Skip to main content
Version: Spectra Analyze 9.2.2

Reanalyze Local Samples API V1

Reanalyze a single sample with Spectra Core and Spectra Intelligence

POST /api/samples/{hash_value}/analyze/

Schedule a single sample that already exists on the Spectra Analyze (previously uploaded) to be analyzed again.

The analysis parameter is required and supports the following values:

  • cloud - schedules the sample to be sent to Spectra Intelligence for reanalysis
  • core - schedules the sample to be reanalyzed with Spectra Core

At least one analysis value must be specified in the request.

Request Format

Request Parameters

NAMEREQUIREDDESCRIPTIONTYPE
analysisRequiredTypes of analysis that the requested sample should be queued for. At least one value must be provided in the request. If providing multiple values, they should be comma-separated. Supported values: cloud, core, where cloud refers to Spectra Intelligence analysis and requires that the appliance is connected to Spectra Intelligence, and core refers to Spectra Core static analysis.form, string
hash_valueRequiredHash of the sample that should be reanalyzed. Only one hash can be submitted in one request. Supported hash types: SHA1, SHA256, SHA512, MD5path, string

Request Examples

cURL

# Add --insecure before the URL if you are using a self-signed SSL certificate
curl -X POST 'https://appliance.example.com/api/samples/988881adc9fc3655077dc2d4d757d480b5ea0e11/analyze/' \
--header 'Authorization: Token exampletoken' \
--form 'analysis=cloud,core'

Python

import requests

# Change the values of hash_value and token
hash_value = "examplehash"
token = "exampletoken"

# Change the hostname in the URL
url = f"https://appliance.example.com/api/samples/{hash_value}/analyze/"


headers = {
'Authorization': f'Token {token}'
}
json = {"analysis": "cloud,core"}

# Add verify=False in the request if you are using a self-signed SSL certificate
response = requests.post(url, headers=headers, json=json)
print(response.text)

Response Format

Response Examples

note

The top-level “code” and “message” values in the response are deprecated and are returned only for compatibility reasons. The “code” and “message” from the “analysis” section contain relevant information, and should be referred to instead.

{
"code": 201,
"message": "Sample is queued for analysis.",
"analysis": [
{
"name": "cloud",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "core",
"code": 201,
"message": "Sample is sent to core analysis."
}
],
"detail": {
"sha1": "988881adc9fc3655077dc2d4d757d480b5ea0e11",
"sha256": "aec070645fe53ee3b3763059376134f...", #shortened for clarity
"sha512": "0b8754b06ca408c09e8672bce675f...", #shortened for clarity
"md5": "14758f1afd44c09b7992073ccf00b43d"
}
}

Response Fields

FIELD NAMETYPE
codeinteger
messagestring
analysisobject
detailobject
FIELD NAMEDESCRIPTIONTYPE
sha1string
sha256string
sha512string
md5string

Response Status Codes

CODEDESCRIPTION
200Sample is already queued for analysis.
201Sample is queued for analysis. / Sample is queued for core analysis.
400Validation error. Value is not valid sha1, sha256, sha512 or md5 hash value.
404Sample is not found on the appliance.
405Reanalysis not allowed for extracted samples.
405Not allowed for this type of appliance.

Reanalyze multiple samples with Spectra Core and Spectra Intelligence

POST /api/samples/analyze_bulk/

Schedule a set of samples that already exist on the Spectra Analyze appliance (previously uploaded) to be analyzed again.

The analysis parameter is required. It supports the following values:

  • cloud - sends the samples to Spectra Intelligence for reanalysis
  • core - reanalyzes the samples with Spectra Core. When this option is provided in the request, it also triggers dynamic analysis processing if any of the supported dynamic analysis services is connected and configured on the appliance, and if the sample filetype matches the filetypes configured for any of those services. For more information about supported filetypes, see the Dynamic Analysis section.

At least one analysis value must be specified in the request.

Request Format

Request Parameters

NAMEREQUIREDDESCRIPTIONTYPE
analysisRequiredTypes of analysis that the requested sample(s) should be queued for. At least one value must be provided in the request. If providing multiple values, they should be comma-separated. Supported values: cloud, core, where cloud refers to Spectra Intelligence analysis and requires that the Spectra Analyze is connected to Spectra Intelligence, and core refers to Spectra Core static analysis.application/json
hash_valueRequiredHash of the sample(s) that should be reanalyzed. At least one hash must be provided in the request. All hashes in a request must be of the same type. Supported hash types: SHA1, SHA256, SHA512, MD5application/json

Request Examples

cURL

# Add --insecure before the URL if you are using a self-signed SSL certificate
curl -X POST 'https://appliance.example.com/api/samples/analyze_bulk/' \
--header 'Authorization: Token exampletoken' \
--header 'Content-Type: application/json' \
--data '{"hash_value":["0000014db72d1427c8b34ba152476a9bfdb27844", "f51ef127e79bf2f59dc82cf993f8315967e4bbfe"], "analysis": "core,cloud"}'

Python

import requests

# Change the token
token = "exampletoken"
# Change the hostname in the URL
url = "https://appliance.example.com/api/samples/analyze_bulk/"

headers = {'Authorization': f'Token {token}'}

# Change the hashes
json = {
"hash_value": ["0000014db72d1427c8b34ba152476a9bfdb27844", "f51ef127e79bf2f59dc82cf993f8315967e4bbfe"],
"analysis": "cloud,core"
}

# Add verify=False in the request if you are using a self-signed SSL certificate
response = requests.post(url, headers=headers, json=json)
print(response.text)

Response Format

Response Examples

note

The top-level “code” and “message” values in the response are deprecated and are returned only for compatibility reasons. The “code” and “message” from the “analysis” section contain relevant information, and should be referred to instead.

{
"results": [
{
"code": 201,
"message": "Sample is queued for analysis.",
"analysis": [
{
"name": "cloud",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "core",
"code": 201,
"message": "Sample is sent to core analysis."
}
],
"detail": {
"sha1": "988881adc9fc3655077dc2d4d757d480b5ea0e11",
"sha256": "aec070645fe53ee3b37630593 (...)", #shortened for clarity
"sha512": "0b8754b06ca408c09e8672bce675f (...)", #shortened for clarity
"md5": "14758f1afd44c09b7992073ccf00b43d"
}
},
{
"code": 200,
"message": "Sample is already queued for analysis.",
"analysis": [
{
"name": "cloud",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "core",
"code": 201,
"message": "Sample is sent to core analysis."
}
],
"detail": {
"sha1": "f1d2d2f924e986ac86fdf7b36c94bcdf32beec15",
"sha256": "b5bb9d8014a0f9b1d61e21e796d (...)", #shortened for clarity
"sha512": "1b8754b06ca408c09e8672bce (...)", #shortened for clarity
"md5": "d3b07384d113edec49eaa6238ad5ff00"
}
}
]
}

Response Fields

FIELD NAMETYPE
codeinteger
messagestring
analysisobject
detailobject
FIELD NAMETYPE
sha1string
sha256string
sha512string
md5string
imphash (PE files only)string

Response Status Codes

CODEDESCRIPTION
200Sample is already queued for analysis.
201Sample is queued for analysis. / Sample is queued for core analysis.
400Validation error. Value is not valid sha1, sha256, sha512 or md5 hash value.
405Reanalysis not allowed for extracted samples. / Not allowed for this type of appliance.