Usage API
The usage API is the main interface for interacting with the file analysis engine.
With this API, users can submit files for analysis, check the status of file processing tasks, retrieve analysis reports when file processing is complete, and delete file processing tasks.
Worker API Authorization
The Worker can be configured to require an authorization token to be present in every API request. The authorization token is a string of alphanumeric characters, between 30 and 60 characters in length. There are several different tokens, depending on the accessed endpoint.
The authorization token should be provided in the HTTP Authorization
header. The value of this field must be in this format:
Token exampletoken
where exampletoken
should be replaced with the user's own authorization token string.
If the Worker is configured not to require an authorization token, the Authorization
header field will be ignored.
curl https://tiscale-worker01/api/tiscale/v1/task/42 -H 'Authorization: Token exampletoken'
API Request Format
The base URL for the Spectra Detect API is in the following format:
https://{server}/api/tiscale/v1
API Response Status Codes
Code | Name | Description |
---|---|---|
200 | OK | The request has succeeded. |
400 | Bad Request | The request could not be understood by the server due to malformed syntax or missing parameters. |
401 | Unauthorized | The request requires authorization from the user. |
403 | Forbidden | Authorization has been provided in the request, but it is not valid. |
404 | Not Found | The server has not found anything matching the Request-URI. |
500 | Internal Server Error | The server encountered an unexpected condition which prevented it from fulfilling the request. |
503 | Service Unavailable | The server is currently unable to handle the request due to a temporary overloading or maintenance of the server. In case the Spectra Intelligence upload limit quota was exceeded, the response will contain the "Paused - TiCloud quota exceeded" error message. To continue analyzing files, users can temporarily disable Spectra Intelligence, wait until the daily quota renews, or contact ReversingLabs support to increase their daily upload limit. When using the Quotas API endpoints on a Worker instance without a configured Spectra Intelligence account, the response code will be 503, and the error message "TiCloud is not configured." |
License appliances
Return License Information
Returns the current status and detailed licensing information for the appliance. If there is no machine ID, it will be generated, and the response will contain information associated with this newly generated machine ID.
Request
GET /api/license/v1/
curl https://tiscale-worker-01/api/license/v1/ -H 'Authorization: Token exampletoken'
Response
{
"product" : "string", // always "tiscale-worker"
"machineId": "string", // ID of the appliance
"version": 1, // version of the license file
"serialNumber": "string", // serial number of the license file applied to the Worker
"licenseType": "string", // can either be to WILDCARD or REGULAR
"company": "string", // company name that the license file is provided for
"expiryDate": "string", // date when the license will expire (YYYY-MM-DDTHH:mm:ssZ)
"creationDate": "string", // starting date of the license
"status": "string" // licensing status
}
Description of fields:
- licenseType can either be equal to
WILDCARD
orREGULAR
:WILDCARD
licenses are independent of the machine ID and can last for a maximum of 45 days; trial licenses belong to this categoryREGULAR
licenses depend on the machine ID and have a custom duration
- company is the company name that the license file is provided for; it will be equal to the Spectra Intelligence username in case the cloud is used for licensing
- status can be one of the following:
VALID
ONLINE
INVALID
EXPIRED
NO_LICENSE
NO_MACHINE_ID
Return License Status
Returns the current licensing status of the appliance.
Request
GET /api/license/v1/status/
curl https://tiscale-worker-01/api/license/v1/status/ -H 'Authorization: Token exampletoken'
Response
{
"status": "string"
}
Status can be one of the following:
VALID
ONLINE
INVALID
EXPIRED
NO_LICENSE
NO_MACHINE_ID
Generate Machine ID
Creates a new machine ID.
Request
POST http(s)://{server}/api/license/v1/machine-id/generate
The request body is empty.
curl -X POST https://tiscale-worker-01/api/license/v1/machine-id/generate -H 'Authorization: Token exampletoken'
Response
-
200 OK
{ "machineId": "string" }
-
500 Internal Server Error
{ "message": "string" }
Upload License File
Uploads a license file to the appliance. Not required for licenses configured using Spectra Intelligence.
