Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 1 of 19
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 1 of 19
`
`
`
`
`
`
`EXHIBIT 23
`EXHIBIT 23
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 1 of 19
`
`
`
`
`
`
`EXHIBIT 23
`EXHIBIT 23
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 2 of 19
`Sky ATP Open API
`
`Sky ATP Public API
`
`Default response content-types: application/json
`Schemes: http
`
`Summary
`Tag: SubmitSample
`
`Operation
`
`POST /v1/skyatp/submit/sample
`
`Tag: HashLookup
`
`Operation
`
`Description
`
`Submit sample for malware analysis.
`
`Description
`
`GET /v1/skyatp/lookup/hash/{hash_string}
`
`Lookup sample malware score by hash.
`
`Tag: blwlOne
`
`Operation
`
`GET /v1/skyatp/{list_type}/param/{server_type}
`
`PATCH /v1/skyatp/{list_type}/param/{server_type}
`
`DELETE /v1/skyatp/{list_type}/param/{server_type}
`
`Tag: blwlN
`
`Operation
`
`GET /v1/skyatp/{list_type}/file/{server_type}
`
`PATCH /v1/skyatp/{list_type}/file/{server_type}
`
`DELETE /v1/skyatp/{list_type}/file/{server_type}
`
`Description
`
`Ping the API to determine if it is alive.
`
`Tag: default
`
`Operation
`
`GET /ping
`
`Security
`
`Bearer
`
`name: Authorization
`in: header
`
`Paths
`
`GET /ping
`
`DESCRIPTION
`
`RESPONSES
`
`Description
`
`Description
`
`Ping the API to determine if it is alive.
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 3 of 19
`Uses default content-types: application/json
`200 OK
`Ping succeeded.
`
`GET /v1/skyatp/lookup/hash/{hash_string}
`Tags: HashLookup
`
`Lookup sample malware score by hash.
`
`DESCRIPTION
`Lookup sample malware score by hash (sha256). Optional full scanning report may be requested.
`
`REQUEST PARAMETERS
`
`Name
`
`Description
`
`Type
`
`Data type
`
`hash_string
`
`Sample hash. Only SHA256 is supported at this time.
`
`path
`
`required
`
`string (64
`to 64
`chars)
`
`full_report
`
`Whether to return a full scanning report. This should be set to true if user
`wants to retrieve a detailed sample analysis report in JSON format.
`
`query
`
`boolean
`
`Authorization Bearer token of the form, Bearer token, token is application token generated
`from Customer Portal.
`
`header
`
`string
`
`required global
`#/parameters/auth_header
`
`X-
`Forwarded-
`For
`
`This is a header that provides tracking information for API usage.
`
`header
`
`string
`
`global
`#/parameters/forward_header
`
`RESPONSES
`Uses default content-types: application/json
`200 OK
`Hash lookup succeeded. Returns a result JSON object.
`
`Example for application/json
`
`{
` "last_update": 0,
` "malware_info": {
` "ident": "MemScan:Trojan.Pws"
` },
` "report": null,
` "scan_complete": false,
` "score": -1,
` "sha256": "516f3396086598142db5e242bc2c8f69f4f5058a637cd2f9bf5dcb4619869536"
`}
`
`
`ScanResult
`
`401 Unauthorized
`Invalid API key
`
`Error
`
`404 Not Found
`Sample not found.
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 4 of 19
`
`Error
`
`422 Unprocessable Entity
`Missing or invalid parameters to HTTP call.
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time. Submission quota exceeded.
`
`500 Internal Server Error
`Internal server error.
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`SECURITY
`
`Schema
`
`Bearer
`
`Scopes
`
`POST /v1/skyatp/submit/sample
`Tags: SubmitSample
`
`Submit sample for malware analysis.
`
`DESCRIPTION
`Submit sample for malware analysis. To call this method, the user must provide a file parameter containing file content to be uploaded. The
`user also may provide additional information related to the sample such as client/remote IP, sample URL, client host name, name of the user who
`downloaded the sample, etc. If the submitted sample is determined to be malicious, Sky ATP may use this additional information to track the client
`within the internal network and notify the user that the host is infected.
