# ReversingLabs SDK
The official Python SDK for using ReversingLabs services.
The idea behind this SDK is to enable easier out-of-the-box development of software integrations and automation services that need to interact with ReversingLabs.
The SDK consists of several modules, where each module represents either one ReversingLabs service, ReversingLabs appliance or the ReversingLabs TitaniumCloud.
> **ReversingLabs SDK Cookbook**
For a simple and comprehensive guide on how to start using the ReversingLabs SDK, visit the [ReversingLabs SDK Cookbook](https://github.com/reversinglabs/reversinglabs-sdk-cookbook)
> and explore the provided steps and examples.
## Module: a1000
A Python module representing the ReversingLabs A1000 malware analysis platform.
#### Class:
```python
class A1000(object):
def __init__(self, host, username, password, token, fields_v2, ticore_fields, wait_time_seconds, retries, verify, proxies, user_agent):
```
#### Parameters:
`host` - A1000 address
`username` - A1000 username
`password` - A1000 password
`token` - A1000 user token for the REST API
`fields_v2` - optional fields that will be returned in the analysis report
`ticore_fields` - optional fields that will be returned in the report from the TitaniumScale endpoint
`wait_time_seconds` - wait time between each report fetching retry
`retries` - number of report fetching retries
`verify` - verify SSL certificate
`proxies` - optional proxies in use
`user_agent` - optional user agent string
> *NOTE!*
The default means of authorization on the ReversingLabs A1000 REST API is the token.
If username and password are used instead, a token fetching request will be done so the token can be used in further actions without the user explicitly providing the token.
#### Class methods:
- `configuration_dump`
- Returns the configuration of the instantiated A1000 object
- `test_connection`
- Creates a request towards the A1000 Check Status API to test the connection with A1000
- `upload_sample_from_path`
- Accepts a file path string and returns a response containing the analysis task ID
- `upload_sample_from_file`
- Accepts a file open in 'rb' mode and returns a response containing the analysis task ID
- `submit_url_for_analysis`
- Sends a URL for analysis on A1000.
- `check_submitted_url_status`
- Accepts a task id returned by upload_sample_from_url and returns a response containing processing status and
report if the report is ready
- `file_analysis_status`
- Accepts a list of file hashes and returns their analysis completion information.
- `get_submitted_url_report`
- Accepts a task ID returned by upload_sample_from_url and returns a response
- This method utilizes the set number of retries and wait time in seconds to time
out if the analysis results are not ready
- `submit_url_for_analysis_and_get_report`
- Sends a URL for analysis on A1000.
- The result fetching action of this method utilizes the set number of retries and wait time in seconds to time
out if the analysis results are not ready
- `get_summary_report_v2`
- Accepts a single hash or a list of hashes and returns JSON containing a summary report for each of them
- This method utilizes the set number of retries and wait time in seconds to time
out if the analysis results are not ready
- `upload_sample_and_get_summary_report_v2`
- Accepts either a file path string or an open file in 'rb' mode for file upload and returns a summary analysis
report response
- This method combines uploading a sample and obtaining the summary analysis report
- The result fetching action of this method utilizes the set number of retries and wait time in seconds to time
out if the analysis results are not ready
- `get_detailed_report_v2`
- Accepts a single hash or a list of hashes and returns a detailed analysis report for the selected samples
- This method utilizes the set number of retries and wait time in seconds and times out if the
analysis results are not ready
- `upload_sample_and_get_detailed_report_v2`
- Accepts either a file path string or an open file in 'rb' mode for file upload and returns a detailed
analysis report response.
- This method combines uploading a sample and obtaining the detailed analysis report.
- Additional fields can be provided.
- The result fetching action of this method utilizes the set number of retries and wait time in seconds to time
out if the analysis results are not ready.
- `get_classification_v3`
- Get classification for one sample
- `reanalyze_samples_v2`
- Accepts a single hash or a list of hashes of various types and reanalyzes the corresponding sample(s)
- This method can be used for reanalyzing a single sample or a batch of samples, depending on the data type
passed
- `list_extracted_files_v2`
- Get a list of all files TitaniumCore engine extracted from the requested sample during static analysis
- `list_extracted_files_v2_aggregated`
- Get a list of all files TitaniumCore engine extracted from the requested sample during static analysis
- Paging is done automatically and results from individual responses aggregated into one list and returned
- `download_extracted_files`
- Accepts a single hash string and returns a downloadable archive file containing files extracted from the desired sample
- `download_sample`
- Accepts a single hash string and returns a downloadable sample
- `delete_samples`
- Accepts a single hash string or a list of hashes and deletes the corresponding samples from A1000
- `check_sample_removal_status_v2`
- "Accepts the task ID returned by the bulk sample removal endpoint and returns a response that
indicates if the removal request was finished successfully and if all samples have been deleted
- `create_pdf_report`
- Accepts a single hash string and initiates the creation of a PDF analysis report for the requested sample.
The response includes links to the pdf creation status endpoint and pdf download ednpoint for the requested
sample
- `check_pdf_report_creation`
- Accepts a single hash string that should correspond to the hash used in the request with
create_pdf_report method. The response includes an informative message about the status of the PDF
report previously requested
- `download_pdf_report`
- Accepts a single hash string that should correspond to the hash used in the request with
create_pdf_report method
- `get_titanium_core_report_v2`
- Accepts a single hash string and gets the full TitaniumCore static analysis report for the requested sample.
The requested sample must be present on the appliance. If the optional fields parameter is not provided in the
request, all available parts of the static analysis report are returned in the response
- `create_dynamic_analysis_report`
- Accepts a single hash string and initiates the creation of PDF or HTML reports for samples that have gone
through dynamic analysis in the ReversingLabs Cloud Sandbox.
The response includes links to the report creation status endpoint and report download ednpoint for the
requested sample
- `check_dynamic_analysis_report_status`
- Accepts a single hash string and report format parameters that should correspond to the parameters used in
the request with create_dynamic_analysis_report method. The response includes an informative
message about the status of the report previously requested
- `download_dynamic_analysis_report`
- Accepts a single hash string and report format parameters that should correspond to the parameters used in
the request with create_dynamic_analysis_report method
- `set_classification`
- Accepts a single hash string, allows the user to set the classification of a sample, either in TitaniumCloud
or locally on the A1000. Returns a response containing a new classification
- `delete_classification`
- Accepts a single hash string, allows the user to delete the classification of a sample, either in
TitaniumCloud or locally on the A1000
- `get_user_tags`
- Accepts a single hash string and returns lists of existing user tags for the requested sample
- `post_user_tags`
- Accepts a single hash string and adds one or more user tags to the requested sample
- `delete_user_tags`
- Accepts a single hash string and removes one or more user tags from the requested sample
- `get_yara_rulesets_on_the_appliance_v2`
- Retrieves a list of YARA rulesets that are on the A1000 appliance
- The list can be filtered by several criteria (ruleset status, source, and owner) using optional parameters
- `get_yara_ruleset_contents`
- Retrieves the full contents of the requested ruleset in raw text/plain format
- All rulesets can be retrieved, regardless of their current status on the appliance (enabled, disabled…)
- `get_yara_ruleset_matches_v2`
- Retrieves the list of YARA matches (both local and cloud) for requested rulesets
- If multiple rulesets are provided in the request, only the samples that match all requested rulesets are listed in
the response.
- `create_or_update_yara_ruleset`
- Creates a new YARA ruleset if it doesn’t exist
- If a ruleset with the specified name already exists, a new revision (update) of the ruleset is created
- `delete_yara_ruleset`
- Deletes the specified YARA ruleset and its matches from the appliance
- `enable_or_disable_yara_ruleset`
- Enables/disables ruleset on the appliance
- Administrators can manage any ruleset while regular A1000 users can only manage their own rulesets
- `get_yara_ruleset_synchronization_time`
- Gets information about the current synchronization status for TitaniumCloud-enabled rulesets
- `update_yara_ruleset_synchronization_time`
- Updates the TitaniumCloud synchronization time for TitaniumCloud-enabled YARA rulesets
- `start_or_stop_yara_local_retro_scan`
- Allows users to initiate the Local Retro scan on the A1000 appliance, and stop the Local Retro scan that is
in progress on the appliance
- `get_yara_local_retro_scan_status`
- Gets the status of Local Retro scan on the A1000 appliance
- `start_or_stop_yara_cloud_retro_scan`
- Allows users to start and stop a Cloud Retro scan for a specified ruleset on the A1000 appliance, as well as
to clear all Cloud Retro results for the ruleset
- `get_yara_cloud_retro_scan_status`
- Gets the status of Cloud Retro for the specified YARA ruleset. The response indicates the
current state of Cloud Retro
- `advanced_search_v3`
- Sends a query string to the A1000 Advanced Search API v3
- `advanced_search_v3_aggregated`
- Sends a query string to the A1000 Advanced Search API v3
- Paging is done automatically and results from individual
responses aggregated into one list and returned
- `list_containers_for_hashes`
- Gets a list of all top-level containers from which the requested sample has been extracted during analysis
- This is a bulk API, meaning that a single request can be used to simultaneously query containers for multiple
file hashes
- `network_url_report`
- Accepts a URL string and returns a report about the requested URL
- `network_domain_report`
- Accepts a domain string and returns a report about the requested domain
- `network_ip_addr_report`
- Accepts an IP address string and returns a report about the requested IP address
- `network_ip_to_domain`
- Accepts an IP address string and returns a list of IP-to-domain mappings
- `network_ip_to_domain_aggregated`
- Accepts an IP address string and returns a list of IP-to-domain mappings.
- This method performs the paging automatically and returns a specified maximum number of records
- `network_urls_from_ip`
- Accepts an IP address string and returns a list of URLs hosted on the requested IP address
- `network_urls_from_ip_aggregated`
- Accepts an IP address string and returns a list of URLs hosted on the requested IP address
- This method performs the paging automatically and returns a specified maximum number of records
- `network_files_from_ip`
- Accepts an IP address string and returns a list of hashes and classifications for files found on the requested IP address
- `network_files_from_ip_aggregated`
- Accepts an IP address string and returns a list of hashes and classifications for files found on the requested IP address
- This method performs the paging automatically and returns a specified maximum number of records
***
## Module: ticloud
A Python module representing the ReversingLabs TitaniumCloud API-s.