Request
PUT /api/license/v1/upload
Content type: multipart/form-data
Example:
curl -X PUT https://tiscale-worker-01/api/license/v1/upload -H 'Authorization: Token exampletoken' -F 'file=@example_license_file'
Response
{
"message": "string"
}
The message
will differ depending on the response code:
- 201: "License is applied"
- 200: "License is already applied"
- 400: returns an error message
Upload a file for processing
Direct upload
POST /api/tiscale/v1/upload
Upload from URL
POST /api/tiscale/v1/submit-url
Description
Sends a file to the Worker or Hub. The API response includes a link to the processing task.
If the request is sent to a Hub with one or more connected Workers, the file(s) will be forwarded to the connected Workers using the round-robin scheduling algorithm, and the API response will include a link to the file processing task on the Worker. Analysis reports cannot be obtained from a Hub. To get the analysis report for each submitted file, users should send a request directly to the Worker using the link to the processing task returned in the API response. See Get information about a processing task for more information.
If you are uploading a file directly, use the file
parameter and set the request payload type to multipart/form-data
. Else, if you are uploading a file via a URL, use the url
parameter and set the request payload type to application/json
.
Workers can be configured to require an authorization token in every API request. In that case, the Authorization
header with a token must be included in the request. Users can provide an optional X-TiScale-Token
header with a string that can be used to filter file processing tasks.
Users can also submit optional fields in the file upload request:
-
user_data
type: string | format: JSON
This parameter can be used to store metadata in the analysis reports sent to Splunk, or to enable additional report-related options. The report doesn't include the contents of
user_data
. -
custom_data
type: string | format: JSON
This parameter can be used to append any additional information about a file to its analysis report. This allows users to filter, reference, or distinguish samples and their analysis reports more easily. The value provided in the parameter is saved and returned in all reports on the Worker appliance - in the Worker API response and the Callback response, in reports sent to Splunk, and in the reports saved to AWS S3 (if enabled).
Note that it is not included in reports when the file has not been processed yet. If an
integrity_check_hash
field is included in thecustom_data
field, an integrity check of the uploaded file is triggered on the Worker. If the SHA1 hash of the uploaded sample doesn’t match theintegrity_check_hash
field sent by the client, the sample will be discarded with the following error message: "ERROR: Upload: failed to accept upload integrity check failed, calculated hash XX differs from the one passed in custom data YY." This field is optional and is implemented in the S3 connector.If the structure of
custom_data
isn't valid JSON, it will not be included in the report.
To get the analysis report for each submitted file, users should send a request to the Get information about a processing task endpoint.
Data retention
All processed files are deleted immediately after processing. The reports are retained on the Workers for up to 90 minutes (default value), configurable by the "Task Age Limit" setting in the Hub Configuration Group under Worker Configuration - Cleanup.
If a file is queued but not processed within the time configured by the "Unprocessed Task Limit", the processing task will be canceled, and the file will be deleted. However, the record of the unsuccessful task will still be present in the database for 1440 minutes (24 hours) before being deleted, as configured by the "File Age Limit" setting.
Request format
Request parameters
Parameter Name | Description | Required |
---|---|---|
file | Path to the file that should be uploaded to the Worker for processing. Mutually exclusive with the url parameter. Used for the upload endpoint. | Required |
url | URL to the file that should be uploaded to the Worker for processing. Mutually exclusive with the file parameter. Used for the submit-url endpoint. | Required |
custom_data | Accepts any user-defined data as a JSON-encoded payload. This data is included in all file analysis reports (Worker API, Callback, AWS S3 and Splunk, if enabled) in its original, unchanged form. The custom_data field will not be returned in the taskinfo endpoint response if the file has not been processed yet. | Optional |
user_data | Additional JSON-encoded payload can be supplied in a request in the user_data field. Portions of that data will be used in parts of the processing pipeline. The contents of user_data are not returned in the analysis report, except the network object in reports sent to Splunk (if configured). Supported objects are network , callback | Optional |
hash | Optional parameter used for integrity verification of the downloaded file. The supported hash values are: MD5 , SHA1 , SHA256 , or SHA512 . The proper algorithm is determined automatically based on the hash length: MD5 (16 bytes), SHA1 (20 bytes), SHA256 (32 bytes), SHA512 (64 bytes). | Optional |
custom_header_authorization | Specifies a custom authorization header to be included in the HTTP request. Provide the header name and its corresponding value in the custom_header_authorization field. For example, to include an authorization token in the Custom-Token header, use "custom_authorization_header": {"Custom-Token": "token_value"} . If not provided, no custom header is added to the HTTP request. | Optional |
user_data.network
Optional network-related metadata can be supplied in the file upload request. If the Worker is configured to integrate with Splunk, this network metadata will also be sent to Splunk.
