{"openapi":"3.0.0","info":{"title":"Falcon Sandbox Public API","description":"Falcon Sandbox has a powerful and simple API that can be used to submit files\/URLs for analysis, pull report data, but also perform advanced search queries. The API is open and free to the entire IT-security community. Here, you can not only find comprehensive documentation of all endpoints and their inner workings, but also use an API key to try out all the endpoints. If you have any questions, please use our [contact form](https:\/\/go.crowdstrike.com\/HybridAnalysisRequest.html).\n\n#### API Connectors\nGet the official **Python** connector: [github](https:\/\/github.com\/PayloadSecurity\/VxAPI).\nGet the community contributed **Ruby** connector: [github](https:\/\/github.com\/picatz\/falconz).\n\n#### I am still using the legacy API v1. Will you still support it and where can I find the documentation?\nLegacy API v1 has been removed as of August 2021. Currently the only one available version is the second one.\n\n#### How do I obtain an API key?\nPlease visit your [profile page](\/my-account?tab=%23api-key-tab) at the top right menu and navigate to the API key tab. Then press the 'Create API key' button as following:\n![Generate API key](\/images\/generate_apikey.png \"Generate API key\")\n\n#### What kind of authorization levels exist?\nEvery API key comes with an authorization level: *restricted*, *default*, *elevated* and *super*. Based on your privilege, a variety of endpoints will become accessible. By default, all free non-vetted accounts can issue restricted keys to search the database. These can then be upgraded to full default keys allowing access to data downloads (e.g. malware samples).\n\n#### How do I authenticate on the HTTP requests?\nThe new API v2 only supports one way of authentication. Please send a request header as following: `api-key: [generated key]`. Additionally, in order to bypass internal User-Agent blacklist checks, it is recommended to provide a typical User-Agent string or the product name 'Falcon'.\n\n#### Do you have an easy-to-use Python library\/tool to interact with the API?\nYes, we have an excellent open source wrapper library [VxAPI](https:\/\/www.github.com\/payloadsecurity\/VxAPI) that covers all major API endpoints available here. We recommend using the '-v' flag to see the full HTTP communication on the endpoint that you are interested in. Furthermore, we also recommend checking out some of our KB articles touching the API, such as [Searching the Database Using API](https:\/\/hybrid-analysis.com\/knowledge-base\/searching-the-database-using-api).\n\n#### What is the quota of my API key?\nThe quota of your API key will be displayed either in the 'Quota' row of the 'API key' tab or - preferably - obtain the exact details in the response header.\n\n## Changelog\nFull changelog is available [here](\/docs\/api\/v2-changelog)\n\n\n### v2.30.0\n- introduced limit of IPs(2) from which single API Key can use API within one hour\n\n### v2.29.0\n- introduced 24 hours Time To Live for Quick Scan results. After that time, they will not be accessible anymore\n\n### v2.28.0\n- option `no_hash_lookup` now is set always to `false` and it's usage will be ignored\n- option `no_share_third_party` now is set always to `true` and it's usage will be ignored\n- option `allow_community_access` now is set always to `true` but if `false` will be used, endpoint will return validation error\n- options `no_hash_lookup`, `no_share_third_party` and `allow_community_access` were removed from submission endpoints in `Sandbox Submission`, `Quick Scan` and `File Collection` sections\n\n### v2.27.0\n- switched to OpenAPI v3, now `nullable` field should be shown correctly\n\n### v2.26.2\n- added `before_ai` Quick Scan results to `scanners_v2` map that resides at `FileCollectionQuickScan`, `UrlQuickScan`, `QuickScan`, `Overview` response classes\n\n### v2.26.1\n- added `modules` field in `Process` response class\n\n### v2.26.0\n- added `is_certificates_valid` and `certificates_validation_message` fields in `SampleSummary` response class\n\n### v2.25.0\n- added `\/report\/{id}\/memory-dumps-list` endpoint that returns list of all memory dumps generated at particular report\n\n### v2.24.0\n- added `\/abuse-reports\/feed` endpoint that returns all of hashes of samples that were qualified for removal due to abuse or were containing private data\n\n### v2.23.0\n- added `crowdstrike_ai` field to `SampleSummary` response class\n- added `\/report\/{id}\/memory-dump\/extracted-strings` and `\/report\/{id}\/memory-dump\/hex-dump` endpoints that returns memory dump content\n","version":"2.30.0"},"servers":[{"url":"https:\/\/www.hybrid-analysis.com\/api\/v2","description":null}],"paths":{"\/feed\/latest":{"get":{"tags":["Feed"],"description":"access a JSON feed (summary information) of last 250 reports from 24h","operationId":"c1eed959af43228c83ebf43554f3c541","responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/DailyFeed"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/file-collection\/{id}\/files\/{hash}":{"delete":{"tags":["File Collection"],"description":"remove file within collection without hard removal from system","operationId":"bf9a7c6eb7f2e2c30878959d57a677eb","parameters":[{"name":"id","in":"path","description":"File collection id","required":true,"schema":{"type":"string"}},{"name":"hash","in":"path","description":"SHA256 of file to remove","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"no content return","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/file-collection\/{id}":{"get":{"tags":["File Collection"],"description":"return a summary of file collection","operationId":"f2939a4a4c62984f139a419feb732416","parameters":[{"name":"id","in":"path","description":"File collection id","required":true,"schema":{"type":"string"}}],"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/FileCollectionSummary"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"},"delete":{"tags":["File Collection"],"description":"delete collection, but attached files still exists in system","operationId":"dcf2986650e7053e6ca583a2f767fce8","parameters":[{"name":"id","in":"path","description":"File collection id","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"no content return","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/file-collection\/{id}\/files\/download":{"get":{"tags":["File Collection"],"description":"return an archive with all collection samples","operationId":"7a001974cdf68d2ad4998784cf81f3d8","parameters":[{"name":"id","in":"path","description":"File collection id","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"archive of samples","content":{"application\/octet-stream":[]}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"},"post":{"tags":["File Collection"],"description":"return an archive with selected collection samples","operationId":"a9a5d6b3aee9b4371a0793181fb91dbc","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"required":["id","hashes[]"],"properties":{"id":{"description":"File collection id","type":"string"},"hashes[]":{"description":"SHA256 hashes of files to download","type":"array","items":{"type":"string"}}},"type":"object"},"encoding":{"hashes[]":{"style":"form","explode":true}}}}},"responses":{"200":{"description":"archive of selected samples","content":{"application\/octet-stream":[]}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/file-collection\/search":{"post":{"tags":["File Collection"],"description":"search the database using the search terms","operationId":"55c71629a4c0a2ee72288b16122e7d15","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"properties":{"collection_name":{"description":"Collection Name","type":"string","x-auth-level":"restricted"},"tag":{"description":"Hashtag e.g. ransomware","type":"string","x-auth-level":"restricted"}},"type":"object"}}}},"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/FileCollectionTermsSearch"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/file-collection\/create":{"post":{"tags":["File Collection"],"description":"create file collection","operationId":"982e1ed42fc9782596b8162029f8a546","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"properties":{"collection_name":{"description":"Optional collection name","type":"string"},"comment":{"description":"Optional comment text that may be associated with the file collection (Note: you can use #tags here)","type":"string"}},"type":"object"}}}},"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/CreatedFileCollection"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/file-collection\/{id}\/files\/add":{"post":{"tags":["File Collection"],"description":"add file to collection","operationId":"b292b3ddbe5ffb994b89e709bb454d7a","parameters":[{"name":"id","in":"path","description":"File collection id","required":true,"schema":{"type":"string"}}],"requestBody":{"description":"input parameters","content":{"multipart\/form-data":{"schema":{"required":["file"],"properties":{"file":{"description":"File to add","type":"file"}},"type":"object"}}}},"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}},"Quick-Scan-Limits":{"description":"Quick Scan limits and current usage","schema":{"type":"string","format":"json"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/FileCollectionQuickScan"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/key\/current":{"get":{"tags":["Key"],"description":"return information about the used API key and it limits","operationId":"5e583bcbee466842da56ec9dbe819664","responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Submission-Limits":{"description":"Submission limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}},"Quick-Scan-Limits":{"description":"Quick Scan limits and current usage","schema":{"type":"string","format":"json"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Key"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/key\/submission-quota":{"get":{"tags":["Key"],"description":"return information about quota and current usage","operationId":"a638983ab386e3f17ede1ed9644220a8","responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SubmissionQuota"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/overview\/{sha256}":{"get":{"tags":["Analysis Overview"],"description":"return overview for hash","operationId":"9981be6445da2c7e117a48dbc551f5f6","parameters":[{"name":"sha256","in":"path","description":"SHA256 for lookup","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Overview"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/overview\/{sha256}\/refresh":{"get":{"tags":["Analysis Overview"],"description":"refresh overview and download fresh data from external services","operationId":"cb21128a1fd6a0bfa882774482d1473d","parameters":[{"name":"sha256","in":"path","description":"SHA256 for lookup","required":true,"schema":{"type":"string"}}],"responses":{"202":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/overview\/{sha256}\/summary":{"get":{"tags":["Analysis Overview"],"description":"return overview for hash","operationId":"052627a17af8cc6ae5240f4684040902","parameters":[{"name":"sha256","in":"path","description":"SHA256 for lookup","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/OverviewSummary"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/overview\/{sha256}\/sample":{"get":{"tags":["Analysis