Each class in this module represents one TitaniumCloud API and can be instantiated using the same set of parameters:
```python
def __init__(self, host, username, password, verify, proxies, user_agent, allow_none_return)
```
#### Parameters:
`host` - TitaniumCloud address
`username` - TitaniumCloud username
`password` - TitaniumCloud password
`verify` - verify SSL certificate
`proxies` - optional proxies in use
`user_agent` - optional user agent string
`allow_none_return` - if set to `True`, `404` response codes will return `None` instead of `NotFoundError`
#### Class:
```python
class FileReputation(TiCloudAPI)
```
_TCA-0101_
#### Methods:
- `get_file_reputation`
- Accepts a hash string or a list of hash strings and returns file reputation
- Hash strings in a passed list must all be of the same hashing algorithm
#### Class:
```python
class AVScanners(TiCloudAPI)
```
_TCA-0103_
#### Methods:
- `get_scan_results`
- Accepts a hash string or a list of hash strings and returns AV scanner results
- Hash strings in a passed list must all be of the same hashing algorithm
#### Class:
```python
class FileAnalysis(TiCloudAPI)
```
_TCA-0104_
#### Methods:
- `get_analysis_results`
- Accepts a hash string or a list of hash strings and returns extended file analysis
- `extract_uri_list_from_report`
- Accepts a list of entries from the FileAnalysis report and returns a list of URI-s from those entries.
- `get_file_type`
- Accepts a sample hash and returns the file type string
#### Class:
```python
class RHA1FunctionalSimilarity(TiCloudAPI)
```
_TCA-0301_
#### Methods:
- `get_similar_hashes`
- Accepts a hash string and returns a list of functionally similar hashes
- Returns only one defined page of results using one request
- `get_similar_hashes_aggregated`
- Accepts a hash string and returns a list of functionally similar hashes
- Returns a list of results aggregated through multiple paginated requests
#### Class:
```python
class RHA1Analytics(TiCloudAPI)
```
_TCA-0321_
#### Methods:
- `get_rha1_analytics`
- Accepts one or more hash strings and returns a count of functionally similar hashes grouped by classification
#### Class:
```python
class URIStatistics(TiCloudAPI)
````
_TCA-0402_
#### Methods:
- `get_uri_statistics`
- Accepts a URI string and returns a count of files associated with that URI grouped by classification
#### Class:
```python
class URIIndex(TiCloudAPI)
````
_TCA-0401_
#### Methods:
- `get_uri_index`
- Accepts a URI string and returns a list of files associated with this URI
- Returns only one defined page of results using one request
- `get_uri_index_aggregated`
- Accepts a URI string and returns a list of files associated with this URI
- Returns a list of results aggregated through multiple paginated requests
#### Class:
```python
class AdvancedSearch(TiCloudAPI)
````
_TCA-0320_
#### Methods:
- `search`
- Accepts a search query string and performs advanced search on the API
- Returns only one defined page of results using one request
- `search_aggregated`
- Accepts a search query string and performs advanced search on the API
- Returns a list of results aggregated through multiple paginated requests
#### Class:
```python
class ExpressionSearch(TiCloudAPI)
```
_TCA-0306_
#### Methods:
- `search`
- Provides samples first seen on a particular date, filtered by search criteria.
- `search_aggregated`
- Provides samples first seen on a particular date, filtered by search criteria.
- This method performs the paging automatically.
- `get_latest_expression`
- Provdes samples for yesterday’s date tha match the requested criteria.
- `statistics_search`
- Returns statistics about new samples in ReversingLabs TitaniumCloud on the requested date that match the used search criteria.
- `get_latest_statistics`
- Returns statistics about new samples in ReversingLabs TitaniumCloud from yesterday's date.
#### Class:
```python
class FileDownload(TiCloudAPI)
````
_TCA-0201_
#### Methods:
- `get_download_status`
- Accepts a hash string and returns the sample's availability for download
- `download_sample`
- Accepts a hash string and downloads the related sample from TitaniumCloud
#### Class:
```python
class URLThreatIntelligence(TiCloudAPI)
````
_TCA-0403_
#### Methods:
- `get_url_report`
- Accepts a URL string and returns detailed URL analysis info
- `get_downloaded_files`
- Accepts a URL string and returns a list of files downloaded from that URL
- `get_latest_url_analysis_feed`
- Returns the latest URL analysis reports
- Returns only one defined page of results using one request
- `get_latest_url_analysis_feed_aggregated`
- Returns the latest URL analysis reports
- Returns a list of results aggregated through multiple paginated requests
- `get_url_analysis_feed_from_date`
- Accepts time format and a start time and returns URL analysis reports from that defined time onward
- It is possible to list analyses up to 90 days into the past
- Returns only one defined page of results using one request
- `get_url_analysis_feed_from_date_aggregated`
- Accepts time format and a start time and returns URL analysis reports from that defined time onward
- It is possible to list analyses up to 90 days into the past
- Returns a list of results aggregated through multiple paginated requests
#### Class:
```python
class AnalyzeURL(TiCloudAPI)
````
_TCA-0404_
#### Methods:
- `submit_url`
- Sends a URL string for analysis and returns an analysis task ID
#### Class:
```python
class FileUpload(TiCloudAPI)
````
_TCA-0202 and TCA-0203_
#### Methods:
- `upload_sample_from_path`
- Accepts a file path string and uploads the desired file to the File Upload API
- `upload_sample_from_file`
- Accepts an open file handle and uploads the desired file to the File Upload API
#### Class:
```python
class DeleteFile(TiCloudAPI)
````
_TCA-0204_
#### Methods:
- `delete_samples`
- Accepts a single hash string or a list of hash strings belonging to samples you want to delete from the cloud
- You can only delete samples that were uploaded by the same cloud account
#### Class:
```python
class ReanalyzeFile(TiCloudAPI)
````
_TCA-0205_
#### Methods:
- `reanalyze_samples`
- Accepts a single hash string or a list of hash strings belonging to samples in the cloud you want to reanalyze
- The samples need to be already present in the cloud in order to be reanalyzed
#### Class:
```python
class DynamicAnalysis(TiCloudAPI)
````
_TCA-0207 and TCA-0106_
#### Methods:
- `detonate_sample`
- Submits a sample available in the cloud for dynamic analysis and returns processing info
- The sample needs to be available in TitaniumCloud beforehand
- `detonate_url`
- Submits a URL for dynamic analysis and returns processing info
- `get_dynamic_analysis_results`
- Returns dynamic analysis results for a desired sample or URL
- The analysis of the selected sample or URL must be finished for the results to be available
#### Class:
```python
class CertificateIndex(TiCloudAPI)
````
_TCA-0501_
#### Methods:
- `get_certificate_information`
- Accepts a hash (thumbprint) and returns a list of SHA1 hashes for samples signed with the certificate matching the requested thumbprint
- `get_certificate_information_aggregated`
- Accepts a hash (thumbprint) and returns a list of SHA1 hashes for samples signed with the certificate matching the requested thumbprint
- This method automatically handles paging and returns a list of results instead of a Response object
#### Class:
```python
class CertificateAnalytics(TiCloudAPI)
````
_TCA-0502_
#### Methods:
- `get_certificate_analytics`
- Accepts a certificate hash thumbprint (hash string) and returns certificate analytics results
#### Class:
```python
class CertificateThumbprintSearch(TiCloudAPI)
````
_TCA-0503_
#### Methods:
- `search_common_names`
- Accepts a certificate common name and returns common names matching the request, along with the list of thumbprints of all the certificates sharing that common name
- `search_common_names_aggregated`
- Accepts a certificate common name and returns common names matching the request, along with the list of thumbprints of all the certificates sharing that common name
- This method automatically handles paging and returns a list of results instead of a Response object
#### Class:
```python
class RansomwareIndicators(TiCloudAPI)
````
_Ransomware Indicators Feed_
#### Methods:
- `get_indicators`
- Accepts a list of indicator type strings and integers for historical hours, health check and returning only freemium indicators. Returns indicators of ransomware and related tools
#### Class:
```python
class NewMalwareFilesFeed(ContinuousFeed)
````
_TCF-0101_
#### Methods:
- `pull_with_timestamp`
- Accepts a time format definition and a time value. Returns malware detections from the requested time
- `pull`
- Returns a list of malware detections since the point in time set by the set_start method. If the user has not previously used this method, nor has the set_start method been called, it will return records starting with the current timestamp
- `set_start`
- This method sets the starting time for the pull method
#### Class:
```python
class MWPChangeEventsFeed(ContinuousFeed)
````
_TCF-0111_
#### Methods:
- `pull_with_timestamp`
- Accepts a time format definition and a time value. Returns samples with a newly calculated or changed malware presence (MWP) classification and threat name from the requested time
- `pull`
- Returns a list of classification and threat name changes since the point in time set by the set_start() method
- `set_start`
- This method sets the starting time for the pull() method
#### Class:
```python
class NewMalwareURIFeed(TiCloudAPI)
````
_TCF-0301_
#### Methods:
- `pull_with_timestamp`
- Accepts a time format definition and a time value. Returns records with IPs, domains, URLs, emails, and sample hashes extracted from malware samples
- `pull_latest`
- Returns a maximum of 1000 latest records with IPs, domains, URLs, emails, and sample hashes extracted from malware samples
#### Class:
```python
class NewFilesFirstScan(TiCloudAPI)
```
_TCF-0107_
#### Methods:
- `feed_query`
- Accepts a time format definition and a time value. Optional arguments are available sample and result limit
- Returns a list of hashes for samples collected from various sources and scanned for the frist time in TitaniumCloud system
- `start_query`
- Accepts a time format definition and a time value
- Sets the starting timestamp for the pull_query
- `pull_query`
- Returns the list of hashes for samples scanned for the first time starting with the timestamp defined with start_query
#### Class:
```python
class NewFilesFirstAndRescan(TiCloudAPI)
```
_TCF-0108_
#### Methods:
- `feed_query`
- Accepts a time format definition and a time value. Optional arguments are available sample and result limit
- Returns a continuous list of samples in the TitaniumCloud system which have been scanned for the frist time or rescanned
- `start_query`
- Accepts a time format definition and a time value
- Sets the starting timestamp for the pull_query
- `pull_query`
- Returns the list of hashes for scanned samples starting with the timestamp defined with the start_query
#### Class:
```python
class FilesWithDetectionChanges(TiCloudAPI)
```
_TCF-0109_
#### Methods:
- `feed_query`
- Accepts a time format definition and a time value. Optional arguments are available sample and result limit
- Returns a list of hashes for scanned samples (first time scan or detection changes), starting with the provided timestamp
- `start_query`
- Accepts a time format definition and a time value
- Sets the starting timestamp for the pull_query
- `pull_query`
- Returns the list of hashes for scanned samples starting with the timestamp defined with the start_query
#### Class:
```python
class CvesExploitedInTheWild(TiCloudAPI)
```
_TCF-0202_
#### Methods:
- `pull_daily_cve_report`
- Accepts a time format definition and a time value.
