Class: Falcon::FalconxSandboxApi

Inherits:

Object

• Object
• Falcon::FalconxSandboxApi

Defined in:

lib/crimson-falcon/api/falconx_sandbox_api.rb

Instance Attribute Summary

• #api_client ⇒ Object

  Returns the value of attribute api_client.

Instance Method Summary

• #delete_report(ids, opts = {}) ⇒ FalconxQueryResponse

  Delete report based on the report ID.

• #delete_report_with_http_info(ids, opts = {}) ⇒ Array<(FalconxQueryResponse, Integer, Hash)>

  Delete report based on the report ID.

• #delete_sample_v2(ids, opts = {}) ⇒ MsaQueryResponse

  Removes a sample, including file, meta and submissions from the collection.

• #delete_sample_v2_with_http_info(ids, opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

  Removes a sample, including file, meta and submissions from the collection.

• #get_artifacts(id, opts = {}) ⇒ MsaspecQueryResponse

  Download IOC packs, PCAP files, memory dumps, and other analysis artifacts.

• #get_artifacts_with_http_info(id, opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

  Download IOC packs, PCAP files, memory dumps, and other analysis artifacts.

• #get_memory_dump(id, opts = {}) ⇒ MsaspecQueryResponse

  Get memory dump content, as binary.

• #get_memory_dump_extracted_strings(id, opts = {}) ⇒ MsaspecQueryResponse

  Get extracted strings from a memory dump.

• #get_memory_dump_extracted_strings_with_http_info(id, opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

  Get extracted strings from a memory dump.

• #get_memory_dump_hex_dump(id, opts = {}) ⇒ MsaspecQueryResponse

  Get hex view of a memory dump.

• #get_memory_dump_hex_dump_with_http_info(id, opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

  Get hex view of a memory dump.

• #get_memory_dump_with_http_info(id, opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

  Get memory dump content, as binary.

• #get_reports(ids, opts = {}) ⇒ FalconxReportV1Response

  Get a full sandbox report.

• #get_reports_with_http_info(ids, opts = {}) ⇒ Array<(FalconxReportV1Response, Integer, Hash)>

  Get a full sandbox report.

• #get_sample_v2(ids, opts = {}) ⇒ String

  Retrieves the file associated with the given ID (SHA256).

• #get_sample_v2_with_http_info(ids, opts = {}) ⇒ Array<(String, Integer, Hash)>

  Retrieves the file associated with the given ID (SHA256).

• #get_submissions(ids, opts = {}) ⇒ FalconxSubmissionV1Response

  Check the status of a sandbox analysis.

• #get_submissions_with_http_info(ids, opts = {}) ⇒ Array<(FalconxSubmissionV1Response, Integer, Hash)>

  Check the status of a sandbox analysis.

• #get_summary_reports(ids, opts = {}) ⇒ FalconxSummaryReportV1Response

  Get a short summary version of a sandbox report.

• #get_summary_reports_with_http_info(ids, opts = {}) ⇒ Array<(FalconxSummaryReportV1Response, Integer, Hash)>

  Get a short summary version of a sandbox report.

• #initialize(api_client = ApiClient.default) ⇒ FalconxSandboxApi constructor

  A new instance of FalconxSandboxApi.

• #query_reports(opts = {}) ⇒ MsaspecQueryResponse

  Find sandbox reports by providing an FQL filter and paging details.

• #query_reports_with_http_info(opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

  Find sandbox reports by providing an FQL filter and paging details.

• #query_sample_v1(body, opts = {}) ⇒ MsaQueryResponse

  Retrieves a list with sha256 of samples that exist and customer has rights to access them, maximum number of accepted items is 200.

• #query_sample_v1_with_http_info(body, opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

  Retrieves a list with sha256 of samples that exist and customer has rights to access them, maximum number of accepted items is 200.

• #query_submissions(opts = {}) ⇒ MsaspecQueryResponse

  Find submission IDs for uploaded files by providing an FQL filter and paging details.

• #query_submissions_with_http_info(opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

  Find submission IDs for uploaded files by providing an FQL filter and paging details.

• #submit(body, opts = {}) ⇒ FalconxSubmissionV1Response

  Submit an uploaded file or a URL for sandbox analysis.

• #submit_with_http_info(body, opts = {}) ⇒ Array<(FalconxSubmissionV1Response, Integer, Hash)>

  Submit an uploaded file or a URL for sandbox analysis.

• #upload_sample_v2(sample, file_name, opts = {}) ⇒ ClientSampleMetadataResponseV2

  Upload a file for sandbox analysis.

• #upload_sample_v2_with_http_info(sample, file_name, opts = {}) ⇒ Array<(ClientSampleMetadataResponseV2, Integer, Hash)>

  Upload a file for sandbox analysis.

Constructor Details

#initialize(api_client = ApiClient.default) ⇒ FalconxSandboxApi

Returns a new instance of FalconxSandboxApi.

