`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 1 of 19
`
`
`
`
`
`
`EXHIBIT 23
`EXHIBIT 23
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 2 of 19
`Sky ATP Open API
`
`Sky ATP Public API
`
`Default response content-types: application/json
`Schemes: http
`
`Summary
`Tag: SubmitSample
`
`Operation
`
`POST /v1/skyatp/submit/sample
`
`Tag: HashLookup
`
`Operation
`
`Description
`
`Submit sample for malware analysis.
`
`Description
`
`GET /v1/skyatp/lookup/hash/{hash_string}
`
`Lookup sample malware score by hash.
`
`Tag: blwlOne
`
`Operation
`
`GET /v1/skyatp/{list_type}/param/{server_type}
`
`PATCH /v1/skyatp/{list_type}/param/{server_type}
`
`DELETE /v1/skyatp/{list_type}/param/{server_type}
`
`Tag: blwlN
`
`Operation
`
`GET /v1/skyatp/{list_type}/file/{server_type}
`
`PATCH /v1/skyatp/{list_type}/file/{server_type}
`
`DELETE /v1/skyatp/{list_type}/file/{server_type}
`
`Description
`
`Ping the API to determine if it is alive.
`
`Tag: default
`
`Operation
`
`GET /ping
`
`Security
`
`Bearer
`
`name: Authorization
`in: header
`
`Paths
`
`GET /ping
`
`DESCRIPTION
`
`RESPONSES
`
`Description
`
`Description
`
`Ping the API to determine if it is alive.
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 3 of 19
`Uses default content-types: application/json
`200 OK
`Ping succeeded.
`
`GET /v1/skyatp/lookup/hash/{hash_string}
`Tags: HashLookup
`
`Lookup sample malware score by hash.
`
`DESCRIPTION
`Lookup sample malware score by hash (sha256). Optional full scanning report may be requested.
`
`REQUEST PARAMETERS
`
`Name
`
`Description
`
`Type
`
`Data type
`
`hash_string
`
`Sample hash. Only SHA256 is supported at this time.
`
`path
`
`required
`
`string (64
`to 64
`chars)
`
`full_report
`
`Whether to return a full scanning report. This should be set to true if user
`wants to retrieve a detailed sample analysis report in JSON format.
`
`query
`
`boolean
`
`Authorization Bearer token of the form, Bearer token, token is application token generated
`from Customer Portal.
`
`header
`
`string
`
`required global
`#/parameters/auth_header
`
`X-
`Forwarded-
`For
`
`This is a header that provides tracking information for API usage.
`
`header
`
`string
`
`global
`#/parameters/forward_header
`
`RESPONSES
`Uses default content-types: application/json
`200 OK
`Hash lookup succeeded. Returns a result JSON object.
`
`Example for application/json
`
`{
` "last_update": 0,
` "malware_info": {
` "ident": "MemScan:Trojan.Pws"
` },
` "report": null,
` "scan_complete": false,
` "score": -1,
` "sha256": "516f3396086598142db5e242bc2c8f69f4f5058a637cd2f9bf5dcb4619869536"
`}
`
`
`ScanResult
`
`401 Unauthorized
`Invalid API key
`
`Error
`
`404 Not Found
`Sample not found.
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 4 of 19
`
`Error
`
`422 Unprocessable Entity
`Missing or invalid parameters to HTTP call.
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time. Submission quota exceeded.
`
`500 Internal Server Error
`Internal server error.
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`SECURITY
`
`Schema
`
`Bearer
`
`Scopes
`
`POST /v1/skyatp/submit/sample
`Tags: SubmitSample
`
`Submit sample for malware analysis.
`
`DESCRIPTION
`Submit sample for malware analysis. To call this method, the user must provide a file parameter containing file content to be uploaded. The
`user also may provide additional information related to the sample such as client/remote IP, sample URL, client host name, name of the user who
`downloaded the sample, etc. If the submitted sample is determined to be malicious, Sky ATP may use this additional information to track the client
`within the internal network and notify the user that the host is infected.
