Skip to content

Manager

psengine.malware_intel.malware_intel_mgr.MalwareIntelMgr 

MalwareIntelMgr(rf_token: str = None)

Manages requests for Recorded Future Malware Intelligence API.

PARAMETER DESCRIPTION
rf_token

Recorded Future API token.

TYPE: str DEFAULT: None

Source code in psengine/malware_intel/malware_intel_mgr.py 
32
33
34
35
36
37
38
39
def __init__(self, rf_token: str = None):
    """Initializes the `MalwareIntelMgr` object.

    Args:
        rf_token (str, optional): Recorded Future API token.
    """
    self.log = logging.getLogger(__name__)
    self.rf_client = RFClient(api_token=rf_token) if rf_token else RFClient()

reports 

reports(
    query: str,
    sha256: str,
    start_date: str,
    end_date: str,
    my_enterprise: bool = False,
    limit: int = DEFAULT_LIMIT,
) -> list[SandboxReport]

Search for the reports matching the specified parameters.

PARAMETER DESCRIPTION
query

The filtering query to perform.

TYPE: str

sha256

The SHA256 to search.

TYPE: str

start_date

The starting date, format YYYY-MM-DD or relative like -1d.

TYPE: str

end_date

The ending date, format YYYY-MM-DD or relative like -1d.

TYPE: str

my_enterprise

If the report has been submitted by your enterprise.

TYPE: bool DEFAULT: False

limit

Maximum number of reports.

TYPE: int DEFAULT: DEFAULT_LIMIT

Endpoint

/malware-intelligence/v1/reports

RAISES DESCRIPTION
ValidationError

If any supplied parameter is of incorrect type.
MalwareIntelReportError

If API error occurs.
RETURNS DESCRIPTION
list[SandboxReport]

A list of reports that have been found.
Source code in psengine/malware_intel/malware_intel_mgr.py 
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
@debug_call
@validate_call
@connection_exceptions(ignore_status_code=[], exception_to_raise=MalwareIntelReportError)
def reports(
    self,
    query: Annotated[str, Doc('The filtering query to perform.')],
    sha256: Annotated[str, Doc('The SHA256 to search.')],
    start_date: Annotated[
        str, Doc('The starting date, format YYYY-MM-DD or relative like -1d.')
    ],
    end_date: Annotated[str, Doc('The ending date, format YYYY-MM-DD or relative like -1d.')],
    my_enterprise: Annotated[
        bool, Doc('If the report has been submitted by your enterprise.')
    ] = False,
    limit: Annotated[int, Doc('Maximum number of reports.')] = DEFAULT_LIMIT,
) -> Annotated[list[SandboxReport], Doc('A list of reports that have been found.')]:
    """Search for the reports matching the specified parameters.

    Endpoint:
        `/malware-intelligence/v1/reports`

    Raises:
        ValidationError: If any supplied parameter is of incorrect type.
        MalwareIntelReportError: If API error occurs.
    """
    data = {
        'query': query,
        'sha256': sha256,
        'start_date': start_date,
        'end_date': end_date,
        'my_enterprise': my_enterprise,
        'limit': limit,
    }

    data = MalwareReportIn.model_validate(data).json()

    reports = self.rf_client.request('post', EP_MALWARE_INTEL_REPORTS, data=data).json()[
        'reports'
    ]

    return [SandboxReport.model_validate(r) for r in reports]