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 36

def initialize(api_client = ApiClient.default)
  @api_client = api_client
end

Instance Attribute Details

#api_client ⇒ Object

Returns the value of attribute api_client.

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 34

def api_client
  @api_client
end

Instance Method Details

#delete_report(ids, opts = {}) ⇒ FalconxQueryResponse

Delete report based on the report ID. Operation can be checked for success by polling for the report ID on the report-summaries endpoint.

Parameters:

• ids (String) —

  ID of a report.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (FalconxQueryResponse)

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 43

def delete_report(ids, opts = {})
  data, _status_code, _headers = delete_report_with_http_info(ids, opts)
  data
end

#delete_report_with_http_info(ids, opts = {}) ⇒ Array<(FalconxQueryResponse, Integer, Hash)>

Delete report based on the report ID. Operation can be checked for success by polling for the report ID on the report-summaries endpoint.

Parameters:

• ids (String) —

  ID of a report.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(FalconxQueryResponse, Integer, Hash)>) —

  FalconxQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 52

def delete_report_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: FalconxSandboxApi.delete_report ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling FalconxSandboxApi.delete_report"
  end
  # resource path
  local_var_path = '/falconx/entities/reports/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = ids

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'FalconxQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"FalconxSandboxApi.delete_report",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:DELETE, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: FalconxSandboxApi#delete_report\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#delete_sample_v2(ids, opts = {}) ⇒ MsaQueryResponse

Removes a sample, including file, meta and submissions from the collection

Parameters:

• ids (String) —

  The file SHA256.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (MsaQueryResponse)

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 105

def delete_sample_v2(ids, opts = {})
  data, _status_code, _headers = delete_sample_v2_with_http_info(ids, opts)
  data
end

#delete_sample_v2_with_http_info(ids, opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

Removes a sample, including file, meta and submissions from the collection

Parameters:

• ids (String) —

  The file SHA256.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(MsaQueryResponse, Integer, Hash)>) —

  MsaQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 114

def delete_sample_v2_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: FalconxSandboxApi.delete_sample_v2 ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling FalconxSandboxApi.delete_sample_v2"
  end
  # resource path
  local_var_path = '/samples/entities/samples/v2'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = ids

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"FalconxSandboxApi.delete_sample_v2",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:DELETE, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: FalconxSandboxApi#delete_sample_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_artifacts(id, opts = {}) ⇒ MsaspecQueryResponse

Download IOC packs, PCAP files, memory dumps, and other analysis artifacts.

Parameters:

• id (String) —

  ID of an artifact, such as an IOC pack, PCAP file, memory dump, or actor image. Find an artifact ID in a report or summary.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :name (String) —

  The name given to your downloaded file.

• :accept_encoding (String) —

  Format used to compress your downloaded file. Currently, you must provide the value &#x60;gzip&#x60;, the only valid format.

Returns:

• (MsaspecQueryResponse)

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 169

def get_artifacts(id, opts = {})
  data, _status_code, _headers = get_artifacts_with_http_info(id, opts)
  data
end

#get_artifacts_with_http_info(id, opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

Download IOC packs, PCAP files, memory dumps, and other analysis artifacts.

Parameters:

• id (String) —

  ID of an artifact, such as an IOC pack, PCAP file, memory dump, or actor image. Find an artifact ID in a report or summary.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :name (String) —

  The name given to your downloaded file.

• :accept_encoding (String) —

  Format used to compress your downloaded file. Currently, you must provide the value &#x60;gzip&#x60;, the only valid format.

Returns:

• (Array<(MsaspecQueryResponse, Integer, Hash)>) —

  MsaspecQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 180

def get_artifacts_with_http_info(id, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: FalconxSandboxApi.get_artifacts ...'
  end
  # verify the required parameter 'id' is set
  if @api_client.config.client_side_validation && id.nil?
    fail ArgumentError, "Missing the required parameter 'id' when calling FalconxSandboxApi.get_artifacts"
  end
  # resource path
  local_var_path = '/falconx/entities/artifacts/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'id'] = id
  query_params[:'name'] = opts[:'name'] if !opts[:'name'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['*/*', 'application/octet-stream', 'application/json', 'text/plain', 'text/csv', 'image/png', 'image/jpeg', 'application/gzip'])
  header_params[:'Accept-Encoding'] = opts[:'accept_encoding'] if !opts[:'accept_encoding'].nil?

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"FalconxSandboxApi.get_artifacts",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: FalconxSandboxApi#get_artifacts\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_memory_dump(id, opts = {}) ⇒ MsaspecQueryResponse

Get memory dump content, as binary

Parameters:

• id (String) —

  Memory dump id

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :name (String) —

  The name given to your downloaded file.

• :accept_encoding (String) —

  Format used to compress your downloaded file. Currently, you must provide the value &#x60;gzip&#x60;, the only valid format.