{
"network": {
"src_ip": "10.1.10.42",
"src_port": 10621,
"dst_ip": "10.1.10.212",
"dst_port": 8080
}
}
user_data.callback
If the Callback feature is enabled and configured on the Worker instance, file analysis reports will be automatically sent to the configured Callback server. By default, only the medium (summary) report is sent to the Callback server.
However, users can include an optional callback
JSON object in the user_data
field of the file upload request to have an extended analysis report delivered to the Callback server. The prerequisite is that the Callback feature is enabled on the Worker instance.
{
"callback": {
"report_type": "large",
"view": "flat",
"url": "example.com:8080"
}
}
By default, the report returned by the Worker is a medium (summary) report. Setting it to large
will return the full report, whereas small
and medium
are default options that filter out certain fields.
The view
parameter can be used to apply a custom view to the report. For example, to enable sending an extended analysis report for the submitted file to the Callback server, provide the view
parameter with the extended
value.
The url
parameter specifies to which URL the report will be sent. If this is not specified, the report is sent to the default URL configured.
If there is no callback
object in the file upload request, the Worker uses preconfigured values.
Request examples
curl -X POST https://tiscale-worker-01/api/tiscale/v1/upload -H 'Authorization: Token exampletoken' -F file=@Classification.pdf -F 'user_data={"callback" : {"view" : "flat", "report_type" : "large", "url": "https://example.com:8080" }}'
curl -X POST https://tiscale-worker-01/api/tiscale/v1/upload -H 'Authorization: Token exampletoken' -F file=@Classification.pdf -F 'custom_data={ "file_source" : { "uploader" : "malware_analyst", "origin" : "example" }}'
curl -X POST https://tiscale-worker-01/api/tiscale/v1/upload -H 'Authorization: Token exampletoken' -H 'X-TiScale-Token: Token custom' -F file=@Classification.pdf
curl -X POST https://tiscale-worker-01/api/tiscale/v1/submit-url -H 'Authorization: Token exampletoken' -H 'Content-Type: application/json' -d '{"url": "https://example.com/file"}'
curl -X POST https://tiscale-worker-01/api/tiscale/v1/submit-url -H "Content-Type: application/json" -d '{"url": "https://example.com/file", "custom_authorization_header": {"Custom-Token": "token_value"}}'
For additional workflows, such as scanning entire directories, see our SDK documentation and its cookbook.
Response format
The response is a JSON-encoded object with a task_url
field which contains the URL of the processing task started by the file or URL submission.
If the task URL in the response is missing the server
component, the same server value used for the file submission request should be used to access the task URL.
The response will also contain a link to an S3 report if an output report bucket is configured.
Response example
{
"task_url": "https://tiscale-worker01:8080/api/tiscale/v1/task/1"
}
List processing tasks
GET /api/tiscale/v1/task?age=700&token=token
Description
Lists processing tasks generated by file submission requests.
When a file is submitted for analysis to a Worker, a file processing task is created and queued on the Worker server.
Data retention
All processed files are deleted immediately after processing. The reports are retained on the Workers for up to 90 minutes (default value), configurable by the "Task Age Limit" setting in the Hub Configuration Group under Worker Configuration - Cleanup.
