![PyPI](https://img.shields.io/pypi/v/intezer_sdk)
![Build](https://github.com/intezer/analyze-python-sdk/actions/workflows/test.yml/badge.svg)
# Intezer SDK
The SDK wraps Intezer Analyze API 2.0 ([View full API documentation](https://analyze.intezer.com/api-docs.html))
Currently, the following options are available in the SDK:
- Analyze by file
- Analyze by SHA256
- Analyze Url
- Index by file
- Index by SHA256
- Get Latest Analysis
- Account and file related samples
- Code reuse and Metadata
- IOCs, Dynamic TTPs and Capabilities
- Strings related samples
- Search a family
- Ingest an alert from any source
- Ingest a raw email alert (.msg or .eml file)
## Installation
```bash
pip install intezer-sdk
```
## Using Intezer SDK
### Set global api key
Before using the SDK functionality we should set the api key:
```python
api.set_global_api('<api_key>')
```
### Analyze By File
```python
analysis = FileAnalysis(file_path=<file_path>,
dynamic_unpacking=<force_dynamic_unpacking>, # optional
static_unpacking=<force_static_unpacking>) # optional
analysis.send(wait=True)
result = analysis.result()
```
### Analyze By SHA256
```python
analysis = FileAnalysis(file_hash=<file_sha256>)
analysis.send(wait=True)
result = analysis.result()
```
### File Analysis result example
```python
{
'analysis_id': '00000000-0000-0000-0000-000000000000',
'analysis_time': 'Sun, 04 Aug 2019 09:38:16 GMT',
'analysis_url': 'https://analyze.intezer.com/#/analyses/00000000-0000-0000-0000-000000000000',
'family_name': 'Ramnit',
'is_private': True,
'sha256': '4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356',
'sub_verdict': 'malicious',
'verdict': 'malicious'
}
```
### Analyze Url
```python
analysis = UrlAnalysis(url=<url>)
analysis.send(wait=True)
result = analysis.result()
```
### Url Analysis result example
```python
{
'analysis_id': '70d09f68-c7a3-43a3-a8de-07ec31fbf4ed',
'domain_info': {
'creation_date': '1997-08-13 04:00:00.000000',
'domain_name': 'foo.com',
'registrar': 'TUCOWS, INC.'
},
'indicators': [
{
'classification': 'informative',
'text': 'URL is accessible'
},
{
'classification': 'informative',
'text': 'Assigned IPv4 domain'
},
{
'classification': 'informative',
'text': 'Vaild IPv4 domain'
}
],
'ip': '34.206.39.153',
'redirect_chain': [
{
'response_status': 301,
'url': 'https://foo.com/'
},
{
'response_status': 200,
'url': 'http://www.foo.com/'
}
],
'scanned_url': 'http://www.foo.com/',
'submitted_url': 'foo.com',
'downloaded_file': {
'analysis_id': '8db9a401-a142-41be-9a31-8e5f3642db62',
'analysis_summary': {
'verdict_description': 'This file contains code from malicious software, therefore it's very likely that it's malicious.',
'verdict_name': 'malicious',
'verdict_title': 'Malicious',
'verdict_type': 'malicious'
},
'sha256': '4293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7'
},
'summary': {
'description': 'No suspicious activity was detected for this URL',
'title': 'No Threats',
'verdict_name': 'no_threats',
'verdict_type': 'no_threats'
}
}
```
### Index By File
```python
from intezer_sdk import consts
index = Index(file_path=<file_path>,
index_as=consts.IndexType.MALICIOUS,
family_name=<family_name>)
index.send(wait=True)
index_id = index.index_id
```
### Index By SHA256
```python
from intezer_sdk import consts
index = Index(sha256=<file_sha256>,
index_as=consts.IndexType.TRUSTED)
index.send(wait=True)
index_id = index.index_id
```
### Get Latest File Analysis
```python
analysis = FileAnalysis.from_latest_hash_analysis(file_hash: <file_sha256>)
result = analysis.result()
```
### Get Sub Analyses
#### Root File Analysis
```python
root_analysis = analysis.get_root_analysis()
```
#### Sub Analyses
```python
sub_analyses = analysis.get_sub_analyses()
```
#### Code Reuse and Metadata
```python