Returns:

• (MsaspecQueryResponse)

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 237

def get_memory_dump(id, opts = {})
  data, _status_code, _headers = get_memory_dump_with_http_info(id, opts)
  data
end

#get_memory_dump_extracted_strings(id, opts = {}) ⇒ MsaspecQueryResponse

Get extracted strings from a memory dump

Parameters:

• id (String) —

  Extracted strings id

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :name (String) —

  The name given to your downloaded file.

• :accept_encoding (String) —

  Format used to compress your downloaded file. Currently, you must provide the value &#x60;gzip&#x60;, the only valid format.

Returns:

• (MsaspecQueryResponse)

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 305

def get_memory_dump_extracted_strings(id, opts = {})
  data, _status_code, _headers = get_memory_dump_extracted_strings_with_http_info(id, opts)
  data
end

#get_memory_dump_extracted_strings_with_http_info(id, opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

Get extracted strings from a memory dump

Parameters:

• id (String) —

  Extracted strings id

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :name (String) —

  The name given to your downloaded file.

• :accept_encoding (String) —

  Format used to compress your downloaded file. Currently, you must provide the value &#x60;gzip&#x60;, the only valid format.

Returns:

• (Array<(MsaspecQueryResponse, Integer, Hash)>) —

  MsaspecQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 316

def get_memory_dump_extracted_strings_with_http_info(id, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: FalconxSandboxApi.get_memory_dump_extracted_strings ...'
  end
  # verify the required parameter 'id' is set
  if @api_client.config.client_side_validation && id.nil?
    fail ArgumentError, "Missing the required parameter 'id' when calling FalconxSandboxApi.get_memory_dump_extracted_strings"
  end
  # resource path
  local_var_path = '/falconx/entities/memory-dump/extracted-strings/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'id'] = id
  query_params[:'name'] = opts[:'name'] if !opts[:'name'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json', 'application/octet-stream'])
  header_params[:'Accept-Encoding'] = opts[:'accept_encoding'] if !opts[:'accept_encoding'].nil?

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"FalconxSandboxApi.get_memory_dump_extracted_strings",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: FalconxSandboxApi#get_memory_dump_extracted_strings\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_memory_dump_hex_dump(id, opts = {}) ⇒ MsaspecQueryResponse

Get hex view of a memory dump

Parameters:

• id (String) —

  Hex dump id

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :name (String) —

  The name given to your downloaded file.

• :accept_encoding (String) —

  Format used to compress your downloaded file. Currently, you must provide the value &#x60;gzip&#x60;, the only valid format.

Returns:

• (MsaspecQueryResponse)

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 373

def get_memory_dump_hex_dump(id, opts = {})
  data, _status_code, _headers = get_memory_dump_hex_dump_with_http_info(id, opts)
  data
end

#get_memory_dump_hex_dump_with_http_info(id, opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

Get hex view of a memory dump

Parameters:

• id (String) —

  Hex dump id

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :name (String) —

  The name given to your downloaded file.

• :accept_encoding (String) —

  Format used to compress your downloaded file. Currently, you must provide the value &#x60;gzip&#x60;, the only valid format.

Returns:

• (Array<(MsaspecQueryResponse, Integer, Hash)>) —

  MsaspecQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 384

def get_memory_dump_hex_dump_with_http_info(id, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: FalconxSandboxApi.get_memory_dump_hex_dump ...'
  end
  # verify the required parameter 'id' is set
  if @api_client.config.client_side_validation && id.nil?
    fail ArgumentError, "Missing the required parameter 'id' when calling FalconxSandboxApi.get_memory_dump_hex_dump"
  end
  # resource path
  local_var_path = '/falconx/entities/memory-dump/hex-dump/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'id'] = id
  query_params[:'name'] = opts[:'name'] if !opts[:'name'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json', 'application/octet-stream'])
  header_params[:'Accept-Encoding'] = opts[:'accept_encoding'] if !opts[:'accept_encoding'].nil?

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"FalconxSandboxApi.get_memory_dump_hex_dump",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: FalconxSandboxApi#get_memory_dump_hex_dump\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_memory_dump_with_http_info(id, opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

Get memory dump content, as binary

Parameters:

• id (String) —

  Memory dump id

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :name (String) —

  The name given to your downloaded file.

• :accept_encoding (String) —

  Format used to compress your downloaded file. Currently, you must provide the value &#x60;gzip&#x60;, the only valid format.

