sample#

Autogenerated API

argus_api.lib.sampledb.v2.sample.add_analysis(sha256: str, analysisResult: dict = None, customer: str = None, userAgent: dict = None, tlp: str = None, acl: str = None, profile: str = None, triggeredDetections: dict = None, possibleDetections: int = None, verdictStatusOverride: str = None, tags: dict = None, executedWithInternetAccess: bool = None, analysisScore: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Adds an analysis to a sample (DEV)

Parameters
  • sha256 (str) – Sha256 of sample to add analysis result to

  • analysisResult (dict) – The result of the analysis as a JSON object

  • customer (str) – The shortname or ID of customer the analysis belongs to

  • userAgent (dict) – The user agent used in add requests

  • tlp (str) – The TLP level of the analysis

  • acl (list) – The shortname or IDs of users or groups that will be given explicit access

  • profile (str) – The execution profile of the worker => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

  • triggeredDetections (list) – The triggered detections for this analysis

  • possibleDetections (int) – The maximum number of possible detections

  • verdictStatusOverride (str) – Can be set to signify that the worker posting the analysis result is 100% certain that the sample is malicious or benign. The verdict engine will consider this field and use as an override for the verdict status. If there are contradicting overrides, the verdict engine will set the verdict status to ‘unknown’ instead

  • tags (list) – The tags for the analysis

  • executedWithInternetAccess (bool) – A boolean to indicate whether the analysis have been executed with internet access or not

  • analysisScore (int) – The score for this analysis. The value is a score from -1 to 100 and is an indication of how certain the analyzer is that the sample is malicious. A value of -1 indicates no findings.

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.add_evidence(sha256: str, analysisID: str, evidence: str = None, mimeType: str = None, fileName: str = None, internal: bool = None, potentiallyMalicious: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Adds evidence to an analysis (DEV)

Parameters
  • sha256 (str) – Sha256 of sample that holds the analysis

  • analysisID (str) – UUID of analysis to add evidence to

  • evidence (str) – Base64 encoded evidence

  • mimeType (str) – The mimeType of the evidence

  • fileName (str) – The file name given to the evidence

  • internal (bool) – Whether the Evidence should be available to external users or not. By default this is false which means that external users have access. Set to true if only internal

  • potentiallyMalicious (bool) – Whether the Evidence is malicious or not

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

Adds an link to a sample (DEV)

Parameters
  • sha256 (str) – Sha256 of sample to add link to

  • customer (str) – The shortname or ID of customer the link belongs to

  • userAgent (dict) – The user agent used in add requests

  • tlp (str) – The TLP level of the link

  • acl (list) – The shortname or IDs of users or groups that will be given explicit access

  • type (str) – The nature of the link between the two samples

  • reference (str) – The ID of the sample the link references

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.add_sample(json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Upload a new sample file (INTERNAL)

Parameters
  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.add_static_fact(sha256: str, key: str = None, value: str = None, userAgent: dict = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Endpoint for registering a new static fact (DEV)

Parameters
  • sha256 (str) – Sha256 of the sample to add the static fact to

  • key (str) – The static fact key

  • value (str) – The static fact value

  • userAgent (dict) – The user agent used in add requests

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.add_submission(sha256: str, fileName: str = None, customer: str = None, observedTimestamp: int = None, mimeType: str = None, metaData: dict = None, tlp: str = None, acl: str = None, userAgent: dict = None, challengeToken: dict = None, retention: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Add a new sample submission. Requires a challenge token. A challenge token is a solution to a challenge generated by the challenge endpoint (INTERNAL)

Parameters
  • sha256 (str) – Sha256 of sample to add submission for

  • fileName (str) – The filename of the sample

  • customer (str) – The shortname or ID of customer the submission belongs to. Default value is the currernt user’s customer

  • observedTimestamp (int) – The timestamp of when the sample was observed. Defaults to the current time