`
`REQUEST BODY
`
`multipart/form-data
`
`REQUEST PARAMETERS
`
`Name
`
`file
`
`full_report
`
`Description
`
`Sample file to submit.
`
`Type
`
`Data
`type
`
`formData
`
`file
`
`required
`
`Whether to return a full scanning report. This should be set to true if user
`wants to retrieve a detailed sample analysis report in JSON format.
`
`query
`
`boolean
`
`sample_url
`
`URL where the sample was downloaded from.
`
`formData
`
`string
`
`remote_ip
`
`IP address where the sample was downloaded from.
`
`formData
`
`string
`
`client_ip
`
`IP address of the client that downloaded this sample.
`
`formData
`
`string
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 5 of 19
`Data
`type
`
`Description
`
`Type
`
`Name
`
`client_hostname Hostname of the client that downloaded this sample.
`
`formData
`
`string
`
`username
`
`Username of the client that downloaded this sample.
`
`formData
`
`string
`
`Authorization
`
`Bearer token of the form, Bearer token, token is application token
`generated from Customer Portal.
`
`header
`
`string
`
`required global
`#/parameters/auth_header
`
`This is a header that provides tracking information for API usage.
`
`header
`
`string
`
`global
`#/parameters/forward_header
`
`X-Forwarded-
`For
`
`RESPONSES
`
`application/json
`200 OK
`File submission succeeded. Returns a submission JSON object.
`
`Example for application/json
`
`{
` "last_update": 1464891625,
` "malware_info": {
` "ident": "MemScan:Trojan.Pws"
` },
` "scan_complete": true,
` "score": 10,
` "sha256": "516f3396086598142db5e242bc2c8f69f4f5058a637cd2f9bf5dcb4619869536"
`}
`
`
`ScanResult
`
`401 Unauthorized
`Invalid API key.
`
`Error
`
`413 Request Entity Too Large
`Sample file size over max limit.
`
`Error
`
`422 Unprocessable Entity
`Missing or invalid parameters to HTTP call.
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time. Submission quota exceeded.
`
`Error
`
`500 Internal Server Error
`Internal server error.
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 6 of 19
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`Error
`
`SECURITY
`
`Schema
`
`Bearer
`
`Scopes
`
`DELETE /v1/skyatp/{list_type}/file/{server_type}
`Tags: blwlN
`
`DESCRIPTION
`Delete given server in the list or the entire list if one of the entries in the file is * or all.
`
`REQUEST BODY
`
`multipart/form-data
`
`REQUEST PARAMETERS
`
`Name
`
`Description
`
`list_type
`
`Type of list, blacklist or whitelist.
`
`Type
`
`path
`
`server_type
`
`Server type of the list. Could be one of ip, url or domain.
`
`path
`
`Data type
`
`string , x ∈ { "whitelist" ,
`string , x ∈ { "ip" , "url" ,
`
`"blacklist" } (9 to 9 chars)
`
`file
`
`csv file, with a single column for server.
`
`formData
`
`file
`
`"domain" } (2 to 6 chars)
`
`failOnError
`
`Whether to partially process the file in case of parsing
`errors.
`
`formData
`
`boolean (default: "true")
`
`required global
`#/parameters/list_type_path
`
`required global
`#/parameters/server_type_path
`
`required global
`#/parameters/file_form
`
`global
`#/parameters/failOnError_form
`
`Authorization Bearer token of the form, Bearer token, token is
`application token generated from Customer Portal.
`
`header
`
`string
`
`required global
`#/parameters/auth_header
`
`X-
`Forwarded-
`For
`
`This is a header that provides tracking information for API
`usage.
`
`header
`
`string
`
`global
`#/parameters/forward_header
`
`RESPONSES
`Uses default content-types: application/json
`202 Accepted
`The request has been accepted for processing.
`
`PROPERTIES
`request_id: string
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 7 of 19
`Unique identifier of this request. Used for logs on the server side.