root_analysis_code_reuse = root_analysis.code_reuse
root_analysis_metadata = root_analysis.metadata
for sub_analysis in sub_analyses:
sub_analyses_code_reuse = sub_analysis.code_reuse
sub_analyses_metadata = sub_analysis.metadata
```
#### Related Files by Family
```python
root_analysis_code_reuse = root_analysis.code_reuse
for family in root_analysis_code_reuse['families']:
operation = root_analysis.find_related_files(family['family_id'], wait=True)
related_files = operation.get_result()
```
#### Account Related Samples
```python
operation = root_analysis.get_account_related_samples()
related_samples = operation.get_result()
```
#### Vaccine
```python
operation = root_analysis.generate_vaccine()
vaccine = operation.get_result()
```
#### Strings related samples
```python
operation = root_analysis.get_string_related_samples('string_to_relate_to', wait=True)
string_related_samples = operation.get_result()
```
#### Wait with timeout
```python
analysis = FileAnalysis(file_hash=<file_sha256>)
analysis.send(wait=True, wait_timeout=datetime.timedelta(minutes=1))
```
#### Analyses History
- File
```python
history_results = query_file_analyses_history(
start_date = <datetime>,
end_date= <datetime>,
api = <IntezerApi>
aggregated_view: <bool>,
sources=<source>
verdicts=<verdicts>,
file_hash=<file_hash>,
family_names=<family_names>,
file_name=<file_name>
)
for analyse in history_results:
print(analyse)
```
- URL
```python
history_results = query_url_analyses_history(
start_date = <datetime>,
end_date=<datetime>,
aggregated_view=<bool>,
sources=<sources>,
verdicts=<verdicts>,
)
for analyse in history_results:
print(analyse)
```
- End Point
```python
history_results = query_endpoint_analyses_history(
start_date = <datetime>,
end_date=<datetime>,
aggregated_view=<bool>,
sources=<sources>,
verdicts=<verdicts>,
sub_verdicts=<verdicts>,
did_download_file=<bool>,
submitted_url=<submitted_url>
)
for analyse in history_results:
print(analyse)
```
### Alerts
#### Get alert by id
```python
alert = Alert.from_id(alert_id=alert_id,
fetch_scans=False,
wait=False)
```
#### Alerts History
```python
history_results = query_file_analyses_history(
api = <IntezerApi>,
**filters
)
for analyse in history_results:
print(analyse)
```
## Code examples
You can find more code examples under [analyze-python-sdk/examples/](https://github.com/intezer/analyze-python-sdk/tree/master/examples) directory
Raw data
{
"_id": null,
"home_page": "https://github.com/intezer/analyze-python-sdk",
"name": "intezer-sdk",
"maintainer": null,
"docs_url": null,
"requires_python": "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,!=3.7.*",
"maintainer_email": null,
"keywords": "intezer",
"author": "Intezer Labs ltd.",
"author_email": "info@intezer.com",
"download_url": "https://files.pythonhosted.org/packages/d9/d4/c9be42bc3535e29885f4acf0ef2f7a315f3a768adf3ebf8624682efbc3fb/intezer_sdk-1.21.tar.gz",
"platform": null,
"description": "![PyPI](https://img.shields.io/pypi/v/intezer_sdk)\n![Build](https://github.com/intezer/analyze-python-sdk/actions/workflows/test.yml/badge.svg)\n# Intezer SDK\n\nThe SDK wraps Intezer Analyze API 2.0 ([View full API documentation](https://analyze.intezer.com/api-docs.html))\n\nCurrently, the following options are available in the SDK:\n\n- Analyze by file\n- Analyze by SHA256\n- Analyze Url\n- Index by file\n- Index by SHA256\n- Get Latest Analysis\n- Account and file related samples\n- Code reuse and Metadata\n- IOCs, Dynamic TTPs and Capabilities\n- Strings related samples\n- Search a family\n- Ingest an alert from any source\n- Ingest a raw email alert (.msg or .eml file)\n\n## Installation\n\n```bash\npip install intezer-sdk\n```\n\n## Using Intezer SDK\n### Set global api key\nBefore using the SDK functionality we should set the api