- Returns a document containing the list of malware hashes (SHA1, SHA256, MD5), threat names, and threat counts associated with the CVE identifiers for the requested day
- `pull_latest_cve_report`
- Returns a document containing the list of malware hashes (SHA1, SHA256, MD5), threat names, and threat counts associated with the CVE identifiers for the latest day for which we have data
#### Class:
```python
class NewExploitOrCveSamplesFoundInWildHourly(TiCloudAPI)
```
_TCF-0203_
#### Methods:
- `hourly_exploit_list_query`
- Accepts a time format definition and a time value. Optional arguments are available sample and result limit
- Returns a list of new file hashes that contain CVE or exploit identification and that are detected within the requested one-hour period in the TitaniumCloud system
- `latest_hourly_exploit_list_query`
- Returns the results from latest hour for which we have data
#### Class:
```python
class NewExploitAndCveSamplesFoundInWildDaily(TiCloudAPI)
```
_TCF-0204_
#### Methods:
- `daily_exploit_list_query`
- Accepts a time format definition and a time value. Optional arguments are available sample and result limit
- Returns a list of ne file hashes that contain CVE or exploit identification and that are detected per day period in th TitaniumCloud system
- `latest_daily_exploit_list_query`
- Returns the results from latest day for which we have data
#### Class:
```python
class NewWhitelistedFiles(TiCloudAPI)
```
_TCF-0501_
#### Methods:
- `feed_query`
- Accepts a time definition and a time value. Optional arguments are available sample and result limit
- Returns a list of newly whitelisted samples since the requested time
- `start_query`
- Sets the starting timestamp for the pull_query
- `pull_query`
- Returns the list of newly whitelisted samples, with the timestamp defined with the start_query
#### Class:
```python
class ChangesWhitelistedFiles(TiCloudAPI)
```
_TCF-0502_
#### Methods:
- `feed_query`
- Accepts a time definition and a time value
- Returns a list of the samples which changed their whitelist status since requested time
- `latest_query`
- Returns the 1000 latest samples which changed their whitelist status
#### Class:
```python
class ImpHashSimilarity(TiCloudAPI)
````
_TCA-0302_
#### Methods:
- `get_imphash_index`
- Accepts an imphash and returns a list of SHA-1 hashes of files sharing that imphash
- `get_imphash_index_aggregated`
- Accepts an imphash and returns a list of SHA-1 hashes of files sharing that imphash
- This method automatically handles paging and returns a list of results instead of a Response object
#### Class:
```python
class YARAHunting(TiCloudAPI)
````
_TCA-0303_
#### Methods:
- `create_ruleset`
- Creates a new YARA ruleset
- The ruleset_text parameter needs to be a stringified YARA ruleset / a Unicode string
- `delete_ruleset`
- Deletes a YARA ruleset
- `get_ruleset_info`
- Get information for a specific YARA ruleset or all YARA rulesets in the collection
- `get_ruleset_text`
- Get the text of a YARA ruleset
- `yara_matches_feed`
- Returns a recordset of YARA ruleset matches in the specified time range
#### Class:
```python
class YARARetroHunting(TiCloudAPI)
````
_TCA-0319_
#### Methods:
- `enable_retro_hunt`
- Enables the retro hunt for the specified ruleset that has been submitted to TitaniumCloud prior to deployment of YARA retro
- `start_retro_hunt`
- Starts the retro hunt for the specified ruleset
- `check_status`
- Checks the retro hunt status for the specified ruleset
- `cancel_retro_hunt`
- Cancels the retro hunt for the specified ruleset
- `yara_retro_matches_feed`
- Returns a recordset of YARA ruleset matches in the specified time range
#### Class:
```python
class FileReputationUserOverride(TiCloudAPI)
````
_TCA-0102_
#### Methods:
- `override_classification`
- Accepts two parameters
- A list of samples whose classification needs to be overriden
- A list of samples whose classification override needs to me removed
- `list_active_overrides`
- Accepts a hash type designation and returns the hashes of all currently active classification overrides for the current organization.
- `list_active_overrides_aggregated`
- Accepts a hash type designation and returns the hashes of all currently active classification overrides for the current organization. This method does the paging action automatically and a maximum number of results returned in the list can be defined with the max_results parameter.
#### Class:
```python
class DomainThreatIntelligence(TiCloudAPI)
````
_TCA-0405_
#### Methods:
- `get_domain_report`
- Accepts a domain string and returns threat intelligence data for the submitted domain.
- `get_downloaded_files`
- Accepts a domain string and retrieves a list of files downloaded from the submitted domain.
- `get_downloaded_files_aggregated`
- Accepts a domain string and retrieves a list of files downloaded from the submitted domain. This method performs the paging automatically and returns a list of results. The maximum number of results to be returned can be set.
- `urls_from_domain`
- Accepts a domain string and returns a list of URLs associated with the requested domain.
- `urls_from_domain_aggregated`
- Accepts a domain string and returns a list of URLs associated with the requested domain. This method performs the paging automatically and returns a list of results. The maximum number of results to be returned can be set.
- `domain_to_ip_resolutions`
- Accepts a domain string and returns a list of domain-to-IP mappings for the requested domain.
- `domain_to_ip_resolutions_aggregated`
- Accepts a domain string and returns a list of domain-to-IP mappings for the requested domain. This method performs the paging automatically and returns a list of results. The maximum number of results to be returned can be set.
- `related_domains`
- Accepts a domain string and returns a list of domains that have the same top parent domain as the requested domain.
- `related_domains_aggregated`
- Accepts a domain string and returns a list of domains that have the same top parent domain as the requested domain. This method performs the paging automatically and returns a list of results. The maximum number of results to be returned can be set.
#### Class:
```python
class IPThreatIntelligence(TiCloudAPI)
````
_TCA-0406_
#### Methods:
- `get_ip_report`
- Accepts an IP address as a string and returns threat intelligence data for the submitted IP address.
- `get_downloaded_files`
- Accepts an IP address as a string and returns a list of files downloaded from the submitted IP address.
- `get_downloaded_files_aggregated`
- Accepts an IP address as a string and returns a list of files downloaded from the submitted IP address. This method performs the paging automatically and returns a list of results. The maximum number of results to be returned can be set.
- `urls_from_ip`
- Accepts an IP address as a string and returns a list of URLs associated with the requested IP.
- `urls_from_ip_aggregated`
- Accepts an IP address as a string and returns a list of URLs associated with the requested IP. This method performs the paging automatically and returns a list of results. The maximum number of results to be returned can be set.
- `ip_to_domain_resolutions`
- Accepts an IP address as a string and returns a list of IP-to-domain mappings for the specified IP address.
- `ip_to_domain_resolutions_aggregated`
- Accepts an IP address as a string and returns a list of IP-to-domain mappings for the specified IP address. This method performs the paging automatically and returns a list of results. The maximum number of results to be returned can be set.
#### Class:
```python
class FileAnalysisNonMalicious(TiCloudAPI)
````
_TCA-0105_
#### Methods:
- `get_analysis_results`
- Accepts a hash string or a list of hash strings and returns knowledge about the given samples if they are classified as goodware.
#### Class:
```python
class DataChangeSubscription(TiCloudAPI)
````
_TCA-0206_
#### Methods:
- `subscribe`
- Subscribes to a list of samples (hashes) for which the changed data (if there are any) will be delivered in the Data Change Feed.
- `unsubscribe`
- Unsubscribes from a list of samples that the user was previously subscribed to.
- `set_start_time`
- Sets the starting point for the DataChangeSubscription.pull_from_feed method.
- `pull_from_feed`
- Returns a recordset with samples to which the user is subscribed. The starting point for this action is set using the DataChangeSubscription.set_start_time method. If the starting point is not set, this method will return records starting with the current timestamp. Every subsequent request will continue from the timestamp where the previous request ended.
- `continuous_data_change_feed`
- Returns a recordset with samples to which the user is subscribed from the timestamp stated in the request onwards. To fetch the next recordset, use the last_timestamp value from the response and submit it in a new request as the time_value parameter.
#### Class:
```python
class NewMalwarePlatformFiltered(TiCloudAPI)
````
_TCF-0102-0106_
#### Methods:
- `feed_query`
- Returns a list of malware samples optionally filtered by platform since the requested timestamp.
- `start_query`
- Sets the starting timestamp for the pull_query.
- `pull_query`
- Returns the list of malware samples optionally filtered by platform since a point in time set by the start_query.
#### Class:
```python
class CustomerUsage(TiCloudAPI)
````
_TCA-9999_
#### Methods:
- `daily_usage`
- Returns information about daily service usage for the TitaniumCloud account that sent the
request.
- `monthly_usage`
- Returns information about monthly service usage for the TitaniumCloud account that sent the
request.
- `date_range_usage`
- This method returns total usage for all product licenses with a fixed quota over a single date range.
- `active_yara_rulesets`
- This method returns information about the number of active YARA rulesets for the TitaniumCloud
account that sent the request.
- `quota_limits`
- This method returns current quota limits for API-s accessible to the authenticated user.
#### Class:
```python
class NetworkReputation(TiCloudAPI)
````
_TCA-0407_
#### Methods:
- `get_network_reputation`
- Returns reputation information about queried URL-, domains and IP addresses.
#### Class:
```python
class MalwareFamilyDetection(TiCloudAPI)
```
_TCA-0305_
#### Methods:
- `get_malware_family`
- Returns all malware families to which sample belongs based on the detections from the latest AV scan
#### Class:
```python
class VerticalFeedsStatistics(TiCloudAPI)
```
Vertical Feed Statistics API provides information about new malware samples detection in the ReversingLabs TitaniumCloud system, filtered by category (industry). Categories and API codes correspond to the ReversingLabs Targeted and Industry-Specific File Indicator Feeds (e.g., Financial, Retail, Exploits...).
| Codes | Feed Name |
| --------- |:---------------------------------------------:|
| TCA-0307 | APT (Advanced Persistent Threats) Statistics |
| TCA-0308 | Financial Services Malware Statistics |
| TCA-0309 | Retail Sector Malware Statistics |
| TCA-0310 | Ransomware Statistics |
| TCA-0311 | CVE Exploits Statistics |
| TCA-0317 | Malware configuration Statistics |
#### Methods:
- `feed_query`
- Returns information about new malware samples detected in TitaniumCloud, filtered by category
#### Class:
```python
class VerticalFeedsSearch(TiCloudAPI)
```
Service can be used to retrieve information about new malware samples from ReversingLabs Targeted and Industry-Specific File Indicator Feeds by searching for malware family names. The feeds are specialized collections of malware families that are known to have significant impact within specific industries (Retail, Financial), as well as of malware families that share a common trait (exploits, ransomware). ReversingLabs carefully selects malware families for each feed based on public and internal research.
| Codes | Feed name | Malware Family Names |
| --------- |:-------------------------------------:|:-------------------------------------------------------------:|
| TCA-0312 | APT (Advanced Persistent Threats) | CosmicDuke, CozyBear, Stuxnet, Hellsing |
| TCA-0313 | Financial Services Malware | Alice, Dorkbot, Ramnit, Ripper |
| TCA-0314 | Retail Sector Malware | AbaddonPOS, ChewBacca, Katrina, Poseidon |
| TCA-0315 | Ransomware | BitCrypt, Nanolocker, NotPetya, WannaCry |
| TCA-0316 | CVE Exploits | CVE-2008-4844, CVE-2014-0495, CVE-2017-0147, CVE-2017-8291 |
| TCA-0318 | Malware Configuration | DarkComet, PoisonIvy, XtremeRAT, CyberGate |
#### Methods:
- `latest_query`
- Returns latest information about new malware samples from ReversingLabs Targeted and Industry-Specific File Indicator Feeds by searching for malware family names.
