Obtaining Sandbox task results

Kaspersky Research Sandbox provides an API to obtain Sandbox task execution results. For information about limitations for abridged reports, see the Abridged (short) reports for files section.

Request

Request method: GET

Endpoint: https://<server name>/api/v1/sandbox/tasks/{task ID}/report

Parameters

Obtaining task execution results parameters

Parameter	Data type	Occurrence	Description
`task_id`	string	Required	Object execution task ID (GUID) you want to obtain results of.
`format`	string	Required	Format of the report. Available values: `json`—Files of the specified task execution results in JSON format as a .zip archive. `single-json`—All execution results in one JSON file. Each JSON object in the response file contains the data of the corresponding file with the results of object execution. `stix`—Files of the specified task execution results in stix format (available only for file execution tasks). `csv`—Files of the specified task execution results in CSV format as a .zip archive. `pcap`—Files of the specified task execution results in PCAP format. `pdf`—Files of the specified task execution results inPDF format. Default value: `json`.
`matrix_format`	string	Optional	Format of the MITRE ATT&CK classification report. Available values: `full`—New extended descriptions (in JSON format) as a .zip archive. `short`—Previous report format. Default value: `full`.

Parameter

Data type

Occurrence

Description

task_id

string

Required

Object execution task ID (GUID) you want to obtain results of.

format

string

Required

Format of the report.

Available values:

json—Files of the specified task execution results in JSON format as a .zip archive.
single-json—All execution results in one JSON file. Each JSON object in the response file contains the data of the corresponding file with the results of object execution.
stix—Files of the specified task execution results in stix format (available only for file execution tasks).
csv—Files of the specified task execution results in CSV format as a .zip archive.
pcap—Files of the specified task execution results in PCAP format.
pdf—Files of the specified task execution results inPDF format.

Default value: json.

matrix_format

string

Optional

Format of the MITRE ATT&CK classification report.

Available values:

full—New extended descriptions (in JSON format) as a .zip archive.
short—Previous report format.

Default value: full.

cURL command sample:

$ curl --user <user name> --request GET 'https://<server name>/api/v1/sandbox/tasks/<task ID>/report'

You will be asked to enter your password. The password is not displayed while you type it.

Responses

Endpoint returns the task execution results in the specified format.

200 OK

Sandbox task results are obtained successfully.

For the detailed description of the file contents, please see Exporting execution results to JSON archive and Exporting execution results to CSV archive sections.

If you request only static analysis results (pre_scan=true), the response contains the following information:

Parameters of the file and its execution
Static analysis results
Detected objects (if any)
Content if the executed object is a container

Please note, in the current Kaspersky Research Sandbox version, the loaded-pe-images.json and loaded-pe-images.csv files have been renamed to loaded-images.json and loaded-image.csv accordingly.

400 Bad Request

Failed to obtain Sandbox task results due to incorrect query.

400 Bad Request response parameters

Parameter	Data type	Description
`code`	string	Error ID.
`message`	string	Error description.
`meta`	string	Additional information, if available.

Error examples:

Incorrect task_id parameter:

{"code":6,"message":"task not found"}

Incorrect task_id parameter format:

{"code":29,"message":"bad task id"}

401 Unauthorized

Failed to obtain Sandbox task results due to incorrect user credentials.

404 Not Found

Task with specified ID not found.

500 Internal Server Error

Failed to obtain Sandbox task results due to an internal server error.

Page top