task_id

string

Required

Object execution task ID (GUID).

cURL command sample:

$ curl --user <user name> --request GET 'https://<server name>/api/v1/sandbox/tasks/<task ID>/trafficreport'

You will be asked to enter your password. The password is not displayed while you type it.

IPSessions

Array containing information about IP sessions registered during file execution.

• source_address—Source IP address.
• dest_address—Destination IP address.
• start_time—Date and time when IP session started in different formats (sec, usec, datetime).
• end_time—Date and time when IP session ended in different formats (sec, usec, datetime).
• data_length—Size of data sent and received during IP session (in bytes).
• packets_count—Number of packets sent and received during IP session.

TCPSessions

Array containing information about TCP sessions registered during file execution.

• source_port—Source port number (0–65536).
• dest_port—Destination port number (0–65536).
• data_length—Size of data sent and received during TCP session (in bytes).
• packets_count—Number of packets sent and received during TCP session.
• packets_syn—Number of SYN packets sent and received during TCP session.
• packets_fin—Number of FIN packets sent and received during the TCP session.
• packets_outoforder—Number of out-of-order packets sent and received during TCP session.
• packets_acks_postloss—Number of lost ACK packets sent and received during TCP session.
• packets_acks_duplicate—Number of duplicated ACK packets sent and received during TCP session.
• window_in_diff—Number of incoming segments (bytes) that can be sent from server to client before an acknowledgment (ACK packet) is received.
• window_out_diff—Number of outgoing segments (bytes) that can be sent from client to server before an acknowledgment (ACK packet) is received.
• source_ip—Source IP address.
• destination_ip—Destination IP address.

UDPSessions

Array containing information about UDP sessions registered during file execution.

• source_port—Source port number (0–65536).
• dest_port—Destination port number (0–65536).
• data_length—Size of data sent and received during UDP session (in bytes).
• packets_count—Number of packets sent and received during UDP session.
• source_ip—Source IP address.
• destination_ip—Destination IP address.

DNSSessions

Array containing information about DNS sessions registered during file execution.

id—DNS message ID.

• flags:
  • qr—Request/response indicator (0—DNS query, 1—DNS response).
  • rcode—DNS response code.
• data_length—Size of data sent and received during DNS session (in bytes).
• packets_count—Number of packets sent and received during DNS session.
• dns_records—Records in the message. For each record, its section, name, and type are displayed. If available, TTL and Data fields are displayed.

HTTPSessions

Array containing information about HTTP requests registered during file execution.

• Zone—Danger zone (level) of a URL in HTTP request.
• Method—The method for sending an HTTP request can be one of the following: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, or PATCH.
• Ip—IP address.
• Url—URL to which the request was registered.
• Header—Standard request header name.
• ResponseStatus—Status of the response.
• ResponseLength—Size of the response to the HTTP request in bytes.
• RequestHeaders—Standard request header names based on the RFC2616 Hypertext Transfer Protocol -- HTTP/1.1. Provided as <name>:<value> pairs and IsDefault indicator.
• ResponseHeaders—Standard response header names based on the RFC2616 Hypertext Transfer Protocol -- HTTP/1.1. Provided as <name>:<value> pairs and IsDefault indicator.
• RequestBody—Body of the request (Md5, Name, Size).
• ResponseBody—Body of the response (Md5, Name, Size).

SSLSessions

Array containing information about SSL sessions registered during file execution.

• version—TLS protocol version.
• cipher—Cryptographic algorithm.
• curve—Curve class.
• server_name—Name of the server.
• subject—Subject name.
• issuer—Issuer name.

SOCKSSessions

Array containing information about SOCKS sessions registered during file execution.

• bound_host—IP address to which the connection was established.
• bound_port—Number of the port to which the connection was established (0–65536).
• request_host—IP address to which the connection request was made via the SOCKS protocol.
• request_port—Number of the port to which a connection request was made via the SOCKS protocol (0–65536).
• version—SOCKS protocol version.

HTTPSSessions

Array containing information about HTTPS requests registered during the file execution.

• Zone—Danger zone (level) of a URL in the HTTPS request.
• Method—The method for sending an HTTPS request can be one of the following: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, or PATCH.
• Ip—IP address.
• Url—URL to which the request was registered.
• Header—Standard request header name.
• ResponseStatus—Status of the response.
• ResponseLength—Size of the response to the HTTPS request in bytes.
• RequestHeaders—Standard request header names based on the RFC2616 Hypertext Transfer Protocol -- HTTP/1.1. Provided as <name>:<value> pairs and IsDefault indicator.
• ResponseHeaders—Standard response header names based on the RFC2616 Hypertext Transfer Protocol -- HTTP/1.1. Provided as <name>:<value> pairs and IsDefault indicator.
• RequestBody—Body of the request (Md5, Name, Size).
• ResponseBody—Body of the response (Md5, Name, Size).

IRCSessions

Array containing information about IRC sessions registered during file execution.

• channel—Name of the channel to send the message to during the IRC session.
• command—Command name.
• nick—User nickname.
• sender—Nickname of the command sender.
• text—Text sent during IRC session.
• user—User name.

POP3Sessions

Array containing information about POP3 sessions registered during file execution.

• messages—Description of the result of the command.
• arguments—Command arguments.
• command—Command result.
• type—Command type.
• text—Message text.

SMBSessions

Array containing information about SMB sessions registered during file execution.

• name—Command name.
• status—Command execution status.
• file—File transferred during command execution.
• version—Protocol version.

SMTPSessions

Array containing information about SMTP sessions registered during file execution.

• files—Attached files.
• from—Name and address of sender.
• mail_from—Address of sender.
• rcpt_to—Names and addresses of receivers.
• subject—Message subject.
• to—Names of receivers.

FTPSessions

Array containing information about FTP sessions registered during file execution.

• argument—Command argument.
• data_channel—Information about data channel:
  • dest_address—FTP server address.
  • dest_port—Port number of the FTP server.
  • source_address—FTP client address.
• file—File that was transferred when the command was executed.
• name—Command name.
• reply_code—Reply code.
• reply_msg—Reply message from a server.

trafficFiles

Array containing information about files extracted form traffic.

• status—Status of the extracted file.
• md5—MD5 hash of the extracted file.
• form—Form of the extracted file.
• threats—Name of the detected object (for example, HEUR:Exploit.Script.Blocker).

code

string

Error ID.

message

string

Error description.

meta

string

Additional information, if available.

Error examples:

Incorrect task_id parameter:

{"code":6,"message":"task not found"}

Incorrect task_id parameter format:

{"code":29,"message":"bad task id"}