本文档介绍如何使用Python SDK获取文件报告。

威胁情报服务支持对二进制文件、Webshell文件进行检测并提供检测结果报告。

前提条件

开始运行示例脚本前,请确保您已完成以下准备工作:
  • 已开通阿里云官网账号。
  • 已生成AccessKey(用于使用SDK时进行身份验证)。

    确保您当前账号下已创建了AccessKey ID和AccessKey Secret。

  • 已开通阿里云威胁情报服务。

操作步骤

  1. 安装Python SDK。更多详细内容,请参见快速开始
  2. 运行以下示例脚本,调用文件报告接口。
    from aliyunsdkcore.client import AcsClient
    from aliyunsdkcore.request import CommonRequest
    client = AcsClient('{your_access_key_id}', '{your_access_key_secret}', 'cn-zhangjiakou')
    request = CommonRequest()
    request.set_domain('sasti.aliyuncs.com')
    request.set_version('2020-05-12')
    request.set_action_name('DescribeFileReport')
    # or:
    # request = CommonRequest(domain='sasti.aliyuncs.com'', version='2020-05-12', action_name='DescribeIpReport')
    request.add_query_param('FileHash', '{file_md5}')
    response = client.do_action_with_exception(request)
    返回示例如下:
    {
        "code":200,
        "message":"success",
        "Basic": {
            "sha1": "",
            "virus_result": "1",
            "sandbox_result": "-1",
            "sha256": "",
            "sha512": "",
            "virus_name": "自变异木马",
            "source": "aegis",
            "md5": "<file_md5>",
            "gmt_first_submit": "2020-03-15 19:22:25"
        },
        "RequestId": "964CD096-DCCC-44D2-B661-XXXXXXXXX",
        "ThreatTypes": [
                    {
                        "threat_type_desc": "WEB攻击源",
                        "last_find_time": "2020-10-23 08:50:50",
                        "risk_type": 1,
                        "threat_type": "WEB Attack"
                    },
                    {
                        "threat_type_desc": "网络服务扫描",
                        "last_find_time": "2020-09-27 17:15:59",
                        "risk_type": 1,
                        "threat_type": "Network Service Scanning"
                    },
                    {
                        "threat_type_desc": "漏洞利用",
                        "last_find_time": "2020-10-27 15:00:28",
                        "risk_type": 1,
                        "threat_type": "Exploit"
                    }
                ],
                "Intelligences": [
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-05-18 15:41:46",
                        "threat_type_l3": "sqli",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-13 14:49:03",
                        "threat_type_l3": "xss",
                        "source": "Aliyun"
                    }
        ],
        "ThreatLevel": "2",
        "FileHash": "<file_md5>"
    }