本文档介绍如何使用Java SDK获取文件报告。

威胁情报服务支持对二进制文件、Webshell文件进行检测并提供检测结果报告。

前提条件

开始运行示例脚本前,请确保您已完成以下准备工作:

  • 已开通阿里云官网账号。
  • 已生成AccessKey(用于使用SDK时进行身份验证)。

    确保您当前账号下已创建了AccessKey ID和AccessKey Secret。

  • 已开通阿里云威胁情报服务。

操作步骤

  1. 安装Java SDK。更多详细内容请参见安装Alibaba Cloud SDK for Java
  2. 运行以下示例脚本,调用IP情报接口。
    import com.aliyuncs.CommonRequest;
    import com.aliyuncs.CommonResponse;
    import com.aliyuncs.DefaultAcsClient;
    import com.aliyuncs.IAcsClient;
    import com.aliyuncs.exceptions.ClientException;
    import com.aliyuncs.exceptions.ServerException;
    import com.aliyuncs.profile.DefaultProfile;
    public class Sample {
        public static void main(String[] args) {
            // 创建DefaultAcsClient实例并初始化
            DefaultProfile profile = DefaultProfile.getProfile(
                "cn-zhangjiakou",          // 您的地域ID
                "<your-access-key-id>",      // 您的AccessKey ID
                "<your-access-key-secret>"); // 您的AccessKey Secret
            IAcsClient client = new DefaultAcsClient(profile);
            // 创建API请求并设置参数
            CommonRequest request = new CommonRequest();
            request.setDomain("sasti.aliyuncs.com");
            request.setVersion("2020-05-12");
            request.setAction("DescribeFileReport");
            request.putQueryParameter("FileHash", "<file_md5>");
            try {
                CommonResponse response = client.getCommonResponse(request);
                System.out.println(response.getData());
            } catch (ServerException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            } catch (ClientException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
        }
    }
    返回示例如下:
    {
        "code":200,
        "message":"success",
        "Basic": {
            "sha1": "",
            "virus_result": "1",
            "sandbox_result": "-1",
            "sha256": "",
            "sha512": "",
            "virus_name": "自变异木马",
            "source": "aegis",
            "md5": "<file_md5>",
            "gmt_first_submit": "2020-03-15 19:22:25"
        },
        "RequestId": "964CD096-DCCC-44D2-B661-XXXXXXXXX",
        "ThreatTypes": [
                    {
                        "threat_type_desc": "WEB攻击源",
                        "last_find_time": "2020-10-23 08:50:50",
                        "risk_type": 1,
                        "threat_type": "WEB Attack"
                    },
                    {
                        "threat_type_desc": "网络服务扫描",
                        "last_find_time": "2020-09-27 17:15:59",
                        "risk_type": 1,
                        "threat_type": "Network Service Scanning"
                    },
                    {
                        "threat_type_desc": "漏洞利用",
                        "last_find_time": "2020-10-27 15:00:28",
                        "risk_type": 1,
                        "threat_type": "Exploit"
                    }
                ],
                "Intelligences": [
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-05-18 15:41:46",
                        "threat_type_l3": "sqli",
                        "source": "Aliyun"
                    },
                    {
                        "ip": "1.180.*.*",
                        "gmt_last": "2020-10-13 14:49:03",
                        "threat_type_l3": "xss",
                        "source": "Aliyun"
                    }
        ],
        "ThreatLevel": "2",
        "FileHash": "<file_md5>"
    }