }, "429": { "description": "Client has sent too many requests in a given amount of time, api quota exceeded.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server error", "schema": { "$ref": "#/definitions/Error" } }, "503": { "description": "Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting client.", "schema": { "$ref": "#/definitions/Error" } } } }, "delete": { "description": "Delete IP from a blacklist/whitelist for infected hosts", "consumes": [ "application/json" ], "tags": [ "infected_hosts_blwl" ], "operationId": "remove_infected_hosts_blwl", "security": [ { "Bearer": [] } ], "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/infected_hosts_blwl" } }, { "$ref": "#/parameters/list_type_path" }, { "$ref": "#/parameters/auth_header" }, { "$ref": "#/parameters/forward_header" } ], "responses": { "202": { "description": "The request has been accepted for processing.", "schema": { "type": "object", "properties": { "request_id": { "description": "Unique identifier of this request. Used for logs on the server side.", "type": "string", "pattern": "^[\\\\w\\\\-]{4,64}$" } } } }, "400": { "description": "Request parameters are invalid", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Invalid/Expired API key", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Access denied for this API key", "schema": { "$ref": "#/definitions/Error" } }, "422": { "description": "Unprocessable Entity. Input is syntactically correct but semantically incorrect.", "schema": { "$ref": "#/definitions/Error" } }, "429": { "description": "Client has sent too many requests in a given amount of time, api quota exceeded.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server error", "schema": { "$ref": "#/definitions/Error" } }, "503": { "description": "Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting client.", "schema": { "$ref": "#/definitions/Error" } } } }, "patch": { "description": "Updates an IP in a blacklist/whitelist for infected hosts", "consumes": [ "application/json" ], "tags": [ "infected_hosts_blwl" ], "operationId": "update_infected_hosts_blwl", "security": [ { "Bearer": [] } ], "parameters": [ { "name": "body", "in": "body", "required": true, "schema": { "$ref": "#/definitions/infected_hosts_blwl" } }, { "$ref": "#/parameters/list_type_path" }, { "$ref": "#/parameters/auth_header" }, { "$ref": "#/parameters/forward_header" } ], "responses": { "202": { "description": "The request has been accepted for processing.", "schema": { "type": "object", "properties": { "request_id": { "description": "Unique identifier of this request. Used for logs on the server side.", "type": "string", "pattern": "^[\\\\w\\\\-]{4,64}$" } } } }, "400": { "description": "Request parameters are invalid", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Invalid/Expired API key", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Access denied for this API key", "schema": { "$ref": "#/definitions/Error" } }, "422": { "description": "Unprocessable Entity. Input is syntactically correct but semantically incorrect.", "schema": { "$ref": "#/definitions/Error" } }, "429": { "description": "Client has sent too many requests in a given amount of time, api quota exceeded.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server error", "schema": { "$ref": "#/definitions/Error" } }, "503": { "description": "Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting client.", "schema": { "$ref": "#/definitions/Error" } } } } }, "/lookup/hash/{hash_string}": { "get": { "description": "Lookup sample malware score by hash (sha256). Optional full scanning report may be requested.\n", "tags": [ "HashLookup" ], "summary": "Lookup sample malware score by hash.", "operationId": "hashLookup", "security": [ { "Bearer": [] } ], "parameters": [ { "maxLength": 64, "minLength": 64, "type": "string", "description": "Sample hash. Only SHA256 is supported at this time.", "name": "hash_string", "in": "path", "required": true }, { "type": "boolean", "description": "Whether to return a full scanning report. This should be set to true if user wants to retrieve a detailed sample analysis report in JSON format.