Getting started with T1000
This guide walks you through authorizing the T1000 appliance, applying your license, creating an API user, and verifying the setup with a file reputation lookup.
Prerequisites
Before you begin:
- T1000 appliance deployed and powered on (see Deployment)
- Network configured via the VM console (see Management)
- Access to a web browser on a machine that can reach the appliance IP
curlinstalled for API testing
Your initial administrator username and password for the web management interface are provided by ReversingLabs Support. Contact support before proceeding if you do not have them.
Step 1: Log in to the web management interface
Open a browser and navigate to the appliance management interface on port 10000:
http://<appliance-ip>:10000
Log in with the default credentials provided by ReversingLabs Support. On first login you are prompted to set a new password — do this before proceeding.
The web management interface may be unresponsive for 10–60 minutes after each restart while the database completes internal verification. Wait for it to become available before continuing.
Step 2: Obtain your license (authorize the appliance)
The T1000 appliance cannot retrieve database updates or respond to API requests until it is authorized. Authorization links the appliance to your ReversingLabs account.
- In the web management interface, navigate to RL Appliance > Authorization.
- Copy the values from the following fields:
- Appliance Type
- Appliance ID
- Appliance Key
- Appliance Version
- Appliance Username
- Expiration Date (shows "N/A" on an unlicensed appliance — include it anyway)
- Send all of these values to support@reversinglabs.com to request your authorization token.
- When ReversingLabs Support responds with the token, paste it into the Token field on the Authorization page.
- Select Authorize.
- Restart the appliance after successful authorization (RL Appliance > Dashboard > Reboot).
After restart, the appliance begins downloading the latest database updates from Spectra Intelligence. The Authorization page will show the license expiry date and the number of available updates.
Step 3: Create an API user
REST API access requires a dedicated user account. The default admin account cannot be used for API calls.
- Navigate to RL Appliance > User Management.
- Enter a username (alphanumeric only, must not be
admin). - Select Add User.
- Note the generated 8-character password shown in the User info section.
Usernames always have the u/ prefix — for example, if you enter analyst, the full username is u/analyst. Use this full prefixed form in all API requests.
Passwords are auto-generated and cannot be manually set. Use the Reset password button to generate a new one if needed.
Step 4: Verify with an EICAR hash lookup
Once the appliance has downloaded its initial database update, verify it is working by querying the EICAR test file hash — a well-known test sample that every threat intelligence database should classify as malicious.
curl -u "u/<your-username>:<your-password>" \
"http://<appliance-ip>/api/databrowser/malware_presence/query/sha1/list?format=json" \
-H "Content-Type: application/json" \
-d '{"rl": {"query": {"hash_type": "sha1", "hashes": ["3395856ce81f2b7382dee72602f798b642f14d45"]}}}'
A successful response confirms the appliance is authorized, the database has loaded, and API access is working:
{
"rl": {
"malware_presence": {
"entries": [
{
"sha1": "3395856ce81f2b7382dee72602f798b642f14d45",
"status": "MALICIOUS",
"threat_level": 5,
"classification": {
"classification": "malware",
"type": "Virus",
"platform": "DOS",
"family_name": "EICAR-Test-File"
}
}
]
}
}
}
If the response returns UNKNOWN or an authentication error, see Troubleshooting.
Troubleshooting
| Symptom | Likely cause | Action |
|---|---|---|
| Web interface unreachable on port 10000 | Database verification still in progress | Wait up to 60 minutes after restart |
| Authorization page shows "N/A" for all fields | Appliance not yet networked | Configure network via VM console first |
EICAR returns UNKNOWN | Database update not yet complete | Wait for updates to finish; check update status on the Authorization page |
API returns 401 | Wrong username format or password | Ensure username includes the u/ prefix |
API returns 429 | License expired | Re-authorize the appliance and contact support@reversinglabs.com |
Next steps
- Configuration — proxy settings, certificate management, REST API protocol
- Management — network settings, DNS, NTP, password reset via VM console
- File Threat Intelligence API — full API reference for hash lookups and file analysis reports