How To Get Sample Information through the RAPI api on Malware Analysis Appliance (MAA)

book

Article ID: 168121

calendar_today

Updated On:

Products

Malware Analysis Software - MA

Issue/Introduction

User wants to get sample information from the box using the API
·        Returns the high-level metadata for a sample by either the integer sample_id provided or query strings.
·        If more than one sample is returned, it will be as a list under the results element.
·        If a sample is not found, an empty set will be returned.
·        By default it returns the last 100 samples. The max limit is 1000, if more results are required use the offset parameter to page the results back.

Resolution

Examples using curl.

Return a single sample’s metadata.
curl http://ip_address/rapi/samples/<sample_id>

Return all samples marked with a source of customerOne.
curl http://ip_address/rapi/samples?source=customerOne

Return all samples that were uploaded by Robert Bob (rbob).
curl http://ip_address/rapi/samples?owner=rbob

Return all samples that have both the 'zeus' AND the 'bad' tags in the description.
curl http://ip_address/rapi/samples?hashtags=bad|zeus

Return all URL samples that have 'malicious_site' as part of their address.
curl http://ip_address/rapi/samples?url=malicious_site