Returns:

• (Array<(MsaspecQueryResponse, Integer, Hash)>) —

  MsaspecQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 248

def get_memory_dump_with_http_info(id, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: FalconxSandboxApi.get_memory_dump ...'
  end
  # verify the required parameter 'id' is set
  if @api_client.config.client_side_validation && id.nil?
    fail ArgumentError, "Missing the required parameter 'id' when calling FalconxSandboxApi.get_memory_dump"
  end
  # resource path
  local_var_path = '/falconx/entities/memory-dump/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'id'] = id
  query_params[:'name'] = opts[:'name'] if !opts[:'name'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/octet-stream'])
  header_params[:'Accept-Encoding'] = opts[:'accept_encoding'] if !opts[:'accept_encoding'].nil?

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"FalconxSandboxApi.get_memory_dump",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: FalconxSandboxApi#get_memory_dump\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_reports(ids, opts = {}) ⇒ FalconxReportV1Response

Get a full sandbox report.

Parameters:

• ids (Array<String>) —

  ID of a report. Find a report ID from the response when submitting a malware sample or search with &#x60;/falconx/queries/reports/v1&#x60;.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (FalconxReportV1Response)

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 439

def get_reports(ids, opts = {})
  data, _status_code, _headers = get_reports_with_http_info(ids, opts)
  data
end

#get_reports_with_http_info(ids, opts = {}) ⇒ Array<(FalconxReportV1Response, Integer, Hash)>

Get a full sandbox report.

Parameters:

• ids (Array<String>) —

  ID of a report. Find a report ID from the response when submitting a malware sample or search with &#x60;/falconx/queries/reports/v1&#x60;.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(FalconxReportV1Response, Integer, Hash)>) —

  FalconxReportV1Response data, response status code and response headers

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 448

def get_reports_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: FalconxSandboxApi.get_reports ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling FalconxSandboxApi.get_reports"
  end
  # resource path
  local_var_path = '/falconx/entities/reports/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :csv)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'FalconxReportV1Response'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"FalconxSandboxApi.get_reports",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: FalconxSandboxApi#get_reports\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_sample_v2(ids, opts = {}) ⇒ String

Retrieves the file associated with the given ID (SHA256)

Parameters:

• ids (String) —

  The file SHA256.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :password_protected (Boolean) —

  Flag whether the sample should be zipped and password protected with pass&#x3D;&#39;infected&#39; (default to false)

Returns:

• (String)

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 502

def get_sample_v2(ids, opts = {})
  data, _status_code, _headers = get_sample_v2_with_http_info(ids, opts)
  data
end

#get_sample_v2_with_http_info(ids, opts = {}) ⇒ Array<(String, Integer, Hash)>

Retrieves the file associated with the given ID (SHA256)

Parameters:

• ids (String) —

  The file SHA256.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :password_protected (Boolean) —

  Flag whether the sample should be zipped and password protected with pass&#x3D;&#39;infected&#39; (default to false)

Returns:

• (Array<(String, Integer, Hash)>) —

  String data, response status code and response headers

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 512

def get_sample_v2_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: FalconxSandboxApi.get_sample_v2 ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling FalconxSandboxApi.get_sample_v2"
  end
  # resource path
  local_var_path = '/samples/entities/samples/v2'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = ids
  query_params[:'password_protected'] = opts[:'password_protected'] if !opts[:'password_protected'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/octet-stream'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'String'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"FalconxSandboxApi.get_sample_v2",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: FalconxSandboxApi#get_sample_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_submissions(ids, opts = {}) ⇒ FalconxSubmissionV1Response

Check the status of a sandbox analysis. Time required for analysis varies but is usually less than 15 minutes.

Parameters:

• ids (Array<String>) —

  ID of a submitted malware sample. Find a submission ID from the response when submitting a malware sample or search with &#x60;/falconx/queries/submissions/v1&#x60;.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (FalconxSubmissionV1Response)

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 566

def get_submissions(ids, opts = {})
  data, _status_code, _headers = get_submissions_with_http_info(ids, opts)
  data
end

#get_submissions_with_http_info(ids, opts = {}) ⇒ Array<(FalconxSubmissionV1Response, Integer, Hash)>

Check the status of a sandbox analysis. Time required for analysis varies but is usually less than 15 minutes.

Parameters:

• ids (Array<String>) —

  ID of a submitted malware sample. Find a submission ID from the response when submitting a malware sample or search with &#x60;/falconx/queries/submissions/v1&#x60;.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(FalconxSubmissionV1Response, Integer, Hash)>) —

  FalconxSubmissionV1Response data, response status code and response headers

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 575

def get_submissions_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: FalconxSandboxApi.get_submissions ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling FalconxSandboxApi.get_submissions"
  end
  # resource path
  local_var_path = '/falconx/entities/submissions/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :csv)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'FalconxSubmissionV1Response'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"FalconxSandboxApi.get_submissions",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: FalconxSandboxApi#get_submissions\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#get_summary_reports(ids, opts = {}) ⇒ FalconxSummaryReportV1Response

Get a short summary version of a sandbox report.

