diff --git a/CHANGES b/CHANGES index 24e5dd3..65903dd 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +1.19.17 +_______ +- Add sandbox_machine_type to FileAnalysis + 1.19.15 _______ - Remove pip-system-certs from dependencies diff --git a/intezer_sdk/__init__.py b/intezer_sdk/__init__.py index a883047..70d557a 100644 --- a/intezer_sdk/__init__.py +++ b/intezer_sdk/__init__.py @@ -1 +1 @@ -__version__ = '1.19.16' +__version__ = '1.19.17' diff --git a/intezer_sdk/_api.py b/intezer_sdk/_api.py index 4c642a5..4b7768d 100644 --- a/intezer_sdk/_api.py +++ b/intezer_sdk/_api.py @@ -18,6 +18,7 @@ from intezer_sdk.api import raise_for_status from intezer_sdk.consts import IndexType from intezer_sdk.consts import OnPremiseVersion +from intezer_sdk.consts import SandboxMachineType class IntezerApi: @@ -33,6 +34,7 @@ def analyze_by_hash(self, disable_dynamic_unpacking: Optional[bool], disable_static_unpacking: Optional[bool], sandbox_command_line_arguments: str = None, + sandbox_machine_type: SandboxMachineType = None, file_name: str = None, **additional_parameters) -> str: """ @@ -42,6 +44,7 @@ def analyze_by_hash(self, :param disable_dynamic_unpacking: Whether to disable dynamic unpacking. :param disable_static_unpacking: Whether to disable static unpacking. :param sandbox_command_line_arguments: Command line arguments to pass to the sandbox. + :param sandbox_machine_type: The machine type to use in the sandbox. options are WIN7 or WIN10 :param file_name: The file name of the file if exists. :param additional_parameters: Additional parameters to pass to the API. :return: The analysis id. @@ -49,6 +52,7 @@ def analyze_by_hash(self, data = self._param_initialize(disable_dynamic_unpacking=disable_dynamic_unpacking, disable_static_unpacking=disable_static_unpacking, sandbox_command_line_arguments=sandbox_command_line_arguments, + sandbox_machine_type=sandbox_machine_type, **additional_parameters) if file_name and (not self.api.on_premise_version or self.api.on_premise_version > OnPremiseVersion.V22_10): data['file_name'] = file_name @@ -66,6 +70,7 @@ def analyze_by_download_url(self, code_item_type: str = None, zip_password: str = None, sandbox_command_line_arguments: str = None, + sandbox_machine_type: SandboxMachineType = None, **additional_parameters) -> str: """ Analyze a file by its download URL. @@ -76,6 +81,7 @@ def analyze_by_download_url(self, :param code_item_type: The type of the code item to analyze. :param zip_password: The password of the zip file to analyze. :param sandbox_command_line_arguments: Command line arguments to pass to the sandbox. + :param sandbox_machine_type: The machine type to use in the sandbox. options are WIN7 or WIN10 :param additional_parameters: Additional parameters to pass to the API. :return: The analysis id. """ @@ -84,6 +90,7 @@ def analyze_by_download_url(self, code_item_type=code_item_type, zip_password=zip_password, sandbox_command_line_arguments=sandbox_command_line_arguments, + sandbox_machine_type=sandbox_machine_type, **additional_parameters) data['download_url'] = download_url @@ -116,6 +123,7 @@ def analyze_by_file(self, code_item_type: str = None, zip_password: str = None, sandbox_command_line_arguments: str = None, + sandbox_machine_type: SandboxMachineType = None, **additional_parameters) -> Optional[str]: """ Analyze a file by its path or stream. @@ -128,6 +136,7 @@ def analyze_by_file(self, :param code_item_type: The type of the code item to analyze. :param zip_password: The password of the zip file to analyze. :param sandbox_command_line_arguments: Command line arguments to pass to the sandbox. + :param sandbox_machine_type: The machine type to use in the sandbox. options are WIN7 or WIN10 :param additional_parameters: Additional parameters to pass to the API. :return: The analysis id. """ @@ -136,6 +145,7 @@ def analyze_by_file(self, code_item_type=code_item_type, zip_password=zip_password, sandbox_command_line_arguments=sandbox_command_line_arguments, + sandbox_machine_type=sandbox_machine_type, **additional_parameters) if file_stream: @@ -727,6 +737,7 @@ def _param_initialize(disable_dynamic_unpacking: bool, code_item_type: str = None, zip_password: str = None, sandbox_command_line_arguments: str = None, + sandbox_machine_type: SandboxMachineType = None, **additional_parameters): data = {} @@ -740,6 +751,8 @@ def _param_initialize(disable_dynamic_unpacking: bool, data['zip_password'] = zip_password if sandbox_command_line_arguments: data['sandbox_command_line_arguments'] = sandbox_command_line_arguments + if sandbox_machine_type: + data['sandbox_machine_type'] = sandbox_machine_type.value data.update(additional_parameters) diff --git a/intezer_sdk/analysis.py b/intezer_sdk/analysis.py index fec102d..8a74c60 100644 --- a/intezer_sdk/analysis.py +++ b/intezer_sdk/analysis.py @@ -22,6 +22,7 @@ from intezer_sdk.api import IntezerApiClient from intezer_sdk.api import get_global_api from intezer_sdk.base_analysis import Analysis +from intezer_sdk.consts import SandboxMachineType from intezer_sdk.sub_analysis import SubAnalysis logger = logging.getLogger(__name__) @@ -50,7 +51,8 @@ def __init__(self, code_item_type: str = None, zip_password: str = None, download_url: str = None, - sandbox_command_line_arguments: str = None): + sandbox_command_line_arguments: str = None, + sandbox_machine_type: SandboxMachineType = None): """ FileAnalysis is a class for analyzing files. It is a subclass of the BaseAnalysis class and requires an API connection to Intezer. @@ -65,6 +67,7 @@ def __init__(self, :param zip_password: The password for a password-protected zip file. :param download_url: A URL from which to download the file to be analyzed. :param sandbox_command_line_arguments: The command line arguments for sandbox analysis. + :param sandbox_machine_type: The machine type to use in the sandbox. options are WIN7 or WIN10 """ super().