Working with Kaspersky Research Sandbox API

This section explains how to use the Kaspersky Research Sandbox API. You can execute an object or browse web addresses, and view results using Kaspersky Research Sandbox API.

API location

You can access Kaspersky Research Sandbox API at the following location:

https://<server name>/api/v1/sandbox/

Here, <server name> is the host name or IP address of the computer on which Kaspersky Research Sandbox is installed.

To work with Kaspersky Research Sandbox API:

1. In the Authorization field of the HEADER section, specify the user name and password that you received from your Kaspersky Research Sandbox administrator.
2. Specify the Basic authentication scheme.
3. Specify the required HTTP method.
4. Run your query using one of the endpoints described in this section.

If you use an unsigned certificate to work with the Kaspersky Research Sandbox API, use -k / --insecure options to allow insecure server connections when using SSL.

If you receive an error (60) SSL certificate problem: unable to get local issuer certificate, do the following:

1. Download the latest cacert.pem file from https://curl.haxx.se/ca/cacert.pem website.
2. Add the downloaded certificate file to the cURL using the following option:

   --cacert [certificate file name]

API documentation

The full API documentation (Swagger UI) is available at:

https://<server name>/api

Here, <server name> is the host name or IP address of the computer on which Kaspersky Research Sandbox is installed.

Also, the open API specification is available in the following formats:

• YAML file at /api/v1/swagger.yaml
• JSON file at /api/v1/swagger.json

In this section Obtaining execution environments list Obtaining channels list Creating Sandbox tasks Obtaining Sandbox tasks list Obtaining Sandbox task parameters Repeating Sandbox task Deleting Sandbox task Obtaining Sandbox task results Obtaining container contents Obtaining information about container contents Obtaining bundle images Obtaining information about bundle images Obtaining dropped files Obtaining information about dropped files Obtaining downloaded files Obtaining information about downloaded files Obtaining dump files Obtaining information about dump files Obtaining traffic files Obtaining traffic information Obtaining screenshots Obtaining execution map Obtaining template for suspicious activities descriptions Obtaining suspicious activities list Obtaining MITRE ATT&CK classification Obtaining the YARA file Uploading YARA file Obtaining the Suricata file Uploading Suricata file Obtaining custom Suricata rule alerts Obtaining a custom image manifest file Uploading symbol files Obtaining system health status Obtaining system configuration Obtaining audit information Obtaining a debug report

Page top