SophosLabs.Intellix - the C# library for the Static File Analysis API
Use this easy service to understand the characteristics of the file your application or service is interacting with. Allowing you to block malware including those in files previously unseen. Helping you avoid zero day attacks. SophosLabs Intelix passes each submitted file through an array of granular threat detection analyzers composed of threat deterministic and machine learning models to derive a threat verdict and an intelligence report. Examples of analysis include: File genetic similarity intersection machine learning analysis, suspicious file attributes machine learning identification, Deep Anti-Virus scanning, industry detection coverage, and a lot more. The results are available in JSON format, for easy parsing with any programming language, as well as a visually appealing HTML report, ideal for human reading. You can read more about SophosLabs Intelix APIs here. #### Billing You are billed for getting a report. This might happen in the following ways: * You request a report by file hash. You are billed if SophosLabs can provide you a report. * You submit a file for analysis. You are billed for the submission (pre-paying for the report). You get a job id for the submission. NOTE: Requests for a report by job id are not billed when the report is provided, as you have already paid at file submit.
This C# SDK is automatically generated by the Swagger Codegen project:
- API version: 1.1.0
- SDK version: 1.0.0
- Build package: SophosLabs.Intellix.codegen.v3.generators.dotnet.CSharpClientCodegen
Frameworks supported
- .NET 4.0 or later
- Windows Phone 7.1 (Mango)
Dependencies
- RestSharp - 105.1.0 or later
- Json.NET - 7.0.0 or later
- JsonSubTypes - 1.2.0 or later
The DLLs included in the package may not be the latest version. We recommend using NuGet to obtain the latest version of the packages:
Install-Package RestSharp
Install-Package Newtonsoft.Json
Install-Package JsonSubTypes
NOTE: RestSharp versions greater than 105.1.0 have a bug which causes file uploads to fail. See RestSharp#742
Installation
Run the following command to generate the DLL
- [Mac/Linux]
/bin/sh build.sh
- [Windows]
build.bat
Then include the DLL (under the bin
folder) in the C# project, and use the namespaces:
using SophosLabs.Intellix.Api;
using SophosLabs.Intellix.Client;
using SophosLabs.Intellix.Model;
Packaging
A .nuspec
is included with the project. You can follow the Nuget quickstart to create and publish packages.
This .nuspec
uses placeholders from the .csproj
, so build the .csproj
directly:
nuget pack -Build -OutputDirectory out SophosLabs.Intellix.csproj
Then, publish to a local feed or other host and consume the new package via Nuget as usual.
Getting Started Authentication
using System;
using System.Diagnostics;
using SophosLabs.Intellix.Api;
using SophosLabs.Intellix.Client;
using SophosLabs.Intellix.Model;
namespace Example
{
public class Example
{
public void main()
{
var apiInstance = new AuthenticationApi();
var authorization = authorization_example; // string | The authorization header. The secret is [Basic](https://en.wikipedia.org/wiki/Basic_access_authentication#Client_side): Base64Encode(client_id:client_secret).
var contentType = contentType_example; // string | The content type for the request body. Must be **application/x-www-form-urlencoded**
try
{
// Authentication endpoint
AuthenticationResponse result = apiInstance.Oauth2TokenPost(authorization, contentType);
Debug.WriteLine(result);
}
catch (Exception e)
{
Debug.Print("Exception when calling AuthenticationApi.Oauth2TokenPost: " + e.Message );
}
}
}
}
Getting Started File Hash Lookup
using System;
using System.Diagnostics;
using SophosLabs.Intellix.Api;
using SophosLabs.Intellix.Client;
using SophosLabs.Intellix.Model;
namespace Example
{
public class Example
{
public void main()
{
// Configure OAuth2 access token for authorization: oAuthScheme
Configuration.Default.AccessToken = "YOUR_ACCESS_TOKEN";
var apiInstance = new FileLookupApi();
var sha256 = sha256_example; // string | The SHA256 hash of the requested file.
var authorization = authorization_example; // string | The access token obtained from the token endpoint to authenticate towards a specific SophosLabs API. You can learn more about authentication towards SophosLabs APIs [here](/doc/authentication.html).