Parameters:

• ids (Array<String>) —

  ID of a summary. Find a summary ID from the response when submitting a malware sample or search with &#x60;/falconx/queries/reports/v1&#x60;.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (FalconxSummaryReportV1Response)

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 628

def get_summary_reports(ids, opts = {})
  data, _status_code, _headers = get_summary_reports_with_http_info(ids, opts)
  data
end

#get_summary_reports_with_http_info(ids, opts = {}) ⇒ Array<(FalconxSummaryReportV1Response, Integer, Hash)>

Get a short summary version of a sandbox report.

Parameters:

• ids (Array<String>) —

  ID of a summary. Find a summary ID from the response when submitting a malware sample or search with &#x60;/falconx/queries/reports/v1&#x60;.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(FalconxSummaryReportV1Response, Integer, Hash)>) —

  FalconxSummaryReportV1Response data, response status code and response headers

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 637

def get_summary_reports_with_http_info(ids, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: FalconxSandboxApi.get_summary_reports ...'
  end
  # verify the required parameter 'ids' is set
  if @api_client.config.client_side_validation && ids.nil?
    fail ArgumentError, "Missing the required parameter 'ids' when calling FalconxSandboxApi.get_summary_reports"
  end
  # resource path
  local_var_path = '/falconx/entities/report-summaries/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'ids'] = @api_client.build_collection_param(ids, :csv)

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'FalconxSummaryReportV1Response'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"FalconxSandboxApi.get_summary_reports",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: FalconxSandboxApi#get_summary_reports\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_reports(opts = {}) ⇒ MsaspecQueryResponse

Find sandbox reports by providing an FQL filter and paging details. Returns a set of report IDs that match your criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :filter (String) —

  Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).

• :offset (String) —

  The offset to start retrieving reports from.

• :limit (Integer) —

  Maximum number of report IDs to return. Max: 5000.

• :sort (String) —

  Sort order: &#x60;asc&#x60; or &#x60;desc&#x60;.

Returns:

• (MsaspecQueryResponse)

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 693

def query_reports(opts = {})
  data, _status_code, _headers = query_reports_with_http_info(opts)
  data
end

#query_reports_with_http_info(opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

Find sandbox reports by providing an FQL filter and paging details. Returns a set of report IDs that match your criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :filter (String) —

  Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).

• :offset (String) —

  The offset to start retrieving reports from.

• :limit (Integer) —

  Maximum number of report IDs to return. Max: 5000.

• :sort (String) —

  Sort order: &#x60;asc&#x60; or &#x60;desc&#x60;.

Returns:

• (Array<(MsaspecQueryResponse, Integer, Hash)>) —

  MsaspecQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 705

def query_reports_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: FalconxSandboxApi.query_reports ...'
  end
  # resource path
  local_var_path = '/falconx/queries/reports/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"FalconxSandboxApi.query_reports",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: FalconxSandboxApi#query_reports\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_sample_v1(body, opts = {}) ⇒ MsaQueryResponse

Retrieves a list with sha256 of samples that exist and customer has rights to access them, maximum number of accepted items is 200

Parameters:

• body (ClientQuerySamplesRequest) —

  Pass a list of sha256s to check if the exist. It will be returned the list of existing hashes.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (MsaQueryResponse)

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 757

def query_sample_v1(body, opts = {})
  data, _status_code, _headers = query_sample_v1_with_http_info(body, opts)
  data
end

#query_sample_v1_with_http_info(body, opts = {}) ⇒ Array<(MsaQueryResponse, Integer, Hash)>

Retrieves a list with sha256 of samples that exist and customer has rights to access them, maximum number of accepted items is 200

Parameters:

• body (ClientQuerySamplesRequest) —

  Pass a list of sha256s to check if the exist. It will be returned the list of existing hashes.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(MsaQueryResponse, Integer, Hash)>) —

  MsaQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 766

def query_sample_v1_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: FalconxSandboxApi.query_sample_v1 ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling FalconxSandboxApi.query_sample_v1"
  end
  # resource path
  local_var_path = '/samples/queries/samples/GET/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'MsaQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"FalconxSandboxApi.query_sample_v1",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: FalconxSandboxApi#query_sample_v1\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#query_submissions(opts = {}) ⇒ MsaspecQueryResponse

Find submission IDs for uploaded files by providing an FQL filter and paging details. Returns a set of submission IDs that match your criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :filter (String) —

  Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).

• :offset (String) —

  The offset to start retrieving submissions from.

• :limit (Integer) —

  Maximum number of submission IDs to return. Max: 5000.

• :sort (String) —

  Sort order: &#x60;asc&#x60; or &#x60;desc&#x60;.

Returns:

• (MsaspecQueryResponse)

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 826

def query_submissions(opts = {})
  data, _status_code, _headers = query_submissions_with_http_info(opts)
  data
end

#query_submissions_with_http_info(opts = {}) ⇒ Array<(MsaspecQueryResponse, Integer, Hash)>

Find submission IDs for uploaded files by providing an FQL filter and paging details. Returns a set of submission IDs that match your criteria.