- `feed_query`
- Retruns information about new malware samples from ReversingLabs Targeted and Industry-Specific File Indicator Feeds by searching for malware family names based on time when they are added to a particular feed
#### Class:
```python
class NetworkReputationUserOverride(TiCloudAPI)
````
_TCA-0408_
#### Methods:
- `reputation_override`
- This method enables two actions in one request:
1. Send a list of network locations whose classification needs to be overriden.
2. Send a list of network locations whose classification override needs to be removed.
- `list_overrides`
- Returns a list of overrides that the user has made.
#### Class:
```python
class TAXIIRansomwareFeed(TiCloudAPI)
````
#### Methods:
- `discovery_info`
- Returns the information from the TAXII Server's discovery endpoint.
- The returned info shows the available api roots.
- `api_root_info`
- Returns information about a specific api root.
- `collections_info`
- Returns information about available collections in an api root.
- `get_objects`
- Returns objects from a TAXII collection.
- Results can be filtered using several parameters.
- `get_objects_aggregated`
- Returns objects from a TAXII collection.
- This method does the paging automatically and returns a defined number of objects as a list in the end.
#### Class:
```python
class AdvancedActions(object)
````
#### Methods:
- `enriched_file_analysis`
- Accepts a sample hash and returns a TCA-0104 File Analysis report enriched with a TCA-0106 Dynamic Analysis report.
***
## Module: tiscale
A Python module representing the ReversingLabs TitaniumScale malware analysis appliance.
#### Class:
```python
class TitaniumScale(object):
def __init__(self, host, token, wait_time_seconds, retries, verify, proxies, user_agent)
```
#### Parameters:
`host` - TitaniumScale address
`token` - TitaniumScale user token for the REST API
`wait_time_seconds` - wait time between each report fetching retry
`retries` - number of report fetching retries
`verify` - verify SSL certificate
`proxies` - optional proxies in use
`user_agent` - optional user agent string
#### Methods:
- `upload_sample_from_path`
- Accepts a file path string for file upload and returns a response containing the analysis task URL
- `upload_sample_from_file`
- Accepts a file opened in 'rb' mode for file upload and returns a response containing the analysis task URL
- `get_results`
- Accepts an analysis task URL and returns a file analysis summary or a full analysis report
- This method utilizes the set number of retries and wait time in seconds to time out if the analysis results are not ready
- `upload_sample_and_get_results`
- Accepts a file path string or an opened file in 'rb' mode for file upload and returns a file analysis summary or a full analysis report
- This method combines uploading a sample and obtaining the analysis results
- The result obtaining action of this method utilizes the set number of retries and wait time in seconds to time out if the analysis results are not ready
- `list_processing_tasks`
- Lists processing tasks generated by file submission requests.
- `get_processing_task_info`
- Retrieves information about a completed file processing task
- `delete_processing_task`
- Deletes a processing task record from the system.
- `delete_multiple_tasks`
- Deletes multiple task records from the system based on the time when they were submitted.
- `get_yara_id`
- Retrieves the identifier of the current set of YARA rules on the TitaniumScale Worker instance.
***
## Module: fie
A Python module representing the ReversingLabs File Inspection Engine platform.
#### Class:
```python
class FileInspectionEngine(object):
def __init__(self, host, verify, proxies, user_agent)
```
#### Parameters:
`host` - File Inspection Engine address
`verify` - verify SSL certificate
`proxies` - optional proxies in use
`user_agent` - optional user agent string
#### Methods:
- `test_connection`
- Creates a lightweight request towards the FIE scan API to test the connection.
- `scan_using_file_path`
- Sends a file to the FIE for inspection and returns a simple verdict in the submit response.
- Uses a file path string as input.
- `scan_using_open_file`
- Sends a file to the FIE for inspection and returns a simple verdict in the submit response.
- Uses an open file handle as input.
- `report_using_file_path`
- Sends a file to the FIE for inspection and returns a more complex analysis report in the submit response.
- Uses a file path string as input.
- `report_using_open_file`
- Sends a file to the FIE for inspection and returns a more complex analysis report in the submit response.
- Uses an open file handle as input.
***
## Examples
#### A1000
```python
from ReversingLabs.SDK.a1000 import A1000
# Using username and password for authorization
a1000 = A1000(
host="https://a1000.address",
username="username",
password="password",
verify=True,
wait_time_seconds=3,
retries=10
)
response = a1000.upload_sample_and_get_summary_report_v2(
file_path="/path/to/file.exe",
retry=True,
custom_filename="CustomName",
tags="custom,tags,go,here",
)
json_report = response.json()
```
```python
from ReversingLabs.SDK.a1000 import A1000
# Using the token for authorization
a1000 = A1000(
host="http://a1000.address",
token="1js76asmklaslk288japj29s89z",
verify=False,
wait_time_seconds=2,
retries=15
)
response = a1000.list_extracted_files_v2(
sample_hash="cf23df2207d99a74fbe169e3eba035e633b65d94",
page_size=30
)
json_report = response.json()
```
#### TitaniumCloud
```python
from ReversingLabs.SDK.ticloud import FileReputation, URIStatistics, FileDownload, FileUpload
host = "https://data.reversinglabs.com"
username = "username"
password = "password"
user_agent = "MyCustom App v0.0.1"
file_reputation = FileReputation(
host=host,
username=username,
password=password,
user_agent=user_agent
)
reputation = file_reputation.get_file_reputation(
hash_input="cf23df2207d99a74fbe169e3eba035e633b65d94",
extended_results=True,
show_hashes_in_results=False
)
uri_statistics = URIStatistics(
host=host,
username=username,
password=password,
user_agent=user_agent
)
statistics = uri_statistics.get_uri_statistics(
uri_input="youtube.com"
)
file_download = FileDownload(
host=host,
username=username,
password=password,
user_agent=user_agent
)
download = file_download.download_sample(
hash_input="cf23df2207d99a74fbe169e3eba035e633b65d94"
)
with open("/path/to/file", "wb") as file_handle:
file_handle.write(download.content)
file_upload = FileUpload(
host=host,
username=username,
password=password,
user_agent=user_agent
)
upload = file_upload.upload_sample_from_path(
file_path="/path/to/file",
sample_name="Custom Sample Name",
sample_domain="webdomain.com"
)
```
#### TitaniumScale
```python
from ReversingLabs.SDK.tiscale import TitaniumScale
titanium_scale = TitaniumScale(
host="https://tiscale.address",
token="examplesecrettoken", # replace with a proper token
verify=True,
wait_time_seconds=5,
retries=6
)
results = titanium_scale.upload_sample_and_get_results(
file_source=open("/path/to/file.exe", "rb"),
full_report=True
)
```
#### File Inspection Engine
```python
from ReversingLabs.SDK.fie import FileInspectionEngine
fie = FileInspectionEngine(
host="http://fie.address",
verify=True
)
results = fie.scan_using_file_path(
file_path="/local/path/to/file.exe"
)
print(results.json())
```
#### Error handling
Each module raises corresponding custom exceptions according to the error status code returned in the response.
Custom exception classes that correspond to error status codes also carry the original response object in its entirety.
To learn how to fetch and use the response object out of the exception object, see the following examples.
```python
from ReversingLabs.SDK.ticloud import FileReputation
file_rep = FileReputation(
host="https://data.reversinglabs.com",
username="u/username",
password="password"
)
try:
resp = file_rep.get_file_reputation(hash_input="cf23df2207d99a74fbe169e3eba035e633b65d94")
except Exception as e:
if hasattr(e, "response_object"):
print(e.response_object.content)
else:
raise
```
Same approach can also be used for A1000 and TitaniumScale.