\n", "name": "full_report", "in": "query" }, { "$ref": "#/parameters/auth_header" }, { "$ref": "#/parameters/forward_header" } ], "responses": { "200": { "description": "Hash lookup succeeded. Returns a result JSON object.", "schema": { "$ref": "#/definitions/ScanResult" }, "examples": { "application/json": { "last_update": 0, "malware_info": { "ident": "MemScan:Trojan.Pws" }, "report": null, "scan_complete": false, "score": -1, "sha256": "516f3396086598142db5e242bc2c8f69f4f5058a637cd2f9bf5dcb4619869536" } } }, "401": { "description": "Invalid API key", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Sample not found.", "schema": { "$ref": "#/definitions/Error" } }, "422": { "description": "Missing or invalid parameters to HTTP call.", "schema": { "$ref": "#/definitions/Error" } }, "429": { "description": "Client has sent too many requests in a given amount of time. Submission quota exceeded.\n" }, "500": { "description": "Internal server error.", "schema": { "$ref": "#/definitions/Error" } }, "503": { "description": "Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting client.\n" } } } }, "/lookup/stix/{hash_string}": { "get": { "description": "Lookup generated stix data by hash (sha256).\n", "tags": [ "HashLookup" ], "summary": "Lookup generated stix data by hash.", "operationId": "stixLookup", "security": [ { "Bearer": [] } ], "parameters": [ { "maxLength": 64, "minLength": 64, "type": "string", "description": "Sample hash. Only SHA256 is supported at this time.", "name": "hash_string", "in": "path", "required": true }, { "$ref": "#/parameters/auth_header" }, { "$ref": "#/parameters/forward_header" } ], "responses": { "200": { "description": "Hash lookup succeeded. Returns a result STIX XML object.", "schema": { "$ref": "#/definitions/StixResult" }, "examples": { "application/json": { "data": "\u003cxml\u003e Some Content \u003c/xml\u003e" } } }, "401": { "description": "Invalid API key", "schema": { "$ref": "#/definitions/Error" } }, "404": { "description": "Sample not found.", "schema": { "$ref": "#/definitions/Error" } }, "422": { "description": "Missing or invalid parameters to HTTP call.", "schema": { "$ref": "#/definitions/Error" } }, "429": { "description": "Client has sent too many requests in a given amount of time. Submission quota exceeded.\n" }, "500": { "description": "Internal server error.", "schema": { "$ref": "#/definitions/Error" } }, "503": { "description": "Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting client.\n" } } } }, "/ping": { "get": { "summary": "Ping the API to determine if it is alive.", "operationId": "ping", "responses": { "200": { "description": "Ping succeeded." } } } }, "/submit/sample": { "post": { "description": "Submit sample for malware analysis. To call this method, the user must provide a `file` parameter containing file content to be uploaded. The user also may provide additional information related to the sample such as client/remote IP, sample URL, client host name, name of the user who downloaded the sample, etc. If the submitted sample is determined to be malicious, Sky ATP may use this additional information to track the client within the internal network and notify the user that the host is infected.\n", "consumes": [ "multipart/form-data" ], "produces": [ "application/json" ], "tags": [ "SubmitSample" ], "summary": "Submit sample for malware analysis.", "operationId": "submitSample", "security": [ { "Bearer": [] } ], "parameters": [ { "type": "file", "description": "Sample file to submit.", "name": "file", "in": "formData", "required": true }, { "type": "boolean", "description": "Whether to return a full scanning report. This should be set to true if user wants to retrieve a detailed sample analysis report in JSON format.\n", "name": "full_report", "in": "query" }, { "pattern": "^(https?|ftp)://[^\\s/$.?#].[^\\s]*$", "type": "string", "description": "URL where the sample was downloaded from.", "name": "sample_url", "in": "formData" }, { "pattern": "^([0-9a-fA-F:.]){2,39}$", "type": "string", "description": "IP address where the sample was downloaded from.", "name": "remote_ip", "in": "formData" }, { "pattern": "^([0-9a-fA-F:.]){2,39}$", "type": "string", "description": "IP address of the client that downloaded this sample.", "name": "client_ip", "in": "formData" }, { "pattern": "^[0-9A-Za-z_](?:(?:[0-9A-Za-z_]|-){0,61}[0-9A-Za-z_])?(?:\\.[0-9A-Za-z_](?:(?:[0-9A-Za-z_]|-){0,61}[0-9A-Za-z_])?)*\\.?$", "type": "string", "description": "Hostname of the client that downloaded this sample.", "name": "client_hostname", "in": "formData" }, { "pattern": "^[ \\w.