`
`REQUEST BODY
`
`multipart/form-data
`
`REQUEST PARAMETERS
`
`Name
`
`file
`
`full_report
`
`Description
`
`Sample file to submit.
`
`Type
`
`Data
`type
`
`formData
`
`file
`
`required
`
`Whether to return a full scanning report. This should be set to true if user
`wants to retrieve a detailed sample analysis report in JSON format.
`
`query
`
`boolean
`
`sample_url
`
`URL where the sample was downloaded from.
`
`formData
`
`string
`
`remote_ip
`
`IP address where the sample was downloaded from.
`
`formData
`
`string
`
`client_ip
`
`IP address of the client that downloaded this sample.
`
`formData
`
`string
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 5 of 19
`Data
`type
`
`Description
`
`Type
`
`Name
`
`client_hostname Hostname of the client that downloaded this sample.
`
`formData
`
`string
`
`username
`
`Username of the client that downloaded this sample.
`
`formData
`
`string
`
`Authorization
`
`Bearer token of the form, Bearer token, token is application token
`generated from Customer Portal.
`
`header
`
`string
`
`required global
`#/parameters/auth_header
`
`This is a header that provides tracking information for API usage.
`
`header
`
`string
`
`global
`#/parameters/forward_header
`
`X-Forwarded-
`For
`
`RESPONSES
`
`application/json
`200 OK
`File submission succeeded. Returns a submission JSON object.
`
`Example for application/json
`
`{
` "last_update": 1464891625,
` "malware_info": {
` "ident": "MemScan:Trojan.Pws"
` },
` "scan_complete": true,
` "score": 10,
` "sha256": "516f3396086598142db5e242bc2c8f69f4f5058a637cd2f9bf5dcb4619869536"
`}
`
`
`ScanResult
`
`401 Unauthorized
`Invalid API key.
`
`Error
`
`413 Request Entity Too Large
`Sample file size over max limit.
`
`Error
`
`422 Unprocessable Entity
`Missing or invalid parameters to HTTP call.
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time. Submission quota exceeded.
`
`Error
`
`500 Internal Server Error
`Internal server error.
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 6 of 19
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`Error
`
`SECURITY
`
`Schema
`
`Bearer
`
`Scopes
`
`DELETE /v1/skyatp/{list_type}/file/{server_type}
`Tags: blwlN
`
`DESCRIPTION
`Delete given server in the list or the entire list if one of the entries in the file is * or all.
`
`REQUEST BODY
`
`multipart/form-data
`
`REQUEST PARAMETERS
`
`Name
`
`Description
`
`list_type
`
`Type of list, blacklist or whitelist.
`
`Type
`
`path
`
`server_type
`
`Server type of the list. Could be one of ip, url or domain.
`
`path
`
`Data type
`
`string , x ∈ { "whitelist" ,
`string , x ∈ { "ip" , "url" ,
`
`"blacklist" } (9 to 9 chars)
`
`file
`
`csv file, with a single column for server.
`
`formData
`
`file
`
`"domain" } (2 to 6 chars)
`
`failOnError
`
`Whether to partially process the file in case of parsing
`errors.
`
`formData
`
`boolean (default: "true")
`
`required global
`#/parameters/list_type_path
`
`required global
`#/parameters/server_type_path
`
`required global
`#/parameters/file_form
`
`global
`#/parameters/failOnError_form
`
`Authorization Bearer token of the form, Bearer token, token is
`application token generated from Customer Portal.
`
`header
`
`string
`
`required global
`#/parameters/auth_header
`
`X-
`Forwarded-
`For
`
`This is a header that provides tracking information for API
`usage.
`
`header
`
`string
`
`global
`#/parameters/forward_header
`
`RESPONSES
`Uses default content-types: application/json
`202 Accepted
`The request has been accepted for processing.