Overview"],"description":"downloading sample file","operationId":"f0861f681445a6b6dd6f1b9964cee1b8","parameters":[{"name":"sha256","in":"path","description":"SHA256 for download","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"content of requested file","headers":{"Vx-Filename":{"description":"Name of file","schema":{"type":"string"}}},"content":{"application\/gzip":[]}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/quick-scan\/state":{"get":{"tags":["Quick Scan"],"description":"return list of available scanners","operationId":"04c731564495f3770c5d2e5d9971ecb2","responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/QuickScanService"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/quick-scan\/file":{"post":{"tags":["Quick Scan"],"description":"submit a file for quick scan, you can check results in overview endpoint","operationId":"711bd2a6c5b9f2b4c34e8af6554274e3","requestBody":{"description":"input parameters","content":{"multipart\/form-data":{"schema":{"required":["scan_type","file"],"properties":{"scan_type":{"description":"Type of scan, please see \/quick-scan\/state to see available scanners","type":"string","enum":["all","all_lookup","all_scan","lookup_ha","lookup_whitelists","lookup_whitelists_internal","scan_crowdstrike_ml","scan_metadefender"]},"file":{"description":"File to submit","type":"file"},"comment":{"description":"Optional comment text that may be associated with the submission\/sample (Note: you can use #tags here)","type":"string"},"submit_name":{"description":"Optional 'submission name' field that will be used for file type detection and analysis","type":"string"}},"type":"object"}}}},"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}},"Quick-Scan-Limits":{"description":"Quick Scan limits and current usage","schema":{"type":"string","format":"json"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/QuickScan"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/quick-scan\/url":{"post":{"tags":["Quick Scan"],"description":"submit a website's url or url with file for analysis","operationId":"458f96cf9b737894c0a7bd60f6e3f183","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"required":["scan_type","url"],"properties":{"scan_type":{"description":"Type of scan, please see \/quick-scan\/state to see available scanners","type":"string","enum":["all","all_lookup","all_scan","lookup_ha","lookup_whitelists","lookup_whitelists_internal","lookup_cleandns","lookup_bforeai","scan_crowdstrike_ml","scan_metadefender","scan_urlscanio","scan_scamadviser"]},"url":{"description":"website's url or url with file to submit","type":"string"},"comment":{"description":"Optional comment text that may be associated with the submission\/sample (Note: you can use #tags here)","type":"string"},"submit_name":{"description":"Optional 'submission name' field that will be used for file type detection and analysis","type":"string"}},"type":"object"}}}},"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}},"Quick-Scan-Limits":{"description":"Quick Scan limits and current usage","schema":{"type":"string","format":"json"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/QuickScan"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/quick-scan\/url-to-file":{"post":{"tags":["Quick Scan"],"description":"submit a file by url for analysis","operationId":"1caeced3764dc67b0fc84b86cc9d5d74","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"required":["scan_type","url"],"properties":{"scan_type":{"description":"Type of scan, please see \/quick-scan\/state to see available scanners","type":"string","enum":["all","reports"]},"url":{"description":"url of file to submit","type":"string"},"comment":{"description":"Optional comment text that may be associated with the submission\/sample (Note: you can use #tags here)","type":"string"},"submit_name":{"description":"Optional 'submission name' field that will be used for file type detection and analysis","type":"string"}},"type":"object"}}}},"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}},"Quick-Scan-Limits":{"description":"Quick Scan limits and current usage","schema":{"type":"string","format":"json"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/QuickScan"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"deprecated":true,"security":[{"api_key":[]}],"x-auth-level":"restricted"},"requestBody":{"content":{"application\/x-www-form-urlencoded":{"schema":{"properties":{"scan_type":{"enum":["all","all_lookup","all_scan","lookup_ha","lookup_whitelists","lookup_whitelists_internal","scan_crowdstrike_ml","scan_metadefender"]}}}}}}},"\/quick-scan\/url-for-analysis":{"post":{"tags":["Quick Scan"],"description":"submit a url for analysis","operationId":"c1764f8d9ba84c12fedb7f73915ab380","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"required":["scan_type","url"],"properties":{"scan_type":{"description":"Type of scan, please see \/quick-scan\/state to see available scanners","type":"string","enum":["all","reports"]},"url":{"description":"url for analyze","type":"string"},"comment":{"description":"Optional comment text that may be associated with the submission\/sample (Note: you can use #tags here)","type":"string"},"submit_name":{"description":"Optional 'submission name' field that will be used for file type detection and analysis","type":"string"}},"type":"object"}}}},"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}},"Quick-Scan-Limits":{"description":"Quick Scan limits and current usage","schema":{"type":"string","format":"json"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/QuickScan"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"deprecated":true,"security":[{"api_key":[]}],"x-auth-level":"restricted"},"requestBody":{"content":{"application\/x-www-form-urlencoded":{"schema":{"properties":{"scan_type":{"enum":["all","all_lookup","all_scan","lookup_ha","lookup_cleandns","lookup_bforeai","scan_urlscanio","scan_scamadviser"]}}}}}}},"\/quick-scan\/{id}":{"get":{"tags":["Quick Scan"],"description":"some scanners need time to process file, if in response `finished` is set to false, then you need use this endpoint to get final results","operationId":"8b094dc6a7b763bfd4e25911ed8af72c","parameters":[{"name":"id","in":"path","description":"id of scan","required":true,"schema":{"type":"string"}}],"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}},"Quick-Scan-Limits":{"description":"Quick Scan limits and current usage","schema":{"type":"string","format":"json"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/QuickScan"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/abuse-reports\/new":{"post":{"tags":["Request Report Deletion"],"description":"allows to request report deletion","operationId":"a73895c4bd896396a8f59a02f49cac3b","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"required":["sha256","reason"],"properties":{"sha256":{"description":"SHA256 of the sample you want to report","type":"string"},"reason":{"description":"Report reason","type":"string"}},"type":"object"}}}},"responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/ReportAbuseNew"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/abuse-reports\/feed":{"get":{"tags":["Request Report Deletion"],"description":"returns hashes of samples that were qualified for removal due to abuse or were containing private data and dates when it happened","operationId":"d97c84ba3099decb501ba37e993ad225","parameters":[{"name":"page","in":"query","description":"Page if there more results than we can display in one request","required":false,"schema":{"type":"integer"}}],"responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/ReportAbuseFeed"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/report\/{id}\/certificate":{"get":{"tags":["Sandbox Report"],"description":"downloading certificate file from report (if available)","operationId":"654b1757059fe1083aa8ad456fb6b8c0","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"content of requested file","headers":{"Vx-Filename":{"description":"Name of file","schema":{"type":"string"}}},"content":{"application\/octet-stream":[]}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/report\/{id}\/children":{"get":{"tags":["Sandbox Report"],"description":"returns children reports ids, once given id indicated archive or container file","operationId":"fe428721a2d007320558f6c1322015b7","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"type":"array","items":{"type":"string"}}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/report\/{id}\/memory-dumps-list":{"get":{"tags":["Sandbox Report"],"description":"list all memory dump files (if available)","operationId":"610507c03f2fd279e8bf7de42eb1b78b","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"type":"array","items":{"$ref":"#\/components\/schemas\/MemoryDump"}}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/report\/{id}\/memory-dump\/extracted-strings":{"get":{"tags":["Sandbox Report"],"description":"return strings extracted from memory dump","operationId":"a5ac630a36de6338b24cd231aae1b017","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}},{"name":"filename","in":"query","description":"Memory Dump Filename","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/MemoryDumpExtractedStrings"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/report\/{id}\/memory-dump\/hex-dump":{"get":{"tags":["Sandbox Report"],"description":"return hex dump from memory dump","operationId":"39f01edd97d1aa8b83c7f339ccf58025","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}},{"name":"filename","in":"query","description":"Memory Dump Filename","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/MemoryDumpHexDump"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/report\/{id}\/pcap":{"get":{"tags":["Sandbox Report"],"description":"downloading network PCAP file from report (if available)","operationId":"efae3cf1c0edae0a3d48749f6897a022","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}},{"name":"accept-encoding","in":"header","description":"Instead of gz file you can download this file using gzip encoding if your client support it (recommended), **NOTE:** in Swagger GUI this can be overwrite by browser","required":false,"schema":{"type":"string"},"example":"gzip"}],"responses":{"200":{"description":"content of requested file","headers":{"Vx-Filename":{"description":"Name of file","schema":{"type":"string"}}},"content":{"application\/octet-stream":[]}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/report\/{id}\/report\/{type}":{"get":{"tags":["Sandbox Report"],"description":"downloading report file (e.g. JSON, XML, HTML)","operationId":"8ff0c3ddc54bf2d2dae1ba559a5583ee","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}},{"name":"type","in":"path","description":"Type of requested report, available types:\n - **xml** - The XML report as application\/xml content and *.gz compressed.