\\-_]+$", "type": "string", "description": "Username of the client that downloaded this sample.", "name": "username", "in": "formData" }, { "$ref": "#/parameters/auth_header" }, { "$ref": "#/parameters/forward_header" } ], "responses": { "200": { "description": "File submission succeeded. Returns a submission JSON object.", "schema": { "$ref": "#/definitions/ScanResult" }, "examples": { "application/json": { "last_update": 1.464891625e+09, "malware_info": { "ident": "MemScan:Trojan.Pws" }, "scan_complete": true, "score": 10, "sha256": "516f3396086598142db5e242bc2c8f69f4f5058a637cd2f9bf5dcb4619869536" } } }, "401": { "description": "Invalid API key.", "schema": { "$ref": "#/definitions/Error" } }, "413": { "description": "Sample file size over max limit.", "schema": { "$ref": "#/definitions/Error" } }, "422": { "description": "Missing or invalid parameters to HTTP call.", "schema": { "$ref": "#/definitions/Error" } }, "429": { "description": "Client has sent too many requests in a given amount of time. Submission quota exceeded.\n", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server error.", "schema": { "$ref": "#/definitions/Error" } }, "503": { "description": "Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting client.\n", "schema": { "$ref": "#/definitions/Error" } } } } }, "/{list_type}/file/{server_type}": { "get": { "description": "Returns the blacklist/whitelist for the specific server type.", "tags": [ "blwlN" ], "operationId": "get_blwl_file", "security": [ { "Bearer": [] } ], "parameters": [ { "$ref": "#/parameters/list_type_path" }, { "$ref": "#/parameters/server_type_path" }, { "$ref": "#/parameters/auth_header" }, { "$ref": "#/parameters/forward_header" } ], "responses": { "200": { "description": "Get the blacklist/whitelist.", "schema": { "$ref": "#/definitions/BlwlResult" } }, "400": { "description": "Request parameters are invalid", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Invalid/Expired API key", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Access denied for this API key", "schema": { "$ref": "#/definitions/Error" } }, "422": { "description": "Unprocessable Entity. Input is syntactically correct but semantically incorrect.", "schema": { "$ref": "#/definitions/Error" } }, "429": { "description": "Client has sent too many requests in a given amount of time, api quota exceeded.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server error", "schema": { "$ref": "#/definitions/Error" } }, "503": { "description": "Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting client.", "schema": { "$ref": "#/definitions/Error" } } } }, "delete": { "description": "Delete given server in the list or the entire list if one of the entries in the file is * or all.", "consumes": [ "multipart/form-data" ], "tags": [ "blwlN" ], "operationId": "del_blwl_file", "security": [ { "Bearer": [] } ], "parameters": [ { "$ref": "#/parameters/list_type_path" }, { "$ref": "#/parameters/server_type_path" }, { "$ref": "#/parameters/file_form" }, { "$ref": "#/parameters/failOnError_form" }, { "$ref": "#/parameters/auth_header" }, { "$ref": "#/parameters/forward_header" } ], "responses": { "202": { "description": "The request has been accepted for processing.", "schema": { "type": "object", "properties": { "request_id": { "description": "Unique identifier of this request. Used for logs on the server side.", "type": "string", "pattern": "^[\\\\w\\\\-]{4,64}$" } } } }, "400": { "description": "Request parameters are invalid", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Invalid/Expired API key", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Access denied for this API key", "schema": { "$ref": "#/definitions/Error" } }, "413": { "description": "Input file size over max limit.", "schema": { "$ref": "#/definitions/Error" } }, "422": { "description": "Unprocessable Entity. Input is syntactically correct but semantically incorrect.", "schema": { "$ref": "#/definitions/Error" } }, "429": { "description": "Client has sent too many requests in a given amount of time, api quota exceeded.