`
`400 Bad Request
`Request parameters are invalid
`
`Error
`
`401 Unauthorized
`Invalid/Expired API key
`
`Error
`
`403 Forbidden
`Access denied for this API key
`
`Error
`
`413 Request Entity Too Large
`Input file size over max limit.
`
`Error
`
`422 Unprocessable Entity
`Unprocessable Entity. Input is syntactically correct but semantically incorrect.
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time, api quota exceeded.
`
`Error
`
`500 Internal Server Error
`Internal server error
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`Error
`
`SECURITY
`
`Schema
`
`Bearer
`
`Scopes
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 8 of 19
`GET /v1/skyatp/{list_type}/file/{server_type}
`Tags: blwlN
`
`required global
`#/parameters/list_type_path
`
`required global
`#/parameters/server_type_path
`
`required global
`#/parameters/auth_header
`
`global
`#/parameters/forward_header
`
`DESCRIPTION
`Returns the blacklist/whitelist for the specific server type.
`
`REQUEST PARAMETERS
`
`Name
`
`Description
`
`list_type
`
`Type of list, blacklist or whitelist.
`
`Type
`
`path
`
`server_type
`
`Server type of the list. Could be one of ip, url or domain.
`
`path
`
`Data type
`
`string , x ∈ { "whitelist" ,
`string , x ∈ { "ip" , "url" ,
`
`"blacklist" } (9 to 9 chars)
`
`"domain" } (2 to 6 chars)
`
`Authorization Bearer token of the form, Bearer token, token is
`application token generated from Customer Portal.
`
`header
`
`string
`
`X-
`Forwarded-
`For
`
`This is a header that provides tracking information for API
`usage.
`
`header
`
`string
`
`RESPONSES
`Uses default content-types: application/json
`200 OK
`Get the blacklist/whitelist.
`
`BlwlResult
`
`400 Bad Request
`Request parameters are invalid
`
`Error
`
`401 Unauthorized
`Invalid/Expired API key
`
`Error
`
`403 Forbidden
`Access denied for this API key
`
`Error
`
`422 Unprocessable Entity
`Unprocessable Entity. Input is syntactically correct but semantically incorrect.
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time, api quota exceeded.
`
`Error
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 9 of 19
`500 Internal Server Error
`Internal server error
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`Error
`
`SECURITY
`
`Schema
`
`Bearer
`
`PATCH /v1/skyatp/{list_type}/file/{server_type}
`Tags: blwlN
`
`DESCRIPTION
`Updates a list of IP/URL/FQDN from a file in a specific list.
`
`REQUEST BODY
`
`multipart/form-data
`
`REQUEST PARAMETERS
`
`Name
`
`Description
`
`list_type
`
`Type of list, blacklist or whitelist.
`
`Scopes
`
`Type
`
`path
`
`server_type
`
`Server type of the list. Could be one of ip, url or domain.
`
`path
`
`Data type
`
`string , x ∈ { "whitelist" ,
`string , x ∈ { "ip" , "url" ,
`
`"blacklist" } (9 to 9 chars)
`
`file
`
`csv file, with a single column for server.
`
`formData
`
`file
`
`"domain" } (2 to 6 chars)
`
`failOnError
`
`Whether to partially process the file in case of parsing
`errors.
`
`formData
`
`boolean (default: "true")
`
`required global
`#/parameters/list_type_path
`
`required global
`#/parameters/server_type_path
`
`required global
`#/parameters/file_form
`
`global
`#/parameters/failOnError_form
`
`Authorization Bearer token of the form, Bearer token, token is
`application token generated from Customer Portal.
`
`header
`
`string
`
`required global
`#/parameters/auth_header
`
`X-
`Forwarded-
`For
`
`This is a header that provides tracking information for API
`usage.
`
`header
`
`string
`
`global
`#/parameters/forward_header
`
`RESPONSES
`Uses default content-types: application/json
`202 Accepted
`The request has been accepted for processing.
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 10 of 19
`
`PROPERTIES
`request_id: string
`Unique identifier of this request. Used for logs on the server side.