\n - **json** - The JSON report as application\/json content\n - **html** - The HTML report as text\/html content and *.gz compressed\n - **pdf** - The PDF report as application\/pdf content\n - **maec** - The MAEC (4.1) report as application\/xml content\n - **stix** - The STIX report as application\/xml content\n - **misp** - The MISP XML report as application\/xml content\n - **misp-json** - The MISP JSON report as application\/json content\n - **openioc** - The OpenIOC (1.1) report as application\/xml content","required":true,"schema":{"type":"string"}},{"name":"accept-encoding","in":"header","description":"Insted of gz file you can download this file using gzip encoding if your client support it (recomended), **NOTE:** in Swagger GUI this can be overwrite by browser","required":false,"schema":{"type":"string"},"example":"gzip"}],"responses":{"200":{"description":"content of requested file","headers":{"Vx-Filename":{"description":"Name of file","schema":{"type":"string"}}},"content":{"application\/octet-stream":[]}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/report\/{id}\/sample":{"get":{"tags":["Sandbox Report"],"description":"downloading sample file","operationId":"c674755592ec02c64ad836ae12d6d7bf","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"content of requested file","headers":{"Vx-Filename":{"description":"Name of file","schema":{"type":"string"}}},"content":{"application\/gzip":[]}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/report\/{id}\/memory-strings":{"get":{"tags":["Sandbox Report"],"description":"downloading all memory strings from report (if available)","operationId":"e01f9d5e492cbc72369f56397488365b","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}},{"name":"accept-encoding","in":"header","description":"Instead of gz file you can download this file using gzip encoding if your client support it (recomended), **NOTE:** in Swagger GUI this can be overwrite by browser","required":false,"schema":{"type":"string"},"example":"gzip"}],"responses":{"200":{"description":"content of requested file","headers":{"Vx-Filename":{"description":"Name of file","schema":{"type":"string"}}},"content":{"application\/octet-stream":[]}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/report\/{id}\/state":{"get":{"tags":["Sandbox Report"],"description":"return state of a submission","operationId":"a9bc4ff2646b8ebd3e94b21c17f32f37","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SampleState"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/report\/{id}\/summary":{"get":{"tags":["Sandbox Report"],"description":"return summary of a submission","operationId":"b7bf5dba3bdd7e12a97034ad679b7358","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SampleSummary"}}}},"410":{"description":"response for container files","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SampleGone"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/report\/summary":{"post":{"tags":["Sandbox Report"],"description":"return summary of multiple submissions (bulk query)","operationId":"a692386204ede603328741f7b08e225a","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"required":["hashes[]"],"properties":{"hashes[]":{"description":"List of ids. Allowed format: jobId, md5:environmentId, sha1:environmentId or sha256:environmentId","type":"array","items":{"type":"string"}}},"type":"object"},"encoding":{"hashes[]":{"style":"form","explode":true}}}}},"responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"type":"array","items":{"$ref":"#\/components\/schemas\/SampleSummary"}}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/report\/{id}\/file\/{type}":{"get":{"tags":["Sandbox Report"],"description":"downloading report data (e.g. JSON, XML, PCAP)","operationId":"7e872c46c1a5638b701b09cc68e03565","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}},{"name":"type","in":"path","description":"Type of requested content, available types:\n - **xml** - The XML report as application\/xml content and *.gz compressed.\n - **json** - The JSON report as application\/json content\n - **html** - The HTML report as text\/html content and *.gz compressed\n - **pdf** - The PDF report as application\/pdf content\n - **maec** - The MAEC (4.1) report as application\/xml content\n - **stix** - The STIX report as application\/xml content\n - **misp** - The MISP XML report as application\/xml content\n - **misp-json** - The MISP JSON report as application\/json content\n - **openioc** - The OpenIOC (1.1) report as application\/xml content\n - **bin** - The binary sample as application\/octet-stream and *.gz compressed. Note: if the file was uploaded with 'no_share_vt' (i.e. not shared), this might fail.\n - **crt** - The binary sample certificate file (is available) as application\/octet-stream content\n - **memory** - The process memory dump files as application\/octet-stream and zip compressed.\n - **pcap** - The PCAP network traffic capture file as application\/octet-stream and *.gz compressed.","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"content of requested file","headers":{"Vx-Filename":{"description":"Name of file","schema":{"type":"string"}}},"content":{"application\/octet-stream":[]}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"deprecated":true,"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/report\/{id}\/screenshots":{"get":{"tags":["Sandbox Report"],"description":"retrieve an array of screenshots from a report in the Base64 format. Note: may return less that are visible at the report page - at API, duplicates are removed","operationId":"db2dc105afde92f2df0d322b61143a5e","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"type":"array","items":{"$ref":"#\/components\/schemas\/SampleScreenshot"}}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/report\/{id}\/dropped-file\/{hash}":{"get":{"tags":["Sandbox Report"],"description":"retrieve single extracted\/dropped binaries files for a report, as zip","operationId":"5d4fc0a422e9da082903f9ccf9b9bad1","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}},{"name":"hash","in":"path","description":"SHA256 of dropped file","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"success response","headers":{"Vx-Filename":{"description":"Name of file","schema":{"type":"string"}}},"content":{"application\/octet-stream":[]}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"deprecated":true,"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/report\/{id}\/dropped-file-raw\/{hash}":{"get":{"tags":["Sandbox Report"],"description":"retrieve single extracted\/dropped binaries files for a report","operationId":"e718eaeb76a4ebfd4781995e894d7cec","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}},{"name":"hash","in":"path","description":"SHA256 of dropped file","required":true,"schema":{"type":"string"}},{"name":"accept-encoding","in":"header","description":"Insted of gz file you can download this file using gzip encoding if your client support it (recomended), **NOTE:** in Swagger GUI this can be overwrite by browser","required":false,"schema":{"type":"string"},"example":"gizp"}],"responses":{"200":{"description":"content of requested file","headers":{"Vx-Filename":{"description":"Name of file","schema":{"type":"string"}}},"content":{"application\/octet-stream":[]}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/report\/{id}\/dropped-files":{"get":{"tags":["Sandbox Report"],"description":"retrieve all extracted\/dropped binaries files for a report, as zip","operationId":"ec44d43bdb74f2d7921a770ae549e81d","parameters":[{"name":"id","in":"path","description":"Id in one of format: 'jobId' or 'sha256:environmentId'","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"content of requested file","headers":{"Vx-Filename":{"description":"Name of file","schema":{"type":"string"}}},"content":{"application\/octet-stream":[]}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/search\/hash":{"post":{"tags":["Search"],"description":"summary for given hash","operationId":"0197a6ff29eab44bf4d18d45bb67aedb","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"required":["hash"],"properties":{"hash":{"description":"MD5, SHA1 or SHA256","type":"string"}},"type":"object"}}}},"responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"type":"array","items":{"$ref":"#\/components\/schemas\/SampleSummary"}}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/search\/hashes":{"post":{"tags":["Search"],"description":"summary for given hashes","operationId":"2f3268b2522562c9d49936fae22ea6c7","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"required":["hashes[]"],"properties":{"hashes[]":{"description":"List of hashes. Allowed type: MD5, SHA1 or SHA256","type":"array","items":{"type":"string"}}},"type":"object"},"encoding":{"hashes[]":{"style":"form","explode":true}}}}},"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"type":"array","items":{"$ref":"#\/components\/schemas\/SampleSummary"}}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/search\/terms":{"post":{"tags":["Search"],"description":"search the database using the search terms","operationId":"5d7230cfa76c541818188ff3911bb6a2","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"properties":{"filename":{"description":"Filename e.g. invoice.exe","type":"string","x-auth-level":"restricted"},"filetype":{"description":"Filetype e.g. docxAvailable options: 64bits, 7zip, ace, android, assembly, bat, bmp, bzip, cmd, com, compressed, csv, data, doc, docker, docx, elf, email, empty, executable, flash, gif, gzip, heif, html, hwp, hwpx, image, img, imgimage, iqy, isoimage, jar, java, javascript, jpg, library, lnk, macho, mshelp, msi, native, neexe, office, onenote, outlook, pdf, pedll, peexe, perl, png, powershell, ppt, pptx, ps, pub, python, rar, rtf, script, sct, sh, svg, tar, text, tiff, unknown, url, vbe, vbs, wim, wsf, xls, xlsx, xz, zip
","type":"string","x-auth-level":"restricted"},"filetype_desc":{"description":"Filetype description e.g. PE32 executable","type":"string","x-auth-level":"restricted"},"env_id":{"description":"Environment Id","type":"string","x-auth-level":"restricted"},"country":{"description":"Country (3 digit ISO) e.g. swe","type":"string","x-auth-level":"restricted"},"verdict":{"description":"Verdict e.g. 1Available options: 1 'whitelisted', 2 'no verdict', 3 'no specific threat', 4 'suspicious', 5 'malicious'
