分析相关引擎(ace)api python绑定。
ace-api的Python项目详细描述
#ace rest api的python绑定
##示例
###连接到服务器
设置默认远程主机:
>>> import ace_api>>> server = 'ace.integraldefense.com'>>> ace_api.set_default_remote_host(server)>>> ace_api.ping() {'result': 'pong'}
为分析类设置远程主机:
>>> analysis = ace_api.Analysis('this is the analysis description')>>> analysis.set_remote_host('something.else.com').remote_host 'something.else.com'
如果您的ace实例正在443以外的端口上侦听,请按如下方式指定:
>>> ace_api.set_default_remote_host('ace.integraldefense.com:24443') >>> ace_api.default_remote_host 'ace.integraldefense.com:24443'
###向ace提交文件
>>> path_to_file = 'Business.doc'>>> analysis.add_file(path_to_file) <ace_api.Analysis object at 0x7f23d57e74e0>>>> analysis.add_tag('Business.doc').add_tag('suspicious doc') <ace_api.Analysis object at 0x7f23d57e74e0>>>> analysis.submit() <ace_api.Analysis object at 0x7f23d57e74e0>>>> analysis.status 'NEW'>>> analysis.status 'ANALYZING'>>> analysis.status 'COMPLETE (Alerted with 8 detections)'>>> result_url = 'https://{}/ace/analysis?direct={}'.format(analysis.remote_host, analysis.uuid)>>> print("\nThe results of this submission can be viewed here: {}".format(result_url))
此提交的结果可以在此处查看:https://ace.integraldefense.com/ace/analysis?direct=137842ac-9d53-4a25-8066-ad2a1f6cfa17
###向CloudPhish提交URL
>>> another_url = 'http://medicci.ru/myATT/tu8794_QcbkoEsv_Xw20pYh7ij'>>> cp_result = ace_api.cloudphish_submit(another_url)>>> cp_result['status'] 'NEW'>>> # Query again, a moment later: ... >>> cp_result = ace_api.cloudphish_submit(another_url)>>> cp_result['status'] 'ANALYZED'>>> cp_result['analysis_result'] 'ALERT'>>> result_url = 'https://{}/ace/analysis?direct={}'.format(ace_api.default_remote_host, cp_result['uuid'])>>> print("\nThe results of this submission can be viewed here: {}".format(result_url))
提交的结果可以在这里查看:https://ace.integraldefense.com/ace/analysis?direct=732ec396-ce20-463f-82b0-6b043b07f941
##文档
ace的api文档:
在此处查看ace的完整文档:[https://ace-analysis.readthedocs.io/en/latest/](https://ace-analysis.readthedocs.io/en/latest/)