`
`PROPERTIES
`request_id: string
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 7 of 19
`Unique identifier of this request. Used for logs on the server side.
`
`400 Bad Request
`Request parameters are invalid
`
`Error
`
`401 Unauthorized
`Invalid/Expired API key
`
`Error
`
`403 Forbidden
`Access denied for this API key
`
`Error
`
`413 Request Entity Too Large
`Input file size over max limit.
`
`Error
`
`422 Unprocessable Entity
`Unprocessable Entity. Input is syntactically correct but semantically incorrect.
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time, api quota exceeded.
`
`Error
`
`500 Internal Server Error
`Internal server error
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`Error
`
`SECURITY
`
`Schema
`
`Bearer
`
`Scopes
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 8 of 19
`GET /v1/skyatp/{list_type}/file/{server_type}
`Tags: blwlN
`
`required global
`#/parameters/list_type_path
`
`required global
`#/parameters/server_type_path
`
`required global
`#/parameters/auth_header
`
`global
`#/parameters/forward_header
`
`DESCRIPTION
`Returns the blacklist/whitelist for the specific server type.
`
`REQUEST PARAMETERS
`
`Name
`
`Description
`
`list_type
`
`Type of list, blacklist or whitelist.
`
`Type
`
`path
`
`server_type
`
`Server type of the list. Could be one of ip, url or domain.
`
`path
`
`Data type
`
`string , x ∈ { "whitelist" ,
`string , x ∈ { "ip" , "url" ,
`
`"blacklist" } (9 to 9 chars)
`
`"domain" } (2 to 6 chars)
`
`Authorization Bearer token of the form, Bearer token, token is
`application token generated from Customer Portal.
`
`header
`
`string
`
`X-
`Forwarded-
`For
`
`This is a header that provides tracking information for API
`usage.
`
`header
`
`string
`
`RESPONSES
`Uses default content-types: application/json
`200 OK
`Get the blacklist/whitelist.
`
`BlwlResult
`
`400 Bad Request
`Request parameters are invalid
`
`Error
`
`401 Unauthorized
`Invalid/Expired API key
`
`Error
`
`403 Forbidden
`Access denied for this API key
`
`Error
`
`422 Unprocessable Entity
`Unprocessable Entity. Input is syntactically correct but semantically incorrect.
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time, api quota exceeded.
`
`Error
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 9 of 19
`500 Internal Server Error
`Internal server error
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`Error
`
`SECURITY
`
`Schema
`
`Bearer
`
`PATCH /v1/skyatp/{list_type}/file/{server_type}
`Tags: blwlN
`
`DESCRIPTION
`Updates a list of IP/URL/FQDN from a file in a specific list.
`
`REQUEST BODY
`
`multipart/form-data
`
`REQUEST PARAMETERS
`
`Name
`
`Description
`
`list_type
`
`Type of list, blacklist or whitelist.
`
`Scopes
`
`Type
`
`path
`
`server_type
`
`Server type of the list. Could be one of ip, url or domain.
`
`path
`
`Data type
`
`string , x ∈ { "whitelist" ,
`string , x ∈ { "ip" , "url" ,
`
`"blacklist" } (9 to 9 chars)
`
`file
`
`csv file, with a single column for server.
`
`formData
`
`file
`
`"domain" } (2 to 6 chars)
`
`failOnError
`
`Whether to partially process the file in case of parsing
`errors.
`
`formData
`
`boolean (default: "true")
`
`required global
`#/parameters/list_type_path
`
`required global
`#/parameters/server_type_path
`
`required global
`#/parameters/file_form
`
`global
`#/parameters/failOnError_form
`
`Authorization Bearer token of the form, Bearer token, token is
`application token generated from Customer Portal.
`
`header
`
`string
`
`required global
`#/parameters/auth_header
`
`X-
`Forwarded-
`For
`
`This is a header that provides tracking information for API
`usage.
