Skip to main content
Version: Spectra Analyze 9.5.0

Submissions API

Submitting a File

POST /api/submit/file/

This endpoint allows users to submit a single file to the appliance for analysis using static and (optionally) dynamic services. Only one file can be submitted per request.

Request parameters

NAMEREQUIREDTYPEDESCRIPTION
fileYesfile (binary)The file to be uploaded for analysis. Only one file is allowed per request.
filenameNostringCustom filename to assign. If omitted, the SHA1 or original filename is used.
tagsNostring (CSV)Comma-separated user tags (case-sensitive). Spaces and underscores are distinct.
commentNostring (HTML)Visible in the UI. Supports: <p>, <br>, <a>, <strong>, <b>, <em>, <i>.
archive_passwordNostringPassword for ZIP file. Archive must contain exactly one file. Only the extracted file is analyzed.
analysisNoobject (JSON)Optional dictionary that defines which analyses are triggered. If omitted, automatic rules from Administration > Integrations apply.
metadataNoobject (JSON)Optional metadata about file origin, connector, or source.

analysis dictionary structure

{
"rl_dynamic_analysis": {
"platform": "windows11",
"geolocation": "us",
"locale": "en-US"
},
"rl_auxiliary_analysis": true,
"cloud": true,
"cape": true,
"cuckoo": false,
"vmray_tcbase": true,
"cisco_secure_malware_analytics": {
"profile": "default"
},
"fireeye": {
"profile": "some_profile"
},
"joe": {
"profile": "linux"
}
}

All fields are optional. Profiles are defined in Administration → Integrations → Profiles. If omitted or empty, automatic profile selection is applied. To exclude a service, omit it.

Supported values

  • platform: windows7, windows10, windows11, macos_11, linux
  • geolocation: us, uk, in, br, de, jp, sg, it, es, fr, tor
  • locale: en-US, en-GB, pt-BR, de-DE, ja-JP, it-IT, es-ES, fr-FR

Response format

{
"code": 201,
"message": "Done.",
"detail": {
"id": 1,
"sha1": "0000000000000000000000000000000000000000",
"user": 1,
"created": "2020-20-20T20:20:20.000000Z",
"filename": "some_archive.zip"
}
}

Response fields

FIELD NAMEDESCRIPTION
codeStatus response code (e.g., 201).
messageDescriptive response message.
detailObject with metadata about the submission.

detail fields:

FIELD NAMEDESCRIPTION
idSubmission task ID.
sha1SHA1 hash of the uploaded or extracted file.
userInternal user ID of the submitter.
createdUTC timestamp of submission creation.
filenameFinal name assigned to the file.

Submitting a URL

POST /api/submit/url/

This endpoint allows users to submit a single URL for crawling and analysis. The downloaded content is analyzed as a ZIP archive.

Request parameters

NAMEREQUIREDTYPEDESCRIPTION
urlYesstringThe URL to be crawled and analyzed. Must use HTTP or HTTPS.
crawlerNostringDefines crawler behavior: local (private) or cloud (Spectra Intelligence). Defaults to local.
analysisNoobject (JSON)Optional dictionary to trigger specific analyses. See file endpoint for structure.

analysis dictionary structure

{
"rl_dynamic_analysis": {
"platform": "windows11",
"geolocation": "us",
"locale": "en-US"
},
"rl_auxiliary_analysis": true,
"cloud": true,
"cape": true,
"cuckoo": false,
"vmray_tcbase": true,
"cisco_secure_malware_analytics": {
"profile": "default"
},
"fireeye": {
"profile": "some_profile"
},
"joe": {
"profile": "linux"
}
}

All fields are optional. Profiles are defined in Administration → Integrations → Profiles. If omitted or empty, automatic profile selection is applied. To exclude a service, omit it.

Supported values

  • platform: windows7, windows10, windows11, macos_11, linux
  • geolocation: us, uk, in, br, de, jp, sg, it, es, fr, tor
  • locale: en-US, en-GB, pt-BR, de-DE, ja-JP, it-IT, es-ES, fr-FR
note

If rl_dynamic_analysis is specified in analysis, the URL is also sent to Network Analysis, and the downloaded archive is sent to static and dynamic file analysis.

Response format

{
"code": 201,
"message": "Done.",
"detail": {
"id": 1,
"sha1": "0000000000000000000000000000000000000000",
"user": 1,
"created": "2020-20-20T20:20:20.000000Z",
"filename": "some_archive.zip"
}
}

Response fields

FIELD NAMEDESCRIPTION
codeStatus response code.
messageInformative message.
detailObject with submission metadata.

detail fields:

FIELD NAMEDESCRIPTION
idSubmission ID.
sha1SHA1 hash of the downloaded archive.
userSubmitter's internal user ID.
createdUTC timestamp of submission.
filenameName of the archive.

Response Status Codes

CODEDESCRIPTION
201Submission accepted and queued for analysis.
400Bad request. Validation error or missing/invalid parameters.
403Authentication failed or token missing.
405Appliance is in maintenance mode. Uploads disabled.
413File or download exceeds configured size limits.
429Too many submissions. Resource limits (RAM, queue, quota) exceeded.
503Appliance disk usage too high. Uploads temporarily blocked.