key:\n```python\n api.set_global_api('<api_key>')\n```\n\n### Analyze By File\n```python\nanalysis = FileAnalysis(file_path=<file_path>,\n dynamic_unpacking=<force_dynamic_unpacking>, # optional\n static_unpacking=<force_static_unpacking>) # optional\nanalysis.send(wait=True) \nresult = analysis.result()\n```\n### Analyze By SHA256\n```python\nanalysis = FileAnalysis(file_hash=<file_sha256>)\nanalysis.send(wait=True)\nresult = analysis.result()\n```\n\n### File Analysis result example\n```python\n{\n 'analysis_id': '00000000-0000-0000-0000-000000000000', \n 'analysis_time': 'Sun, 04 Aug 2019 09:38:16 GMT', \n 'analysis_url': 'https://analyze.intezer.com/#/analyses/00000000-0000-0000-0000-000000000000', \n 'family_name': 'Ramnit', \n 'is_private': True, \n 'sha256': '4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356', \n 'sub_verdict': 'malicious', \n 'verdict': 'malicious'\n}\n```\n### Analyze Url\n```python\nanalysis = UrlAnalysis(url=<url>)\nanalysis.send(wait=True)\nresult = analysis.result()\n```\n### Url Analysis result example\n```python\n{\n 'analysis_id': '70d09f68-c7a3-43a3-a8de-07ec31fbf4ed',\n 'domain_info': {\n 'creation_date': '1997-08-13 04:00:00.000000',\n 'domain_name': 'foo.com',\n 'registrar': 'TUCOWS, INC.'\n },\n 'indicators': [\n {\n 'classification': 'informative',\n 'text': 'URL is accessible'\n },\n {\n 'classification': 'informative',\n 'text': 'Assigned IPv4 domain'\n },\n {\n 'classification': 'informative',\n 'text': 'Vaild IPv4 domain'\n }\n ],\n 'ip': '34.206.39.153',\n 'redirect_chain': [\n {\n 'response_status': 301,\n 'url': 'https://foo.com/'\n },\n {\n 'response_status': 200,\n 'url': 'http://www.foo.com/'\n }\n ],\n 'scanned_url': 'http://www.foo.com/',\n 'submitted_url': 'foo.com',\n 'downloaded_file': {\n 'analysis_id': '8db9a401-a142-41be-9a31-8e5f3642db62',\n 'analysis_summary': {\n 'verdict_description': 'This file contains code from malicious software, therefore it's very likely that it's malicious.',\n 'verdict_name': 'malicious',\n 'verdict_title': 'Malicious',\n 'verdict_type': 'malicious'\n },\n 'sha256': '4293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7'\n },\n 'summary': {\n 'description': 'No suspicious activity was detected for this URL',\n 'title': 'No Threats',\n 'verdict_name': 'no_threats',\n 'verdict_type': 'no_threats'\n }\n}\n```\n### Index By File\n```python\nfrom intezer_sdk import consts\n\nindex = Index(file_path=<file_path>, \n index_as=consts.IndexType.MALICIOUS, \n family_name=<family_name>)\nindex.send(wait=True)\nindex_id = index.index_id\n```\n### Index By SHA256\n```python\nfrom intezer_sdk import consts\n\nindex = Index(sha256=<file_sha256>, \n index_as=consts.IndexType.TRUSTED)\nindex.send(wait=True)\nindex_id = index.index_id\n```\n\n### Get Latest File Analysis\n```python\nanalysis = FileAnalysis.from_latest_hash_analysis(file_hash: <file_sha256>)\nresult = analysis.result()\n```\n\n### Get Sub Analyses\n#### Root File Analysis\n```python\nroot_analysis = analysis.get_root_analysis()\n```\n#### Sub Analyses\n```python\nsub_analyses = analysis.get_sub_analyses()\n```\n#### Code Reuse and Metadata\n```python\nroot_analysis_code_reuse = root_analysis.code_reuse\nroot_analysis_metadata = root_analysis.metadata\n\nfor sub_analysis in sub_analyses:\n sub_analyses_code_reuse = sub_analysis.code_reuse\n sub_analyses_metadata = sub_analysis.metadata\n```\n#### Related Files by Family\n```python\nroot_analysis_code_reuse = root_analysis.code_reuse\n\nfor family in root_analysis_code_reuse['families']:\n operation = root_analysis.find_related_files(family['family_id'], wait=True)\n related_files = operation.get_result()\n```\n#### Account Related Samples\n```python\noperation = root_analysis.get_account_related_samples()\nrelated_samples = operation.get_result()\n```\n#### Vaccine\n```python\noperation = root_analysis.generate_vaccine()\nvaccine = operation.get_result()\n```\n\n#### Strings related samples\n```python\noperation = root_analysis.get_string_related_samples('string_to_relate_to', wait=True)\nstring_related_samples = operation.get_result()\n```\n\n#### Wait with timeout\n```python\nanalysis = FileAnalysis(file_hash=<file_sha256>)\nanalysis.send(wait=True, wait_timeout=datetime.timedelta(minutes=1))\n```\n\n#### Analyses History\n - File\n\n```python\nhistory_results = query_file_analyses_history(\n start_date = <datetime>,\n end_date= <datetime>,\n api = <IntezerApi>\n aggregated_view: <bool>,\n sources=<source>\n verdicts=<verdicts>,\n file_hash=<file_hash>,\n family_names=<family_names>,\n file_name=<file_name>\n)\nfor analyse in history_results:\n print(analyse)\n```\n - URL\n```python\nhistory_results = query_url_analyses_history(\n start_date = <datetime>,\n end_date=<datetime>,\n aggregated_view=<bool>,\n sources=<sources>,\n verdicts=<verdicts>,\n)\nfor analyse in history_results:\n print(analyse)\n```\n - End Point\n```python\nhistory_results = query_endpoint_analyses_history(\n start_date = <datetime>,\n end_date=<datetime>,\n aggregated_view=<bool>,\n sources=<sources>,\n verdicts=<verdicts>,\n sub_verdicts=<verdicts>,\n did_download_file=<bool>,\n submitted_url=<submitted_url>\n)\nfor analyse in history_results:\n print(analyse)\n```\n\n### Alerts\n#### Get alert by id\n```python\nalert = Alert.from_id(alert_id=alert_id,\n fetch_scans=False,\n wait=False)\n```\n\n#### Alerts History\n\n```python\nhistory_results = query_file_analyses_history(\n api = <IntezerApi>,\n **filters\n)\nfor analyse in history_results:\n print(analyse)\n```\n\n## Code examples\nYou can find more code examples under [analyze-python-sdk/examples/](https://github.com/intezer/analyze-python-sdk/tree/master/examples) directory \n\n",
"bugtrack_url": null,
"license": "Apache 2.0",
"summary": "Intezer Analyze SDK",
"version": "1.21",
"project_urls": {
"Homepage": "https://github.com/intezer/analyze-python-sdk"
},
"split_keywords": [
"intezer"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "a6d7cf30785b659e75f3125bcbc7e1e30260636816e6efe863b3b67f1f801e0c",
"md5": "5ca7fd01208f5f582cc924d1bc77db6f",
"sha256": "b0785aa3ddd171ff85202e0d9c466ccd8175448d7e06a89b6ee05987eb0755f7"
},
"downloads": -1,
"filename": "intezer_sdk-1.21-py3-none-any.whl",
"has_sig": false,
"md5_digest": "5ca7fd01208f5f582cc924d1bc77db6f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,!=3.7.*",
"size": 50058,
"upload_time": "2024-05-08T12:29:52",
"upload_time_iso_8601": "2024-05-08T12:29:52.690403Z",
"url": "https://files.pythonhosted.org/packages/a6/d7/cf30785b659e75f3125bcbc7e1e30260636816e6efe863b3b67f1f801e0c/intezer_sdk-1.21-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "d9d4c9be42bc3535e29885f4acf0ef2f7a315f3a768adf3ebf8624682efbc3fb",
"md5": "8e8f959cd8dd1a49dc53727c3f0cc125",
"sha256": "dd20f6d6a95066d39ea5019707455c630d87e049ace4e5f0f9ebe772c5c8954a"
},
"downloads": -1,
"filename": "intezer_sdk-1.21.tar.gz",
"has_sig": false,
"md5_digest": "8e8f959cd8dd1a49dc53727c3f0cc125",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,!=3.7.*",
"size": 43432,
"upload_time": "2024-05-08T12:29:55",
"upload_time_iso_8601": "2024-05-08T12:29:55.086071Z",
"url": "https://files.pythonhosted.org/packages/d9/d4/c9be42bc3535e29885f4acf0ef2f7a315f3a768adf3ebf8624682efbc3fb/intezer_sdk-1.21.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-05-08 12:29:55",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "intezer",
"github_project": "analyze-python-sdk",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"test_requirements": [],
"lcname": "intezer-sdk"
}