`
`400 Bad Request
`Request parameters are invalid
`
`Error
`
`401 Unauthorized
`Invalid/Expired API key
`
`Error
`
`403 Forbidden
`Access denied for this API key
`
`Error
`
`413 Request Entity Too Large
`Input file size over max limit.
`
`Error
`
`422 Unprocessable Entity
`Unprocessable Entity. Input is syntactically correct but semantically incorrect.
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time, api quota exceeded.
`
`Error
`
`500 Internal Server Error
`Internal server error
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`Error
`
`SECURITY
`
`Schema
`
`Bearer
`
`Scopes
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 11 of 19
`
`DELETE /v1/skyatp/{list_type}/param/{server_type}
`Tags: blwlOne
`
`DESCRIPTION
`Delete given server in the feed or the entire feed. Pass server name as * or all, to delete the entire list.
`
`REQUEST BODY
`
`multipart/form-data
`
`REQUEST PARAMETERS
`
`Name
`
`Description
`
`list_type
`
`Type of list, blacklist or whitelist.
`
`Type
`
`path
`
`server_type
`
`Server type of the list. Could be one of ip, url or domain.
`
`path
`
`Data type
`
`string , x ∈ { "whitelist" ,
`string , x ∈ { "ip" , "url" ,
`
`"blacklist" } (9 to 9
`chars)
`
`server
`
`IP/URL/FQDN depending on the server_type. Only IPv4
`supported, IPv6 may be supported in the future.
`
`formData
`
`string (1 to 128 chars)
`
`Authorization Bearer token of the form, Bearer token, token is
`application token generated from Customer Portal.
`
`header
`
`string
`
`"domain" } (2 to 6 chars)
`
`required global
`#/parameters/list_type_path
`
`required global
`#/parameters/server_type_path
`
`required global
`#/parameters/server_form
`
`required global
`#/parameters/auth_header
`
`X-
`Forwarded-
`For
`
`This is a header that provides tracking information for API
`usage.
`
`header
`
`string
`
`global
`#/parameters/forward_header
`
`RESPONSES
`Uses default content-types: application/json
`202 Accepted
`The request has been accepted for processing.
`
`PROPERTIES
`request_id: string
`Unique identifier of this request. Used for logs on the server side.
`
`400 Bad Request
`Request parameters are invalid
`
`Error
`
`401 Unauthorized
`Invalid/Expired API key
`
`Error
`
`403 Forbidden
`Access denied for this API key
`
`Error
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 12 of 19
`
`422 Unprocessable Entity
`Unprocessable Entity. Input is syntactically correct but semantically incorrect.
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time, api quota exceeded.
`
`Error
`
`500 Internal Server Error
`Internal server error
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`Error
`
`SECURITY
`
`Schema
`
`Bearer
`
`GET /v1/skyatp/{list_type}/param/{server_type}
`Tags: blwlOne
`
`DESCRIPTION
`Returns the blacklist/whitelist for the specific server type.
`
`REQUEST PARAMETERS
`
`Name
`
`Description
`
`list_type
`
`Type of list, blacklist or whitelist.
`
`Scopes
`
`Type
`
`path
`
`server_type
`
`Server type of the list. Could be one of ip, url or domain.
`
`path
`
`Data type
`
`string , x ∈ { "whitelist" ,
`string , x ∈ { "ip" , "url" ,
`
`"blacklist" } (9 to 9 chars)
`
`Authorization Bearer token of the form, Bearer token, token is
`application token generated from Customer Portal.
`
`header
`
`string
`
`"domain" } (2 to 6 chars)
`
`This is a header that provides tracking information for API
`usage.
`
`header
`
`string
`
`X-
`Forwarded-
`For
`
`RESPONSES
`
`required global
`#/parameters/list_type_path
`
`required global
`#/parameters/server_type_path
`
`required global
`#/parameters/auth_header
`
`global
`#/parameters/forward_header
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 13 of 19
`Uses default content-types: application/json
`200 OK
`Get the blacklist/whitelist.
