Endpoint returns a JSON object that contains parameters of all user's tasks.
Parameter
|
Description
|
id
|
Object execution task ID.
|
created
|
Date and time when the object execution task was created, specified in the UNIX time stamp system (the number of seconds that have elapsed since 00:00:00 (UTC), 1 January 1970).
|
state
|
Object execution task state. Available values:
in-progress—Execution task is in progress. The object is still being executed.
completed—Execution task is successfully completed.
completed-with-error—Error occurred during the object execution, but the task is completed.
failed—Error occurred during the object execution.
|
error
|
Error description (if available). Available values:
unpack-failed—Failed to unpack the archive.
incorrect-password—Failed to unpack the archive because of an incorrect password.
too-large-file—Failed to execute the object because it exceeds a size limit.
too-large-file-in-archive—Unpacked object exceeds a size limit.
|
exec_env
|
Operating system that was specified as an execution environment. Available values:
WinXP—Microsoft Windows XP SP3 x86.
Win7_x64—Microsoft Windows 7 x64.
Win7—Microsoft Windows 7 x86.
Win10_x64—Microsoft Windows 10 x64.
|
exec_env_used
|
Operating system that was actually used as an execution environment.
|
exec_time
|
Specified object execution time in seconds.
|
exec_time_used
|
Actual object execution time in seconds.
|
processing_type
|
Object execution type. Available values:
exec-only—Only object execution is performed.
unzip-and-exec—Object is unpacked before execution.
|
decrypt_https
|
Boolean parameter. Specifies whether HTTPS traffic generated by the executed object was decrypted.
If this parameter is specified (decrypt_https : true), HTTPS traffic generated by the executed object was decrypted.
If this parameter is not specified (decrypt_https : false), HTTPS traffic generated by the executed object was not decrypted.
|
click_on_links
|
Boolean parameter. Specifies whether the links in the opened documents were browsed.
If this parameter is specified (click_on_links : true), the links in the opened documents were browsed.
If this parameter is not specified (click_on_links : false), the links in the opened documents were not browsed.
|
channel
|
Region or individual country of a network channel specified by the user for the executed object to use to access the internet. Available values:
any—Internet channel belongs to any region and does not direct traffic through the TOR network.
tor—Internet channel belongs to any region and directs traffic through the TOR network.
tarpit—File is executed without access to the internet.
|
channel_used
|
Region or individual country of a network channel that the object actually used to access the internet. Available values:
any—Internet channel belongs to any region and does not direct traffic through the TOR network.
tor—Internet channel belongs to any region and directs traffic through the TOR network.
tarpit—File is executed without access to the internet.
|
file
|
Executed object details. Contains the data described below in this table.
|
zone
|
Zone of the executed file. Available values:
red—Execution task completed. The object belongs to the red zone (malicious).
yellow—Execution task completed. The object belongs to the yellow zone (can be classified as Not-a-virus).
green—Execution task completed. The object belongs to the green zone (not malicious).
gray—Execution task completed. The object belongs to the gray zone, no information about the object is available.
null—Execution task completed with error.
|
state
|
State of the executed file. Available values:
malware—Execution task completed. The object is malicious.
adware-and-other—Execution task completed. The object can be classified as Not-a-virus.
clean—Execution task completed. The object is not malicious.
not-categorized—Execution task completed. No or not enough information about the object is available to define the category.
null—Execution task completed with error.
|
has_apt
|
Boolean parameter. Indicates whether the object is related to an advanced persistent threat (APT) attack.
|
publications
|
Array of GUIDs of Crimeware Threat Intelligence and APT Intelligence reports, in which the executed object is related.
|
name
|
Executed object name, including the extension.
|
ext
|
File extension for the executed object.
|
type
|
Automatically detected type of the executed file.
|
size
|
Size of the executed object in bytes.
|
md5
|
MD5 hash of the executed file.
|
sha1
|
SHA-1 hash of the executed file.
|
sha256
|
SHA-256 hash of the executed file.
|
doc_password
|
Password to open password-protected documents during execution.
|
cmd_line
|
Specific parameters used to start object execution.
|
[
{
"id": "string",
"created": "2019-03-05T12:11:36Z",
"state": "in-progress",
"error": "string",
"exec_env": "string",
"exec_time": 0,
"processing_type": "string",
"decrypt_https": true,
"click_on_links": true,
"channel": "string",
"channel_used": "string",
"file": {
"zone": "red",
"status": "malware",
"has_apt": true,
"publications": [
"string"
],
"name": "string",
"ext": "string",
"type": "string",
"size": 0,
"md5": "string",
"sha1": "string",
"sha256": "string"
}
}
]