File threat intelligence
The File Threat Intelligence APIs help security teams assess file reputation, retrieve detailed analysis reports, and manage classification overrides for files in the Spectra Intelligence system.
Common Use Cases
Check if a file is malicious
- File reputation (TCA-0101) - Get malware status (malicious, suspicious, known, unknown) with threat level, trust factor, and malware family details. Supports bulk queries.
- File reputation override (TCA-0102) - Override file classifications within your organization to handle false positives or flag internal threats.
Get detailed file analysis
- File analysis (TCA-0104) - Retrieve comprehensive analysis results for a submitted sample, including file hashes, metadata, relationships, and source history. Depending on availability, the response may include static and dynamic analysis findings, multi-AV detections, behavioral indicators, certificates, and URLs or other artifacts extracted from images or QR codes.
- File analysis (goodware) (TCA-0105) - Get analysis data for known-good files only, with trust factor and relationships.
Review AV scan history
- Historic multi-AV scan records (TCA-0103) - Retrieve current and historical multi-AV scan reports showing detection changes over time.
All File Threat Intelligence APIs
📄️ File reputation (TCA-0101)
Spectra Intelligence TCA-0101 checks malware status with threat level, trust factor, and malware family details
📄️ File reputation override (TCA-0102)
Spectra Intelligence TCA-0102 overrides file classifications to handle false positives or flag internal threats
📄️ Historic multi-AV scan records (TCA-0103)
Spectra Intelligence TCA-0103 retrieves current and historical multi-AV scan results showing detection changes
📄️ File analysis (TCA-0104)
Spectra Intelligence TCA-0104 provides comprehensive analysis including static, dynamic, certificates, and URLs
📄️ File analysis (goodware) (TCA-0105)
Spectra Intelligence TCA-0105 retrieves analysis data for known-good files only with trust factor