","type":"integer","x-auth-level":"restricted"},"av_detect":{"description":"AV Multiscan range e.g. 50-70 (min 0, max 100)","type":"string","x-auth-level":"restricted"},"vx_family":{"description":"AV Family Substring e.g. nemucod","type":"string","x-auth-level":"restricted"},"tag":{"description":"Hashtag e.g. ransomware","type":"string","x-auth-level":"restricted"},"date_from":{"description":"Date from in format: 'Y-m-d H:i' e.g. 2018-09-28 15:30","type":"string","format":"datetime","x-auth-level":"restricted"},"date_to":{"description":"Date to in format: 'Y-m-d H:i' e.g. 2018-09-28 15:30","type":"string","format":"datetime","x-auth-level":"restricted"},"port":{"description":"Port e.g. 8080","type":"integer","x-auth-level":"restricted"},"host":{"description":"Host e.g. 192.168.0.1","type":"string","x-auth-level":"restricted"},"domain":{"description":"Domain e.g. checkip.dyndns.org","type":"string","x-auth-level":"restricted"},"url":{"description":"HTTP Request Substring e.g. google","type":"string","x-auth-level":"restricted"},"similar_to":{"description":"Similar Samples e.g. \\","type":"string","x-auth-level":"restricted"},"context":{"description":"Sample Context e.g. \\ ","type":"string","x-auth-level":"restricted"},"imp_hash":{"type":"string","x-auth-level":"restricted"},"ssdeep":{"type":"string","x-auth-level":"restricted"},"authentihash":{"type":"string","x-auth-level":"restricted"},"uses_tactic":{"description":"Uses MITRE ATT&CK® Tactic. Please check they website to get current Tactics","type":"string","x-auth-level":"restricted"},"uses_technique":{"description":"Uses MITRE ATT&CK® Technique. Please check they website to get current Techniques","type":"string","x-auth-level":"restricted"}},"type":"object"}}}},"responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"type":"array","items":{"$ref":"#\/components\/schemas\/SampleTermsSearch"}}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/submit\/file":{"post":{"tags":["Sandbox Submission"],"description":"submit a file for analysis","operationId":"e306d626e3fbbe3f10982ff88251b2b7","requestBody":{"description":"input parameters","content":{"multipart\/form-data":{"schema":{"required":["file","environment_id"],"properties":{"file":{"description":"file to submit","type":"file"},"environment_id":{"description":"Environment ID. Available environments ID: 400: 'Mac Catalina 64 bit (x86)', 310: 'Linux (Ubuntu 20.04, 64 bit)', 200: 'Android Static Analysis', 160: 'Windows 10 64 bit', 140: 'Windows 11 64 bit', 120: 'Windows 7 64 bit', 110: 'Windows 7 32 bit (HWP Support)', 100: 'Windows 7 32 bit'","type":"integer"},"action_script":{"description":"Optional custom runtime action script. Available runtime scripts: **default**, **default_maxantievasion**, **default_randomfiles**, **default_randomtheme**, **default_openie**","type":"string"},"hybrid_analysis":{"description":"When set to 'false', no memory dumps or memory dump analysis will take place. Default: true","type":"boolean"},"experimental_anti_evasion":{"description":"When set to 'true', will set all experimental anti-evasion options of the Kernelmode Monitor. Default: false","type":"boolean"},"script_logging":{"description":"When set to 'true', will set the in-depth script logging engine of the Kernelmode Monitor. Default: false","type":"boolean"},"input_sample_tampering":{"description":"When set to 'true', will allow experimental anti-evasion options of the Kernelmode Monitor that tamper with the input sample. Default: false","type":"boolean"},"tor_enabled_analysis":{"description":"Deprecated, please use 'network_settings' instead","type":"boolean"},"offline_analysis":{"description":"Deprecated, please use 'network_settings' instead","type":"boolean"},"network_settings":{"description":"Network settings, by the default, fully operating network is set. Available options: default: 'Fully operating network', tor: 'Route network traffic via TOR network', simulated: 'Simulate network traffic during the analysis'
","type":"string"},"email":{"description":"Optional E-Mail address that may be associated with the submission for notification","type":"string"},"comment":{"description":"Optional comment text that may be associated with the submission\/sample (Note: you can use #tags here)","type":"string"},"custom_date_time":{"description":"Optional custom date\/time that can be set for the analysis system. Expected format: yyyy-MM-dd HH:mm","type":"string"},"custom_cmd_line":{"description":"Optional commandline that should be passed to the analysis file","type":"string"},"custom_run_time":{"description":"Optional runtime duration (in seconds)","type":"integer"},"submit_name":{"description":"Optional 'submission name' field that will be used for file type detection and analysis","type":"string"},"priority":{"description":"Optional priority value between 1 (lowest) and 10 (highest), by default all samples run with highest priority","type":"integer"},"document_password":{"description":"Optional document password that will be used to fill-in Adobe\/Office password prompts","type":"string"},"environment_variable":{"description":"Optional system environment value. The value is provided in the format: name: value","type":"string"}},"type":"object"}}}},"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Submission-Limits\"":{"description":"Submission limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SubmissionStatus"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/submit\/url":{"post":{"tags":["Sandbox Submission"],"description":"submit a website's url or url with file for analysis","operationId":"22e1723d4cec5c9b20d50715e4e5de8f","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"required":["url","environment_id"],"properties":{"url":{"description":"url for analyze or url of file to submit","type":"string"},"environment_id":{"description":"Environment ID. Available environments ID: 400: 'Mac Catalina 64 bit (x86)', 310: 'Linux (Ubuntu 20.04, 64 bit)', 200: 'Android Static Analysis', 160: 'Windows 10 64 bit', 140: 'Windows 11 64 bit', 120: 'Windows 7 64 bit', 110: 'Windows 7 32 bit (HWP Support)', 100: 'Windows 7 32 bit'","type":"integer"},"action_script":{"description":"Optional custom runtime action script. Available runtime scripts: **default**, **default_maxantievasion**, **default_randomfiles**, **default_randomtheme**, **default_openie**","type":"string"},"hybrid_analysis":{"description":"When set to 'false', no memory dumps or memory dump analysis will take place. Default: true","type":"boolean"},"experimental_anti_evasion":{"description":"When set to 'true', will set all experimental anti-evasion options of the Kernelmode Monitor. Default: false","type":"boolean"},"script_logging":{"description":"When set to 'true', will set the in-depth script logging engine of the Kernelmode Monitor. Default: false","type":"boolean"},"input_sample_tampering":{"description":"When set to 'true', will allow experimental anti-evasion options of the Kernelmode Monitor that tamper with the input sample. Default: false","type":"boolean"},"tor_enabled_analysis":{"description":"Deprecated, please use 'network_settings' instead","type":"boolean"},"offline_analysis":{"description":"Deprecated, please use 'network_settings' instead","type":"boolean"},"network_settings":{"description":"Network settings, by the default, fully operating network is set.Available options: default: 'Fully operating network', tor: 'Route network traffic via TOR network', simulated: 'Simulate network traffic during the analysis'
","type":"string"},"email":{"description":"Optional E-Mail address that may be associated with the submission for notification","type":"string"},"comment":{"description":"Optional comment text that may be associated with the submission\/sample (Note: you can use #tags here)","type":"string"},"custom_date_time":{"description":"Optional custom date\/time that can be set for the analysis system. Expected format: yyyy-MM-dd HH:mm","type":"string"},"custom_cmd_line":{"description":"Optional commandline that should be passed to the analysis file","type":"string"},"custom_run_time":{"description":"Optional runtime duration (in seconds)","type":"integer"},"submit_name":{"description":"Optional 'submission name' field that will be used for file type detection and analysis. Ignored unless url contains a file","type":"string"},"priority":{"description":"Optional priority value between 1 (lowest) and 10 (highest), by default all samples run with highest priority","type":"integer"},"document_password":{"description":"Optional document password that will be used to fill-in Adobe\/Office password prompts. Ignored unless url contains a file","type":"string"},"environment_variable":{"description":"Optional system environment value. The value is provided in the format: name: value","type":"string"}},"type":"object"}}}},"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Submission-Limits\"":{"description":"Submission limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SubmissionStatus"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/submit\/url-to-file":{"post":{"tags":["Sandbox Submission"],"description":"submit a file by url for analysis","operationId":"d23ebbf65a2b6ea472053d3478acdbaa","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"required":["url","environment_id"],"properties":{"url":{"description":"url of file to submit","type":"string"},"environment_id":{"description":"Environment ID. Available environments ID: 400: 'Mac Catalina 64 bit (x86)', 310: 'Linux (Ubuntu 20.04, 64 bit)', 200: 'Android Static Analysis', 160: 'Windows 10 64 bit', 140: 'Windows 11 64 bit', 120: 'Windows 7 64 bit', 110: 'Windows 7 32 bit (HWP Support)', 100: 'Windows 7 32 bit'","type":"integer"},"action_script":{"description":"Optional custom runtime action script. Available runtime scripts: **default**, **default_maxantievasion**, **default_randomfiles**, **default_randomtheme**, **default_openie**","type":"string"},"hybrid_analysis":{"description":"When set to 'false', no memory dumps or memory dump analysis will take place. Default: true","type":"boolean"},"experimental_anti_evasion":{"description":"When set to 'true', will set all experimental anti-evasion options of the Kernelmode Monitor. Default: false","type":"boolean"},"script_logging":{"description":"When set to 'true', will set the in-depth script logging engine of the Kernelmode Monitor. Default: false","type":"boolean"},"input_sample_tampering":{"description":"When set to 'true', will allow experimental anti-evasion options of the Kernelmode Monitor that tamper with the input sample. Default: false","type":"boolean"},"tor_enabled_analysis":{"description":"When set to 'true', will route the network traffic for the analysis via TOR (if properly configured on the server). Default: false","type":"boolean"},"offline_analysis":{"description":"When set to \u201ctrue\u201d, will disable outbound network traffic for the guest VM (takes precedence over \u2018tor_enabled_analysis\u2019 if both are provided). Default: false","type":"boolean"},"email":{"description":"Optional E-Mail address that may be associated with the submission for notification","type":"string"},"comment":{"description":"Optional comment text that may be associated with the submission\/sample (Note: you can use #tags here)","type":"string"},"custom_date_time":{"description":"Optional custom date\/time that can be set for the analysis system. Expected format: yyyy-MM-dd HH:mm","type":"string"},"custom_cmd_line":{"description":"Optional commandline that should be passed to the analysis file","type":"string"},"custom_run_time":{"description":"Optional runtime duration (in seconds)","type":"integer"},"submit_name":{"description":"Optional 'submission name' field that will be used for file type detection and analysis","type":"string"},"priority":{"description":"Optional priority value between 1 (lowest) and 10 (highest), by default all samples run with highest priority","type":"integer"},"document_password":{"description":"Optional document password that will be used to fill-in Adobe\/Office password prompts","type":"string"},"environment_variable":{"description":"Optional system environment value. The value is provided in the format: name: value","type":"string"},"interactivity_timeout":{"description":"Optional interactivity timeout. Total time that VM will be active (in seconds). Default: 900s","type":"integer"}},"type":"object"}}}},"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Submission-Limits\"":{"description":"Submission limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SubmissionStatus"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"deprecated":true,"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/submit\/url-for-analysis":{"post":{"tags":["Sandbox Submission"],"description":"submit a url for analysis","operationId":"10980b93e5209ab3dde97d651c2fc503","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"required":["url","environment_id"],"properties":{"url":{"description":"url for analyze","type":"string"},"environment_id":{"description":"Environment ID. Available environments ID: 400: 'Mac Catalina 64 bit (x86)', 310: 'Linux (Ubuntu 20.04, 64 bit)', 200: 'Android Static Analysis', 160: 'Windows 10 64 bit', 140: 'Windows 11 64 bit', 120: 'Windows 7 64 bit', 110: 'Windows 7 32 bit (HWP Support)', 100: 'Windows 7 32 bit'","type":"integer"},"action_script":{"description":"Optional custom runtime action script. Available runtime scripts: **default**, **default_maxantievasion**, **default_randomfiles**, **default_randomtheme**, **default_openie**","type":"string"},"hybrid_analysis":{"description":"When set to 'false', no memory dumps or memory dump analysis will take place. Default: true","type":"boolean"},"experimental_anti_evasion":{"description":"When set to 'true', will set all experimental anti-evasion options of the Kernelmode Monitor. Default: false","type":"boolean"},"script_logging":{"description":"When set to 'true', will set the in-depth script logging engine of the Kernelmode Monitor. Default: false","type":"boolean"},"input_sample_tampering":{"description":"When set to 'true', will allow experimental anti-evasion options of the Kernelmode Monitor that tamper with the input sample. Default: false","type":"boolean"},"tor_enabled_analysis":{"description":"When set to 'true', will route the network traffic for the analysis via TOR (if properly configured on the server). Default: false","type":"boolean"},"offline_analysis":{"description":"When set to \u201ctrue\u201d, will disable outbound network traffic for the guest VM (takes precedence over \u2018tor_enabled_analysis\u2019 if both are provided). Default: false","type":"boolean"},"email":{"description":"Optional E-Mail address that may be associated with the submission for notification","type":"string"},"comment":{"description":"Optional comment text that may be associated with the submission\/sample (Note: you can use #tags here)","type":"string"},"custom_date_time":{"description":"Optional custom date\/time that can be set for the analysis system. Expected format: yyyy-MM-dd HH:mm","type":"string"},"custom_cmd_line":{"description":"Optional commandline that should be passed to the analysis file","type":"string"},"custom_run_time":{"description":"Optional runtime duration (in seconds)","type":"integer"},"priority":{"description":"Optional priority value between 1 (lowest) and 10 (highest), by default all samples run with highest priority","type":"integer"},"environment_variable":{"description":"Optional system environment value. The value is provided in the format: name: value","type":"string"}},"type":"object"}}}},"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Submission-Limits\"":{"description":"Submission limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SubmissionStatus"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"deprecated":true,"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/submit\/hash-for-url":{"post":{"tags":["Sandbox Submission"],"description":"determine a SHA256 that an online file or URL submission will have when being processed by the system. Note: this is useful when looking up URL analysis","operationId":"e7a13bfd6ebcdc403f13efd8aa5f9bcc","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"required":["url"],"properties":{"url":{"description":"Url to check","type":"string"}},"type":"object"}}}},"responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Hash"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/submit\/dropped-file":{"post":{"tags":["Sandbox Submission"],"description":"submit dropped file for analysis","operationId":"e2bce91701a469c9751d5a63da2869d9","requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"required":["id","file_hash"],"properties":{"id":{"description":"Id of the report from which the file should be analyzed. Id in one of format: 'jobId' or 'sha256:environmentId'","type":"string"},"file_hash":{"description":"SHA256 of dropped file for analyze","type":"string"}},"type":"object"}}}},"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Submission-Limits\"":{"description":"Submission limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SubmissionStatus"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/quick-scan\/{id}\/convert-to-full":{"post":{"tags":["Quick Scan"],"description":"convert quick scan to sandbox report","operationId":"024cceff2dd2ddfad6a74251aad3b846","parameters":[{"name":"id","in":"path","description":"ID of quick scan to convert","required":true,"schema":{"type":"string"}}],"requestBody":{"description":"input parameters","content":{"application\/x-www-form-urlencoded":{"schema":{"required":["environment_id"],"properties":{"environment_id":{"description":"Environment ID. Available environments ID: 400: 'Mac Catalina 64 bit (x86)', 310: 'Linux (Ubuntu 20.04, 64 bit)', 200: 'Android Static Analysis', 160: 'Windows 10 64 bit', 140: 'Windows 11 64 bit', 120: 'Windows 7 64 bit', 110: 'Windows 7 32 bit (HWP Support)', 100: 'Windows 7 32 bit'","type":"integer"},"action_script":{"description":"Optional custom runtime action script. Available runtime scripts: **default**, **default_maxantievasion**, **default_randomfiles**, **default_randomtheme**, **default_openie**","type":"string"},"hybrid_analysis":{"description":"When set to 'false', no memory dumps or memory dump analysis will take place. Default: true","type":"boolean"},"experimental_anti_evasion":{"description":"When set to 'true', will set all experimental anti-evasion options of the Kernelmode Monitor. Default: false","type":"boolean"},"script_logging":{"description":"When set to 'true', will set the in-depth script logging engine of the Kernelmode Monitor. Default: false","type":"boolean"},"input_sample_tampering":{"description":"When set to 'true', will allow experimental anti-evasion options of the Kernelmode Monitor that tamper with the input sample. Default: false","type":"boolean"},"tor_enabled_analysis":{"description":"Deprecated, please use 'network_settings' instead","type":"boolean"},"offline_analysis":{"description":"Deprecated, please use 'network_settings' instead","type":"boolean"},"network_settings":{"description":"Network settings, by the default, fully operating network is set.Available options: default: 'Fully operating network', tor: 'Route network traffic via TOR network', simulated: 'Simulate network traffic during the analysis'
","type":"string"},"email":{"description":"Optional E-Mail address that may be associated with the submission for notification","type":"string"},"comment":{"description":"Optional comment text that may be associated with the submission\/sample (Note: you can use #tags here)","type":"string"},"custom_date_time":{"description":"Optional custom date\/time that can be set for the analysis system. Expected format: yyyy-MM-dd HH:mm","type":"string"},"custom_cmd_line":{"description":"Optional commandline that should be passed to the analysis file","type":"string"},"custom_run_time":{"description":"Optional runtime duration (in seconds)","type":"integer"},"submit_name":{"description":"Optional 'submission name' field that will be used for file type detection and analysis","type":"string"},"priority":{"description":"Optional priority value between 1 (lowest) and 10 (highest), by default all samples run with highest priority","type":"integer"},"document_password":{"description":"Optional document password that will be used to fill-in Adobe\/Office password prompts","type":"string"},"environment_variable":{"description":"Optional system environment value. The value is provided in the format: name: value","type":"string"}},"type":"object"}}}},"responses":{"201":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Submission-Limits\"":{"description":"Submission limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SubmissionStatus"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/system\/version":{"get":{"tags":["System"],"description":"return system elements versions","operationId":"145769f29b3862d158e74b6ddda845f1","responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/InstanceVersion"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/system\/environments":{"get":{"tags":["System"],"description":"return information about available execution environments","operationId":"bd68b15f49c59048688402da2a9d5b90","responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"type":"array","items":{"$ref":"#\/components\/schemas\/Environment"}}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/system\/action-scripts":{"get":{"tags":["System"],"description":"return information about available action scripts","operationId":"13ea959829e5303a7aa453d5e74c503e","responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"type":"array","items":{"$ref":"#\/components\/schemas\/ActionScript"}}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}},"\/system\/stats":{"get":{"tags":["System"],"description":"contains a variety of webservice statistics, e.g. the total number of submissions, unique submissions, signature ID distribution, user comments, etc.","operationId":"5e878cfdb239f874742add7b9c519b41","responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SystemStats"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/system\/configuration":{"get":{"tags":["System"],"description":"a partial information about instance configuration","operationId":"d373372cf33e493b15d9678972b68268","responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Configuration"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/system\/queue-size":{"get":{"tags":["System"],"description":"return information about queue size","operationId":"04ea6a4ccdb477857ab825ca8ca8f4f5","responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/IntValue"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"default"}},"\/system\/total-submissions":{"get":{"tags":["System"],"description":"return total number of submission","operationId":"5a69498675db3f2db5cfdb50423feafb","responses":{"200":{"description":"success response","headers":{"Api-Limits":{"description":"Api limits and current usage","schema":{"type":"string","format":"json"}},"Api-Version":{"description":"Current API version","schema":{"type":"string"}},"Webservice-Version":{"description":"Current Webservice Version","schema":{"type":"string"}}},"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/IntValue"}}}},"default":{"description":"error response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}}},"security":[{"api_key":[]}],"x-auth-level":"restricted"}}},"components":{"schemas":{"ActionScript":{"properties":{"name":{"type":"string"},"description":{"type":"string"}},"type":"object"},"AmsiCall":{"properties":{"app_name":{"type":"string"},"filename":{"type":"string","nullable":true},"raw_script_content":{"type":"string"}},"type":"object"},"AnalysisRelatedUrl":{"properties":{"url":{"type":"string"},"verdict":{"type":"string"},"type":{"description":"Available