  • mimeType (str) – The sample mime type (default application/octet-stream)

  • metaData (dict) – Meta data about the sample (default {})

  • tlp (str) – TLP color of the submission. Submissions with TLP Red will be rejected as Sample Service does not support submissions with TLP redDefaults to amber (default amber)

  • acl (list) – List of user IDs or shortnames that are given explicit access to the submission

  • userAgent (dict) – The user agent used in add requests

  • challengeToken (dict) – Request containing the answer to a challenge

  • retention (str) – Only retain the submission until the specified time. The submission will be deleted after this time, unless the sample is malicious. Allows unix timestamp (milliseconds), ISO timestamp, or relative time specifies. See https://docs.mnemonic.no/api/general_integration_guide/08-time_fields.html#api-iguide-general-time-search

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.add_verdict(sha256: str, comment: str = None, statusOverride: str = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Manually add a verdict to a sample (DEV)

Parameters
  • sha256 (str) –

  • comment (str) – A comment providing information or context to the verdict => [sw\{\}\$\-\(\).\[\]”'_/\,\*\+\#:@!?;=]*

  • statusOverride (str) – Field for manually overriding the status of the sample. If this field is set, this overrides the future event generations and verdicts for this sample

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

Advanced search for samples (DEV)

Parameters
  • keywords (list) – A set of keywords to search for

  • keywordFieldStrategy (list) – Restrict to search only in the selected keyword fields

  • keywordMatchStrategy (str) – Whether all or any (default) of the fields must match one or more of the keywords

  • sha256 (list) – Restrict to search only in the selected sample sha256 IDs

  • sha512 (list) – Restrict to search only in samples with these sha512 hashes

  • sha1 (list) – Restrict to search only in samples with these sha1 hashes

  • md5 (list) – Restrict to search only in samples with these md5 hashes

  • timeFieldStrategy (list) – Restrict the search by timestamp (indicated by startTimestamp and endTimestamp) to these fields. Default is ‘all’

  • timeMatchStrategy (str) – Whether all or any (default) of the fields must match the time period (indicated by startTimestamp and endTimestamp)

  • classification (list) – Search criteria for classifications

  • submission (list) – Search criteria for submissions

  • user (list) – Restrict the search to samples containing resources (indicated by userFieldStrategy) submitted by users

  • userFieldStrategy (list) – Define what resources to apply the user criteria to. Defaults to ‘all’

  • userMatchStrategy (str) – Whether all or any (default) of the fields must match the user criteria

  • customer (list) – Restrict the search to samples containing submissions owned by certain customers

  • tlp (list) – Restrict the search to samples where the sample contains one or more submission, analysis, or link with any of the defined TLPs

  • analysis (list) – Search criteria for analysis

  • link (list) – Search criteria for links

  • verdict (list) – Search criteria for verdicts

  • subCriteria (list) – Search sub criteria

  • fact (list) – Search criteria for static facts

  • indexStartTimestamp (str) – Restrict search to data after this time. Timestamps can be milliseconds since epoch, ISO8601 timestamp, or a string with a relative timestamp. See the general integration guide for more details (default now - 1 month)

  • indexEndTimestamp (str) – Restrict search to data before this time. Timestamps can be milliseconds since epoch, ISO8601 timestamp, or a string with a relative timestamp. See the general integration guide for more details (default now)

  • sortBy (list) – Specify sort ordering for returned samples (default -sampleCreatedTimestamp)

  • startTimestamp (str) – Restrict the search to resources (indicated by timeFieldStrategy) timestamped after this timestamp. Timestamps can be milliseconds since epoch, ISO8601 timestamp, or a string with a relative timestamp. See the general integration guide for more details

  • endTimestamp (str) – Restrict the search to resources (indicated by timeFieldStrategy) timestamped before this timestamp.Timestamps can be milliseconds since epoch, ISO8601 timestamp, or a string with a relative timestamp. See the general integration guide for more details

