Reanalyze Local Samples API V1
Reanalyze a single sample with Spectra Core and Spectra Intelligence
POST /api/samples/{hash_value}/analyze/
Schedule a single sample that already exists on the Spectra Analyze (previously uploaded) to be analyzed again.
The analysis parameter is required and supports the following values:
- cloud - schedules the sample to be sent to Spectra Intelligence for reanalysis
- core - schedules the sample to be reanalyzed with Spectra Core
At least one analysis value must be specified in the request.
Request Format
Request Parameters
| NAME | REQUIRED | DESCRIPTION | TYPE |
|---|---|---|---|
| analysis | Required | Types of analysis that the requested sample should be queued for. At least one value must be provided in the request. If providing multiple values, they should be comma-separated. Supported values: cloud, core, where cloud refers to Spectra Intelligence analysis and requires that the appliance is connected to Spectra Intelligence, and core refers to Spectra Core static analysis. | form, string |
| hash_value | Required | Hash of the sample that should be reanalyzed. Only one hash can be submitted in one request. Supported hash types: SHA1, SHA256, SHA512, MD5 | path, string |
Request Examples
cURL
# Add --insecure before the URL if you are using a self-signed SSL certificate
curl -X POST 'https://appliance.example.com/api/samples/988881adc9fc3655077dc2d4d757d480b5ea0e11/analyze/' \
--header 'Authorization: Token exampletoken' \
--form 'analysis=cloud,core'
Python
import requests
# Change the values of hash_value and token
hash_value = "examplehash"
token = "exampletoken"
# Change the hostname in the URL
url = f"https://appliance.example.com/api/samples/{hash_value}/analyze/"
headers = {
'Authorization': f'Token {token}'
}
json = {"analysis": "cloud,core"}
# Add verify=False in the request if you are using a self-signed SSL certificate
response = requests.post(url, headers=headers, json=json)
print(response.text)
Response Format
Response Examples
note
The top-level “code” and “message” values in the response are deprecated and are returned only for compatibility reasons. The “code” and “message” from the “analysis” section contain relevant information, and should be referred to instead.
{
"code": 201,
"message": "Sample is queued for analysis.",
"analysis": [
{
"name": "cloud",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "core",
"code": 201,
"message": "Sample is sent to core analysis."
}
],
"detail": {
"sha1": "988881adc9fc3655077dc2d4d757d480b5ea0e11",
"sha256": "aec070645fe53ee3b3763059376134f...", #shortened for clarity
"sha512": "0b8754b06ca408c09e8672bce675f...", #shortened for clarity
"md5": "14758f1afd44c09b7992073ccf00b43d"
}
}
Response Fields
| FIELD NAME | TYPE |
|---|---|
| code | integer |
| message | string |
| analysis | object |
| detail | object |
| FIELD NAME | DESCRIPTION | TYPE |
|---|---|---|
| sha1 | string | |
| sha256 | string | |
| sha512 | string | |
| md5 | string |
Response Status Codes
| CODE | DESCRIPTION |
|---|---|
| 200 | Sample is already queued for analysis. |
| 201 | Sample is queued for analysis. / Sample is queued for core analysis. |
| 400 | Validation error. Value is not valid sha1, sha256, sha512 or md5 hash value. |
| 404 | Sample is not found on the appliance. |
| 405 | Reanalysis not allowed for extracted samples. |
| 405 | Not allowed for this type of appliance. |
Reanalyze multiple samples with Spectra Core and Spectra Intelligence
POST /api/samples/analyze_bulk/
Schedule a set of samples that already exist on the Spectra Analyze appliance (previously uploaded) to be analyzed again.
The analysis parameter is required. It supports the following values:
- cloud - sends the samples to Spectra Intelligence for reanalysis
- core - reanalyzes the samples with Spectra Core. When this option is provided in the request, it also triggers dynamic analysis processing if any of the supported dynamic analysis services is connected and configured on the appliance, and if the sample filetype matches the filetypes configured for any of those services. For more information about supported filetypes, see the Dynamic Analysis section.