Parameters:

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :filter (String) —

  Optional filter and sort criteria in the form of an FQL query. For more information about FQL queries, see [our FQL documentation in Falcon](falcon.crowdstrike.com/support/documentation/45/falcon-query-language-feature-guide).

• :offset (String) —

  The offset to start retrieving submissions from.

• :limit (Integer) —

  Maximum number of submission IDs to return. Max: 5000.

• :sort (String) —

  Sort order: &#x60;asc&#x60; or &#x60;desc&#x60;.

Returns:

• (Array<(MsaspecQueryResponse, Integer, Hash)>) —

  MsaspecQueryResponse data, response status code and response headers

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 838

def query_submissions_with_http_info(opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: FalconxSandboxApi.query_submissions ...'
  end
  # resource path
  local_var_path = '/falconx/queries/submissions/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
  query_params[:'offset'] = opts[:'offset'] if !opts[:'offset'].nil?
  query_params[:'limit'] = opts[:'limit'] if !opts[:'limit'].nil?
  query_params[:'sort'] = opts[:'sort'] if !opts[:'sort'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'MsaspecQueryResponse'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"FalconxSandboxApi.query_submissions",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: FalconxSandboxApi#query_submissions\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#submit(body, opts = {}) ⇒ FalconxSubmissionV1Response

Submit an uploaded file or a URL for sandbox analysis. Time required for analysis varies but is usually less than 15 minutes.

Parameters:

• body (FalconxSubmissionParametersV1) —

  Submit either a URL or a sample SHA256 for sandbox analysis. The sample file must have been previously uploaded through &#x60;/samples/entities/samples/v2&#x60;. You must specify a JSON object that includes the &#x60;falconx.SubmissionParametersV1&#x60; key/value pairs shown below. **&#x60;environment_id&#x60;**: Specifies the sandbox environment used for analysis. Values: - &#x60;400&#x60;: MacOS Catalina 10.15 - &#x60;300&#x60;: Linux Ubuntu 16.04, 64-bit - &#x60;200&#x60;: Android (static analysis) - &#x60;160&#x60;: Windows 10, 64-bit - &#x60;140&#x60;: Windows 11, 64-bit - &#x60;110&#x60;: Windows 7, 64-bit - &#x60;100&#x60;: Windows 7, 32-bit **&#x60;sha256&#x60;** ID of the sample, which is a SHA256 hash value. Find a sample ID from the response when uploading a malware sample or search with &#x60;/falconx/queries/submissions/v1&#x60;.The &#x60;url&#x60; parameter must be unset if &#x60;sha256&#x60; is used. **&#x60;url&#x60;** A web page or file URL. It can be HTTP(S) or FTP. The &#x60;sha256&#x60; parameter must be unset if &#x60;url&#x60; is used. **&#x60;action_script&#x60;** (optional): Runtime script for sandbox analysis. Values: - &#x60;default&#x60; - &#x60;default_maxantievasion&#x60; - &#x60;default_randomfiles&#x60; - &#x60;default_randomtheme&#x60; - &#x60;default_openie&#x60; **&#x60;command_line&#x60;** (optional): Command line script passed to the submitted file at runtime. Max length: 2048 characters **&#x60;document_password&#x60;** (optional): Auto-filled for Adobe or Office files that prompt for a password. Max length: 32 characters **&#x60;enable_tor&#x60;** (optional): Deprecated, please use &#x60;network_settings&#x60; instead. If &#x60;true&#x60;, sandbox analysis routes network traffic via TOR. Default: &#x60;false&#x60;. **&#x60;network_settings&#x60;** (optional): Specifies the sandbox network_settings used for analysis. Values: - &#x60;default&#x60;: Fully operating network - &#x60;tor&#x60;: Route network traffic via TOR - &#x60;simulated&#x60;: Simulate network traffic - &#x60;offline&#x60;: No network traffic **&#x60;submit_name&#x60;** (optional): Name of the malware sample that&#39;s used for file type detection and analysis **&#x60;system_date&#x60;** (optional): Set a custom date in the format &#x60;yyyy-MM-dd&#x60; for the sandbox environment **&#x60;system_time&#x60;** (optional): Set a custom time in the format &#x60;HH:mm&#x60; for the sandbox environment.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (FalconxSubmissionV1Response)

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 890

def submit(body, opts = {})
  data, _status_code, _headers = submit_with_http_info(body, opts)
  data
end

#submit_with_http_info(body, opts = {}) ⇒ Array<(FalconxSubmissionV1Response, Integer, Hash)>

Submit an uploaded file or a URL for sandbox analysis. Time required for analysis varies but is usually less than 15 minutes.