Raw data
{
"_id": null,
"home_page": "https://github.com/reversinglabs/reversinglabs-sdk-py3",
"name": "reversinglabs-sdk-py3",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": null,
"keywords": null,
"author": "ReversingLabs",
"author_email": "support@reversinglabs.com",
"download_url": "https://files.pythonhosted.org/packages/6a/7f/b8f6699ce02e36b802dead75f03592f7ed0489064b0c59abda832037f7fc/reversinglabs_sdk_py3-2.8.2.tar.gz",
"platform": null,
"description": "# ReversingLabs SDK\n\nThe official Python SDK for using ReversingLabs services.\n\nThe idea behind this SDK is to enable easier out-of-the-box development of software integrations and automation services that need to interact with ReversingLabs.\n\nThe SDK consists of several modules, where each module represents either one ReversingLabs service, ReversingLabs appliance or the ReversingLabs TitaniumCloud.\n\n> **ReversingLabs SDK Cookbook** \nFor a simple and comprehensive guide on how to start using the ReversingLabs SDK, visit the [ReversingLabs SDK Cookbook](https://github.com/reversinglabs/reversinglabs-sdk-cookbook) \n> and explore the provided steps and examples.\n\n## Module: a1000\nA Python module representing the ReversingLabs A1000 malware analysis platform.\n#### Class:\n```python\nclass A1000(object):\n def __init__(self, host, username, password, token, fields_v2, ticore_fields, wait_time_seconds, retries, verify, proxies, user_agent):\n```\n\n#### Parameters:\n`host` - A1000 address \n`username` - A1000 username \n`password` - A1000 password \n`token` - A1000 user token for the REST API \n`fields_v2` - optional fields that will be returned in the analysis report \n`ticore_fields` - optional fields that will be returned in the report from the TitaniumScale endpoint \n`wait_time_seconds` - wait time between each report fetching retry \n`retries` - number of report fetching retries \n`verify` - verify SSL certificate \n`proxies` - optional proxies in use \n`user_agent` - optional user agent string \n\n> *NOTE!* \nThe default means of authorization on the ReversingLabs A1000 REST API is the token. \nIf username and password are used instead, a token fetching request will be done so the token can be used in further actions without the user explicitly providing the token. \n\n#### Class methods:\n- `configuration_dump`\n - Returns the configuration of the instantiated A1000 object\n- `test_connection`\n - Creates a request towards the A1000 Check Status API to test the connection with A1000\n- `upload_sample_from_path`\n - Accepts a file path string and returns a response containing the analysis task ID\n- `upload_sample_from_file`\n - Accepts a file open in 'rb' mode and returns a response containing the analysis task ID\n- `submit_url_for_analysis`\n - Sends a URL for analysis on A1000.\n- `check_submitted_url_status`\n - Accepts a task id returned by upload_sample_from_url and returns a response containing processing status and \n report if the report is ready\n- `file_analysis_status`\n - Accepts a list of file hashes and returns their analysis completion information.\n- `get_submitted_url_report`\n - Accepts a task ID returned by upload_sample_from_url and returns a response\n - This method utilizes the set number of retries and wait time in seconds to time\n out if the analysis results are not ready\n- `submit_url_for_analysis_and_get_report`\n - Sends a URL for analysis on A1000.\n - The result fetching action of this method utilizes the set number of retries and wait time in seconds to time\n out if the analysis results are not ready\n- `get_summary_report_v2`\n - Accepts a single hash or a list of hashes and returns JSON containing a summary report for each of them\n - This method utilizes the set number of retries and wait time in seconds to time\n out if the analysis results are not ready\n- `upload_sample_and_get_summary_report_v2`\n - Accepts either a file path string or an open file in 'rb' mode for file upload and returns a summary analysis\n report response\n - This method combines uploading a sample and obtaining the summary analysis report\n - The result fetching action of this method utilizes the set number of retries and wait time in seconds to time\n out if the analysis results are not ready\n- `get_detailed_report_v2`\n - Accepts a single hash or a list of hashes and returns a detailed analysis report for the selected samples\n - This method utilizes the set number of retries and wait time in seconds and times out if the\n analysis results are not ready\n- `upload_sample_and_get_detailed_report_v2`\n - Accepts either a file path string or an open file in 'rb' mode for file upload and returns a detailed\n analysis report response.\n - This method combines uploading a sample and obtaining the detailed analysis report.\n - Additional fields can be provided.\n - The result fetching action of this method utilizes the set number of retries and wait time in seconds to time\n out if the analysis results are not ready.\n- `get_classification_v3`\n - Get classification for one sample\n- `reanalyze_samples_v2`\n - Accepts a single hash or a list of hashes of various types and reanalyzes the corresponding sample(s)\n - This method can be used for reanalyzing a single sample or a batch of samples, depending on the data type\n passed\n- `list_extracted_files_v2`\n - Get a list of all files TitaniumCore engine extracted from the requested sample during static analysis\n- `list_extracted_files_v2_aggregated`\n - Get a list of all files TitaniumCore engine extracted from the requested sample during static analysis\n - Paging is done automatically and results from individual responses aggregated into one list and returned\n- `download_extracted_files`\n - Accepts a single hash string and returns a downloadable archive file containing files extracted from the desired sample\n- `download_sample`\n - Accepts a single hash string and returns a downloadable sample\n- `delete_samples`\n - Accepts a single hash string or a list of hashes and deletes the corresponding samples from A1000\n- `check_sample_removal_status_v2`\n - \"Accepts the task ID returned by the bulk sample removal endpoint and returns a response that\n indicates if the removal request was finished successfully and if all samples have been deleted\n- `create_pdf_report`\n - Accepts a single hash string and initiates the creation of a PDF analysis report for the requested sample.\n The response includes links to the pdf creation status endpoint and pdf download ednpoint for the requested\n sample\n- `check_pdf_report_creation`\n - Accepts a single hash string that should correspond to the hash used in the request with\n create_pdf_report method. The response includes an informative message about the status of the PDF\n report previously requested\n- `download_pdf_report`\n - Accepts a single hash string that should correspond to the hash used in the request with\n create_pdf_report method\n- `get_titanium_core_report_v2`\n - Accepts a single hash string and gets the full TitaniumCore static analysis report for the requested sample.\n The requested sample must be present on the appliance. If the optional fields parameter is not provided in the\n request, all available parts of the static analysis report are returned in the response\n- `create_dynamic_analysis_report`\n - Accepts a single hash string and initiates the creation of PDF or HTML reports for samples that have gone\n through dynamic analysis in the ReversingLabs Cloud Sandbox.\n The response includes links to the report creation status endpoint and report download ednpoint for the\n requested sample\n- `check_dynamic_analysis_report_status`\n - Accepts a single hash string and report format parameters that should correspond to the parameters used in\n the request with create_dynamic_analysis_report method. The response includes an informative\n message about the status of the report previously requested\n- `download_dynamic_analysis_report`\n - Accepts a single hash string and report format parameters that should correspond to the parameters used in\n the request with create_dynamic_analysis_report method\n- `set_classification`\n - Accepts a single hash string, allows the user to set the classification of a sample, either in TitaniumCloud\n or locally on the A1000. Returns a response containing a new classification\n- `delete_classification`\n - Accepts a single hash string, allows the user to delete the classification of a sample, either in\n TitaniumCloud or locally on the A1000\n- `get_user_tags`\n - Accepts a single hash string and returns lists of existing user tags for the requested sample\n- `post_user_tags`\n - Accepts a single hash string and adds one or more user tags to the requested sample\n- `delete_user_tags`\n - Accepts a single hash string and removes one or more user tags from the requested sample\n- `get_yara_rulesets_on_the_appliance_v2`\n - Retrieves a list of YARA rulesets that are on the A1000 appliance\n - The list can be filtered by several criteria (ruleset status, source, and owner) using optional parameters\n- `get_yara_ruleset_contents`\n - Retrieves the full contents of the requested ruleset in raw text/plain format\n - All rulesets can be retrieved, regardless of their current status on the appliance (enabled, disabled\u2026)\n- `get_yara_ruleset_matches_v2`\n - Retrieves the list of YARA matches (both local and cloud) for requested rulesets\n - If multiple rulesets are provided in the request, only the samples that match all requested rulesets are listed in\n the response.\n- `create_or_update_yara_ruleset`\n - Creates a new YARA ruleset if it doesn\u2019t exist\n - If a ruleset with the specified name already exists, a new revision (update) of the ruleset is created\n- `delete_yara_ruleset`\n - Deletes the specified YARA ruleset and its matches from the appliance\n- `enable_or_disable_yara_ruleset`\n - Enables/disables ruleset on the appliance\n - Administrators can manage any ruleset while regular A1000 users can only manage their own rulesets\n- `get_yara_ruleset_synchronization_time`\n - Gets information about the current synchronization status for TitaniumCloud-enabled rulesets\n- `update_yara_ruleset_synchronization_time`\n - Updates the TitaniumCloud synchronization time for TitaniumCloud-enabled YARA rulesets\n- `start_or_stop_yara_local_retro_scan`\n - Allows users to initiate the Local Retro scan on the A1000 appliance, and stop the Local Retro scan that is\n in progress on the appliance\n- `get_yara_local_retro_scan_status`\n - Gets the status of Local Retro scan on the A1000 appliance\n- `start_or_stop_yara_cloud_retro_scan`\n - Allows users to start and stop a Cloud Retro scan for a specified ruleset on the A1000 appliance, as well as\n to clear all Cloud Retro results for the ruleset\n- `get_yara_cloud_retro_scan_status`\n - Gets the status of Cloud Retro for the specified YARA ruleset. The response indicates the\n current state of Cloud Retro \n- `advanced_search_v3`\n - Sends a query string to the A1000 Advanced Search API v3\n- `advanced_search_v3_aggregated`\n - Sends a query string to the A1000 Advanced Search API v3\n - Paging is done automatically and results from individual\n responses aggregated into one list and returned\n- `list_containers_for_hashes`\n - Gets a list of all top-level containers from which the requested sample has been extracted during analysis\n - This is a bulk API, meaning that a single request can be used to simultaneously query containers for multiple\n file hashes\n- `network_url_report`\n - Accepts a URL string and returns a report about the requested URL\n- `network_domain_report`\n - Accepts a domain string and returns a report about the requested domain\n- `network_ip_addr_report`\n - Accepts an IP address string and returns a report about the requested IP address\n- `network_ip_to_domain`\n - Accepts an IP address string and returns a list of IP-to-domain mappings\n- `network_ip_to_domain_aggregated`\n - Accepts an IP address string and returns a list of IP-to-domain mappings. \n - This method performs the paging automatically and returns a specified maximum number of records\n- `network_urls_from_ip`\n - Accepts an IP address string and returns a list of URLs hosted on the requested IP address\n- `network_urls_from_ip_aggregated`\n - Accepts an IP address string and returns a list of URLs hosted on the requested IP address\n - This method performs the paging automatically and returns a specified maximum number of records\n- `network_files_from_ip`\n - Accepts an IP address string and returns a list of hashes and classifications for files found on the requested IP address\n- `network_files_from_ip_aggregated`\n - Accepts an IP address string and returns a list of hashes and classifications for files found on the requested IP address\n - This method performs the paging automatically and returns a specified maximum number of records\n\n***\n\n\n## Module: ticloud\nA Python module representing the ReversingLabs TitaniumCloud API-s.