At least one analysis value must be specified in the request.
Request Format
Request Parameters
| NAME | REQUIRED | DESCRIPTION | TYPE |
|---|---|---|---|
| analysis | Required | Types of analysis that the requested sample(s) should be queued for. At least one value must be provided in the request. If providing multiple values, they should be comma-separated. Supported values: cloud, core, where cloud refers to Spectra Intelligence analysis and requires that the Spectra Analyze is connected to Spectra Intelligence, and core refers to Spectra Core static analysis. | application/json |
| hash_value | Required | Hash of the sample(s) that should be reanalyzed. At least one hash must be provided in the request. All hashes in a request must be of the same type. Supported hash types: SHA1, SHA256, SHA512, MD5 | application/json |
Request Examples
cURL
# Add --insecure before the URL if you are using a self-signed SSL certificate
curl -X POST 'https://appliance.example.com/api/samples/analyze_bulk/' \
--header 'Authorization: Token exampletoken' \
--header 'Content-Type: application/json' \
--data '{"hash_value":["0000014db72d1427c8b34ba152476a9bfdb27844", "f51ef127e79bf2f59dc82cf993f8315967e4bbfe"], "analysis": "core,cloud"}'
Python
import requests
# Change the token
token = "exampletoken"
# Change the hostname in the URL
url = "https://appliance.example.com/api/samples/analyze_bulk/"
headers = {'Authorization': f'Token {token}'}
# Change the hashes
json = {
"hash_value": ["0000014db72d1427c8b34ba152476a9bfdb27844", "f51ef127e79bf2f59dc82cf993f8315967e4bbfe"],
"analysis": "cloud,core"
}
# Add verify=False in the request if you are using a self-signed SSL certificate
response = requests.post(url, headers=headers, json=json)
print(response.text)
Response Format
Response Examples
note
The top-level “code” and “message” values in the response are deprecated and are returned only for compatibility reasons. The “code” and “message” from the “analysis” section contain relevant information, and should be referred to instead.
{
"results": [
{
"code": 201,
"message": "Sample is queued for analysis.",
"analysis": [
{
"name": "cloud",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "core",
"code": 201,
"message": "Sample is sent to core analysis."
}
],
"detail": {
"sha1": "988881adc9fc3655077dc2d4d757d480b5ea0e11",
"sha256": "aec070645fe53ee3b37630593 (...)", #shortened for clarity
"sha512": "0b8754b06ca408c09e8672bce675f (...)", #shortened for clarity
"md5": "14758f1afd44c09b7992073ccf00b43d"
}
},
{
"code": 200,
"message": "Sample is already queued for analysis.",
"analysis": [
{
"name": "cloud",
"code": 201,
"message": "Sample is queued for analysis."
},
{
"name": "core",
"code": 201,
"message": "Sample is sent to core analysis."
}
],
"detail": {
"sha1": "f1d2d2f924e986ac86fdf7b36c94bcdf32beec15",
"sha256": "b5bb9d8014a0f9b1d61e21e796d (...)", #shortened for clarity
"sha512": "1b8754b06ca408c09e8672bce (...)", #shortened for clarity
"md5": "d3b07384d113edec49eaa6238ad5ff00"
}
}
]
}
Response Fields
| FIELD NAME | TYPE |
|---|---|
| code | integer |
| message | string |
| analysis | object |
| detail | object |
| FIELD NAME | TYPE |
|---|---|
| sha1 | string |
| sha256 | string |
| sha512 | string |
| md5 | string |
| imphash (PE files only) | string |
Response Status Codes
| CODE | DESCRIPTION |
|---|---|
| 200 | Sample is already queued for analysis. |
| 201 | Sample is queued for analysis. / Sample is queued for core analysis. |
| 400 | Validation error. Value is not valid sha1, sha256, sha512 or md5 hash value. |
| 405 | Reanalysis not allowed for extracted samples. / Not allowed for this type of appliance. |