`
`header
`
`string
`
`global
`#/parameters/forward_header
`
`RESPONSES
`Uses default content-types: application/json
`202 Accepted
`The request has been accepted for processing.
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 10 of 19
`
`PROPERTIES
`request_id: string
`Unique identifier of this request. Used for logs on the server side.
`
`400 Bad Request
`Request parameters are invalid
`
`Error
`
`401 Unauthorized
`Invalid/Expired API key
`
`Error
`
`403 Forbidden
`Access denied for this API key
`
`Error
`
`413 Request Entity Too Large
`Input file size over max limit.
`
`Error
`
`422 Unprocessable Entity
`Unprocessable Entity. Input is syntactically correct but semantically incorrect.
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time, api quota exceeded.
`
`Error
`
`500 Internal Server Error
`Internal server error
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`Error
`
`SECURITY
`
`Schema
`
`Bearer
`
`Scopes
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 11 of 19
`
`DELETE /v1/skyatp/{list_type}/param/{server_type}
`Tags: blwlOne
`
`DESCRIPTION
`Delete given server in the feed or the entire feed. Pass server name as * or all, to delete the entire list.
`
`REQUEST BODY
`
`multipart/form-data
`
`REQUEST PARAMETERS
`
`Name
`
`Description
`
`list_type
`
`Type of list, blacklist or whitelist.
`
`Type
`
`path
`
`server_type
`
`Server type of the list. Could be one of ip, url or domain.
`
`path
`
`Data type
`
`string , x ∈ { "whitelist" ,
`string , x ∈ { "ip" , "url" ,
`
`"blacklist" } (9 to 9
`chars)
`
`server
`
`IP/URL/FQDN depending on the server_type. Only IPv4
`supported, IPv6 may be supported in the future.
`
`formData
`
`string (1 to 128 chars)
`
`Authorization Bearer token of the form, Bearer token, token is
`application token generated from Customer Portal.
`
`header
`
`string
`
`"domain" } (2 to 6 chars)
`
`required global
`#/parameters/list_type_path
`
`required global
`#/parameters/server_type_path
`
`required global
`#/parameters/server_form
`
`required global
`#/parameters/auth_header
`
`X-
`Forwarded-
`For
`
`This is a header that provides tracking information for API
`usage.
`
`header
`
`string
`
`global
`#/parameters/forward_header
`
`RESPONSES
`Uses default content-types: application/json
`202 Accepted
`The request has been accepted for processing.
`
`PROPERTIES
`request_id: string
`Unique identifier of this request. Used for logs on the server side.
`
`400 Bad Request
`Request parameters are invalid
`
`Error
`
`401 Unauthorized
`Invalid/Expired API key
`
`Error
`
`403 Forbidden
`Access denied for this API key
`
`Error
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 12 of 19
`
`422 Unprocessable Entity
`Unprocessable Entity. Input is syntactically correct but semantically incorrect.
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time, api quota exceeded.
`
`Error
`
`500 Internal Server Error
`Internal server error
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`Error
`
`SECURITY
`
`Schema
`
`Bearer
`
`GET /v1/skyatp/{list_type}/param/{server_type}
`Tags: blwlOne
`
`DESCRIPTION
`Returns the blacklist/whitelist for the specific server type.
`
`REQUEST PARAMETERS
`
`Name
`
`Description
`
`list_type
`
`Type of list, blacklist or whitelist.
`
`Scopes
`
`Type
`
`path
`
`server_type
`
`Server type of the list. Could be one of ip, url or domain.
`
`path
`
`Data type
`
`string , x ∈ { "whitelist" ,
`string , x ∈ { "ip" , "url" ,
`
`"blacklist" } (9 to 9 chars)
`
`Authorization Bearer token of the form, Bearer token, token is
`application token generated from Customer Portal.
`
`header
`
`string
`
`"domain" } (2 to 6 chars)
`
`This is a header that provides tracking information for API
`usage.