If a file is queued but not processed within the time configured by the "Unprocessed Task Limit", the processing task will be canceled, and the file will be deleted. However, the record of the unsuccessful task will still be present in the database for 1440 minutes (24 hours) before being deleted, as configured by the "File Age Limit" setting.
This endpoint returns a list of processing tasks that have not yet expired; that is, tasks for which it is still possible to retrieve the analysis report. Every processing task is assigned a unique ID, returned in the task_id
response field. This ID can be used in requests to other Worker API endpoints.
If the optional age
parameter is supplied in the request, only tasks older than the specified number of seconds are returned in the response. Task age is calculated as being the difference between the current system timestamp and the timestamp of the task submission. Timestamps are specified in the Unix time format, as the number of seconds since 1970-01-01 00:00:00.
When submitting files for analysis, users can add an optional X-TiScale-Token
header with a custom string to the file upload request. That custom string can be provided as the value for the optional token
parameter in the request to this endpoint. The response will list only the tasks for files submitted with the specified custom string. These parameters should not be confused with the mandatory authorization token that must be provided in the header of every request.
Request format
Request parameters
Parameter Name | Description | Required |
---|---|---|
age | Specify the number of seconds to filter processing tasks by age. When provided in the request, the API returns only those processing tasks that are older than the specified number of seconds. Task age is the difference between the current system time and the time when the file processing task was created. | Optional |
token | Specify a custom string to filter processing tasks, if there are any files that were uploaded with that custom string in the X-TiScale-Token header. | Optional |
Request examples
Listing all available tasks for files uploaded with a custom X-TiScale-Token string:
curl -X GET 'https://tiscale-worker-01/api/tiscale/v1/task?token=custom' -H 'Authorization: Token exampletoken'
Listing all available tasks older than 500 seconds:
curl -X GET 'https://tiscale-worker-01/api/tiscale/v1/task?age=500' -H 'Authorization: Token exampletoken'
import requests
url = "https://tiscale-worker-01/api/tiscale/v1/task"
querystring = {"age":"500"}
headers = {'Authorization': 'Token exampletoken'}
response = requests.request("GET", url, headers=headers, params=querystring)
print(response.text)
Response format
If the request was successfully sent, the response includes a 200 OK
status code and the list of processing tasks for which it is still possible to retrieve the analysis report.
Response example
[
{
"submitted": 1481137280,
"task_id": 27637,
"processed": 1481137281
},
{
"submitted": 1481137302,
"task_id": 27638,
"processed": 1481137303
}
]
Response fields
Field Name | Description |
---|---|
submitted | Timestamp indicating the time when the file was submitted for analysis, formatted as the number of seconds since 1970-01-01 00:00:00. |
processed | Timestamp indicating the time when the file was processed by the Worker, formatted as the number of seconds since 1970-01-01 00:00:00. |
task_id | Unique identification number assigned to each file processing task on the Worker instance. This task ID can be used in requests to other Worker API endpoints; for example, to retrieve the analysis report for a task, or to delete a task from Worker. To ensure backward compatibility with previous Worker versions, the task ID values are currently integers instead of strings. |
Get information about a processing task
GET /api/tiscale/v1/task/{task_id}?report_type={large}&view={flat}
Description
Retrieves information about a completed file processing task.
The task_id
parameter is required, as it specifies which processing task the user is interested in.
Obtaining the task ID
The unique ID value for every processing task is returned in the response when the file is submitted for analysis, as the last part of the task_url
field. For example, in https://tiscale-worker01:8080/api/tiscale/v1/task/23
, the task_id
value is 23.
The task ID can also be obtained from the List processing tasks endpoint.
Request format
Request parameters
Parameter Name | Description | Type |
---|---|---|
task_id | Unique identification number assigned to each file processing task on the Worker instance. | path |
report_type | Applied report filter (see Customizing Analysis Reports <report-customization> ). If empty, a medium ("summary") report is returned. | query |
view | Applied report transformation. | query |
Deprecated and experimental parameters
These parameters are maintained for backward compatibility or are experimental.