var xCorrelationID = xCorrelationID_example; // string | An optional caller-provided identifier which will be included in the response object. It must match the following regular expression: \"[-._a-zA-Z0-9]{1,40}\": * Only alphanumeric characters, hyphens, dots and underscores are allowed * Min length of 1 character * Max length of 40 characters (optional)
try
{
// Get file hash categorization
apiInstance.Sha256Get(sha256, authorization, xCorrelationID);
}
catch (Exception e)
{
Debug.Print("Exception when calling FileLookupApi.Sha256Get: " + e.Message );
}
}
}
}
Getting Started Static File Analysis
using System;
using System.Diagnostics;
using SophosLabs.Intellix.Api;
using SophosLabs.Intellix.Client;
using SophosLabs.Intellix.Model;
namespace Example
{
public class Example
{
public void main()
{
// Configure OAuth2 access token for authorization: oAuthScheme
Configuration.Default.AccessToken = "YOUR_ACCESS_TOKEN";
var apiInstance = new StaticFileAnalysisApi();
var sha256 = sha256_example; // string | The SHA256 hash of the file.
var authorization = authorization_example; // string | The access token obtained from the token endpoint to authenticate towards a specific SophosLabs API. You can learn more about authentication towards SophosLabs APIs [here](/doc/authentication.html).
var reportFormat = reportFormat_example; // string | The requested report format. Either 'json' (default) or 'html'. HTML response may only be received in case of the jobStatus is SUCCESS. Otherwise the response format is always JSON, even if HTML requested. The 'Content-Type' response header is always set accordingly: * application/json * text/html (optional)
var xCorrelationID = xCorrelationID_example; // string | An optional caller-provided identifier which will be included in the response object. It must match the following regular expression: \"[-._a-zA-Z0-9]{1,40}\": * Only alphanumeric characters, hyphens, dots and underscores are allowed * Min length of 1 character * Max length of 40 characters (optional)
try
{
// Get a report by file hash.
StaticAnalysisReport result = apiInstance.ReportsGet(sha256, authorization, reportFormat, xCorrelationID);
Debug.WriteLine(result);
}
catch (Exception e)
{
Debug.Print("Exception when calling StaticFileAnalysisApi.ReportsGet: " + e.Message );
}
}
}
}
Documentation for API Endpoints
All URIs are relative to https://de.api.labs.sophos.com/analysis/file/static/v1
Class | Method | HTTP request | Description |
---|---|---|---|
StaticFileAnalysisApi | ReportsGet | GET /reports | Get a report by file hash. |
StaticFileAnalysisApi | ReportsJobIdGet | GET /reports/{job_id} | Get a report by job id. |
StaticFileAnalysisApi | RootPost | POST / | Submit a file for static analysis. |
Documentation for Models
- Model.AnalysisError
- Model.AnalysisErrorReport
- Model.AnalysisInProgress
- Model.AnalysisSubject
- Model.ErrorResponse
- Model.ErrorResponse400
- Model.ErrorResponse500
- Model.GenericResponse
- Model.Report
- Model.ReportAnalysisSummary
- Model.ReportContainerAnalysis
- Model.ReportDetection
- Model.ReportDocumentAnalysis
- Model.ReportDocumentAnalysisMetaData
- Model.ReportMlAggregateResults
- Model.ReportMlFile
- Model.ReportMlFileAnalyses
- Model.ReportMlFileAnalysesBlackBox
- Model.ReportMlFileAnalysesBlackBoxBenign
- Model.ReportMlFileAnalysesBlackBoxPua
- Model.ReportMlFileAnalysesGeneticAnalysis
- Model.ReportMlFileAnalyzedCounts
- Model.ReportMlFileAnalyzedCountsFeatureMaliciousness
- Model.ReportMlFileAnalyzedCountsGeneticAnalysis
- Model.ReportMlFileOverallScores
- Model.ReportMlFilepath
- Model.ReportMlFilepathAnalyses
- Model.ReportMlFilepathAnalysesNeighborMaliciousness
- Model.ReportMlFilepathAnalysesNeighborMaliciousnessMostSimilar
- Model.ReportMlFilepathAnalysesNeighborMaliciousnessMostSimilarMalware
- Model.ReportMlFilepathAnalyzedCounts
- Model.ReportMlFilepathAnalyzedCountsNeighborMaliciousness
- Model.ReportMlFilepathOverallScores
- Model.ReportMlInputs
- Model.ReportPeAnalysis
- Model.ReportPeAnalysisDigisig
- Model.ReportPeAnalysisDigisigSigner
- Model.ReportPeAnalysisDigisigTimescert
- Model.ReportPeAnalysisExport
- Model.ReportPeAnalysisImport
- Model.ReportPeAnalysisResources
- Model.ReportPeAnalysisSections
- Model.ReportPeAnalysisVersioninfo
- Model.ReportReputation
- Model.ReportTarget
- Model.StaticAnalysisReport
Documentation for Authorization
oAuthScheme
- Type: OAuth
- Flow: application
- Authorization URL:
-
Scopes:
- :