Uploading Suricata file

Kaspersky Research Sandbox provides an API to upload the Suricata rule file for the specified task.

The recommended file size is 5 MB. If the Suricata rule file size exceeds 16 MB, we recommend that you split it into several files (up to 5 MB in size). Upload these files to the task sequentially, saving the results of the previous run using the custom-suricata-alerts method.

The specified task may have already been completed. In this case, upon successful uploading or replacement of the Suricata file, object scanning begins automatically.

Request

Request method: POST

Endpoint: https://<server name>/api/v1/sandbox/tasks/<task ID>/suricata?file_name=<Suricata file name>

Parameters

Uploading the Suricata file parameters

Parameter

Data type

Occurrence

Description

task_id

string

Required

Object execution task ID (GUID).

file_name

string

Required

Suricata file name.

cURL command sample:

$ curl --http1.1 --user <user name> --request POST --header "Content-Type:application/octet-stream" --data-binary '@<path to file>' 'https://<server name>/api/v1/sandbox/tasks/<task ID>/suricata?file_name=<Suricata file name>'

You will be asked to enter your password. The password is not displayed while you type it.

Responses

Endpoint uploads the Suricata file.

200 OK

Suricata file uploaded successfully.

400 Bad Request

Failed to upload the Suricata file.

400 Bad Request response parameters

Parameter

Data type

Description

code

string

Error ID.

message

string

Description of the error.

meta

string

Additional information, if available.

Error examples:

Incorrect task_id parameter:

{"code":6,"message":"task not found"}

Incorrect task_id parameter format:

{"code":29,"message":"bad task id"}

Incorrect file_name parameter:

{"code":68,"message":"filename malformed"}

Invalid file was uploaded:

{"code":81,"message":"Invalid rule","meta":"Invalid rule at line 1"}

401 Unauthorized

Failed to upload the Suricata file due to incorrect user credentials.

412 Precondition Failed

Failed to upload the Suricata file as the task is still in progress. Wait for the task to complete and try again later.

500 Internal Server Error

Failed to upload the Suricata file due to an internal server error.

Page top