-
include_fields
experimental | query
Instead of creating a report type as a configuration file, you can pass the fields you want to include as a query parameter. The format is:
?include_fields=["metadata.media.image.exif","classification"]
. You can access nested fields using the dot (.
) operator. All required fields should be passed as an array of strings in a single query parameter. -
exclude_fields
experimental | query
Instead of creating a report type as a configuration file, you can pass the fields you want to exclude as a query parameter. The format is:
?exclude_fields=["metadata.media.image.exif","classification"]
. You can access nested fields using the dot (.
) operator. All required fields should be passed as an array of strings in a single query parameter. -
full
deprecated | query
Specifies whether the full (value 1; equals
true
) or summary (value 0; equalsfalse
) report should be returned. If this parameter is not provided in the request, and theview
parameter is, the built-in summary transformation will be applied to the analysis report view. To avoid this transformation, thefull
parameter should be set totrue
if theview
parameter is set toextended
. -
v13
deprecated | query
Specifies whether the report should be returned in the format used on Worker 1.3 (value 1, equals
true
) or in an improved format (value 0, equalsfalse
). Reports in version 1.3 represented enumerated values in their internal numeric value instead of as descriptive string values.For example, metadata for application library types was returned as numerical values 0 through 13 in version 1.3 instead of labels "ad", "social", "graphical" in the current version. This parameter should be used only for backward compatibility purposes because it does not take advantage of caching, which may slow down the API requests.
Request examples
curl 'https://tiscale-worker-01/api/tiscale/v1/task/7?report_type=large&view=flat' -H 'Authorization: Token exampletoken'
import requests
url = "https://tiscale-worker-01/api/tiscale/v1/task/7"
query_params = {"report_type": "large", "view": "flat"}
auth = {'Authorization': 'Token exampletoken'}
response = requests.get(url, headers=auth, params=query_params)
print(response.text)
Response format
The response returns information about the requested file processing task, and if the task has completed successfully, includes the analysis report.
Field Name | Description |
---|---|
submitted | Unix timestamp indicating the time when the file was submitted for analysis. |
task_id | Unique identification number assigned to each file processing task on the Worker instance. This task ID can be used in requests to other Worker API endpoints; for example, to delete a task from Worker. To ensure backward compatibility with previous Worker versions, the task ID values are currently integers instead of strings. |
processed | Unix timestamp indicating the time when the file was processed by the Worker. If the file has not been processed yet, this field returns a null value until both the report and the file link are ready. |
worker_ip | List of IP addresses associated with the Worker that processed the file. |
worker_address | List of DNS records associated with the Worker that processed the file. |
worker_hostname | Hostname of the Worker that processed the file. |
direct_sender | IP address of the machine that sent the file to Spectra Detect. This is the immediate sender, the last hop in the forwarding chain (if the request was forwarded). |
forwarded_for | List of IP addresses that were part of the forwarding chain for that request, including the original sender. |
tc_report | Results of the static file analysis performed by the engine embedded in the Worker. If the report is already available, but the file has not yet been saved to S3, this field will return a null value. |
file_link | Returned only if the S3 integration is configured on the Worker, and if saving samples to S3 is enabled. When this field is present in the response, it includes a link to the sample stored in an S3 bucket. If Spectra Analyze integration and S3 are enabled on the Worker, the file link will point to the Spectra Analyze instance connected to the Worker. If report splitting is enabled, this link will point to the parent sample. |
custom_data | Returned only if the user submitted an optional custom_data parameter in the file upload request. This parameter can be passed to the upload endpoint to save arbitrary, user-defined data in the analysis report. The data must be submitted as a JSON-encoded payload, and it is returned in the report in its original, unchanged form. |
Delete a processing task
DELETE /api/tiscale/v1/task/{task_id}
Description
Deletes a processing task record from the system. All file processing results are automatically removed from the system 30 minutes after processing is completed. However, users can manually delete task records from the system at any time. When a task record is deleted, it is no longer listed in the response of the List processing tasks endpoint.
