How To Get Sample Information through the RAPI api on Malware Analysis Appliance (MAA)
Article ID: 168121
Malware Analysis Software - MA
User wants to get sample information from the box using the API · Returns the high-level metadata for a sample by either the integer sample_id provided or query strings. · If more than one sample is returned, it will be as a list under the results element. · If a sample is not found, an empty set will be returned. · By default it returns the last 100 samples. The max limit is 1000, if more results are required use the offset parameter to page the results back.
Examples using curl.
Return a single sample’s metadata. curl http://ip_address/rapi/samples/<sample_id>
Return all samples marked with a source of customerOne. curl http://ip_address/rapi/samples?source=customerOne
Return all samples that were uploaded by Robert Bob (rbob). curl http://ip_address/rapi/samples?owner=rbob
Return all samples that have both the 'zeus' AND the 'bad' tags in the description. curl http://ip_address/rapi/samples?hashtags=bad|zeus
Return all URL samples that have 'malicious_site' as part of their address. curl http://ip_address/rapi/samples?url=malicious_site