Analysis of the Python interface of the Deepviz SDK Linked Library
Today is the last time we released our Python SDK Linked Library to support users to quickly use our Deepviz technology in their existing projects and platforms.
Since our Deepviz release in last November, our main focus has been on stability and peak load processing. Now we have successfully processed 150000 samples a day, and the architecture design can adjust the threshold as needed and there is no upper limit.
But this is not our only job. We now support 64-bit PE files in our experiment. You can upload 64-bit PE files which will be processed as 32-bit PE files.
Of course, there is another thing: we are trying to clear, refactor, and optimize our REST APIs set, which enables everyone to quickly interact with the Deepviz service, integrate our threat intelligence and malware analysis services into existing platforms. However, this is not enough. We hope that Deepviz can be connected as directly and painless as possible. In this article, we will use the python-deepviz link library to enter the Python world.
Python-deepviz is a free library published based on the MIT certificate and supports the Pypi repository. This link library is still being tested-more features will be added in the future, so that you can easily upload and download samples, just like searching reports, using our threat intelligence platform.
It is easy to register a free Deepviz account and use pip to install the Linked Library:
1 pip install python-deepviz
After the installation is complete and the API key is obtained from your account, you can start using it. All the API keys in the test have unlimited access permissions to the threat intelligence APIs, and have unlimited access permissions to the sandbox Analysis Report APIs. Each month, 500 samples can be uploaded, download 20 samples.
The following are some examples of how to use python SDK.
Upload a sample and wait for the scan to complete. Then, obtain the analysis report:
Or you can obtain the complete scan report:
You can also download part of the report. In this example, you can use the filter we provide:
Execute the following request (just an example of a request rule, network connection, and category ):
Returned results:
For more information about our threat intelligence SDK, you can request domain names, IP data, and run generic and more detailed searches from our database.
Let's get the details of a Special IP address and domain name:
You can also obtain the newly registered domain name used by malware within a certain time window (in this example, the domain name used within three days ):
Returned results:
You can also perform string-based generic search to obtain all samples, IP addresses, and domain names related to keywords:
The result is as follows:
Or let's add parameters to run advanced search! Let's search for all samples connected to justfacebook.net and determined as malware by our malware Analyzer:
These are just examples of using our Deepviz APIs. A more complete and complex example is as follows:
First, obtain all new domain names registered in the last 7 days, then obtain the MD5 value of the samples connecting them, and obtain the corresponding behavior rules:
The result is as follows:
This blog introduces the link library, so you can start using these Apis based on your Deepviz experience. The APIs of the Python SDK are still being tested. We will try to improve them.
Now we hope you can use it and enter some feedback on our support page :)