The task_id
parameter is required in the request, as it specifies which task record should be deleted.
To bulk-delete task records, use the Delete multiple processing tasks endpoint.
Request format
Request parameters
Parameter Name | Description | Required |
---|---|---|
task_id | Unique identification number assigned to each file processing task on the Worker instance. The unique ID value for every processing task is returned in the response when the file is submitted for analysis, as the last part of the task_url . For example, in "task_url": "https://tiscale-worker01:8080/api/tiscale/v1/task/23" , the task_id value is 23. The task ID can also be obtained from the List processing tasks <listapi> endpoint. | Required |
Request example
curl -X DELETE https://tiscale-worker01:8080/api/tiscale/v1/task/999 -H 'Authorization: Token exampletoken'
Response format
If a task was successfully removed from the system, the API returns the 200 OK
status code with an empty response body.
Delete multiple processing tasks
DELETE /api/tiscale/v1/task?{age=seconds}
Description
Deletes task records from the system based on the time when they were submitted.
All file processing results are automatically removed from the system 30 minutes after processing is completed. However, users can manually delete task records from the system at any time. When task records are deleted, they are no longer listed in the response of the List processing tasks endpoint.
The age
parameter is required, and it sets the limit for task age, expressed in seconds. Task age is calculated as being the difference between the current system timestamp and the timestamp of the task submission. Timestamps are specified in the Unix time format, as the number of seconds since 1970-01-01 00:00:00.
All task records older than the number of seconds specified in the request will be deleted.
To delete all tasks, set the age
parameter to zero.
Request format
Request parameters
Parameter Name | Description | Required |
---|---|---|
age | Specify the number of seconds to delete processing tasks based on their age. Task age is the difference between the current system time and the time when the file processing task was created. The value must be specified in seconds. | Required |
Request examples
Delete tasks older than 500 seconds:
curl -X DELETE 'https://tiscale-worker01:8080/api/tiscale/v1/task?age=500' -H 'Authorization: Token exampletoken'
Delete all tasks on the system:
curl -X DELETE 'https://tiscale-worker01:8080/api/tiscale/v1/task?age=0' -H 'Authorization: Token exampletoken'
Response format
The endpoint returns an empty body with one of the status codes, depending on the success of the request.
- 200
- The request has succeeded.
- 400
- The request could not be understood by the server due to malformed syntax or missing parameters.
- 401
- The request requires authorization from the user.
- 403
- Authorization has been provided in the request, but it is not valid.
- 404
- The server has not found anything matching the Request-URI.
- 500
- The server encountered an unexpected condition which prevented it from fulfilling the request.
- 503
- The server is currently unable to handle the request due to a temporary overloading or maintenance of the server.
- In case the Spectra Intelligence upload limit quota was exceeded, the response will contain the "Paused - TiCloud quota exceeded" error message. To continue analyzing files, users can temporarily disable Spectra Intelligence, wait until the daily quota renews, or contact ReversingLabs support to increase their daily upload limit. When using the Quotas API endpoints on a Worker instance without a configured Spectra Intelligence account, the response code will be 503, and the error message "TiCloud is not configured."
Get the identifier for YARA rules currently on Worker
GET /api/tiscale/v1/yara
Description
Retrieves an identifier for the current set of YARA rules on the Worker.
If there are any changes to the set of YARA rules, the identifier will change. Therefore, this endpoint can be used to monitor changes to YARA rules by comparing the responses retrieved over multiple time intervals.
Read more about managing YARA rulesets on the Worker.
Request format
Request example
curl https://tiscale-worker-01/api/tiscale/v1/yara -H 'Authorization: Token exampletoken'
Response format
Response example
{
"id": "790473eae77e007cff9b88bc37a44596fa6a495a"
}
Worker - Get YARA rule synchronization status.
GET /api/tiscale/v2/sync-status
Description
Retrieves the current YARA rule synchronization status. Use the optional errorOnly
query parameter to filter the response to include only rulesets with errors.
