Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5397
Views
0
Helpful
8
Replies

download sample file from Threat Grid by API

Go to solution
peter.peng
Level 1
Level 1

‎03-20-2019 05:07 AM - edited ‎02-20-2020 09:08 PM

Hi Sir:

   Could you provide me any document about download the sample file from TG by API ? I can't find it from TG help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Wojciech Cecot
Cisco Employee
Cisco Employee
In response to peter.peng

‎03-29-2019 06:13 AM

Hello Peter,

 

Not sure about the Firepower API, however on TG I could only find information from which sensor sample came, for example from 'fmc-sensor-...", 'wsa-device-...', 'esa-device...'

 

That information can be found under "login" field.

https://panacea.threatgrid.eu/mask/api-doc/api/v2/samples

 

If you are looking for the hostname of the endpoint, I don't think it is possible to get that on TG.

 

Regards,

Wojciech

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Wojciech Cecot
Cisco Employee
Cisco Employee

‎03-24-2019 11:54 PM

Hello Peter,

 

Please refer to:

https://panacea.threatgrid.com/mask/api-doc/api/v2/samples/:sample-id/:artifact

 

It is possible to download it as an artifact. Example:

curl --request GET https://panacea.threatgrid.com/api/v2/samples/ec75584d564ac189b90cad37db4dc755/sample.zip?api_key=<API_KEY> -o sample.zip

 

Hope that helps,

Wojciech

 

 

0 Helpful

Go to solution
peter.peng
Level 1
Level 1
In response to Wojciech Cecot

‎03-27-2019 01:32 AM

Hi Wojciech Cecot :

    Thanks a lot . 

Another question: If I want to export hostname of client from FMC or TG by API. Can I make it ?

0 Helpful

Go to solution
Wojciech Cecot
Cisco Employee
Cisco Employee
In response to peter.peng

‎03-29-2019 06:13 AM

Hello Peter,

 

Not sure about the Firepower API, however on TG I could only find information from which sensor sample came, for example from 'fmc-sensor-...", 'wsa-device-...', 'esa-device...'

 

That information can be found under "login" field.

https://panacea.threatgrid.eu/mask/api-doc/api/v2/samples

 

If you are looking for the hostname of the endpoint, I don't think it is possible to get that on TG.

 

Regards,

Wojciech

0 Helpful

Go to solution
HawkTeam
Level 1
Level 1
In response to Wojciech Cecot

‎04-24-2019 03:42 AM

Hello, i use your api but not work. What's the id of :artifact meaning. Its filename or something else?
Thanks a lot
0 Helpful

Go to solution
Wojciech Cecot
Cisco Employee
Cisco Employee
In response to HawkTeam

‎04-24-2019 05:03 AM

Hello,

As per documentation (https://panacea.threatgrid.com/mask/api-doc/api/v2/samples/:sample-id/:artifact) id of the artifact is Sample ID, that can be either retrieved using API or from Console of TG, after clicking on the sample:

Screenshot 2019-04-24 at 13.50.48.png

Regarding artifact parameter itself it needs to be something from the table, from documentation like, sample.zip, analysis.json etc.

--Wojciech

0 Helpful

Go to solution
HawkTeam
Level 1
Level 1
In response to Wojciech Cecot

‎04-24-2019 08:02 AM

Thank for reply me, I already try with curl --request GET https://panacea.threatgrid.com/api/v2/samples/ec75584d564ac189b90cad37db4dc755/sampleid/nameofartifact but still not download file. I get id from report https://panacea.threatgrid.com/csa/v3/report
Am is miss something?
Thank you
0 Helpful

Go to solution
Wojciech Cecot
Cisco Employee
Cisco Employee
In response to HawkTeam

‎04-25-2019 02:16 AM

Looks like you are missing API key in that query, please try following (and instead of <API_KEY> place your API key):

curl --request GET https://panacea.threatgrid.com/api/v2/samples/ec75584d564ac189b90cad37db4dc755/analysis.json?api_key=<API_KEY>

If that will fail, please share response output (make sure to remove your API_KEY)

-Wojciech

 

 

 

 

0 Helpful

Go to solution
HawkTeam
Level 1
Level 1
In response to Wojciech Cecot

‎04-27-2019 08:42 PM

hi, Im using CSA(ESA/WSA), its possible to download with api of CSA ? i think that problem, maybe CSA not allow to download sample with CSA api?
0 Helpful
Customers Also Viewed These Support Documents