Reanalyze Local Samples API V2
Reanalyze multiple samples with selected services
POST /api/samples/v2/analyze_bulk/
Submit a set of samples that already exist on the Spectra Analyze appliance (previously uploaded) to be analyzed again with one or more supported services.
Unlike the “Reanalyze a set of samples with Spectra Core and Spectra Intelligence” endpoint, this one allows reanalyzing samples on each service independently, and provides more control over which service(s) should be used.
The analysis parameter is required, and it accepts one or more of the following values:
- rl_auxiliary_analysis - reanalyze samples with the RL Auxiliary Analysis service
- core - reanalyze samples with the Spectra Core static analysis engine
- cloud - reanalyze samples with AV engines in the Spectra Intelligence cloud
- cape - reanalyze samples with the CAPE dynamic analysis service
- cisco_secure_malware_analytics - reanalyze samples with the Cisco Secure Malware Analytics dynamic analysis service
- cuckoo - reanalyze samples with the Cuckoo Sandbox dynamic analysis service
- fireeye - reanalyze samples with the FireEye dynamic analysis service
- joe - reanalyze samples with the Joe Sandbox dynamic analysis service
- rl_cloud_sandbox - reanalyze samples with the ReversingLabs Cloud Sandbox
- vmray_tcbase - reanalyze samples with the VMRay dynamic analysis service
note
Dynamic analysis services must be enabled and properly configured on the appliance in order to submit files for reanalysis via this endpoint. Dynamic analysis services have their own maximum size limits. Consult the Dynamic Analysis section for more details.
Request Format
Request Parameters
| NAME | REQUIRED | DESCRIPTION | TYPE |
|---|---|---|---|
| analysis | Required | Types of analysis that the requested sample(s) should be queued for. At least one value must be provided in the request. If providing multiple values, they should be comma-separated. Supported values:rl_auxiliary_analysis``cloud``core``cape``cisco_secure_malware_analytics``cuckoo``fireeye``joe``rl_dynamic_analysis``vmray_tcbase | form, string |
| hash_value | Required | Hash of the sample(s) that should be reanalyzed. At least one hash must be provided in the request. The sample(s) must be present on the Spectra Analyze appliance to be submitted for reanalysis. Different hash types can be used in a request. Supported hash types: SHA1, SHA256, SHA512, MD5 | form, array |
| rl_cloud_sandbox_platform | Optional | The platform to be used when executing the sample on the ReversingLabs Cloud Sandbox. Supported values:windows7``windows10``windows11``macos_11``ubuntu_20 | form, string |
Request Examples
cURL
# Add --insecure before the URL if you are using a self-signed SSL certificate
curl -X POST 'https://appliance.example.com/api/samples/v2/analyze_bulk/' \
--header 'Authorization: Token exampletoken' \
--header 'Content-Type: application/json' \
--data '{"hash_value":["0000014db72d1427c8b34ba152476a9bfdb27844", "f51ef127e79bf2f59dc82cf993f8315967e4bbfe"], "analysis": "core,cloud,fireeye,joe,cuckoo,rl_cloud_sandbox,cape,vmray", "rl_cloud_sandbox_platform": "windows10"}'
Python
import requests
# Change the token
token = "exampletoken"
# Change the hostname in the URL
url = "https://appliance.example.com/api/samples/v2/analyze_bulk/"
headers = {'Authorization': f'Token {token}'}
json={"hash_value": ["0000014db72d1427c8b34ba152476a9bfdb27844", "f51ef127e79bf2f59dc82cf993f8315967e4bbfe"], "analysis": "core,cloud,fireeye,joe,cuckoo,rl_cloud_sandbox,vmray"} # Change the hashes
# Add verify=False in the request if you are using a self-signed SSL certificate
response = requests.post(url, headers=headers, json=json)
print(response.text)
Response Format
Response Examples
{
"results": [
{
"analysis": [
{
"name": "cloud",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "core",
"code": 201,
"message": "Sample is queued for core analysis."
},
{
"name": "rl_cloud_sandbox",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "cuckoo",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "fireeye",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "joe",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "cape",
"code": 201,
"message": "Sample is queued for analysis."
}
],
"detail": {
"sha1": "988881adc9fc3655077dc2d4d757d480b5ea0e11",
"sha256": "aec070645fe53ee3b3763059376134f0 #shortened for clarity,
"sha512": "0b8754b06ca408c09e8672bce675f3d #shortened for clarity,
"md5": "14758f1afd44c09b7992073ccf00b43d"
}
},
{
"analysis": [
{
"name": "cloud",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "core",
"code": 201,
"message": "Sample is sent to core analysis."
},
{
"name": "rl_cloud_sandbox",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "cuckoo",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "fireeye",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "joe",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "cape",
"code": 201,
"message": "Sample is queued for analysis."
}
],
"detail": {
"sha1": "f1d2d2f924e986ac86fdf7b36c94bcdf32beec15",
"sha256": "b5bb9d8014a0f9b1d61e21e796d78dcc #shortened for clarity,
"sha512": "1b8754b06ca408c09e8672bce675f3dd5 #shortened for clarity,
"md5": "d3b07384d113edec49eaa6238ad5ff00"
}
}
]
}
Response Status Codes
| CODE | DESCRIPTION |
|---|---|
| 200 | Sample is already queued for analysis. |
| 201 | Sample is queued for analysis. / Sample is queued for core analysis. |
| 400 | Validation error. Value is not valid sha1, sha256, sha512 or md5 hash value. |
| 405 | Reanalysis not allowed for extracted samples. |
| 405 | Not allowed for this type of appliance. |
| 405 | File oversized. |
| 405 | File type is not supported. |
| 405 | Sandbox integration is not configured. |