Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

A Python tool to check Capture ATP verdicts and upload file samples via Capture API

JaimeJaime SonicWall Employee

Hi everyone,

Today I'm sharing a Python tool to bulk-check Capture ATP verdicts and upload file samples via Capture API. It supports threading, command line arguments for those who love typing, and configuration file support for those who don’t (edit cannonconfig.ini). This tool leverages the SonicWall Capture API library (included with the tool), which can be found on the official SonicWall GitHub: https://github.com/sonicwall

I don't currently have access to post it to the official GitHub page, so you can get it from my personal GitHub page: https://github.com/jaimeesc/snwl-capture-api-cannon


You'll need to create a directory to store the file samples, and supply that directory in the config file or via command line argument.


>py snwl-capture-api-cannon.py -h

usage: snwl-capture-api-cannon.py [-h] [--malware_directory MALWARE_DIRECTORY] [--capture_api_server CAPTURE_API_SERVER]

                                 [--capture_api_serial CAPTURE_API_SERIAL] [--capture_api_key CAPTURE_API_KEY]

                                 [--ignore_verdict IGNORE_VERDICT] [--number_of_passes NUMBER_OF_PASSES]

                                 [--number_of_threads NUMBER_OF_THREADS] [--conf]


optional arguments:

 -h, --help           show this help message and exit

 --malware_directory MALWARE_DIRECTORY

                       Provide a directory where the malware samples are stored. Default is malware_files.

 --capture_api_server CAPTURE_API_SERVER

                       Provide the full URL to the Capture API Server. Ex: https://capture-api-example.com

 --capture_api_serial CAPTURE_API_SERIAL

                       Provide the Capture API Serial Number.

 --capture_api_key CAPTURE_API_KEY

                       Provide the Capture API Key.

 --ignore_verdict IGNORE_VERDICT

                       Set to yes to ignore verdicts and upload files regardless of the verdict. Set to no to only upload unknown files.

                       Default is no.

 --number_of_passes NUMBER_OF_PASSES

                       Provide the number of times to repeat the routine. Default is 1.

 --number_of_threads NUMBER_OF_THREADS

                       Provide the number of threads to use for file hash verdict lookups and file uploads. Default is 1.

 --conf               Reads configuration from cannonconfig.ini instead of command line arguments.

Category: Developer Hub
Reply

Comments

Sign In or Register to comment.