SophosLabs.Intellix.Client

A SophosLabs Intelix API client library


Keywords
Sophos, Intellix, Antivirus, API
License
MIT
Install
Install-Package SophosLabs.Intellix.Client -Version 1.0.7

Documentation

SophosLabs.Intellix - the C# library for the Static File Analysis API

Use this easy service to understand the characteristics of the file your application or service is interacting with. Allowing you to block malware including those in files previously unseen. Helping you avoid zero day attacks. SophosLabs Intelix passes each submitted file through an array of granular threat detection analyzers composed of threat deterministic and machine learning models to derive a threat verdict and an intelligence report. Examples of analysis include: File genetic similarity intersection machine learning analysis, suspicious file attributes machine learning identification, Deep Anti-Virus scanning, industry detection coverage, and a lot more. The results are available in JSON format, for easy parsing with any programming language, as well as a visually appealing HTML report, ideal for human reading. You can read more about SophosLabs Intelix APIs here. #### Billing You are billed for getting a report. This might happen in the following ways: * You request a report by file hash. You are billed if SophosLabs can provide you a report. * You submit a file for analysis. You are billed for the submission (pre-paying for the report). You get a job id for the submission. NOTE: Requests for a report by job id are not billed when the report is provided, as you have already paid at file submit.

This C# SDK is automatically generated by the Swagger Codegen project:

  • API version: 1.1.0
  • SDK version: 1.0.0
  • Build package: SophosLabs.Intellix.codegen.v3.generators.dotnet.CSharpClientCodegen

Frameworks supported

  • .NET 4.0 or later
  • Windows Phone 7.1 (Mango)

Dependencies

The DLLs included in the package may not be the latest version. We recommend using NuGet to obtain the latest version of the packages:

Install-Package RestSharp
Install-Package Newtonsoft.Json
Install-Package JsonSubTypes

NOTE: RestSharp versions greater than 105.1.0 have a bug which causes file uploads to fail. See RestSharp#742

Installation

Run the following command to generate the DLL

  • [Mac/Linux] /bin/sh build.sh
  • [Windows] build.bat

Then include the DLL (under the bin folder) in the C# project, and use the namespaces:

using SophosLabs.Intellix.Api;
using SophosLabs.Intellix.Client;
using SophosLabs.Intellix.Model;

Packaging

A .nuspec is included with the project. You can follow the Nuget quickstart to create and publish packages.

This .nuspec uses placeholders from the .csproj, so build the .csproj directly:

nuget pack -Build -OutputDirectory out SophosLabs.Intellix.csproj

Then, publish to a local feed or other host and consume the new package via Nuget as usual.

Getting Started Authentication

using System;
using System.Diagnostics;
using SophosLabs.Intellix.Api;
using SophosLabs.Intellix.Client;
using SophosLabs.Intellix.Model;

namespace Example
{
    public class Example
    {
        public void main()
        {
            var apiInstance = new AuthenticationApi();
            var authorization = authorization_example;  // string | The authorization header. The secret is [Basic](https://en.wikipedia.org/wiki/Basic_access_authentication#Client_side): Base64Encode(client_id:client_secret). 
            var contentType = contentType_example;  // string | The content type for the request body.  Must be **application/x-www-form-urlencoded** 

            try
            {
                // Authentication endpoint
                AuthenticationResponse result = apiInstance.Oauth2TokenPost(authorization, contentType);
                Debug.WriteLine(result);
            }
            catch (Exception e)
            {
                Debug.Print("Exception when calling AuthenticationApi.Oauth2TokenPost: " + e.Message );
            }
        }
    }
}

Getting Started File Hash Lookup

using System;
using System.Diagnostics;
using SophosLabs.Intellix.Api;
using SophosLabs.Intellix.Client;
using SophosLabs.Intellix.Model;

namespace Example
{
    public class Example
    {
        public void main()
        {
            // Configure OAuth2 access token for authorization: oAuthScheme
            Configuration.Default.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new FileLookupApi();
            var sha256 = sha256_example;  // string | The SHA256 hash of the requested file. 
            var authorization = authorization_example;  // string | The access token obtained from the token endpoint to authenticate towards a specific SophosLabs API.  You can learn more about authentication towards SophosLabs APIs [here](/doc/authentication.html). 
            var xCorrelationID = xCorrelationID_example;  // string | An optional caller-provided identifier which will be included in the response object. It must match the following regular expression: \"[-._a-zA-Z0-9]{1,40}\":  * Only alphanumeric characters, hyphens, dots and underscores are allowed * Min length of 1 character * Max length of 40 characters  (optional) 

            try
            {
                // Get file hash categorization
                apiInstance.Sha256Get(sha256, authorization, xCorrelationID);
            }
            catch (Exception e)
            {
                Debug.Print("Exception when calling FileLookupApi.Sha256Get: " + e.Message );
            }
        }
    }
}

Getting Started Static File Analysis

using System;
using System.Diagnostics;
using SophosLabs.Intellix.Api;
using SophosLabs.Intellix.Client;
using SophosLabs.Intellix.Model;

namespace Example
{
    public class Example
    {
        public void main()
        {
            // Configure OAuth2 access token for authorization: oAuthScheme
            Configuration.Default.AccessToken = "YOUR_ACCESS_TOKEN";

            var apiInstance = new StaticFileAnalysisApi();
            var sha256 = sha256_example;  // string | The SHA256 hash of the file. 
            var authorization = authorization_example;  // string | The access token obtained from the token endpoint to authenticate towards a specific SophosLabs API.  You can learn more about authentication towards SophosLabs APIs [here](/doc/authentication.html). 
            var reportFormat = reportFormat_example;  // string | The requested report format. Either 'json' (default) or 'html'.  HTML response may only be received in case of the jobStatus is SUCCESS. Otherwise the response format is always JSON, even if HTML requested.  The 'Content-Type' response header is always set accordingly:   * application/json  * text/html  (optional) 
            var xCorrelationID = xCorrelationID_example;  // string | An optional caller-provided identifier which will be included in the response object. It must match the following regular expression: \"[-._a-zA-Z0-9]{1,40}\":  * Only alphanumeric characters, hyphens, dots and underscores are allowed * Min length of 1 character * Max length of 40 characters  (optional) 

            try
            {
                // Get a report by file hash.
                StaticAnalysisReport result = apiInstance.ReportsGet(sha256, authorization, reportFormat, xCorrelationID);
                Debug.WriteLine(result);
            }
            catch (Exception e)
            {
                Debug.Print("Exception when calling StaticFileAnalysisApi.ReportsGet: " + e.Message );
            }
        }
    }
}

Documentation for API Endpoints

All URIs are relative to https://de.api.labs.sophos.com/analysis/file/static/v1

Class Method HTTP request Description
StaticFileAnalysisApi ReportsGet GET /reports Get a report by file hash.
StaticFileAnalysisApi ReportsJobIdGet GET /reports/{job_id} Get a report by job id.
StaticFileAnalysisApi RootPost POST / Submit a file for static analysis.

Documentation for Models

Documentation for Authorization

oAuthScheme

  • Type: OAuth
  • Flow: application
  • Authorization URL:
  • Scopes:
    • :