A Python tool to check Capture ATP verdicts and upload file samples via Capture API
Today I'm sharing a Python tool to bulk-check Capture ATP verdicts and upload file samples via Capture API. It supports threading, command line arguments for those who love typing, and configuration file support for those who don’t (edit cannonconfig.ini). This tool leverages the SonicWall Capture API library (included with the tool), which can be found on the official SonicWall GitHub: https://github.com/sonicwall
I don't currently have access to post it to the official GitHub page, so you can get it from my personal GitHub page: https://github.com/jaimeesc/snwl-capture-api-cannon
You'll need to create a directory to store the file samples, and supply that directory in the config file or via command line argument.
>py snwl-capture-api-cannon.py -h
usage: snwl-capture-api-cannon.py [-h] [--malware_directory MALWARE_DIRECTORY] [--capture_api_server CAPTURE_API_SERVER]
[--capture_api_serial CAPTURE_API_SERIAL] [--capture_api_key CAPTURE_API_KEY]
[--ignore_verdict IGNORE_VERDICT] [--number_of_passes NUMBER_OF_PASSES]
[--number_of_threads NUMBER_OF_THREADS] [--conf]
-h, --help show this help message and exit
Provide a directory where the malware samples are stored. Default is malware_files.
Provide the full URL to the Capture API Server. Ex: https://capture-api-example.com
Provide the Capture API Serial Number.
Provide the Capture API Key.
Set to yes to ignore verdicts and upload files regardless of the verdict. Set to no to only upload unknown files.
Default is no.
Provide the number of times to repeat the routine. Default is 1.
Provide the number of threads to use for file hash verdict lookups and file uploads. Default is 1.
--conf Reads configuration from cannonconfig.ini instead of command line arguments.