Parameters:

• body (FalconxSubmissionParametersV1) —

  Submit either a URL or a sample SHA256 for sandbox analysis. The sample file must have been previously uploaded through &#x60;/samples/entities/samples/v2&#x60;. You must specify a JSON object that includes the &#x60;falconx.SubmissionParametersV1&#x60; key/value pairs shown below. **&#x60;environment_id&#x60;**: Specifies the sandbox environment used for analysis. Values: - &#x60;400&#x60;: MacOS Catalina 10.15 - &#x60;300&#x60;: Linux Ubuntu 16.04, 64-bit - &#x60;200&#x60;: Android (static analysis) - &#x60;160&#x60;: Windows 10, 64-bit - &#x60;140&#x60;: Windows 11, 64-bit - &#x60;110&#x60;: Windows 7, 64-bit - &#x60;100&#x60;: Windows 7, 32-bit **&#x60;sha256&#x60;** ID of the sample, which is a SHA256 hash value. Find a sample ID from the response when uploading a malware sample or search with &#x60;/falconx/queries/submissions/v1&#x60;.The &#x60;url&#x60; parameter must be unset if &#x60;sha256&#x60; is used. **&#x60;url&#x60;** A web page or file URL. It can be HTTP(S) or FTP. The &#x60;sha256&#x60; parameter must be unset if &#x60;url&#x60; is used. **&#x60;action_script&#x60;** (optional): Runtime script for sandbox analysis. Values: - &#x60;default&#x60; - &#x60;default_maxantievasion&#x60; - &#x60;default_randomfiles&#x60; - &#x60;default_randomtheme&#x60; - &#x60;default_openie&#x60; **&#x60;command_line&#x60;** (optional): Command line script passed to the submitted file at runtime. Max length: 2048 characters **&#x60;document_password&#x60;** (optional): Auto-filled for Adobe or Office files that prompt for a password. Max length: 32 characters **&#x60;enable_tor&#x60;** (optional): Deprecated, please use &#x60;network_settings&#x60; instead. If &#x60;true&#x60;, sandbox analysis routes network traffic via TOR. Default: &#x60;false&#x60;. **&#x60;network_settings&#x60;** (optional): Specifies the sandbox network_settings used for analysis. Values: - &#x60;default&#x60;: Fully operating network - &#x60;tor&#x60;: Route network traffic via TOR - &#x60;simulated&#x60;: Simulate network traffic - &#x60;offline&#x60;: No network traffic **&#x60;submit_name&#x60;** (optional): Name of the malware sample that&#39;s used for file type detection and analysis **&#x60;system_date&#x60;** (optional): Set a custom date in the format &#x60;yyyy-MM-dd&#x60; for the sandbox environment **&#x60;system_time&#x60;** (optional): Set a custom time in the format &#x60;HH:mm&#x60; for the sandbox environment.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Returns:

• (Array<(FalconxSubmissionV1Response, Integer, Hash)>) —

  FalconxSubmissionV1Response data, response status code and response headers

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 899

def submit_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: FalconxSandboxApi.submit ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling FalconxSandboxApi.submit"
  end
  # resource path
  local_var_path = '/falconx/entities/submissions/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'FalconxSubmissionV1Response'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"FalconxSandboxApi.submit",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: FalconxSandboxApi#submit\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

#upload_sample_v2(sample, file_name, opts = {}) ⇒ ClientSampleMetadataResponseV2

Upload a file for sandbox analysis. After uploading, use ‘/falconx/entities/submissions/v1` to start analyzing the file.

Parameters:

• sample (File) —

  Content of the uploaded sample in binary format. For example, use &#x60;–data-binary @$FILE_PATH&#x60; when using cURL. Max file size: 256 MB. Accepted file formats: - Portable executables: &#x60;.exe&#x60;, &#x60;.scr&#x60;, &#x60;.pif&#x60;, &#x60;.dll&#x60;, &#x60;.com&#x60;, &#x60;.cpl&#x60;, etc. - Office documents: &#x60;.doc&#x60;, &#x60;.docx&#x60;, &#x60;.ppt&#x60;, &#x60;.pps&#x60;, &#x60;.pptx&#x60;, &#x60;.ppsx&#x60;, &#x60;.xls&#x60;, &#x60;.xlsx&#x60;, &#x60;.rtf&#x60;, &#x60;.pub&#x60; - PDF - APK - Executable JAR - Windows script component: &#x60;.sct&#x60; - Windows shortcut: &#x60;.lnk&#x60; - Windows help: &#x60;.chm&#x60; - HTML application: &#x60;.hta&#x60; - Windows script file: &#x60;.wsf&#x60; - Javascript: &#x60;.js&#x60; - Visual Basic: &#x60;.vbs&#x60;, &#x60;.vbe&#x60; - Shockwave Flash: &#x60;.swf&#x60; - Perl: &#x60;.pl&#x60; - Powershell: &#x60;.ps1&#x60;, &#x60;.psd1&#x60;, &#x60;.psm1&#x60; - Scalable vector graphics: &#x60;.svg&#x60; - Python: &#x60;.py&#x60; - Linux ELF executables - Email files: MIME RFC 822 &#x60;.eml&#x60;, Outlook &#x60;.msg&#x60;.