\n\nEach class in this module represents one TitaniumCloud API and can be instantiated using the same set of parameters:\n```python\ndef __init__(self, host, username, password, verify, proxies, user_agent, allow_none_return)\n```\n#### Parameters:\n`host` - TitaniumCloud address \n`username` - TitaniumCloud username \n`password` - TitaniumCloud password \n`verify` - verify SSL certificate \n`proxies` - optional proxies in use \n`user_agent` - optional user agent string \n`allow_none_return` - if set to `True`, `404` response codes will return `None` instead of `NotFoundError`\n\n\n#### Class:\n```python\nclass FileReputation(TiCloudAPI)\n```\n_TCA-0101_\n#### Methods:\n- `get_file_reputation`\n - Accepts a hash string or a list of hash strings and returns file reputation\n - Hash strings in a passed list must all be of the same hashing algorithm\n\n\n#### Class:\n```python\nclass AVScanners(TiCloudAPI)\n```\n_TCA-0103_\n#### Methods:\n- `get_scan_results`\n - Accepts a hash string or a list of hash strings and returns AV scanner results\n - Hash strings in a passed list must all be of the same hashing algorithm\n\n\n#### Class:\n```python\nclass FileAnalysis(TiCloudAPI)\n```\n_TCA-0104_\n#### Methods:\n- `get_analysis_results`\n - Accepts a hash string or a list of hash strings and returns extended file analysis\n- `extract_uri_list_from_report`\n - Accepts a list of entries from the FileAnalysis report and returns a list of URI-s from those entries.\n- `get_file_type`\n - Accepts a sample hash and returns the file type string\n\n\n#### Class:\n```python\nclass RHA1FunctionalSimilarity(TiCloudAPI)\n```\n_TCA-0301_\n#### Methods:\n- `get_similar_hashes`\n - Accepts a hash string and returns a list of functionally similar hashes\n - Returns only one defined page of results using one request\n- `get_similar_hashes_aggregated`\n - Accepts a hash string and returns a list of functionally similar hashes\n - Returns a list of results aggregated through multiple paginated requests\n\n\n#### Class:\n```python\nclass RHA1Analytics(TiCloudAPI)\n```\n_TCA-0321_\n#### Methods:\n- `get_rha1_analytics`\n - Accepts one or more hash strings and returns a count of functionally similar hashes grouped by classification\n\n\n#### Class:\n```python\nclass URIStatistics(TiCloudAPI)\n````\n_TCA-0402_\n#### Methods:\n- `get_uri_statistics`\n - Accepts a URI string and returns a count of files associated with that URI grouped by classification\n\n\n#### Class:\n```python\nclass URIIndex(TiCloudAPI)\n````\n_TCA-0401_\n#### Methods:\n- `get_uri_index`\n - Accepts a URI string and returns a list of files associated with this URI\n - Returns only one defined page of results using one request\n- `get_uri_index_aggregated`\n - Accepts a URI string and returns a list of files associated with this URI\n - Returns a list of results aggregated through multiple paginated requests\n\n\n#### Class:\n```python\nclass AdvancedSearch(TiCloudAPI)\n````\n_TCA-0320_\n#### Methods:\n- `search`\n - Accepts a search query string and performs advanced search on the API\n - Returns only one defined page of results using one request\n- `search_aggregated`\n - Accepts a search query string and performs advanced search on the API\n - Returns a list of results aggregated through multiple paginated requests\n\n#### Class:\n```python\nclass ExpressionSearch(TiCloudAPI)\n```\n_TCA-0306_\n#### Methods:\n- `search`\n - Provides samples first seen on a particular date, filtered by search criteria.\n- `search_aggregated`\n - Provides samples first seen on a particular date, filtered by search criteria.\n - This method performs the paging automatically.\n- `get_latest_expression`\n - Provdes samples for yesterday\u2019s date tha match the requested criteria.\n- `statistics_search`\n - Returns statistics about new samples in ReversingLabs TitaniumCloud on the requested date that match the used search criteria.\n- `get_latest_statistics`\n - Returns statistics about new samples in ReversingLabs TitaniumCloud from yesterday's date.\n \n#### Class:\n```python\nclass FileDownload(TiCloudAPI)\n````\n_TCA-0201_\n#### Methods:\n- `get_download_status`\n - Accepts a hash string and returns the sample's availability for download\n- `download_sample`\n - Accepts a hash string and downloads the related sample from TitaniumCloud\n \n#### Class:\n```python\nclass URLThreatIntelligence(TiCloudAPI)\n````\n_TCA-0403_\n#### Methods:\n- `get_url_report`\n - Accepts a URL string and returns detailed URL analysis info\n- `get_downloaded_files`\n - Accepts a URL string and returns a list of files downloaded from that URL\n- `get_latest_url_analysis_feed`\n - Returns the latest URL analysis reports\n - Returns only one defined page of results using one request\n- `get_latest_url_analysis_feed_aggregated`\n - Returns the latest URL analysis reports\n - Returns a list of results aggregated through multiple paginated requests\n- `get_url_analysis_feed_from_date`\n - Accepts time format and a start time and returns URL analysis reports from that defined time onward\n - It is possible to list analyses up to 90 days into the past\n - Returns only one defined page of results using one request\n- `get_url_analysis_feed_from_date_aggregated`\n - Accepts time format and a start time and returns URL analysis reports from that defined time onward\n - It is possible to list analyses up to 90 days into the past\n - Returns a list of results aggregated through multiple paginated requests\n\n#### Class:\n```python\nclass AnalyzeURL(TiCloudAPI)\n````\n_TCA-0404_\n#### Methods:\n- `submit_url`\n - Sends a URL string for analysis and returns an analysis task ID\n\n#### Class:\n```python\nclass FileUpload(TiCloudAPI)\n````\n_TCA-0202 and TCA-0203_\n#### Methods:\n- `upload_sample_from_path`\n - Accepts a file path string and uploads the desired file to the File Upload API\n- `upload_sample_from_file`\n - Accepts an open file handle and uploads the desired file to the File Upload API\n\n#### Class:\n```python\nclass DeleteFile(TiCloudAPI)\n````\n_TCA-0204_\n#### Methods:\n- `delete_samples`\n - Accepts a single hash string or a list of hash strings belonging to samples you want to delete from the cloud\n - You can only delete samples that were uploaded by the same cloud account\n\n#### Class:\n```python\nclass ReanalyzeFile(TiCloudAPI)\n````\n_TCA-0205_\n#### Methods:\n- `reanalyze_samples`\n - Accepts a single hash string or a list of hash strings belonging to samples in the cloud you want to reanalyze\n - The samples need to be already present in the cloud in order to be reanalyzed\n\n#### Class:\n```python\nclass DynamicAnalysis(TiCloudAPI)\n````\n_TCA-0207 and TCA-0106_\n#### Methods:\n- `detonate_sample`\n - Submits a sample available in the cloud for dynamic analysis and returns processing info\n - The sample needs to be available in TitaniumCloud beforehand\n- `detonate_url`\n - Submits a URL for dynamic analysis and returns processing info\n- `get_dynamic_analysis_results`\n - Returns dynamic analysis results for a desired sample or URL\n - The analysis of the selected sample or URL must be finished for the results to be available\n\n#### Class:\n```python\nclass CertificateIndex(TiCloudAPI)\n````\n_TCA-0501_\n#### Methods:\n- `get_certificate_information`\n - Accepts a hash (thumbprint) and returns a list of SHA1 hashes for samples signed with the certificate matching the requested thumbprint\n- `get_certificate_information_aggregated`\n - Accepts a hash (thumbprint) and returns a list of SHA1 hashes for samples signed with the certificate matching the requested thumbprint\n - This method automatically handles paging and returns a list of results instead of a Response object\n \n#### Class:\n```python\nclass CertificateAnalytics(TiCloudAPI)\n````\n_TCA-0502_\n#### Methods:\n- `get_certificate_analytics`\n - Accepts a certificate hash thumbprint (hash string) and returns certificate analytics results\n\n#### Class:\n```python\nclass CertificateThumbprintSearch(TiCloudAPI)\n````\n_TCA-0503_\n#### Methods:\n- `search_common_names`\n - Accepts a certificate common name and returns common names matching the request, along with the list of thumbprints of all the certificates sharing that common name\n- `search_common_names_aggregated`\n - Accepts a certificate common name and returns common names matching the request, along with the list of thumbprints of all the certificates sharing that common name\n - This method automatically handles paging and returns a list of results instead of a Response object\n\n#### Class:\n```python\nclass RansomwareIndicators(TiCloudAPI)\n````\n_Ransomware Indicators Feed_\n#### Methods:\n- `get_indicators`\n - Accepts a list of indicator type strings and integers for historical hours, health check and returning only freemium indicators. Returns indicators of ransomware and related tools\n\n#### Class:\n```python\nclass NewMalwareFilesFeed(ContinuousFeed)\n````\n_TCF-0101_\n#### Methods:\n- `pull_with_timestamp`\n - Accepts a time format definition and a time value. Returns malware detections from the requested time\n- `pull`\n - Returns a list of malware detections since the point in time set by the set_start method. If the user has not previously used this method, nor has the set_start method been called, it will return records starting with the current timestamp\n- `set_start`\n - This method sets the starting time for the pull method\n\n#### Class:\n```python\nclass MWPChangeEventsFeed(ContinuousFeed)\n````\n_TCF-0111_\n#### Methods:\n- `pull_with_timestamp`\n - Accepts a time format definition and a time value. Returns samples with a newly calculated or changed malware presence (MWP) classification and threat name from the requested time\n- `pull`\n - Returns a list of classification and threat name changes since the point in time set by the set_start() method\n- `set_start`\n - This method sets the starting time for the pull() method\n\n#### Class:\n```python\nclass NewMalwareURIFeed(TiCloudAPI)\n````\n_TCF-0301_\n#### Methods:\n- `pull_with_timestamp`\n - Accepts a time format definition and a time value. Returns records with IPs, domains, URLs, emails, and sample hashes extracted from malware samples\n- `pull_latest`\n - Returns a maximum of 1000 latest records with IPs, domains, URLs, emails, and sample hashes extracted from malware samples\n\n#### Class:\n```python\nclass NewFilesFirstScan(TiCloudAPI)\n```\n_TCF-0107_\n#### Methods:\n- `feed_query`\n - Accepts a time format definition and a time value. Optional arguments are available sample and result limit\n - Returns a list of hashes for samples collected from various sources and scanned for the frist time in TitaniumCloud system\n- `start_query`\n - Accepts a time format definition and a time value\n - Sets the starting timestamp for the pull_query\n- `pull_query`\n - Returns the list of hashes for samples scanned for the first time starting with the timestamp defined with start_query\n\n#### Class:\n```python\nclass NewFilesFirstAndRescan(TiCloudAPI)\n```\n_TCF-0108_\n#### Methods:\n- `feed_query`\n - Accepts a time format definition and a time value. Optional arguments are available sample and result limit\n - Returns a continuous list of samples in the TitaniumCloud system which have been scanned for the frist time or rescanned\n- `start_query`\n - Accepts a time format definition and a time value\n - Sets the starting timestamp for the pull_query\n- `pull_query`\n - Returns the list of hashes for scanned samples starting with the timestamp defined with the start_query\n\n#### Class:\n```python\nclass FilesWithDetectionChanges(TiCloudAPI)\n```\n_TCF-0109_\n#### Methods:\n- `feed_query`\n - Accepts a time format definition and a time value. Optional arguments are available sample and result limit\n - Returns a list of hashes for scanned samples (first time scan or detection changes), starting with the provided timestamp\n- `start_query`\n - Accepts a time format definition and a time value\n - Sets the starting timestamp for the pull_query\n- `pull_query`\n - Returns the list of hashes for scanned samples starting with the timestamp defined with the start_query\n\n#### Class:\n```python\nclass CvesExploitedInTheWild(TiCloudAPI)\n```\n_TCF-0202_\n#### Methods:\n- `pull_daily_cve_report`\n - Accepts a time format definition and a time value.