`
`BlwlResult
`
`400 Bad Request
`Request parameters are invalid
`
`Error
`
`401 Unauthorized
`Invalid/Expired API key
`
`Error
`
`403 Forbidden
`Access denied for this API key
`
`Error
`
`422 Unprocessable Entity
`Unprocessable Entity. Input is syntactically correct but semantically incorrect.
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time, api quota exceeded.
`
`Error
`
`500 Internal Server Error
`Internal server error
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`Error
`
`SECURITY
`
`Schema
`
`Bearer
`
`PATCH /v1/skyatp/{list_type}/param/{server_type}
`Tags: blwlOne
`
`Scopes
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 14 of 19
`
`DESCRIPTION
`Updates an IP/URL/FQDN in a blacklist/whitelist
`
`REQUEST BODY
`
`multipart/form-data
`
`REQUEST PARAMETERS
`
`Name
`
`Description
`
`list_type
`
`Type of list, blacklist or whitelist.
`
`Type
`
`path
`
`server_type
`
`Server type of the list. Could be one of ip, url or domain.
`
`path
`
`Data type
`
`string , x ∈ { "whitelist" ,
`string , x ∈ { "ip" , "url" ,
`
`"blacklist" } (9 to 9
`chars)
`
`server
`
`IP/URL/FQDN depending on the server_type. Only IPv4
`supported, IPv6 may be supported in the future.
`
`formData
`
`string (1 to 128 chars)
`
`Authorization Bearer token of the form, Bearer token, token is
`application token generated from Customer Portal.
`
`header
`
`string
`
`"domain" } (2 to 6 chars)
`
`required global
`#/parameters/list_type_path
`
`required global
`#/parameters/server_type_path
`
`required global
`#/parameters/server_form
`
`required global
`#/parameters/auth_header
`
`X-
`Forwarded-
`For
`
`This is a header that provides tracking information for API
`usage.
`
`header
`
`string
`
`global
`#/parameters/forward_header
`
`RESPONSES
`Uses default content-types: application/json
`202 Accepted
`The request has been accepted for processing.
`
`PROPERTIES
`request_id: string
`Unique identifier of this request. Used for logs on the server side.
`
`400 Bad Request
`Request parameters are invalid
`
`Error
`
`401 Unauthorized
`Invalid/Expired API key
`
`Error
`
`403 Forbidden
`Access denied for this API key
`
`Error
`
`422 Unprocessable Entity
`Unprocessable Entity. Input is syntactically correct but semantically incorrect.
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 15 of 19
`
`Error
`
`429 Too Many Requests
`Client has sent too many requests in a given amount of time, api quota exceeded.
`
`Error
`
`500 Internal Server Error
`Internal server error
`
`Error
`
`503 Service Unavailable
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the
`requesting client.
`
`Error
`
`SECURITY
`
`Schema
`
`Bearer
`
`Scopes
`
`Parameter definitions
`
`Key
`
`server_form
`
`Name
`
`server
`
`Description
`
`Type
`
`Data type
`
`IP/URL/FQDN depending on the server_type. Only IPv4
`supported, IPv6 may be supported in the future.
`
`formData
`
`string (1 to 128 chars)
`
`required
`
`file_form
`
`file
`
`csv file, with a single column for server.
`
`formData
`
`file
`
`failOnError_form failOnError
`
`Whether to partially process the file in case of parsing errors.
`
`formData
`
`list_type_path
`
`list_type
`
`Type of list, blacklist or whitelist.
`
`path
`
`server_type_path
`
`server_type
`
`Server type of the list. Could be one of ip, url or domain.
`
`path
`
`boolean (default: "true")
`
`string , x ∈ { "whitelist" ,
`string , x ∈ { "ip" , "url" ,
`
`"blacklist" } (9 to 9 chars)
`
`auth_header
`
`Authorization Bearer token of the form, Bearer token, token is application
`token generated from Customer Portal.
