Introduction

ReversingLabs T1000 Appliance provides on-premises access to an up-to-date copy of ReversingLabs Spectra Intelligence, the industry's most comprehensive source for threat intelligence and data reputation files.

With a local database, customers do not incur latency penalties and privacy risks associated with the Internet.

The T1000 Appliance uses a NoSQL database optimized for data replication, and supports advanced searches across billions of file records in milliseconds.

T1000 R1 and XG

T1000 R1 and T1000 XG share the same core data model, but XG exposes additional sample metadata and analysis endpoints.

While R1 supports only the TCA-0101 (Malware Presence) API, XG additionally provides TCA-0104 (File Analysis), TCA-0103 (Historic multi-AV scan records) and the XG-CFS forensic sampling service.

info

The documentation for API endpoints titled TCA-XXXX is mirrored from Spectra Intelligence. The functionality is equivalent in terms of requests: URL structure, request parameters, and so on.

In terms of responses, certain information won't be present in T1000:

• history
• hashes that are not SHA256, SHA1 or MD5:
  • SHA384
  • SHA512
  • RIPEMD160
• scanner metadata:
  • version used for this scanning report
  • update timestamp

Where such information is available with a direct call to Spectra Intelligence, T1000 will return null.

When sending requests, use the username and the password created with the Appliance management interface.

Response Status Codes

Code	Description
200	The request has succeeded.
400	The request could not be understood by the server due to malformed syntax.
401	The request requires user authentication.
403	The server understood the request, but is refusing to fulfill it.
404	The server has not found anything matching the request URI.
429	License has expired.
500	The server encountered an unexpected condition which prevented it from fulfilling the request.
503	The server is currently unable to handle the request due to a temporary overloading or maintenance of the server.