values: extracted, visited, submitted","type":"string"}},"type":"object"},"AntiVirusResult":{"properties":{"name":{"type":"string"},"result":{"type":"boolean"},"threat_found":{"type":"string"}},"type":"object"},"Certificate":{"properties":{"owner":{"type":"string","nullable":true},"issuer":{"type":"string","nullable":true},"serial_number":{"type":"string","nullable":true},"md5":{"type":"string","nullable":true},"sha1":{"type":"string","nullable":true},"valid_from":{"type":"string","format":"date-time","nullable":true},"valid_until":{"type":"string","format":"date-time","nullable":true}},"type":"object"},"CleanDnsReport":{"properties":{"type":{"type":"string","nullable":true},"reported_at":{"type":"string","format":"date-time","nullable":true}},"type":"object"},"Configuration":{"properties":{"submit_allow_offline":{"type":"boolean"},"submit_allow_tor":{"type":"boolean"},"enable_quick_scan":{"type":"boolean"}},"type":"object"},"CreatedFileCollection":{"properties":{"id":{"type":"string"}},"type":"object"},"CrowdStrikeAi":{"properties":{"executable_process_memory_analysis":{"type":"array","items":{"$ref":"#\/components\/schemas\/ExecutableProcessMemoryAnalysis"}},"analysis_related_urls":{"type":"array","items":{"$ref":"#\/components\/schemas\/AnalysisRelatedUrl"}}},"type":"object"},"DailyFeed":{"properties":{"count":{"type":"integer"},"status":{"type":"string"},"data":{"type":"array","items":{"$ref":"#\/components\/schemas\/SampleDailyFeed"}}},"type":"object"},"Environment":{"properties":{"id":{"description":"deprecated use environmentId instead","type":"string","deprecated":true},"environment_id":{"type":"integer"},"description":{"type":"string"},"group_icon":{"type":"string"},"architecture":{"type":"string"},"analysis_mode":{"type":"string"},"virtual_machines":{"type":"array","items":{"type":"string"},"deprecated":true},"total_virtual_machines":{"type":"integer","deprecated":true},"busy_virtual_machines":{"type":"integer","deprecated":true},"invalid_virtual_machines":{"type":"integer","deprecated":true}},"type":"object"},"Error":{"properties":{"message":{"type":"string"}},"type":"object"},"EtAlert":{"properties":{"source_ip":{"type":"string","nullable":true},"destination_ip":{"type":"string","nullable":true},"destination_port":{"type":"string","nullable":true},"protocol":{"type":"string","nullable":true},"signature_id":{"type":"string","nullable":true},"signature_rev":{"type":"string","nullable":true},"severity":{"type":"string","nullable":true},"category":{"type":"string","nullable":true},"description":{"type":"string","nullable":true}},"type":"object"},"ExecutableProcessMemoryAnalysis":{"type":"object","allOf":[{"$ref":"#\/components\/schemas\/MemoryDump"},{"properties":{"verdict":{"type":"string"}},"type":"object"}]},"ExtractedFile":{"properties":{"name":{"type":"string","nullable":true},"file_path":{"type":"string","nullable":true},"file_size":{"type":"integer","nullable":true},"sha1":{"type":"string","nullable":true},"sha256":{"type":"string","nullable":true},"md5":{"type":"string","nullable":true},"type_tags":{"type":"array","items":{"type":"string"},"nullable":true},"description":{"type":"string","nullable":true},"runtime_process":{"type":"string","nullable":true},"threat_level":{"type":"integer","nullable":true},"threat_level_readable":{"type":"string","nullable":true},"av_label":{"type":"string","nullable":true},"av_matched":{"type":"integer","nullable":true},"av_total":{"type":"integer","nullable":true},"file_available_to_download":{"type":"boolean"}},"type":"object"},"FileCollectionFile":{"properties":{"hash":{"type":"string"},"names":{"type":"array","items":{"type":"string"}},"state":{"type":"string","nullable":true},"verdict":{"type":"string","nullable":true},"size":{"type":"integer","nullable":true}},"type":"object"},"FileCollectionQuickScan":{"properties":{"sha256":{"type":"string"},"scanners":{"description":"Deprecated, please use 'scanners_v2' instead. More information in 2.22 version changelog","type":"array","items":{"$ref":"#\/components\/schemas\/Scanner"}},"scanners_v2":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/Scanners"}]},"whitelist":{"type":"array","items":{"$ref":"#\/components\/schemas\/KeyBoolValue"},"nullable":true},"reports":{"type":"array","items":{"type":"string"},"nullable":true},"finished":{"type":"boolean"},"quick_scan_id":{"type":"string"},"file_collection_id":{"type":"string"}},"type":"object"},"FileCollectionSearch":{"properties":{"id":{"type":"string","nullable":true},"name":{"type":"string","nullable":true},"verdict":{"type":"string","nullable":true},"number_of_files":{"type":"integer","nullable":true},"files_sha256s":{"type":"array","items":{"type":"string"},"nullable":true},"created_at":{"type":"string","format":"date-time","nullable":true}},"type":"object"},"FileCollectionSummary":{"properties":{"id":{"type":"string"},"name":{"type":"string","nullable":true},"comment":{"type":"string","nullable":true},"verdict":{"type":"string"},"size":{"type":"integer"},"number_of_files":{"type":"integer"},"files":{"type":"array","items":{"$ref":"#\/components\/schemas\/FileCollectionFile"}},"created_at":{"type":"string","format":"date-time","nullable":true},"tags":{"type":"array","items":{"type":"string"}}},"type":"object"},"FileCollectionTermsSearch":{"properties":{"search_terms":{"type":"array","items":{"$ref":"#\/components\/schemas\/KeyStringValue"}},"count":{"type":"integer"},"result":{"type":"array","items":{"$ref":"#\/components\/schemas\/FileCollectionSearch"}}},"type":"object"},"FileMetadata":{"properties":{"file_compositions":{"type":"array","items":{"type":"string"}},"imported_objects":{"type":"array","items":{"type":"string"}},"file_analysis":{"type":"array","items":{"type":"string"}},"total_file_compositions_imports":{"type":"integer","nullable":true}},"type":"object"},"FullMachineLearningModel":{"type":"object","allOf":[{"$ref":"#\/components\/schemas\/MachineLearningModel"},{"properties":{"sha256":{"type":"string"},"report_id":{"type":"string","nullable":true}},"type":"object"}]},"Hash":{"properties":{"sha256":{"type":"string"}},"type":"object"},"HostGeolocation":{"properties":{"ip":{"type":"string"},"latitude":{"type":"string"},"longitude":{"type":"string"},"country":{"type":"string"}},"type":"object"},"Indicator":{"properties":{"id":{"type":"string"},"description":{"type":"string"},"threat_level":{"type":"string"}},"type":"object"},"InstanceVersion":{"properties":{"instance":{"description":"deprecated now same as sandbox","type":"string","deprecated":true},"sandbox":{"type":"string"},"api":{"type":"string"}},"type":"object"},"IntValue":{"properties":{"value":{"type":"integer"}},"type":"object"},"InterestingFiles":{"properties":{"sha256":{"type":"string"},"environment_id":{"type":"integer","nullable":true},"submit_name":{"type":"string"},"virustotal_detectrate_percent":{"type":"integer","nullable":true},"confidence_percent":{"type":"integer","nullable":true}},"type":"object"},"Key":{"properties":{"api_key":{"type":"string"},"auth_level":{"type":"integer"},"auth_level_name":{"type":"string"},"user":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/User"}]}},"type":"object"},"KeyBoolValue":{"properties":{"id":{"type":"string"},"value":{"type":"boolean"}},"type":"object"},"KeyCredential":{"properties":{"api_key":{"type":"string"},"secret":{"type":"string"}},"type":"object"},"KeyIntValue":{"properties":{"id":{"type":"string"},"value":{"type":"integer"}},"type":"object"},"KeyStringValue":{"properties":{"id":{"type":"string"},"value":{"type":"string"}},"type":"object"},"MachineLearningModel":{"properties":{"name":{"type":"string"},"version":{"type":"string"},"status":{"type":"string"},"data":{"type":"array","items":{"$ref":"#\/components\/schemas\/KeyStringValue"}},"created_at":{"type":"string","format":"date-time"}},"type":"object"},"MachineLearningModelSearch":{"properties":{"number_of_results":{"type":"integer"},"number_of_pages":{"type":"integer"},"link_to_previous_page":{"type":"string","nullable":true},"link_to_next_page":{"type":"string","nullable":true},"results":{"type":"array","items":{"$ref":"#\/components\/schemas\/FullMachineLearningModel"}}},"type":"object"},"MaliciousReport":{"properties":{"sha256":{"type":"string"},"environment_id":{"type":"integer","nullable":true},"submit_name":{"type":"string"},"indicators":{"type":"integer"}},"type":"object"},"MemoryDump":{"properties":{"filename":{"type":"string"},"address":{"type":"string"},"flags":{"type":"string"},"file_process":{"type":"string","nullable":true},"file_process_pid":{"type":"integer","nullable":true},"file_process_sha256":{"type":"string","nullable":true},"file_process_disc_pathway":{"type":"string","nullable":true}},"type":"object"},"MemoryDumpExtractedStrings":{"properties":{"data":{"type":"array","items":{"type":"string"}}},"type":"object"},"MemoryDumpHexDump":{"properties":{"data":{"type":"array","items":{"type":"string"}}},"type":"object"},"MitreAttckBase":{"properties":{"tactic":{"type":"string"},"technique":{"type":"string"},"attck_id":{"type":"string","nullable":true},"attck_id_wiki":{"type":"string","nullable":true},"parent":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/MitreAttckParent"}]}},"type":"object"},"MitreAttckParent":{"properties":{"technique":{"type":"string"},"attck_id":{"type":"string","nullable":true},"attck_id_wiki":{"type":"string","nullable":true}},"type":"object"},"MitreAttckSignature":{"type":"object","allOf":[{"$ref":"#\/components\/schemas\/MitreAttckBase"},{"properties":{"malicious_identifiers_count":{"type":"integer"},"malicious_identifiers":{"description":"populated only in some endpoints","type":"array","items":{"type":"string"}},"suspicious_identifiers_count":{"type":"integer"},"suspicious_identifiers":{"description":"populated only in some endpoints","type":"array","items":{"type":"string"}},"informative_identifiers_count":{"type":"integer"},"informative_identifiers":{"description":"populated only in some endpoints","type":"array","items":{"type":"string"}},"parent":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/MitreAttckParent"}]}},"type":"object"}]},"Overview":{"properties":{"sha256":{"type":"string"},"last_file_name":{"type":"string"},"other_file_name":{"type":"array","items":{"type":"string"}},"threat_score":{"type":"integer","nullable":true},"verdict":{"type":"string"},"url_analysis":{"type":"boolean"},"size":{"type":"integer"},"type":{"type":"string"},"type_short":{"type":"array","items":{"type":"string"},"nullable":true},"analysis_start_time":{"type":"string","format":"date-time","nullable":true},"last_multi_scan":{"type":"string","format":"date-time","nullable":true},"tags":{"type":"array","items":{"type":"string"}},"architecture":{"type":"string"},"vx_family":{"type":"string","nullable":true},"multiscan_result":{"type":"integer","nullable":true},"scanners":{"description":"Deprecated, please use 'scanners_v2' instead. More information in 2.22 version