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server error", "schema": { "$ref": "#/definitions/Error" } }, "503": { "description": "Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting client.", "schema": { "$ref": "#/definitions/Error" } } } }, "patch": { "description": "Updates a list of IP/URL/FQDN from a file in a specific list.", "consumes": [ "multipart/form-data" ], "tags": [ "blwlN" ], "operationId": "patch_blwl_file", "security": [ { "Bearer": [] } ], "parameters": [ { "$ref": "#/parameters/list_type_path" }, { "$ref": "#/parameters/server_type_path" }, { "$ref": "#/parameters/file_form" }, { "$ref": "#/parameters/failOnError_form" }, { "$ref": "#/parameters/auth_header" }, { "$ref": "#/parameters/forward_header" } ], "responses": { "202": { "description": "The request has been accepted for processing.", "schema": { "type": "object", "properties": { "request_id": { "description": "Unique identifier of this request. Used for logs on the server side.", "type": "string", "pattern": "^[\\\\w\\\\-]{4,64}$" } } } }, "400": { "description": "Request parameters are invalid", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Invalid/Expired API key", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Access denied for this API key", "schema": { "$ref": "#/definitions/Error" } }, "413": { "description": "Input file size over max limit.", "schema": { "$ref": "#/definitions/Error" } }, "422": { "description": "Unprocessable Entity. Input is syntactically correct but semantically incorrect.", "schema": { "$ref": "#/definitions/Error" } }, "429": { "description": "Client has sent too many requests in a given amount of time, api quota exceeded.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server error", "schema": { "$ref": "#/definitions/Error" } }, "503": { "description": "Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting client.", "schema": { "$ref": "#/definitions/Error" } } } } }, "/{list_type}/param/{server_type}": { "get": { "description": "Returns the blacklist/whitelist for the specific server type.", "tags": [ "blwlOne" ], "operationId": "get_blwl_param", "security": [ { "Bearer": [] } ], "parameters": [ { "$ref": "#/parameters/list_type_path" }, { "$ref": "#/parameters/server_type_path" }, { "$ref": "#/parameters/auth_header" }, { "$ref": "#/parameters/forward_header" } ], "responses": { "200": { "description": "Get the blacklist/whitelist.", "schema": { "$ref": "#/definitions/BlwlResult" } }, "400": { "description": "Request parameters are invalid", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Invalid/Expired API key", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Access denied for this API key", "schema": { "$ref": "#/definitions/Error" } }, "422": { "description": "Unprocessable Entity. Input is syntactically correct but semantically incorrect.", "schema": { "$ref": "#/definitions/Error" } }, "429": { "description": "Client has sent too many requests in a given amount of time, api quota exceeded.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server error", "schema": { "$ref": "#/definitions/Error" } }, "503": { "description": "Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting client.", "schema": { "$ref": "#/definitions/Error" } } } }, "delete": { "description": "Delete given server in the feed or the entire feed. Pass server name as * or all, to delete the entire list.", "consumes": [ "multipart/form-data" ], "tags": [ "blwlOne" ], "operationId": "del_blwl_param", "security": [ { "Bearer": [] } ], "parameters": [ { "$ref": "#/parameters/list_type_path" }, { "$ref": "#/parameters/server_type_path" }, { "$ref": "#/parameters/server_form" }, { "$ref": "#/parameters/auth_header" }, { "$ref": "#/parameters/forward_header" } ], "responses": { "202": { "description": "The request has been accepted for processing.", "schema": { "type": "object", "properties": { "request_id": { "description": "Unique identifier of this request. Used for logs on the server side.", "type": "string", "pattern": "^[\\\\w\\\\-]{4,64}$" } } } }, "400": { "description": "Request parameters are invalid", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Invalid/Expired API key", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Access denied for this API key", "schema": { "$ref": "#/definitions/Error" } }, "422": { "description": "Unprocessable Entity. Input is syntactically correct but semantically incorrect.", "schema": { "$ref": "#/definitions/Error" } }, "429": { "description": "Client has sent too many requests in a given amount of time, api quota exceeded.