\n - Returns a document containing the list of malware hashes (SHA1, SHA256, MD5), threat names, and threat counts associated with the CVE identifiers for the requested day\n- `pull_latest_cve_report`\n - Returns a document containing the list of malware hashes (SHA1, SHA256, MD5), threat names, and threat counts associated with the CVE identifiers for the latest day for which we have data\n\n#### Class:\n```python\nclass NewExploitOrCveSamplesFoundInWildHourly(TiCloudAPI)\n```\n_TCF-0203_\n#### Methods:\n- `hourly_exploit_list_query`\n - Accepts a time format definition and a time value. Optional arguments are available sample and result limit\n - Returns a list of new file hashes that contain CVE or exploit identification and that are detected within the requested one-hour period in the TitaniumCloud system\n- `latest_hourly_exploit_list_query`\n - Returns the results from latest hour for which we have data\n\n#### Class:\n```python\nclass NewExploitAndCveSamplesFoundInWildDaily(TiCloudAPI)\n```\n_TCF-0204_\n#### Methods:\n- `daily_exploit_list_query`\n - Accepts a time format definition and a time value. Optional arguments are available sample and result limit\n - Returns a list of ne file hashes that contain CVE or exploit identification and that are detected per day period in th TitaniumCloud system\n- `latest_daily_exploit_list_query`\n - Returns the results from latest day for which we have data\n\n#### Class:\n```python\nclass NewWhitelistedFiles(TiCloudAPI)\n```\n_TCF-0501_\n#### Methods:\n- `feed_query`\n - Accepts a time definition and a time value. Optional arguments are available sample and result limit\n - Returns a list of newly whitelisted samples since the requested time\n- `start_query`\n - Sets the starting timestamp for the pull_query\n- `pull_query`\n - Returns the list of newly whitelisted samples, with the timestamp defined with the start_query\n\n#### Class:\n```python\nclass ChangesWhitelistedFiles(TiCloudAPI)\n```\n_TCF-0502_\n#### Methods:\n- `feed_query`\n - Accepts a time definition and a time value\n - Returns a list of the samples which changed their whitelist status since requested time\n- `latest_query`\n - Returns the 1000 latest samples which changed their whitelist status\n\n#### Class:\n```python\nclass ImpHashSimilarity(TiCloudAPI)\n````\n_TCA-0302_\n#### Methods:\n- `get_imphash_index`\n - Accepts an imphash and returns a list of SHA-1 hashes of files sharing that imphash\n- `get_imphash_index_aggregated`\n - Accepts an imphash and returns a list of SHA-1 hashes of files sharing that imphash\n - This method automatically handles paging and returns a list of results instead of a Response object\n\n#### Class:\n```python\nclass YARAHunting(TiCloudAPI)\n````\n_TCA-0303_\n#### Methods:\n- `create_ruleset`\n - Creates a new YARA ruleset\n - The ruleset_text parameter needs to be a stringified YARA ruleset / a Unicode string\n- `delete_ruleset`\n - Deletes a YARA ruleset\n- `get_ruleset_info`\n - Get information for a specific YARA ruleset or all YARA rulesets in the collection\n- `get_ruleset_text`\n - Get the text of a YARA ruleset\n- `yara_matches_feed`\n - Returns a recordset of YARA ruleset matches in the specified time range\n\n#### Class:\n```python\nclass YARARetroHunting(TiCloudAPI)\n````\n_TCA-0319_\n#### Methods:\n- `enable_retro_hunt`\n - Enables the retro hunt for the specified ruleset that has been submitted to TitaniumCloud prior to deployment of YARA retro\n- `start_retro_hunt`\n - Starts the retro hunt for the specified ruleset\n- `check_status`\n - Checks the retro hunt status for the specified ruleset\n- `cancel_retro_hunt`\n - Cancels the retro hunt for the specified ruleset\n- `yara_retro_matches_feed`\n - Returns a recordset of YARA ruleset matches in the specified time range\n\n#### Class:\n```python\nclass FileReputationUserOverride(TiCloudAPI)\n````\n_TCA-0102_\n#### Methods:\n- `override_classification`\n - Accepts two parameters\n - A list of samples whose classification needs to be overriden\n - A list of samples whose classification override needs to me removed\n- `list_active_overrides`\n - Accepts a hash type designation and returns the hashes of all currently active classification overrides for the current organization.\n- `list_active_overrides_aggregated`\n - Accepts a hash type designation and returns the hashes of all currently active classification overrides for the current organization. This method does the paging action automatically and a maximum number of results returned in the list can be defined with the max_results parameter.\n\n#### Class:\n```python\nclass DomainThreatIntelligence(TiCloudAPI)\n````\n_TCA-0405_\n#### Methods:\n- `get_domain_report`\n - Accepts a domain string and returns threat intelligence data for the submitted domain.\n- `get_downloaded_files`\n - Accepts a domain string and retrieves a list of files downloaded from the submitted domain.\n- `get_downloaded_files_aggregated`\n - Accepts a domain string and retrieves a list of files downloaded from the submitted domain. This method performs the paging automatically and returns a list of results. The maximum number of results to be returned can be set.\n- `urls_from_domain`\n - Accepts a domain string and returns a list of URLs associated with the requested domain.\n- `urls_from_domain_aggregated`\n - Accepts a domain string and returns a list of URLs associated with the requested domain. This method performs the paging automatically and returns a list of results. The maximum number of results to be returned can be set.\n- `domain_to_ip_resolutions`\n - Accepts a domain string and returns a list of domain-to-IP mappings for the requested domain.\n- `domain_to_ip_resolutions_aggregated`\n - Accepts a domain string and returns a list of domain-to-IP mappings for the requested domain. This method performs the paging automatically and returns a list of results. The maximum number of results to be returned can be set.\n- `related_domains`\n - Accepts a domain string and returns a list of domains that have the same top parent domain as the requested domain.\n- `related_domains_aggregated`\n - Accepts a domain string and returns a list of domains that have the same top parent domain as the requested domain. This method performs the paging automatically and returns a list of results. The maximum number of results to be returned can be set.\n\n#### Class:\n```python\nclass IPThreatIntelligence(TiCloudAPI)\n````\n_TCA-0406_\n#### Methods:\n- `get_ip_report`\n - Accepts an IP address as a string and returns threat intelligence data for the submitted IP address.\n- `get_downloaded_files`\n - Accepts an IP address as a string and returns a list of files downloaded from the submitted IP address.\n- `get_downloaded_files_aggregated`\n - Accepts an IP address as a string and returns a list of files downloaded from the submitted IP address. This method performs the paging automatically and returns a list of results. The maximum number of results to be returned can be set.\n- `urls_from_ip`\n - Accepts an IP address as a string and returns a list of URLs associated with the requested IP.\n- `urls_from_ip_aggregated`\n - Accepts an IP address as a string and returns a list of URLs associated with the requested IP. This method performs the paging automatically and returns a list of results. The maximum number of results to be returned can be set.\n- `ip_to_domain_resolutions`\n - Accepts an IP address as a string and returns a list of IP-to-domain mappings for the specified IP address.\n- `ip_to_domain_resolutions_aggregated`\n - Accepts an IP address as a string and returns a list of IP-to-domain mappings for the specified IP address. This method performs the paging automatically and returns a list of results. The maximum number of results to be returned can be set.\n\n#### Class:\n```python\nclass FileAnalysisNonMalicious(TiCloudAPI)\n````\n_TCA-0105_\n#### Methods:\n- `get_analysis_results`\n - Accepts a hash string or a list of hash strings and returns knowledge about the given samples if they are classified as goodware.\n\n#### Class:\n```python\nclass DataChangeSubscription(TiCloudAPI)\n````\n_TCA-0206_\n#### Methods:\n- `subscribe`\n - Subscribes to a list of samples (hashes) for which the changed data (if there are any) will be delivered in the Data Change Feed.\n- `unsubscribe`\n - Unsubscribes from a list of samples that the user was previously subscribed to.\n- `set_start_time`\n - Sets the starting point for the DataChangeSubscription.pull_from_feed method.\n- `pull_from_feed`\n - Returns a recordset with samples to which the user is subscribed. The starting point for this action is set using the DataChangeSubscription.set_start_time method. If the starting point is not set, this method will return records starting with the current timestamp. Every subsequent request will continue from the timestamp where the previous request ended.\n- `continuous_data_change_feed`\n - Returns a recordset with samples to which the user is subscribed from the timestamp stated in the request onwards. To fetch the next recordset, use the last_timestamp value from the response and submit it in a new request as the time_value parameter.\n\n#### Class:\n```python\nclass NewMalwarePlatformFiltered(TiCloudAPI)\n````\n_TCF-0102-0106_\n#### Methods:\n- `feed_query`\n - Returns a list of malware samples optionally filtered by platform since the requested timestamp.\n- `start_query`\n - Sets the starting timestamp for the pull_query.\n- `pull_query`\n - Returns the list of malware samples optionally filtered by platform since a point in time set by the start_query.\n\n#### Class:\n```python\nclass CustomerUsage(TiCloudAPI)\n````\n_TCA-9999_\n#### Methods:\n- `daily_usage`\n - Returns information about daily service usage for the TitaniumCloud account that sent the\n request.\n- `monthly_usage`\n - Returns information about monthly service usage for the TitaniumCloud account that sent the\n request.\n- `date_range_usage`\n - This method returns total usage for all product licenses with a fixed quota over a single date range.\n- `active_yara_rulesets`\n - This method returns information about the number of active YARA rulesets for the TitaniumCloud\n account that sent the request.\n- `quota_limits`\n - This method returns current quota limits for API-s accessible to the authenticated user.\n\n#### Class:\n```python\nclass NetworkReputation(TiCloudAPI)\n````\n_TCA-0407_\n#### Methods:\n- `get_network_reputation`\n - Returns reputation information about queried URL-, domains and IP addresses.\n\n#### Class:\n```python\nclass MalwareFamilyDetection(TiCloudAPI)\n```\n_TCA-0305_\n#### Methods:\n- `get_malware_family`\n - Returns all malware families to which sample belongs based on the detections from the latest AV scan\n\n#### Class:\n```python\nclass VerticalFeedsStatistics(TiCloudAPI)\n```\n\nVertical Feed Statistics API provides information about new malware samples detection in the ReversingLabs TitaniumCloud system, filtered by category (industry). Categories and API codes correspond to the ReversingLabs Targeted and Industry-Specific File Indicator Feeds (e.g., Financial, Retail, Exploits...).