SbUpload Deprecated

Deprecated. Use Check Point Threat Emulation (SandBlast) instead. Query, upload and download data using Check Point Sandblast on cloud.

python · Check Point Sandblast Cloud Services (Deprecated)

Source

import demistomock as demisto  # noqa: F401
from CommonServerPython import *  # noqa: F401

resp = demisto.executeCommand("sandblast-upload", demisto.args())

if isError(resp[0]):
    demisto.results(resp)
else:
    data = demisto.get(resp[0], "Contents.response")
    if data:
        data = data if isinstance(data, list) else [data]
        data = [{k: formatCell(row[k]) for k in row} for row in data]
        demisto.results({"ContentsFormat": formats["table"], "Type": entryTypes["note"], "Contents": data})
    else:
        demisto.results("No results.")

README

Uses the Upload API to have a client application request that Check Point Threat Prevention modules scan and analyze a file. When a file is to the service, the file will be encrypted. The file is un-encrypted during analysis, and then deleted.

Script Data


Name Description
Script Type python
Tags sandblast

Dependencies


This script uses the following commands and scripts.

  • sb-upload

Inputs


Argument Name Description
file_name The name of the file. The service calculates the file name from the part name.
md5 The MD5 hash of the file to upload.
sha1 The SHA1 hash of the file to upload.
sha256 The SHA256 hash of the file to upload.
file_type The extension of the file. The service identifies the type of the file.
features The available features. The default is “te” and “av”.
images The array of the objects with ID and revision of available OS images.
reports The array of supported report formats. Can be, “pdf”, “xml”, or “tar”.
benign_reports By default, reports are returned only for malicious files. Mark this as true and get benign reports.
file_id The ID of the file.

Outputs


There are no outputs for this script.