  • limit (int) – Limit the number of search results (default 25)

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.delete_sample(sha256: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Delete a sample and all of its resources including submissions, analyses, links, classifications, verdicts, and jobs. A minimal metadata record will be left behind (DEV)

Parameters
  • sha256 (str) – Sha256 of the sample

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.download_raw_sample(sha256: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) requests.models.Response#

Download a raw sample file. Warning: The file returned may be malicious. Take caution (INTERNAL)

Parameters
  • sha256 (str) – Sha256 of the sample

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

requests.Response object

argus_api.lib.sampledb.v2.sample.download_safe_sample(sha256: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) requests.models.Response#

Download a zipped sample file, password protected with the password “infected”. Warning: The zipped file may be malicious. Take caution (INTERNAL)

Parameters
  • sha256 (str) – Sha256 of the sample

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

requests.Response object

argus_api.lib.sampledb.v2.sample.get_analysis(sha256: str, analysisID: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Fetches the analysis for the sample with the given ID (DEV)

Parameters
  • sha256 (str) – Sha256 of sample to fetch the analysis from

  • analysisID (str) – ID of the analysis to fetch

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.get_analysis_summary(sha256: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Get a summary of all analysis results for a given sample (DEV)

Parameters
  • sha256 (str) – Sha256 of sample to fetch the analysis summary from

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.get_evidence(sha256: str, analysisID: str, evidenceID: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Fetches the evidence metadata for the analysis for the sample with the given ID (DEV)

Parameters
  • sha256 (str) – Sha256 of sample to fetch the analysis from

  • analysisID (str) – ID of the analysis the evidence is for

  • evidenceID (str) – ID of the evidence to fetch

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.get_evidence_data(sha256: str, analysisID: str, evidenceID: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) requests.models.Response#

Returns the evidence file. (DEV)

Parameters
  • sha256 (str) – Sha256 of sample the analysis is from

  • analysisID (str) – The ID of the analysis you want to fetch evidence from

  • evidenceID (str) – The ID of the evidence data you want to fetch

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

requests.Response object

Fetches the link for the sample with the given ID (DEV)

Parameters
  • sha256 (str) – Sha256 of sample to fetch the link from

  • linkID (str) – ID of the link to fetch

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

Get a summary of up to 1000 links for a given sample (DEV)

Parameters
  • sha256 (str) – Sha256 of the sample to fetch the links summary from

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.get_sample_meta_data(sha256: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Fetch meta data about a sample file (INTERNAL)

Parameters
  • sha256 (str) – Sha256 of the sample

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.get_submission(sha256: str, submissionID: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Fetch a submission for the sample with the given ID (INTERNAL)

Parameters
  • sha256 (str) – Sha256 of the sample the submission belongs to

  • submissionID (str) – The ID of the submission to fetch

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.get_upload_challenge(sha256: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Generate a new challenge for a sample. The solution of the challenge is SHA256(x) where x is ‘length’ bytes of data starting from ‘offset’ bytes into the sample file (INTERNAL)

Parameters
  • sha256 (str) – Sha256 of sample to get submission challenge for

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.list_analysis(sha256: str, limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Lists the analysis for the sample (DEV)

Parameters
  • sha256 (str) – Sha256 of sample to fetch the analysis from

  • limit (int) – Maximum number of returned results

  • offset (int) – Skip a number of results

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.list_classifications(sha256: str, sortBy: str = None, limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Fetch all classifications for a sample (DEV)

Parameters
  • sha256 (str) – Sha256 of the sample

  • sortBy (list) – The field on which to sort the classifications. Prefix with ‘-’ to sort descending

  • limit (int) – The maximum number of classifications to return

  • offset (int) – Skip a number of results

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.list_evidence(sha256: str, analysisID: str, limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Lists the evidence metadata for the analysis (DEV)

