本文档介绍如何使用Python SDK获取文件报告。
威胁情报服务支持对二进制文件、Webshell文件进行检测并提供检测结果报告。
前提条件
开始运行示例脚本前,请确保您已完成以下准备工作:
- 已开通阿里云官网账号。
- 已生成AccessKey(用于使用SDK时进行身份验证)。
确保您当前账号下已创建了AccessKey ID和AccessKey Secret。
- 已开通阿里云威胁情报服务。
操作步骤
- 安装Python SDK。更多详细内容,请参见快速开始。
- 运行以下示例脚本,调用文件报告接口。
from aliyunsdkcore.client import AcsClient from aliyunsdkcore.request import CommonRequest client = AcsClient('{your_access_key_id}', '{your_access_key_secret}', 'cn-zhangjiakou') request = CommonRequest() request.set_domain('sasti.aliyuncs.com') request.set_version('2020-05-12') request.set_action_name('DescribeFileReport') # or: # request = CommonRequest(domain='sasti.aliyuncs.com'', version='2020-05-12', action_name='DescribeIpReport') request.add_query_param('FileHash', '{file_md5}') response = client.do_action_with_exception(request)返回示例如下:{ "code":200, "message":"success", "Basic": { "sha1": "", "virus_result": "1", "sandbox_result": "-1", "sha256": "", "sha512": "", "virus_name": "自变异木马", "source": "aegis", "md5": "<file_md5>", "gmt_first_submit": "2020-03-15 19:22:25" }, "RequestId": "964CD096-DCCC-44D2-B661-XXXXXXXXX", "ThreatTypes": [ { "threat_type_desc": "WEB攻击源", "last_find_time": "2020-10-23 08:50:50", "risk_type": 1, "threat_type": "WEB Attack" }, { "threat_type_desc": "网络服务扫描", "last_find_time": "2020-09-27 17:15:59", "risk_type": 1, "threat_type": "Network Service Scanning" }, { "threat_type_desc": "漏洞利用", "last_find_time": "2020-10-27 15:00:28", "risk_type": 1, "threat_type": "Exploit" } ], "Intelligences": [ { "ip": "1.180.*.*", "gmt_last": "2020-05-18 15:41:46", "threat_type_l3": "sqli", "source": "Aliyun" }, { "ip": "1.180.*.*", "gmt_last": "2020-10-13 14:49:03", "threat_type_l3": "xss", "source": "Aliyun" } ], "ThreatLevel": "2", "FileHash": "<file_md5>" }