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server error", "schema": { "$ref": "#/definitions/Error" } }, "503": { "description": "Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting client.", "schema": { "$ref": "#/definitions/Error" } } } }, "patch": { "description": "Updates an IP/URL/FQDN in a blacklist/whitelist", "consumes": [ "multipart/form-data" ], "tags": [ "blwlOne" ], "operationId": "patch_blwl_param", "security": [ { "Bearer": [] } ], "parameters": [ { "$ref": "#/parameters/list_type_path" }, { "$ref": "#/parameters/server_type_path" }, { "$ref": "#/parameters/server_form" }, { "$ref": "#/parameters/auth_header" }, { "$ref": "#/parameters/forward_header" } ], "responses": { "202": { "description": "The request has been accepted for processing.", "schema": { "type": "object", "properties": { "request_id": { "description": "Unique identifier of this request. Used for logs on the server side.", "type": "string", "pattern": "^[\\\\w\\\\-]{4,64}$" } } } }, "400": { "description": "Request parameters are invalid", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Invalid/Expired API key", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Access denied for this API key", "schema": { "$ref": "#/definitions/Error" } }, "422": { "description": "Unprocessable Entity. Input is syntactically correct but semantically incorrect.", "schema": { "$ref": "#/definitions/Error" } }, "429": { "description": "Client has sent too many requests in a given amount of time, api quota exceeded.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server error", "schema": { "$ref": "#/definitions/Error" } }, "503": { "description": "Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting client.", "schema": { "$ref": "#/definitions/Error" } } } } } }, "definitions": { "AuthenticatedUser": { "description": "Internal structure describing an authorized OpenAPI user.", "type": "object", "properties": { "TenantID": { "description": "Sky ATP Tenant ID.", "type": "string" }, "TokenID": { "description": "Sky ATP OpenAPI tokenID.", "type": "string" } } }, "BlwlResult": { "description": "Describes the result of a whitelist/blacklist result.", "type": "object", "properties": { "data": { "description": "Response from Customer Portal.", "type": "object", "properties": { "count": { "description": "count of the servers being returned.", "type": "integer" }, "servers": { "type": "array", "items": { "description": "Server as a string", "type": "string" } } } }, "request_id": { "description": "Unique identifier of this request. Used for logs on the server side.", "type": "string", "pattern": "^[\\\\w\\\\-]{4,64}$" } } }, "CustomerPortalError": { "description": "Internal structure describing an error returned by Sky ATP Portal", "type": "object", "properties": { "Error": { "description": "Short Error Description", "type": "string" }, "ErrorCode": { "description": "HTTP Response code", "type": "integer" }, "ErrorDesc": { "description": "Detailed Error Description", "type": "string" }, "Success": { "description": "Boolean whether request succeeded", "type": "boolean" } } }, "DetailedScanReport": { "description": "Detailed sample scanning report.", "type": "object", "properties": { "behaviors": { "description": "List of malicious behavior types.", "type": "array", "items": { "$ref": "#/definitions/MaliciousBehavior" } } } }, "Error": { "type": "object", "properties": { "details": { "description": "Long error description. Must not be used for error handling purposes.", "type": "string" }, "err_id": { "description": "Text representation of error code.", "type": "string" }, "message": { "description": "Short error description.", "type": "string" } } }, "InfectedHostsBlwlResult": { "description": "Describes the result of a Infected hosts whitelist/blacklist result.", "type": "object", "properties": { "data": { "description": "Response from Customer Portal.", "type": "object", "properties": { "count": { "description": "count of the servers being returned.", "type": "integer" }, "ip": { "type": "object" } } }, "request_id": { "description": "Unique identifier of this request. Used for logs on the server side.", "type": "string", "pattern": "^[\\\\w\\\\-]{4,64}$" } } }, "MaliciousBehavior": { "description": "Describes a particular behavior noticed during scanning.", "type": "object", "properties": { "behavior": { "description": "List of malicious behavior types.", "type": "string" } } }, "MalwareInfo": { "description": "Classification of the malware sample.", "type": "object", "properties": { "cmplr": { "description": "Compiler