__init__(api) if [file_path, file_hash, file_stream, download_url].count(None) < 3: @@ -88,6 +91,7 @@ def __init__(self, self._code_item_type = code_item_type self._zip_password = zip_password self._sandbox_command_line_arguments = sandbox_command_line_arguments + self._sandbox_machine_type = sandbox_machine_type self._sub_analyses: List[SubAnalysis] = None self._root_analysis = None self._iocs_report = None @@ -170,6 +174,7 @@ def _send_analyze_to_api(self, **additional_parameters) -> str: self._disable_dynamic_unpacking, self._disable_static_unpacking, self._sandbox_command_line_arguments, + self._sandbox_machine_type, self._file_name, **additional_parameters) elif self._download_url: @@ -180,6 +185,7 @@ def _send_analyze_to_api(self, **additional_parameters) -> str: code_item_type=self._code_item_type, zip_password=self._zip_password, sandbox_command_line_arguments=self._sandbox_command_line_arguments, + sandbox_machine_type=self._sandbox_machine_type, **additional_parameters) else: return self._api.analyze_by_file(self._file_path, @@ -190,6 +196,7 @@ def _send_analyze_to_api(self, **additional_parameters) -> str: code_item_type=self._code_item_type, zip_password=self._zip_password, sandbox_command_line_arguments=self._sandbox_command_line_arguments, + sandbox_machine_type=self._sandbox_machine_type, **additional_parameters) def get_sub_analyses(self) -> List[SubAnalysis]: diff --git a/intezer_sdk/api.py b/intezer_sdk/api.py index 2bbe3f0..bf90862 100644 --- a/intezer_sdk/api.py +++ b/intezer_sdk/api.py @@ -1,6 +1,7 @@ import datetime import logging import os +import typing from http import HTTPStatus from typing import Any from typing import BinaryIO @@ -19,6 +20,7 @@ from intezer_sdk._util import deprecated from intezer_sdk.consts import IndexType from intezer_sdk.consts import OnPremiseVersion +from intezer_sdk.consts import SandboxMachineType _global_api: Optional['IntezerApi'] = None @@ -262,10 +264,12 @@ def analyze_by_hash(self, disable_dynamic_unpacking: Optional[bool], disable_static_unpacking: Optional[bool], sandbox_command_line_arguments: str = None, + sandbox_machine_type: SandboxMachineType = None, **additional_parameters) -> str: data = self._param_initialize(disable_dynamic_unpacking=disable_dynamic_unpacking, disable_static_unpacking=disable_static_unpacking, sandbox_command_line_arguments=sandbox_command_line_arguments, + sandbox_machine_type=sandbox_machine_type, **additional_parameters) data['hash'] = file_hash @@ -282,12 +286,14 @@ def analyze_by_download_url(self, code_item_type: str = None, zip_password: str = None, sandbox_command_line_arguments: str = None, + sandbox_machine_type: SandboxMachineType = None, **additional_parameters) -> str: data = self._param_initialize(disable_dynamic_unpacking=disable_dynamic_unpacking, disable_static_unpacking=disable_static_unpacking, code_item_type=code_item_type, zip_password=zip_password, sandbox_command_line_arguments=sandbox_command_line_arguments, + sandbox_machine_type=sandbox_machine_type, **additional_parameters) data['download_url'] = download_url @@ -318,12 +324,14 @@ def analyze_by_file(self, code_item_type: str = None, zip_password: str = None, sandbox_command_line_arguments: str = None, + sandbox_machine_type: SandboxMachineType = None, **additional_parameters) -> Optional[str]: options = self._param_initialize(disable_dynamic_unpacking=disable_dynamic_unpacking, disable_static_unpacking=disable_static_unpacking, code_item_type=code_item_type, zip_password=zip_password, sandbox_command_line_arguments=sandbox_command_line_arguments, + sandbox_machine_type=sandbox_machine_type, **additional_parameters) if file_stream: @@ -654,6 +662,7 @@ def _param_initialize(disable_dynamic_unpacking: bool, code_item_type: str = None, zip_password: str = None, sandbox_command_line_arguments: str = None, + sandbox_machine_type: SandboxMachineType = None, **additional_parameters): data = {} @@ -667,6 +676,8 @@ def _param_initialize(disable_dynamic_unpacking: bool, data['zip_password'] = zip_password if sandbox_command_line_arguments: data['sandbox_command_line_arguments'] = sandbox_command_line_arguments + if sandbox_machine_type: + data['sandbox_machine_type'] = sandbox_machine_type.value data.update(additional_parameters) diff --git a/intezer_sdk/consts.py b/intezer_sdk/consts.py index 01d1f4d..844b008 100644 --- a/intezer_sdk/consts.py +++ b/intezer_sdk/consts.py @@ -98,6 +98,11 @@ class OnPremiseVersion(enum.IntEnum): V23_10 = 23.10 +class SandboxMachineType(AutoName): + WIN7 = enum.auto() + WIN10 = enum.auto() + + ANALYZE_URL = 'https://analyze.intezer.com' BASE_URL = f'{ANALYZE_URL}/api/' API_VERSION = 'v2-0'