Obtaining information about dropped files

Kaspersky Research Sandbox provides an API to obtain information about files that were dropped by the executed object.

Request

Request method: GET

Endpoint: https://<server name>/api/v1/sandbox/tasks/{task ID}/drops

Parameters

Obtaining information about dropped files

Parameter

Data type

Occurrence

Description

task_id

string

Required

Object execution task ID (GUID).

cURL command sample:

$ curl --user <user name> --request GET 'https://<server name>/api/v1/sandbox/tasks/<task ID>/drops'

You will be asked to enter your password. The password is not displayed while you type it.

Responses

Endpoint returns a JSON object that contains information about dropped files.

200 OK

Information about dropped files is obtained successfully.

200 OK response parameters

Parameter

Data type

Description

Zone

string

Danger level of the dropped file (for example, Red).

Md5

string

MD5 hash function of the dropped file.

Sha1

string

SHA1 hash of the dropped file.

Sha256

string

SHA256 hash of the dropped file.

DetectionNames

array

Name of the detected object (for example, Trojan-Downloader.Script.Generic).

Name

string

File name of the dropped file (for example, sample.exe).

Size

integer

Dropped file size (in bytes).

Type

string

Dropped file type.

IsHttpsTraffic

boolean

Indicates whether traffic that the dropped file was extracted from is HTTPS.

TriggeredYaraRules

array

List of triggered YARA rules.

200 OK response example:

{

"Zone": "Grey",

"Md5": "string",

"Sha1": "string",

"Sha256": "string",

"DetectionNames": [],

"Name": "string",

"Size": 0,

"Type": "string",

"IsHttpsTraffic": false,

"TriggeredYaraRules": []

}

400 Bad Request

Failed to obtain information about dropped files due to incorrect query.

400 Bad Request response parameters

Parameter

Data type

Description

code

string

Error ID.

message

string

Error description.

meta

string

Additional information, if available.

Error examples:

Incorrect task_id parameter:

{"code":6,"message":"task not found"}

Incorrect task_id parameter format:

{"code":29,"message":"bad task id"}

401 Unauthorized

Failed to obtain information about dropped files due to incorrect user credentials.

404 Not Found

Task with specified ID not found.

500 Internal Server Error

Failed to obtain information about dropped files due to an internal server error.

Page top