used.", "type": "string", "maxLength": 256 }, "family": { "description": "Malware family.", "type": "string", "maxLength": 256 }, "group": { "description": "Group this malware sample belongs to.", "type": "string", "maxLength": 256 }, "ident": { "description": "Malware identity.", "type": "string", "maxLength": 256 }, "lang": { "description": "Malware locale.", "type": "string", "maxLength": 256 }, "mw_type": { "description": "Malware type.", "type": "string", "maxLength": 256 }, "platform": { "description": "Platform this sample is built for.", "type": "string", "maxLength": 256 } } }, "ScanResult": { "type": "object", "required": [ "score", "scan_complete" ], "properties": { "category": { "description": "File category.", "type": "string" }, "last_update": { "description": "Timestamp of last successful update in sample processing pipeline.", "type": "integer", "format": "int64" }, "malware_info": { "$ref": "#/definitions/MalwareInfo" }, "scan_complete": { "description": "Whether sample processing is complete or not.", "type": "boolean" }, "scan_report": { "$ref": "#/definitions/DetailedScanReport" }, "score": { "description": "Sample malware score in [0..10] range. If the sample processing has not completed, -1 will be returned.\n", "type": "integer", "format": "int64" }, "sha256": { "description": "Sample sha256.", "type": "string", "maxLength": 64, "minLength": 64 }, "size": { "description": "Sample file size.", "type": "integer", "format": "int64" }, "threat_level": { "description": "Textual representation of the score.", "type": "string", "enum": [ "high", "medium", "low", "clean" ] } } }, "StixResult": { "type": "object", "required": [ "data" ], "properties": { "data": { "description": "Stix XML data generated for file.", "type": "string", "minLength": 3 } } }, "infected_hosts_blwl": { "description": "Infected hosts black list/white list data", "type": "object", "required": [ "ip" ], "properties": { "ip": { "type": "array", "items": { "description": "Ip address as a string", "type": "string" } } } } }, "parameters": { "auth_header": { "type": "string", "description": "Bearer token of the form, Bearer token, token is application token generated from Customer Portal.", "name": "Authorization", "in": "header", "required": true }, "failOnError_form": { "type": "boolean", "default": true, "description": "Whether to partially process the file in case of parsing errors.", "name": "failOnError", "in": "formData" }, "file_form": { "type": "file", "description": "csv file, with a single column for server.", "name": "file", "in": "formData", "required": true }, "forward_header": { "type": "string", "description": "This is a header that provides tracking information for API usage.", "name": "X-Forwarded-For", "in": "header" }, "list_type_path": { "maxLength": 9, "minLength": 9, "enum": [ "whitelist", "blacklist" ], "type": "string", "description": "Type of list, blacklist or whitelist.", "name": "list_type", "in": "path", "required": true }, "server_form": { "maxLength": 128, "minLength": 1, "type": "string", "description": "IP/URL/FQDN depending on the server_type. IPv4 and IPv6 supported.", "name": "server", "in": "formData", "required": true }, "server_type_path": { "maxLength": 6, "minLength": 2, "enum": [ "ip", "url", "domain" ], "type": "string", "description": "Server type of the list. Could be one of ip, url or domain.", "name": "server_type", "in": "path", "required": true } }, "responses": { "400": { "description": "Request parameters are invalid", "schema": { "$ref": "#/definitions/Error" } }, "401": { "description": "Invalid/Expired API key", "schema": { "$ref": "#/definitions/Error" } }, "403": { "description": "Access denied for this API key", "schema": { "$ref": "#/definitions/Error" } }, "422": { "description": "Unprocessable Entity. Input is syntactically correct but semantically incorrect.", "schema": { "$ref": "#/definitions/Error" } }, "429": { "description": "Client has sent too many requests in a given amount of time, api quota exceeded.", "schema": { "$ref": "#/definitions/Error" } }, "500": { "description": "Internal server error", "schema": { "$ref": "#/definitions/Error" } }, "503": { "description": "Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting client.", "schema": { "$ref": "#/definitions/Error" } } }, "securityDefinitions": { "Bearer": { "type": "apiKey", "name": "Authorization", "in": "header" } } }