palo alto networks的wildfire api的python模块
pyldfire的Python项目详细描述
用于Palo Alto Networks` WildFire API
的python模块Copyright 2016 Sean Whalen Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
功能
- python 2和3支持
- 返回本机python对象
- 引发有关API错误的异常,并显示错误详细信息
- 支持HTTPS代理和SSL/TLS验证
- 支持WildFire云或设备
- 支持所有WildFire 7.1 API调用
- 上载示例文件和URL
- 得到裁决
- 获取PDF或字典格式的完整报告
- 获取样本
- 获取PCAP
- 获取恶意软件测试文件
示例
from pprint import PrettyPrinter from io import BytesIO from pyldfire import WildFire printer = PrettyPrinter(indent=2) wildfire = WildFire("api-key-goes-here") # Submit a local file with open("malware", "rb") as sample_file: results = wildfire.submit_file(sample_file) printer.pprint(results) # File Hashes can be MD5,SHA1, or SHA256 file_hash = "419251150a2f77422efa1e016d605d69" # Download a sample to a file with open("sample", "wb") as sample_file: sample_file.write(wildfire.get_sample(file_hash)) # Or keep it as a file-like object in memory instead sample = BytesIO(wildfire.get_sample(file_hash)) # Same for PCAPs and PDF reports # Get a verdict verdict = wildfire.get_verdicts([file_hash]) # Get analysis results results = wildfire.get_report(file_hash) # Test your firewall wildfire.get_malware_test_file()
pyldfire.wildfire方法
__init__(self, api_key, host='wildfire.paloaltonetworks.com', proxies=None, verify=True)
初始化WildFire类
Args: api_key (str): A WildFire API Key host (str): The hostname of the WildFire service or appliance proxies (dict): An optional dictionary containing proxy data, with https as the key, and the proxy path as the value verify (bool): Verify the certificate verify (str): A path to a CA cert bundle
get_malware_test_file(self)
获取一个唯一的良性恶意软件测试文件,该文件将在 Palo Alto Networks的防火墙
Returns: bytes: A malware test file
get_pcap(self, file_hash, platform=None)
从样本分析中获取PCAP
Args: file_hash (str): A hash of a sample platform (int): One of the following integers: 1: Windows XP, Adobe Reader 9.3.3, Office 2003 2: Windows XP, Adobe Reader 9.4.0, Flash 10, Office 2007 3: Windows XP, Adobe Reader 11, Flash 11, Office 2010 4: Windows 7 32-bit, Adobe Reader 11, Flash 11, Office 2010 5: Windows 7 64bit, Adobe Reader 11, Flash 11, Office 2010 50: Mac OS X Mountain Lion 201: Android 2.3, API 10, avd2.3. Returns: bytes: The PCAP Raises: WildFireException: If an API error occurs
get_pdf_report(self, file_hash)
以PDF格式获取分析结果
Args: file_hash: A hash of a sample of a file Returns: bytes: The PDF Raises: WildFireException: If an API error occurs
get_report(self, file_hash)
将分析结果作为结构化数据获取
Args: file_hash (str): A hash of a sample Returns: dict: Analysis results Raises: WildFireException: If an API error occurs
get_sample(self, file_hash)
获取示例文件
Args: file_hash (str): A hash of a sample Returns: bytes: The sample Raises: WildFireException: If an API error occurs
get_verdicts(self, file_hashes)
获取一个或多个样本的结果
Args: file_hashes (list): A list of file hash strings file_hashes (str): A single file hash Returns: str: If a single file hash is passed, a string containing the verdict list: If multiple hashes a passed, a list of corresponding list of verdict strings Possible values: 'Benign' 'Malware' 'Greyware' 'Pending` 'Error' 'Not found` Raises: WildFireException: If an API error occurs
submit_file(self, file_obj, filename="sample")
将文件提交给Wildfire进行分析
Args: file_obj (file): The file to send filename (str): An optional filename Returns: dict: Analysis results Raises: WildFireException: If an API error occurs
submit_remote_file(self, url)
从远程URL提交文件进行分析
Args: url (str): The URL where the file is located Returns: dict: Analysis results Raises: WildFireException: If an API error occurs Notes: This is for submitting files located at remote URLs, not web pages. See Also: submit_urls(self, urls)
submit_urls(self, urls)
将一个或多个URL提交到网页进行分析
Args: urls (str): A single URL urls (list): A list of URLs Returns: dict: If a single URL is passed, a dictionary of analysis results list: If multiple URLs are passed, a list of corresponding dictionaries containing analysis results Raises: WildFireException: If an API error occurs