changelog","type":"array","items":{"$ref":"#\/components\/schemas\/Scanner"},"deprecated":true},"scanners_v2":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/Scanners"}]},"submit_context":{"type":"array","items":{"type":"string"}},"related_parent_hashes":{"type":"array","items":{"type":"string"}},"related_children_hashes":{"type":"array","items":{"type":"string"}},"reports":{"type":"array","items":{"type":"string"}},"whitelisted":{"type":"boolean"},"children_in_queue":{"type":"integer"},"children_in_progress":{"type":"integer"},"related_reports":{"type":"array","items":{"$ref":"#\/components\/schemas\/SampleVerdict"}}},"type":"object"},"OverviewSummary":{"properties":{"sha256":{"type":"string","nullable":true},"threat_score":{"type":"integer","nullable":true},"verdict":{"type":"string","nullable":true},"analysis_start_time":{"type":"string","format":"date-time","nullable":true},"last_multi_scan":{"type":"string","format":"date-time","nullable":true},"multiscan_result":{"type":"integer","nullable":true}},"type":"object"},"Process":{"properties":{"uid":{"type":"string","nullable":true},"parentuid":{"type":"string","nullable":true},"name":{"type":"string","nullable":true},"normalized_path":{"type":"string","nullable":true},"command_line":{"type":"string","nullable":true},"sha256":{"type":"string","nullable":true},"av_label":{"type":"string","nullable":true},"av_matched":{"type":"integer","nullable":true},"av_total":{"type":"integer","nullable":true},"pid":{"description":"populated only in some endpoints","type":"string","nullable":true},"icon":{"description":"populated only in some endpoints","type":"string","format":"base64","nullable":true},"file_accesses":{"description":"populated only in some endpoints","type":"array","items":{"$ref":"#\/components\/schemas\/SampleAnalysisFileAccess"}},"created_files":{"description":"populated only in some endpoints","type":"array","items":{"$ref":"#\/components\/schemas\/SampleAnalysisCreatedFile"}},"registry":{"description":"populated only in some endpoints","type":"array","items":{"$ref":"#\/components\/schemas\/SampleAnalysisRegistryAccess"}},"mutants":{"description":"populated only in some endpoints","type":"array","items":{"type":"string"}},"handles":{"description":"populated only in some endpoints","type":"array","items":{"$ref":"#\/components\/schemas\/SampleAnalysisHandle"}},"streams":{"description":"populated only in some endpoints","type":"array","items":{"$ref":"#\/components\/schemas\/SampleAnalysisStream"}},"script_calls":{"description":"populated only in some endpoints","type":"array","items":{"$ref":"#\/components\/schemas\/SampleAnalysisScriptCall"}},"process_flags":{"description":"populated only in some endpoints","type":"array","items":{"$ref":"#\/components\/schemas\/ProcessFlag"}},"amsi_calls":{"description":"populated only in some endpoints","type":"array","items":{"$ref":"#\/components\/schemas\/AmsiCall"}},"modules":{"description":"populated only in some endpoints","type":"array","items":{"$ref":"#\/components\/schemas\/SampleAnalysisModule"}}},"type":"object"},"ProcessFlag":{"properties":{"name":{"type":"string"},"data":{"type":"string","nullable":true},"image":{"type":"string","format":"base64","deprecated":true}},"type":"object"},"QuickScan":{"properties":{"sha256":{"type":"string"},"scanners":{"description":"Deprecated, please use 'scanners_v2' instead. More information in 2.22 version changelog","type":"array","items":{"$ref":"#\/components\/schemas\/Scanner"}},"scanners_v2":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/Scanners"}]},"whitelist":{"type":"array","items":{"$ref":"#\/components\/schemas\/KeyBoolValue"},"nullable":true},"reports":{"type":"array","items":{"type":"string"},"nullable":true},"finished":{"type":"boolean"},"id":{"type":"string"}},"type":"object"},"QuickScanService":{"properties":{"name":{"type":"string"},"available":{"type":"boolean"},"description":{"type":"string"},"supported_types":{"type":"array","items":{"type":"string"}}},"type":"object"},"QuotaForType":{"properties":{"quota":{"$ref":"#\/components\/schemas\/QuotaValues"},"used":{"$ref":"#\/components\/schemas\/QuotaValues"},"available":{"$ref":"#\/components\/schemas\/QuotaValues"},"quota_reached":{"type":"boolean"}},"type":"object"},"QuotaOverall":{"properties":{"total":{"nullable":true,"deprecated":true,"oneOf":[{"$ref":"#\/components\/schemas\/QuotaForType"}]},"apikey":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/QuotaForType"}]},"quota_reached":{"type":"boolean"}},"type":"object"},"QuotaValues":{"properties":{"hour":{"type":"integer","nullable":true},"day":{"type":"integer","nullable":true},"week":{"type":"integer","nullable":true},"month":{"type":"integer","nullable":true},"year":{"type":"integer","nullable":true},"omega":{"type":"integer","nullable":true}},"type":"object"},"RecentComment":{"properties":{"sha256":{"type":"string"},"environment_id":{"type":"integer","nullable":true},"comment":{"type":"string"}},"type":"object"},"ReportAbuse":{"properties":{"sha256":{"type":"string"},"deleted_at":{"type":"string","format":"date-time","nullable":true}},"type":"object"},"ReportAbuseFeed":{"properties":{"number_of_results":{"type":"integer"},"number_of_pages":{"type":"integer"},"link_to_previous_page":{"type":"string","nullable":true},"link_to_next_page":{"type":"string","nullable":true},"falcon_mal_query_results":{"type":"array","items":{"$ref":"#\/components\/schemas\/ReportAbuse"}}},"type":"object"},"ReportAbuseNew":{"properties":{"id":{"type":"string"},"message":{"type":"string"}},"type":"object"},"SampleAnalysisCreatedFile":{"properties":{"file":{"type":"string"},"null_byte":{"type":"boolean"}},"type":"object"},"SampleAnalysisFileAccess":{"properties":{"type":{"type":"string"},"path":{"type":"string"},"mask":{"type":"string"}},"type":"object"},"SampleAnalysisHandle":{"properties":{"id":{"type":"integer"},"type":{"type":"string"},"path":{"type":"string"}},"type":"object"},"SampleAnalysisModule":{"properties":{"path":{"type":"string"},"base":{"type":"string"},"interesting":{"type":"boolean"}},"type":"object"},"SampleAnalysisRegistryAccess":{"properties":{"operation":{"type":"string","nullable":true},"path":{"type":"string","nullable":true},"key":{"type":"string","nullable":true},"value":{"type":"string","nullable":true},"status":{"type":"string","nullable":true},"status_human_readable":{"type":"string","nullable":true}},"type":"object"},"SampleAnalysisScriptCall":{"properties":{"cls_id":{"type":"string","nullable":true},"dispatch_id":{"type":"string","nullable":true},"status":{"type":"string","nullable":true},"result":{"type":"string","nullable":true},"parameters":{"type":"array","items":{"$ref":"#\/components\/schemas\/SampleAnalysisScriptCallParameter"}},"matched_malicious_signatures":{"type":"array","items":{"type":"string"}}},"type":"object"},"SampleAnalysisScriptCallParameter":{"properties":{"name":{"type":"string","nullable":true},"value":{"type":"string","nullable":true},"comment":{"type":"string","nullable":true},"argument_number":{"type":"integer","nullable":true},"meaning":{"type":"string","nullable":true}},"type":"object"},"SampleAnalysisStream":{"properties":{"uid":{"type":"string","nullable":true},"file_name":{"type":"string","nullable":true},"human_keywords":{"type":"string","nullable":true},"instructions":{"type":"array","items":{"type":"string"},"nullable":true},"executed":{"type":"boolean","nullable":true},"matched_signatures":{"type":"array","items":{"$ref":"#\/components\/schemas\/KeyStringValue"}}},"type":"object"},"SampleChildState":{"properties":{"report_id":{"type":"string","nullable":true},"state":{"type":"string","nullable":true},"error_type":{"type":"string","nullable":true},"error_origin":{"type":"string","nullable":true},"error":{"type":"string","nullable":true}},"type":"object"},"SampleDailyFeed":{"properties":{"job_id":{"type":"string","nullable":true},"md5":{"type":"string","nullable":true},"sha1":{"type":"string","nullable":true},"sha256":{"type":"string","nullable":true},"interesting":{"type":"boolean","nullable":true},"analysis_start_time":{"type":"string","format":"date-time","nullable":true},"threat_score":{"type":"integer","nullable":true},"threat_level":{"type":"integer","nullable":true},"threat_level_human":{"type":"string","nullable":true},"av_detect":{"type":"integer","nullable":true},"unknown":{"type":"boolean","nullable":true},"vx_family":{"type":"string","nullable":true},"tags":{"type":"array","items":{"type":"string"},"nullable":true},"submit_name":{"type":"string","nullable":true},"url_analysis":{"type":"boolean","nullable":true},"size":{"type":"integer","nullable":true},"type":{"type":"string","nullable":true},"et_alerts_total":{"type":"integer","nullable":true},"et_alerts_real_total":{"type":"integer","nullable":true},"domains":{"type":"array","items":{"type":"string"}},"domains_capped":{"type":"boolean","nullable":true},"hosts":{"type":"array","items":{"type":"string"}},"hosts_geolocation":{"type":"array","items":{"$ref":"#\/components\/schemas\/HostGeolocation"},"nullable":true},"hosts_capped":{"type":"boolean","nullable":true},"compromised_hosts":{"type":"array","items":{"type":"string"},"nullable":true},"et_alerts":{"type":"array","items":{"$ref":"#\/components\/schemas\/EtAlert"},"nullable":true},"environment_id":{"type":"integer","nullable":true},"environment_description":{"type":"string","nullable":true},"shared_analysis":{"type":"boolean","nullable":true},"reliable":{"type":"boolean","nullable":true},"report_url":{"type":"string","nullable":true},"vt_detect":{"type":"integer","nullable":true},"ms_detect":{"type":"integer","nullable":true},"associated_email_headers":{"type":"array","items":{"$ref":"#\/components\/schemas\/KeyStringValue"},"nullable":true},"indicators":{"type":"array","items":{"$ref":"#\/components\/schemas\/Indicator"},"nullable":true},"public_references":{"type":"array","items":{"type":"string"},"nullable":true},"processes":{"type":"array","items":{"$ref":"#\/components\/schemas\/Process"},"nullable":true},"extracted_files":{"type":"array","items":{"$ref":"#\/components\/schemas\/ExtractedFile"},"nullable":true},"ssdeep":{"type":"string","nullable":true}},"type":"object"},"SampleGone":{"properties":{"message":{"type":"string"},"related_id":{"type":"array","items":{"type":"string"}}},"type":"object"},"SampleScreenshot":{"properties":{"name":{"type":"string"},"image":{"type":"string","format":"base64"},"date":{"type":"string","format":"date-time"}},"type":"object"},"SampleSearch":{"properties":{"verdict":{"type":"string","nullable":true},"av_detect":{"type":"string","nullable":true},"threat_score":{"type":"integer","nullable":true},"vx_family":{"type":"string","nullable":true},"job_id":{"type":"string","nullable":true},"sha256":{"type":"string","nullable":true},"environment_id":{"type":"integer","nullable":true},"analysis_start_time":{"type":"string","format":"date-time","nullable":true},"submit_name":{"type":"string","nullable":true},"environment_description":{"type":"string","nullable":true},"size":{"type":"integer","nullable":true},"type":{"type":"string","nullable":true},"type_short":{"type":"string","nullable":true}},"type":"object"},"SampleState":{"properties":{"state":{"description":"state field in case of archive\/container:\n - If all children are IN_QUEUE, parent is IN_QUEUE\n - A child is processed, if the state is SUCCESS or ERROR\n - If at least one child is IN_PROGRESS, the parent is IN_PROGRESS\n - If all children are processed and have a mixed state, the parent is PARTIAL_SUCCESS\n - If all children are processed and have the same state, the parent shares the same