The Falcon Sandbox Python API Connector (e.g. for https://www.hybrid-analysis.com/).

• Python >= 3.4.0
• python-requests module
• python-colorama module

To install some of the required python modules, please use the pip module manager Using Debian/Ubuntu OS, this can be done by calling sudo apt-get install python3-pip. It will then be available via pip3 Using Windows, this can be done automatically when installing python (proper checkbox on the installer has to be checked). It should be available via pip

This version has broad support for all capabilities of VxWebService APIv2 and much more. New features include:

• support for APIv2
• improved application performance
• unified and simplified CLI schema
• bulk quick scan and sandbox submissions
• improved file handling
• test coverage

That app version is still supported as long as VxWebService supports it API version. To use it, please switch to v1 branch.

Copy the config_tpl.py and name it config.py.

The configuration file specifies a triplet of api key/secret and server:

• api_key (should be compatible with API v2 - should contains at least 60 chars)
• server - full url of the WebService instance e.g. https://www.hybrid-analysis.com

Please fill them with the appropriate data. You can generate a public (restricted) API key by following these instructions: https://www.hybrid-analysis.com/knowledge-base/issuing-self-signed-api-key

If you have the full version of Falcon Sandbox, create any kind of API key in the admin area: https://www.hybrid-analysis.com/apikeys

Debian/Ubuntu OS:

sudo apt-get install python3-requests 

or

pip3 install requests 

Windows:

pip install requests 

Debian/Ubuntu OS:

pip3 install colorama 

Windows:

pip install colorama 

Depending on your API Key privileges, you will see different options. Few actions connected with system state and file submit, are only available while using premium API Key. If you are interested in obtaining one, please contact with our support.

python3 vxapi.py -h 

After choosing the action_name

python3 vxapi.py action_name -h 

python3 vxapi.py action_name -v 

Most Linux OSes have two versions of python installed. To ensure that the program will work correctly, please use python3. In Windows after having installed python, please add the parent folder to PATH environment variable. Now use python to callout the script.

Licensed GNU GENERAL PUBLIC LICENSE, Version 3, 29 June 2007 see https://github.com/PayloadSecurity/VxAPI/blob/master/LICENSE.md

Copyright (C) 2018 Hybrid Analysis GmbH