`
`header
`
`string
`
`forward_header
`
`X-
`Forwarded-
`For
`
`This is a header that provides tracking information for API
`usage.
`
`header
`
`string
`
`"domain" } (2 to 6 chars)
`
`Response definitions
`
`400
`Request parameters are invalid
`
`required
`
`required
`
`required
`
`required
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 16 of 19
`
`Error
`
`401
`Invalid/Expired API key
`
`Error
`
`403
`Access denied for this API key
`
`Error
`
`422
`Unprocessable Entity. Input is syntactically correct but semantically incorrect.
`
`Error
`
`429
`Client has sent too many requests in a given amount of time, api quota exceeded.
`
`Error
`
`500
`Internal server error
`
`Error
`
`503
`Service is temporarily not available. The Retry-After response header will indicate how long the service is expected to be unavailable to the requesting
`client.
`
`Error
`
`Schema definitions
`
`AuthenticatedUser: object
`
`DESCRIPTION
`Internal structure describing an authorized OpenAPI user.
`
`PROPERTIES
`TenantID: string
`Sky ATP Tenant ID.
`
`TokenID: string
`Sky ATP OpenAPI tokenID.
`
`BlwlResult: object
`
`DESCRIPTION
`Describes the result of a whitelist/blacklist result.
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 17 of 19
`
`PROPERTIES
`request_id: string
`Unique identifier of this request. Used for logs on the server side.
`
`data: object
`Response from Customer Portal.
`
`PROPERTIES
`servers: string[]
`ITEMS
`string
`DESCRIPTION
`Server as a string
`
`count: integer
`count of the servers being returned.
`
`CustomerPortalError: object
`
`DESCRIPTION
`Internal structure describing an error returned by Sky ATP Portal
`
`PROPERTIES
`Error: string
`Short Error Description
`
`ErrorDesc: string
`Detailed Error Description
`
`Success: boolean
`Boolean whether request succeeded
`
`ErrorCode: integer
`HTTP Response code
`
`DetailedScanReport: object
`
`DESCRIPTION
`Detailed sample scanning report.
`
`PROPERTIES
`behaviors: object[]
`List of malicious behavior types.
`
`ITEMS
`MaliciousBehavior
`
`Error: object
`
`PROPERTIES
`
`
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 18 of 19
`
`err_id: string
`Text representation of error code.
`
`message: string
`Short error description.
`
`details: string
`Long error description. Must not be used for error handling purposes.
`
`MaliciousBehavior: object
`
`DESCRIPTION
`Describes a particular behavior noticed during scanning.
`
`PROPERTIES
`behavior: string
`List of malicious behavior types.
`
`MalwareInfo: object
`
`DESCRIPTION
`Classification of the malware sample.
`
`PROPERTIES
`mw_type: string (up to 256 chars)
`Malware type.
`
`platform: string (up to 256 chars)
`Platform this sample is built for.
`
`group: string (up to 256 chars)
`Group this malware sample belongs to.
`
`family: string (up to 256 chars)
`Malware family.
`
`cmplr: string (up to 256 chars)
`Compiler used.
`
`lang: string (up to 256 chars)
`Malware locale.
`
`ident: string (up to 256 chars)
`Malware identity.
`
`ScanResult: object
`
`PROPERTIES
`sha256: string (64 to 64 chars)
`Sample sha256.
`
`score: integer (int64) required
`Sample malware score in [0..10] range. If the sample processing has not completed, -1 will be returned.
`
`
`
`threat_level: string , x ∈ { "high" , "medium" , "low" , "clean" }
`
`Case 3:17-cv-05659-WHA Document 171-19 Filed 07/27/18 Page 19 of 19
`
`Textual representation of the score.
`
`category: string
`File category.
`
`size: integer (int64)
`Sample file size.
`
`malware_info: MalwareInfo
`
`scan_complete: boolean required
`Whether sample processing is complete or not.
`
`last_update: integer (int64)
`Timestamp of last successful update in sample processing pipeline.
`
`scan_report: DetailedScanReport
`
`