state","type":"string"},"error_type":{"type":"string","nullable":true},"error_origin":{"type":"string","nullable":true},"error":{"type":"string","nullable":true},"related_reports":{"type":"array","items":{"$ref":"#\/components\/schemas\/SampleVerdict"}}},"type":"object"},"SampleStateQuery":{"type":"object","allOf":[{"$ref":"#\/components\/schemas\/SampleState"},{"properties":{"query":{"type":"string"},"job_id":{"type":"string","nullable":true},"sha256":{"type":"string","nullable":true},"environment_id":{"type":"integer","nullable":true},"state":{"description":"state field in case of archive\/container:\n - If all children are IN_QUEUE, parent is IN_QUEUE\n - A child is processed, if the state is SUCCESS or ERROR\n - If at least one child is IN_PROGRESS, the parent is IN_PROGRESS\n - If all children are processed and have a mixed state, the parent is PARTIAL_SUCCESS\n - If all children are processed and have the same state, the parent shares the same state","type":"string"},"error_type":{"type":"string","nullable":true},"error_origin":{"type":"string","nullable":true},"error":{"type":"string","nullable":true},"related_reports":{"type":"array","items":{"$ref":"#\/components\/schemas\/SampleVerdict"}}},"type":"object"}]},"SampleSummary":{"properties":{"job_id":{"type":"string","nullable":true},"environment_id":{"type":"integer","nullable":true},"environment_description":{"type":"string","nullable":true},"size":{"type":"integer","nullable":true},"type":{"type":"string","nullable":true},"type_short":{"type":"array","items":{"type":"string"},"nullable":true},"target_url":{"type":"string","nullable":true},"state":{"type":"string","nullable":true},"error_type":{"type":"string","nullable":true},"error_origin":{"type":"string","nullable":true},"submit_name":{"type":"string","nullable":true},"md5":{"type":"string","nullable":true},"sha1":{"type":"string","nullable":true},"sha256":{"type":"string","nullable":true},"sha512":{"type":"string","nullable":true},"ssdeep":{"type":"string","nullable":true},"imphash":{"type":"string","nullable":true},"entrypoint":{"type":"string","nullable":true},"entrypoint_section":{"type":"string","nullable":true},"image_base":{"type":"string","nullable":true},"subsystem":{"type":"string","nullable":true},"image_file_characteristics":{"type":"array","items":{"type":"string"}},"dll_characteristics":{"type":"array","items":{"type":"string"}},"major_os_version":{"type":"integer","nullable":true},"minor_os_version":{"type":"integer","nullable":true},"av_detect":{"type":"integer","nullable":true},"vx_family":{"type":"string","nullable":true},"url_analysis":{"type":"boolean","nullable":true},"analysis_start_time":{"type":"string","format":"date-time","nullable":true},"threat_score":{"type":"integer","nullable":true},"interesting":{"type":"boolean","nullable":true},"threat_level":{"type":"integer","nullable":true},"verdict":{"type":"string","nullable":true},"certificates":{"type":"array","items":{"$ref":"#\/components\/schemas\/Certificate"}},"is_certificates_valid":{"type":"boolean","nullable":true},"certificates_validation_message":{"type":"string","nullable":true},"domains":{"type":"array","items":{"type":"string"}},"compromised_hosts":{"type":"array","items":{"type":"string"}},"hosts":{"type":"array","items":{"type":"string"}},"total_network_connections":{"type":"integer","nullable":true},"total_processes":{"type":"integer","nullable":true},"total_signatures":{"type":"integer","nullable":true},"extracted_files":{"type":"array","items":{"$ref":"#\/components\/schemas\/ExtractedFile"}},"file_metadata":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/FileMetadata"}]},"processes":{"type":"array","items":{"$ref":"#\/components\/schemas\/Process"}},"mitre_attcks":{"type":"array","items":{"$ref":"#\/components\/schemas\/MitreAttckSignature"}},"network_mode":{"type":"string"},"signatures":{"type":"array","items":{"$ref":"#\/components\/schemas\/Signature"}},"classification_tags":{"type":"array","items":{"type":"string"}},"tags":{"type":"array","items":{"type":"string"}},"submissions":{"description":"Contains latest twenty elements","type":"array","items":{"$ref":"#\/components\/schemas\/Submission"}},"machine_learning_models":{"description":"This values are populated only in summary endpoint, in search responses this will always be empty","type":"array","items":{"$ref":"#\/components\/schemas\/MachineLearningModel"}},"crowdstrike_ai":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/CrowdStrikeAi"}]}},"type":"object"},"SampleTermsSearch":{"properties":{"search_terms":{"type":"array","items":{"$ref":"#\/components\/schemas\/KeyStringValue"}},"count":{"type":"integer"},"result":{"type":"array","items":{"$ref":"#\/components\/schemas\/SampleSearch"}}},"type":"object"},"SampleVerdict":{"properties":{"job_id":{"type":"string","nullable":true},"environment_id":{"type":"integer","nullable":true},"state":{"type":"string","nullable":true},"error_type":{"type":"string","nullable":true},"error_origin":{"type":"string","nullable":true},"sha256":{"type":"string","nullable":true},"verdict":{"type":"string","nullable":true}},"type":"object"},"ScanBforeAi":{"properties":{"name":{"type":"string"},"status":{"type":"string"},"error_message":{"type":"string","nullable":true},"progress":{"type":"integer"},"percent":{"type":"integer","nullable":true}},"type":"object"},"ScanCleanDns":{"properties":{"name":{"type":"string"},"status":{"type":"string"},"error_message":{"type":"string","nullable":true},"progress":{"type":"integer"},"reports_count":{"type":"integer","nullable":true},"reports":{"type":"array","items":{"$ref":"#\/components\/schemas\/CleanDnsReport"}}},"type":"object"},"ScanCrowdStrikeMl":{"properties":{"name":{"type":"string"},"status":{"type":"string"},"error_message":{"type":"string","nullable":true},"progress":{"type":"integer"},"percent":{"type":"integer","nullable":true},"anti_virus_results":{"description":"populated for default privileges or higher","type":"array","items":{"$ref":"#\/components\/schemas\/AntiVirusResult"}}},"type":"object"},"ScanMetadefender":{"properties":{"name":{"type":"string"},"status":{"type":"string"},"error_message":{"type":"string","nullable":true},"progress":{"type":"integer"},"total":{"type":"integer","nullable":true},"positives":{"type":"integer","nullable":true},"percent":{"type":"integer","nullable":true},"anti_virus_results":{"description":"populated only for default privileges or higher","type":"array","items":{"$ref":"#\/components\/schemas\/AntiVirusResult"}}},"type":"object"},"ScanScamAdviser":{"properties":{"name":{"type":"string"},"status":{"type":"string"},"error_message":{"type":"string","nullable":true},"progress":{"type":"integer"},"percent":{"type":"integer","nullable":true}},"type":"object"},"ScanUrlScanIo":{"properties":{"name":{"type":"string"},"status":{"type":"string"},"error_message":{"type":"string","nullable":true},"progress":{"type":"integer"},"percent":{"type":"integer","nullable":true}},"type":"object"},"ScanVirusTotal":{"properties":{"name":{"type":"string"},"status":{"type":"string"},"error_message":{"type":"string","nullable":true},"progress":{"type":"integer"},"total":{"type":"integer","nullable":true},"positives":{"type":"integer","nullable":true},"percent":{"type":"integer","nullable":true}},"type":"object"},"Scanner":{"properties":{"name":{"type":"string"},"status":{"type":"string"},"error_message":{"type":"string","nullable":true},"progress":{"type":"integer"},"total":{"type":"integer","nullable":true},"positives":{"type":"integer","nullable":true},"percent":{"type":"integer","nullable":true},"anti_virus_results":{"description":"populated in some endpoints and only for default privileges or higher","type":"array","items":{"$ref":"#\/components\/schemas\/AntiVirusResult"}}},"type":"object"},"Scanners":{"properties":{"crowdstrike_ml":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/ScanCrowdStrikeMl"}]},"metadefender":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/ScanMetadefender"}]},"virustotal":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/ScanVirusTotal"}]},"urlscan_io":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/ScanUrlScanIo"}]},"scam_adviser":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/ScanScamAdviser"}]},"clean_dns":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/ScanCleanDns"}]},"bfore_ai":{"nullable":true,"oneOf":[{"$ref":"#\/components\/schemas\/ScanBforeAi"}]}},"type":"object"},"Signature":{"properties":{"threat_level":{"type":"integer","nullable":true},"threat_level_human":{"type":"string","nullable":true},"category":{"type":"string","nullable":true},"identifier":{"type":"string","nullable":true},"type":{"type":"integer","nullable":true},"relevance":{"type":"integer","nullable":true},"name":{"type":"string","nullable":true},"description":{"type":"string","nullable":true},"origin":{"type":"string","nullable":true},"attck_id":{"type":"string","nullable":true},"capec_id":{"type":"string","nullable":true},"attck_id_wiki":{"type":"string","nullable":true}},"type":"object"},"Submission":{"properties":{"submission_id":{"type":"string","nullable":true},"filename":{"type":"string","nullable":true},"url":{"type":"string","nullable":true},"created_at":{"type":"string","format":"date-time","nullable":true}},"type":"object"},"SubmissionQuota":{"properties":{"detonation":{"$ref":"#\/components\/schemas\/QuotaOverall"},"quick_scan":{"$ref":"#\/components\/schemas\/QuotaOverall"}},"type":"object"},"SubmissionStatus":{"properties":{"job_id":{"type":"string","nullable":true},"submission_id":{"type":"string","nullable":true},"environment_id":{"type":"integer","nullable":true},"sha256":{"type":"string","nullable":true}},"type":"object"},"SystemStats":{"properties":{"total_submissions":{"type":"integer"},"total_samples":{"type":"integer"},"interesting_files_size":{"type":"integer"},"interesting_files":{"type":"array","items":{"$ref":"#\/components\/schemas\/InterestingFiles"}},"malicious_reports_size":{"type":"integer"},"malicious_reports":{"type":"array","items":{"$ref":"#\/components\/schemas\/MaliciousReport"}},"file_type_distribution_size":{"type":"integer"},"file_type_distribution":{"type":"array","items":{"$ref":"#\/components\/schemas\/KeyIntValue"}},"environment_id_distribution_size":{"type":"integer"},"environment_id_distribution":{"type":"array","items":{"$ref":"#\/components\/schemas\/KeyIntValue"}},"tags_distribution_size":{"type":"integer"},"tags_distribution":{"type":"array","items":{"$ref":"#\/components\/schemas\/KeyIntValue"}},"recent_comments":{"type":"array","items":{"$ref":"#\/components\/schemas\/RecentComment"}},"behaviour_indicators":{"type":"integer"},"total_yara_rules":{"type":"integer"}},"type":"object"},"UrlSubmissionStatus":{"type":"object","allOf":[{"$ref":"#\/components\/schemas\/SubmissionStatus"},{"properties":{"submission_type":{"type":"string","nullable":true}},"type":"object"}]},"User":{"properties":{"id":{"type":"string"},"email":{"type":"string"},"name":{"type":"string"}},"type":"object"}},"securitySchemes":{"api_key":{"type":"apiKey","name":"api-key","in":"header"}}},"tags":[{"name":"Search"},{"name":"Quick Scan"},{"name":"File Collection"},{"name":"Analysis Overview"},{"name":"Sandbox Submission"},{"name":"Sandbox Report"},{"name":"System"},{"name":"Key"},{"name":"Feed"}]}