`
`header
`
`string
`
`X-
`Forwarded-
`For
`
`RESPONSES
`
`required global
`#/parameters/list_type_path
`
`required global
`#/parameters/server_type_path
`
`required global
`#/parameters/auth_header
`
`global
`#/parameters/forward_header
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 13 of 19
`Uses default content-types: application/json
`200 OK
`Get the blacklist/whitelist.
`
`BlwlResult
`
`400 Bad Request
`Request parameters are invalid
`
`Error
`
`401 Unauthorized
`Invalid/Expired API key
`
`Error
`
`403 Forbidden
`Access denied for this API key
`
`Error
`
`422 Unprocessable Entity
`Unprocessable Entity. Input is syntactically correct but semantically incorrect.
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time, api quota exceeded.
`
`Error
`
`500 Internal Server Error
`Internal server error
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`Error
`
`SECURITY
`
`Schema
`
`Bearer
`
`PATCH /v1/skyatp/{list_type}/param/{server_type}
`Tags: blwlOne
`
`Scopes
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 14 of 19
`
`DESCRIPTION
`Updates an IP/URL/FQDN in a blacklist/whitelist
`
`REQUEST BODY
`
`multipart/form-data
`
`REQUEST PARAMETERS
`
`Name
`
`Description
`
`list_type
`
`Type of list, blacklist or whitelist.
`
`Type
`
`path
`
`server_type
`
`Server type of the list. Could be one of ip, url or domain.
`
`path
`
`Data type
`
`string , x ∈ { "whitelist" ,
`string , x ∈ { "ip" , "url" ,
`
`"blacklist" } (9 to 9
`chars)
`
`server
`
`IP/URL/FQDN depending on the server_type. Only IPv4
`supported, IPv6 may be supported in the future.
`
`formData
`
`string (1 to 128 chars)
`
`Authorization Bearer token of the form, Bearer token, token is
`application token generated from Customer Portal.
`
`header
`
`string
`
`"domain" } (2 to 6 chars)
`
`required global
`#/parameters/list_type_path
`
`required global
`#/parameters/server_type_path
`
`required global
`#/parameters/server_form
`
`required global
`#/parameters/auth_header
`
`X-
`Forwarded-
`For
`
`This is a header that provides tracking information for API
`usage.
`
`header
`
`string
`
`global
`#/parameters/forward_header
`
`RESPONSES
`Uses default content-types: application/json
`202 Accepted
`The request has been accepted for processing.
`
`PROPERTIES
`request_id: string
`Unique identifier of this request. Used for logs on the server side.
`
`400 Bad Request
`Request parameters are invalid
`
`Error
`
`401 Unauthorized
`Invalid/Expired API key
`
`Error
`
`403 Forbidden
`Access denied for this API key
`
`Error
`
`422 Unprocessable Entity
`Unprocessable Entity. Input is syntactically correct but semantically incorrect.
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 15 of 19
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time, api quota exceeded.
`
`Error
`
`500 Internal Server Error
`Internal server error
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`Error
`
`SECURITY
`
`Schema
`
`Bearer
`
`Scopes
`
`Parameter definitions
`
`Key
`
`server_form
`
`Name
`
`server
`
`Description
`
`Type
`
`Data type
`
`IP/URL/FQDN depending on the server_type. Only IPv4
`supported, IPv6 may be supported in the future.
`
`formData
`
`string (1 to 128 chars)
`
`required
`
`file_form
`
`file
`
`csv file, with a single column for server.
`
`formData
`
`file
`
`failOnError_form failOnError
`
`Whether to partially process the file in case of parsing errors.
`
`formData
`
`list_type_path
`
`list_type
`
`Type of list, blacklist or whitelist.
`
`path
`
`server_type_path
`
`server_type
`
`Server type of the list. Could be one of ip, url or domain.
`
`path
`
`boolean (default: "true")
`
`string , x ∈ { "whitelist" ,
`string , x ∈ { "ip" , "url" ,
`
`"blacklist" } (9 to 9 chars)
`
`auth_header
`
`Authorization Bearer token of the form, Bearer token, token is application
`token generated from Customer Portal.