\n\n| Codes | Feed Name |\n| --------- |:---------------------------------------------:|\n| TCA-0307 | APT (Advanced Persistent Threats) Statistics |\n| TCA-0308 | Financial Services Malware Statistics |\n| TCA-0309 | Retail Sector Malware Statistics |\n| TCA-0310 | Ransomware Statistics |\n| TCA-0311 | CVE Exploits Statistics |\n| TCA-0317 | Malware configuration Statistics | \n\n\n#### Methods:\n- `feed_query`\n - Returns information about new malware samples detected in TitaniumCloud, filtered by category\n\n#### Class:\n```python\nclass VerticalFeedsSearch(TiCloudAPI)\n```\n\nService can be used to retrieve information about new malware samples from ReversingLabs Targeted and Industry-Specific File Indicator Feeds by searching for malware family names. The feeds are specialized collections of malware families that are known to have significant impact within specific industries (Retail, Financial), as well as of malware families that share a common trait (exploits, ransomware). ReversingLabs carefully selects malware families for each feed based on public and internal research.\n\n| Codes | Feed name | Malware Family Names |\n| --------- |:-------------------------------------:|:-------------------------------------------------------------:|\n| TCA-0312 | APT (Advanced Persistent Threats) | CosmicDuke, CozyBear, Stuxnet, Hellsing |\n| TCA-0313 | Financial Services Malware | Alice, Dorkbot, Ramnit, Ripper |\n| TCA-0314 | Retail Sector Malware | AbaddonPOS, ChewBacca, Katrina, Poseidon |\n| TCA-0315 | Ransomware | BitCrypt, Nanolocker, NotPetya, WannaCry |\n| TCA-0316 | CVE Exploits | CVE-2008-4844, CVE-2014-0495, CVE-2017-0147, CVE-2017-8291 |\n| TCA-0318 | Malware Configuration | DarkComet, PoisonIvy, XtremeRAT, CyberGate | \n\n\n#### Methods:\n- `latest_query`\n - Returns latest information about new malware samples from ReversingLabs Targeted and Industry-Specific File Indicator Feeds by searching for malware family names.\n- `feed_query`\n - Retruns information about new malware samples from ReversingLabs Targeted and Industry-Specific File Indicator Feeds by searching for malware family names based on time when they are added to a particular feed\n\n#### Class:\n```python\nclass NetworkReputationUserOverride(TiCloudAPI)\n````\n_TCA-0408_\n#### Methods:\n- `reputation_override`\n - This method enables two actions in one request:\n 1. Send a list of network locations whose classification needs to be overriden.\n 2. Send a list of network locations whose classification override needs to be removed.\n- `list_overrides`\n - Returns a list of overrides that the user has made.\n\n#### Class:\n```python\nclass TAXIIRansomwareFeed(TiCloudAPI)\n````\n#### Methods:\n- `discovery_info`\n - Returns the information from the TAXII Server's discovery endpoint. \n - The returned info shows the available api roots.\n- `api_root_info`\n - Returns information about a specific api root.\n- `collections_info`\n - Returns information about available collections in an api root.\n- `get_objects`\n - Returns objects from a TAXII collection. \n - Results can be filtered using several parameters.\n- `get_objects_aggregated`\n - Returns objects from a TAXII collection. \n - This method does the paging automatically and returns a defined number of objects as a list in the end.\n\n#### Class:\n```python\nclass AdvancedActions(object)\n````\n#### Methods:\n- `enriched_file_analysis`\n - Accepts a sample hash and returns a TCA-0104 File Analysis report enriched with a TCA-0106 Dynamic Analysis report.\n\n***\n\n## Module: tiscale\nA Python module representing the ReversingLabs TitaniumScale malware analysis appliance.\n#### Class:\n```python\nclass TitaniumScale(object):\n def __init__(self, host, token, wait_time_seconds, retries, verify, proxies, user_agent)\n```\n#### Parameters:\n`host` - TitaniumScale address \n`token` - TitaniumScale user token for the REST API \n`wait_time_seconds` - wait time between each report fetching retry \n`retries` - number of report fetching retries \n`verify` - verify SSL certificate \n`proxies` - optional proxies in use \n`user_agent` - optional user agent string \n\n#### Methods:\n- `upload_sample_from_path`\n - Accepts a file path string for file upload and returns a response containing the analysis task URL\n- `upload_sample_from_file`\n - Accepts a file opened in 'rb' mode for file upload and returns a response containing the analysis task URL\n- `get_results`\n - Accepts an analysis task URL and returns a file analysis summary or a full analysis report\n - This method utilizes the set number of retries and wait time in seconds to time out if the analysis results are not ready\n- `upload_sample_and_get_results`\n - Accepts a file path string or an opened file in 'rb' mode for file upload and returns a file analysis summary or a full analysis report\n - This method combines uploading a sample and obtaining the analysis results\n - The result obtaining action of this method utilizes the set number of retries and wait time in seconds to time out if the analysis results are not ready\n- `list_processing_tasks`\n - Lists processing tasks generated by file submission requests.\n- `get_processing_task_info`\n - Retrieves information about a completed file processing task\n- `delete_processing_task`\n - Deletes a processing task record from the system.\n- `delete_multiple_tasks`\n - Deletes multiple task records from the system based on the time when they were submitted.\n- `get_yara_id`\n - Retrieves the identifier of the current set of YARA rules on the TitaniumScale Worker instance.\n\n***\n\n## Module: fie\nA Python module representing the ReversingLabs File Inspection Engine platform.\n#### Class:\n```python\nclass FileInspectionEngine(object):\n def __init__(self, host, verify, proxies, user_agent)\n```\n#### Parameters:\n`host` - File Inspection Engine address\n`verify` - verify SSL certificate \n`proxies` - optional proxies in use \n`user_agent` - optional user agent string \n\n#### Methods:\n- `test_connection`\n - Creates a lightweight request towards the FIE scan API to test the connection.\n- `scan_using_file_path`\n - Sends a file to the FIE for inspection and returns a simple verdict in the submit response.\n - Uses a file path string as input.\n- `scan_using_open_file`\n - Sends a file to the FIE for inspection and returns a simple verdict in the submit response.\n - Uses an open file handle as input.\n- `report_using_file_path`\n - Sends a file to the FIE for inspection and returns a more complex analysis report in the submit response.\n - Uses a file path string as input.\n- `report_using_open_file`\n - Sends a file to the FIE for inspection and returns a more complex analysis report in the submit response.\n - Uses an open file handle as input.\n \n***\n\n## Examples\n#### A1000\n```python\nfrom ReversingLabs.SDK.a1000 import A1000\n\n# Using username and password for authorization\na1000 = A1000(\n host=\"https://a1000.address\",\n username=\"username\",\n password=\"password\",\n verify=True,\n wait_time_seconds=3,\n retries=10\n)\n\nresponse = a1000.upload_sample_and_get_summary_report_v2(\n file_path=\"/path/to/file.exe\",\n retry=True,\n custom_filename=\"CustomName\",\n tags=\"custom,tags,go,here\",\n)\n\njson_report = response.json()\n```\n\n```python\nfrom ReversingLabs.SDK.a1000 import A1000\n\n# Using the token for authorization\na1000 = A1000(\n host=\"http://a1000.address\",\n token=\"1js76asmklaslk288japj29s89z\",\n verify=False,\n wait_time_seconds=2,\n retries=15\n)\n\nresponse = a1000.list_extracted_files_v2(\n sample_hash=\"cf23df2207d99a74fbe169e3eba035e633b65d94\",\n page_size=30\n)\n\njson_report = response.json()\n```\n\n#### TitaniumCloud\n```python\nfrom ReversingLabs.SDK.ticloud import FileReputation, URIStatistics, FileDownload, FileUpload\n\n\nhost = \"https://data.reversinglabs.com\"\nusername = \"username\"\npassword = \"password\"\nuser_agent = \"MyCustom App v0.0.1\"\n\n\n\nfile_reputation = FileReputation(\n host=host,\n username=username,\n password=password,\n user_agent=user_agent\n)\n\nreputation = file_reputation.get_file_reputation(\n hash_input=\"cf23df2207d99a74fbe169e3eba035e633b65d94\",\n extended_results=True,\n show_hashes_in_results=False\n)\n\n\n\nuri_statistics = URIStatistics(\n host=host,\n username=username,\n password=password,\n user_agent=user_agent\n)\n\nstatistics = uri_statistics.get_uri_statistics(\n uri_input=\"youtube.com\"\n)\n\n\n\nfile_download = FileDownload(\n host=host,\n username=username,\n password=password,\n user_agent=user_agent\n)\n\ndownload = file_download.download_sample(\n hash_input=\"cf23df2207d99a74fbe169e3eba035e633b65d94\"\n)\n\nwith open(\"/path/to/file\", \"wb\") as file_handle:\n file_handle.write(download.content)\n\n\n\nfile_upload = FileUpload(\n host=host,\n username=username,\n password=password,\n user_agent=user_agent\n)\n\nupload = file_upload.upload_sample_from_path(\n file_path=\"/path/to/file\",\n sample_name=\"Custom Sample Name\",\n sample_domain=\"webdomain.com\"\n)\n```\n\n#### TitaniumScale\n```python\nfrom ReversingLabs.SDK.tiscale import TitaniumScale\n\n\ntitanium_scale = TitaniumScale(\n host=\"https://tiscale.address\",\n token=\"examplesecrettoken\", # replace with a proper token\n verify=True,\n wait_time_seconds=5,\n retries=6\n)\n\nresults = titanium_scale.upload_sample_and_get_results(\n file_source=open(\"/path/to/file.exe\", \"rb\"),\n full_report=True\n)\n```\n\n#### File Inspection Engine\n```python\nfrom ReversingLabs.SDK.fie import FileInspectionEngine\n\n\nfie = FileInspectionEngine(\n host=\"http://fie.address\",\n verify=True\n)\n\nresults = fie.scan_using_file_path(\n file_path=\"/local/path/to/file.exe\"\n)\n\nprint(results.json())\n```\n\n#### Error handling\nEach module raises corresponding custom exceptions according to the error status code returned in the response. \nCustom exception classes that correspond to error status codes also carry the original response object in its entirety. \nTo learn how to fetch and use the response object out of the exception object, see the following examples.\n```python\nfrom ReversingLabs.SDK.ticloud import FileReputation\n\n\nfile_rep = FileReputation(\n host=\"https://data.reversinglabs.com\",\n username=\"u/username\",\n password=\"password\"\n)\n\ntry:\n resp = file_rep.get_file_reputation(hash_input=\"cf23df2207d99a74fbe169e3eba035e633b65d94\")\nexcept Exception as e:\n if hasattr(e, \"response_object\"):\n print(e.response_object.content)\n else:\n raise \n```\nSame approach can also be used for A1000 and TitaniumScale. \n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Python SDK for using ReversingLabs services.",
"version": "2.8.2",
"project_urls": {
"Changes": "https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/CHANGELOG.md",
"Documentation": "https://github.com/reversinglabs/reversinglabs-sdk-py3/blob/main/README.md",
"Homepage": "https://github.com/reversinglabs/reversinglabs-sdk-py3",
"Source": "https://github.com/reversinglabs/reversinglabs-sdk-py3"
},
"split_keywords": [],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "2274da7088cf7d04bee5d0c966af142ef27be13095c4f172416e6f2ba464b570",
"md5": "f5bb85e11a18752e8c5a941daa28f164",
"sha256": "8991e0096277d8b6ae59c8a0b066c7c670aee1066e15318a1eb8a9cf59abe031"
},
"downloads": -1,
"filename": "reversinglabs_sdk_py3-2.8.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "f5bb85e11a18752e8c5a941daa28f164",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 66064,
"upload_time": "2025-02-17T16:16:22",
"upload_time_iso_8601": "2025-02-17T16:16:22.204295Z",
"url": "https://files.pythonhosted.org/packages/22/74/da7088cf7d04bee5d0c966af142ef27be13095c4f172416e6f2ba464b570/reversinglabs_sdk_py3-2.8.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "6a7fb8f6699ce02e36b802dead75f03592f7ed0489064b0c59abda832037f7fc",
"md5": "2203ab91d211923ee05157dbe71b736e",
"sha256": "22b2a0109b47891e3a4d03f29138cef76e50d856288386359ebf7419320624f3"
},
"downloads": -1,
"filename": "reversinglabs_sdk_py3-2.8.2.tar.gz",
"has_sig": false,
"md5_digest": "2203ab91d211923ee05157dbe71b736e",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 96605,
"upload_time": "2025-02-17T16:16:24",
"upload_time_iso_8601": "2025-02-17T16:16:24.588903Z",
"url": "https://files.pythonhosted.org/packages/6a/7f/b8f6699ce02e36b802dead75f03592f7ed0489064b0c59abda832037f7fc/reversinglabs_sdk_py3-2.8.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-02-17 16:16:24",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "reversinglabs",
"github_project": "reversinglabs-sdk-py3",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "reversinglabs-sdk-py3"
}
JSON