• file_name (String) —

  Name of the file.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :comment (String) —

  A descriptive comment to identify the file for other users.

• :is_confidential (Boolean) —

  Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console. - &#x60;true&#x60;: File is only shown to users within your customer account - &#x60;false&#x60;: File can be seen by other CrowdStrike customers Default: &#x60;true&#x60;. (default to true)

Returns:

• (ClientSampleMetadataResponseV2)

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 959

def upload_sample_v2(sample, file_name, opts = {})
  data, _status_code, _headers = upload_sample_v2_with_http_info(sample, file_name, opts)
  data
end

#upload_sample_v2_with_http_info(sample, file_name, opts = {}) ⇒ Array<(ClientSampleMetadataResponseV2, Integer, Hash)>

Upload a file for sandbox analysis. After uploading, use &#x60;/falconx/entities/submissions/v1&#x60; to start analyzing the file.

Parameters:

• sample (File) —

  Content of the uploaded sample in binary format. For example, use &#x60;–data-binary @$FILE_PATH&#x60; when using cURL. Max file size: 256 MB. Accepted file formats: - Portable executables: &#x60;.exe&#x60;, &#x60;.scr&#x60;, &#x60;.pif&#x60;, &#x60;.dll&#x60;, &#x60;.com&#x60;, &#x60;.cpl&#x60;, etc. - Office documents: &#x60;.doc&#x60;, &#x60;.docx&#x60;, &#x60;.ppt&#x60;, &#x60;.pps&#x60;, &#x60;.pptx&#x60;, &#x60;.ppsx&#x60;, &#x60;.xls&#x60;, &#x60;.xlsx&#x60;, &#x60;.rtf&#x60;, &#x60;.pub&#x60; - PDF - APK - Executable JAR - Windows script component: &#x60;.sct&#x60; - Windows shortcut: &#x60;.lnk&#x60; - Windows help: &#x60;.chm&#x60; - HTML application: &#x60;.hta&#x60; - Windows script file: &#x60;.wsf&#x60; - Javascript: &#x60;.js&#x60; - Visual Basic: &#x60;.vbs&#x60;, &#x60;.vbe&#x60; - Shockwave Flash: &#x60;.swf&#x60; - Perl: &#x60;.pl&#x60; - Powershell: &#x60;.ps1&#x60;, &#x60;.psd1&#x60;, &#x60;.psm1&#x60; - Scalable vector graphics: &#x60;.svg&#x60; - Python: &#x60;.py&#x60; - Linux ELF executables - Email files: MIME RFC 822 &#x60;.eml&#x60;, Outlook &#x60;.msg&#x60;.

• file_name (String) —

  Name of the file.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :comment (String) —

  A descriptive comment to identify the file for other users.

• :is_confidential (Boolean) —

  Defines visibility of this file in Falcon MalQuery, either via the API or the Falcon console. - &#x60;true&#x60;: File is only shown to users within your customer account - &#x60;false&#x60;: File can be seen by other CrowdStrike customers Default: &#x60;true&#x60;. (default to true)

Returns:

• (Array<(ClientSampleMetadataResponseV2, Integer, Hash)>) —

  ClientSampleMetadataResponseV2 data, response status code and response headers

# File 'lib/crimson-falcon/api/falconx_sandbox_api.rb', line 971

def upload_sample_v2_with_http_info(sample, file_name, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: FalconxSandboxApi.upload_sample_v2 ...'
  end
  # verify the required parameter 'sample' is set
  if @api_client.config.client_side_validation && sample.nil?
    fail ArgumentError, "Missing the required parameter 'sample' when calling FalconxSandboxApi.upload_sample_v2"
  end
  # verify the required parameter 'file_name' is set
  if @api_client.config.client_side_validation && file_name.nil?
    fail ArgumentError, "Missing the required parameter 'file_name' when calling FalconxSandboxApi.upload_sample_v2"
  end
  # resource path
  local_var_path = '/samples/entities/samples/v2'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['multipart/form-data', 'application/octet-stream'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}
  form_params['sample'] = sample
  form_params['file_name'] = file_name
  form_params['comment'] = opts[:'comment'] if !opts[:'comment'].nil?
  form_params['is_confidential'] = opts[:'is_confidential'] if !opts[:'is_confidential'].nil?

  # http body (model)
  post_body = opts[:debug_body]

  # return_type
  return_type = opts[:debug_return_type] || 'ClientSampleMetadataResponseV2'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"FalconxSandboxApi.upload_sample_v2",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: FalconxSandboxApi#upload_sample_v2\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end