`
`header
`
`string
`
`forward_header
`
`X-
`Forwarded-
`For
`
`This is a header that provides tracking information for API
`usage.
`
`header
`
`string
`
`"domain" } (2 to 6 chars)
`
`Response definitions
`
`400
`Request parameters are invalid
`
`required
`
`required
`
`required
`
`required
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 16 of 19
`
`Error
`
`401
`Invalid/Expired API key
`
`Error
`
`403
`Access denied for this API key
`
`Error
`
`422
`Unprocessable Entity. Input is syntactically correct but semantically incorrect.
`
`Error
`
`429
`Client has sent too many requests in a given amount of time, api quota exceeded.
`
`Error
`
`500
`Internal server error
`
`Error
`
`503
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting
`client.
`
`Error
`
`Schema definitions
`
`AuthenticatedUser: object
`
`DESCRIPTION
`Internal structure describing an authorized OpenAPI user.
`
`PROPERTIES
`TenantID: string
`Sky ATP Tenant ID.
`
`TokenID: string
`Sky ATP OpenAPI tokenID.
`
`BlwlResult: object
`
`DESCRIPTION
`Describes the result of a whitelist/blacklist result.
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 17 of 19
`
`PROPERTIES
`request_id: string
`Unique identifier of this request. Used for logs on the server side.
`
`data: object
`Response from Customer Portal.
`
`PROPERTIES
`servers: string[]
`ITEMS
`string
`DESCRIPTION
`Server as a string
`
`count: integer
`count of the servers being returned.
`
`CustomerPortalError: object
`
`DESCRIPTION
`Internal structure describing an error returned by Sky ATP Portal
`
`PROPERTIES
`Error: string
`Short Error Description
`
`ErrorDesc: string
`Detailed Error Description
`
`Success: boolean
`Boolean whether request succeeded
`
`ErrorCode: integer
`HTTP Response code
`
`DetailedScanReport: object
`
`DESCRIPTION
`Detailed sample scanning report.
`
`PROPERTIES
`behaviors: object[]
`List of malicious behavior types.
`
`ITEMS
`MaliciousBehavior
`
`Error: object
`
`PROPERTIES
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 18 of 19
`
`err_id: string
`Text representation of error code.
`
`message: string
`Short error description.
`
`details: string
`Long error description. Must not be used for error handling purposes.
`
`MaliciousBehavior: object
`
`DESCRIPTION
`Describes a particular behavior noticed during scanning.
`
`PROPERTIES
`behavior: string
`List of malicious behavior types.
`
`MalwareInfo: object
`
`DESCRIPTION
`Classification of the malware sample.
`
`PROPERTIES
`mw_type: string (up to 256 chars)
`Malware type.
`
`platform: string (up to 256 chars)
`Platform this sample is built for.
`
`group: string (up to 256 chars)
`Group this malware sample belongs to.
`
`family: string (up to 256 chars)
`Malware family.
`
`cmplr: string (up to 256 chars)
`Compiler used.
`
`lang: string (up to 256 chars)
`Malware locale.
`
`ident: string (up to 256 chars)
`Malware identity.
`
`ScanResult: object
`
`PROPERTIES
`sha256: string (64 to 64 chars)
`Sample sha256.
`
`score: integer (int64) required
`Sample malware score in [0..10] range. If the sample processing has not completed, -1 will be returned.
`
`
`
`threat_level: string , x ∈ { "high" , "medium" , "low" , "clean" }
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 19 of 19
`
`Textual representation of the score.
`
`category: string
`File category.
`
`size: integer (int64)
`Sample file size.
`
`malware_info: MalwareInfo
`
`scan_complete: boolean required
`Whether sample processing is complete or not.
`
`last_update: integer (int64)
`Timestamp of last successful update in sample processing pipeline.
`
`scan_report: DetailedScanReport
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