If there are any changes to the set of YARA rules, the identifiers will change. Therefore, this endpoint can be used to monitor changes to YARA rules.
Request format
Request example
curl https://tiscale-worker-01/api/tiscale/v2/sync-status -H 'Authorization: Token exampletoken'
Response format
Response example
{
"revision": 0,
"rulesets": [
{
"revision": 0,
"key": "string",
"hash": "string",
"errors": []
}
]
}
Appliances utilize revision numbers and keys as unique identifiers during ruleset synchronization.
Worker - Resynchronize all YARA rules
POST /api/tiscale/v1/pull/all
Description
Resynchronizes all YARA rules, ensuring the latest versions are retrieved and applied. This endpoint updates all rulesets regardless of their current revision status.
Request format
Request example
curl -X POST https://tiscale-worker-01/api/tiscale/v1/pull/all -H 'Authorization: Token exampletoken'
Response format
Response example
If the request was successfully sent, the response includes a 200 OK
status code. In case the YARA synchronization is disabled, or the request fails, the response is 417 Expectation Failed
.
Get information on usage quotas and limits
The following endpoints can be used to return quota usage and quota limits for the Spectra Intelligence account configured on the Worker, or at the company level based on the Spectra Intelligence username. Products are grouped into one object if they share the usage quota and access rights. This means that the same users and products can appear multiple times in the response.
Workers can be configured to require an authorization token in every API request. In that case, the Authorization
header with a token must be included in the request.
GET /api/tiscale/v1/quota
GET /api/tiscale/v1/quota/company
Request Example
curl https://{server}/api/tiscale/v1/quota -H 'Authorization: Token exampletoken'
Response Example
{
"limits": [
{
"limit": 10,
"limit_type": "daily",
"limit_exceeded": false,
"products": [
"TCA-0319 YARA Retroactive Hunting",
"TCA-0303 YARA Hunting"
],
"users": [
"u/company/user"
]
},
{
"limit": 500,
"limit_type": "count",
"limit_exceeded": false,
"products": [
"TCA-0319 YARA Retroactive Hunting",
"TCA-0303 YARA Hunting"
],
"users": [
"u/company/user"
]
}
],
"usages": {
"daily": {
"date": "2023-11-23",
"usage_report": [
{
"product": "TCA-0103 Historic Multi-AV Scan Records",
"number_of_queries": 6453
},
{
"product": "TCA-9999",
"number_of_queries": 87
},
{
"product": "TCAI-0001 RCA2",
"number_of_queries": 6415
},
{
"product": "TCAI-0011 Sample Submission Counter",
"number_of_queries": 17,
"used_bytes": 171871643
}
]
},
"monthly": {
"month": "2023-11",
"usage_report": [
{
"product": "TCA-0103 Historic Multi-AV Scan Records",
"number_of_queries": 7183
},
{
"product": "TCA-0104 File Analysis - Hash",
"number_of_queries": 6
},
{
"product": "TCA-0201 File Download",
"number_of_queries": 6
},
{
"product": "TCA-0206 Alert on Reputation and Metadata Changes",
"number_of_queries": 12
},
{
"product": "TCA-0303 (Matches Feed)",
"number_of_queries": 32642
},
{
"product": "TCA-0319 (Matches Feed)",
"number_of_queries": 32638
},
{
"product": "TCA-0403 URL Threat Intelligence",
"number_of_queries": 5
},
{
"product": "TCA-0407 Network Reputation API",
"number_of_queries": 20
},
{
"product": "TCA-9999",
"number_of_queries": 6273
},
{
"product": "TCAI-0001 RCA2",
"number_of_queries": 7403
},
{
"product": "TCAI-0011 Sample Submission Counter",
"number_of_queries": 64,
"used_bytes": 352578582
},
{
"product": "TCAI-0402 URI Statistics (RCA2)",
"number_of_queries": 5
},
{
"product": "TCF-0110 Data Change Feed",
"number_of_queries": 427016
}
]
}
}
}