Parameters
  • sha256 (str) – Sha256 of sample the analysis is from

  • analysisID (str) – The ID of the analysis you want to list evidence from

  • limit (int) – Maximum number of returned results

  • offset (int) – Skip a number of results

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

Lists the links for the sample (DEV)

Parameters
  • sha256 (str) – Sha256 of sample to fetch the link from

  • limit (int) – Maximum number of returned results

  • offset (int) – Skip a number of results

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.list_static_fact(sha256: str, sortBy: str = None, key: str = None, limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Endpoint for listing the static facts for a sample (DEV)

Parameters
  • sha256 (str) – Sha256 of the sample the static facts are for

  • sortBy (list) – Sort order of returned results. Prefix with ‘-’ to sort descending

  • key (list) – A set of keys to search for

  • limit (int) – Maximum number of returned results

  • offset (int) – Skip a number of results

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.list_submissions(sha256: str, limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

List all the submissions for a sample (INTERNAL)

Parameters
  • sha256 (str) – Sha256 of the sample to fetch submissions for

  • limit (int) – Maximum number of returned results

  • offset (int) – Skip a number of results

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.list_verdicts(sha256: str, sortBy: str = None, limit: int = 25, offset: int = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

List all verdicts for a sample (DEV)

Parameters
  • sha256 (str) – Sha256 of the sample to fetch verdicts for

  • sortBy (list) – The field on which to sort the verdicts. Prefix any of the allowed values with ‘-’ to sort descending

  • limit (int) – Maximum number of returned results

  • offset (int) – Skip a number of results

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.reanalyse_sample(sha256: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Triggering reanalysis of a Sample without having to upload a new submission. (DEV)

Parameters
  • sha256 (str) – Sha256 of the sample

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.reclassify_sample(sha256: str, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Manually reclassify an existing sample (DEV)

Parameters
  • sha256 (str) – Sha256 of the sample

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

Simple search for samples (DEV)

Parameters
  • sortBy (list) – The fields to sort the results by. Prefix with ‘-’ to sort descending

  • keywords (list) – A set of keywords to search for

  • keywordFieldStrategy (list) – Which fields to search on

  • limit (int) – Maximum number of returned results

  • indexStartTimestamp (str) – Restrict search to data after this time. Timestamps can be milliseconds since epoch, ISO8601 timestamp, or a string with a relative timestamp. See the general integration guide for more details

  • indexEndTimestamp (str) – Restrict search to data before this time. Timestamps can be milliseconds since epoch, ISO8601 timestamp, or a string with a relative timestamp. See the general integration guide for more details

  • keywordMatchStrategy (str) – Whether the keywords must match all or any of the keyword fields

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON

argus_api.lib.sampledb.v2.sample.upload_evidence(sha256: str, analysisID: str, fileName: str, internal: bool = None, potentiallyMalicious: bool = None, json: bool = True, verify: Optional[bool] = None, proxies: Optional[dict] = None, apiKey: Optional[str] = None, authentication: Optional[dict] = None, server_url: Optional[str] = None, body: Optional[dict] = None, api_session: Optional[ArgusAPISession] = None) dict#

Uploads an evidence file (DEV)

Parameters
  • sha256 (str) – Sha256 of sample that holds the analysis

  • analysisID (str) – UUID of analysis to add evidence to

  • fileName (str) – The name of the evidence file to upload

  • internal (bool) – If the evidence is internal

  • potentiallyMalicious (bool) – If the evidence is potentially malicious

  • json – return the response’s body as a dict parsed from json. True by default. If set to false, the raw requests.Response object will be returned.

  • verify – path to a certificate bundle or boolean indicating whether SSL verification should be performed.

  • apiKey – Argus API key.

  • authentication – authentication override

  • server_url – API base URL override

  • body – body of the request. other parameters will override keys defined in the body.

  • api_session – session to use for this request. If not set, the global session will be used.

Raises
Returns

dictionary translated from JSON