Get available metafields for scan configuration.

Get threat levels used in analysis results.

Get submission statuses.

Get sample metafield configuration for sandbox analysis.

Interpret a numeric status value from submission results.

Args: status_value: Numeric status value (1-5)

Returns: Human-readable status description

Interpret a numeric threat level value from analysis results.

Args: level_value: Numeric threat level (0-3)

Returns: Human-readable threat level description

Get submission details with interpreted status and threat level.

Args: uuid: Submission UUID

Returns: Submission details with human-readable status and threat level

Get current user information, workspace details, and usage limits.

Get current server configuration including API URL and connection status.

Returns: Configuration details including API URL, version, and status

Analyze a URL for threats and malicious content.

Args: url: The URL to analyze is_public: Whether the scan results should be public

Submit a file for advanced sandbox analysis with detailed configuration.

Args: file_path: Path to the file to analyze is_public: Whether the scan results should be public (default: False) entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable) environment: Analysis environment - w7_x64, w10_x64, w11_x64, macos, android, linux (default: w10_x64) timeout: Analysis timeout in seconds - 60, 120, 180, 240, 300 (default: 180) work_path: Working directory - desktop, root, %AppData%, windows, temp (default: desktop) mouse_simulation: Enable mouse simulation (default: True) https_inspection: Enable HTTPS inspection (default: False) internet_connection: Enable internet connection (default: False) raw_logs: Include raw logs (default: False) snapshot: Take VM snapshots (default: False) sleep_evasion: Enable sleep evasion techniques (default: False) smart_tracing: Enable smart tracing (default: False) dump_collector: Enable dump collection (default: False) open_in_browser: Open files in browser (default: False) extension_check: Perform extension check (default: True) modules: Analysis modules to use, e.g., ["csi", "cdr"] (default: None) auto_config: Use automatic configuration (default: False)

Submit a file for simple sandbox analysis using default settings.

This is a simplified version of scan_file_sandbox with default configurations. Use scan_file_sandbox for advanced configuration options.

Args: file_path: Path to the file to analyze is_public: Whether the scan results should be public (default: False) entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable)

Submit a file for static analysis.

Args: file_path: Path to the file to analyze is_public: Whether the scan results should be public entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable)

Submit a file for CDR (Content Disarm and Reconstruction) processing.

Args: file_path: Path to the file to process is_public: Whether the scan results should be public entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable)

Get submission details by UUID.

Args: uuid: Submission UUID

Get all indicators for a specific submission.

Args: uuid: Submission UUID

Get all Indicators of Compromise for a specific submission.

Args: uuid: Submission UUID

Get all matched YARA rules for a specific submission.

Args: uuid: Submission UUID

Get Varist Hybrid Analyzer results for a specific submission.

Args: uuid: Submission UUID

Get all artifacts for a specific submission.

Args: uuid: Submission UUID

Get all extracted configurations for a specific submission.

Args: uuid: Submission UUID

Get all DNS queries for a specific submission.

Args: uuid: Submission UUID

Get all HTTP requests and packets for a specific submission.

Args: uuid: Submission UUID

Get all TCP requests and packets for a specific submission.

Args: uuid: Submission UUID

Get all UDP requests and packets for a specific submission.

Args: uuid: Submission UUID

Get all network threats for a specific submission.

Args: uuid: Submission UUID

Get user's submissions with pagination.

Args: page: Page number (default: 1) jump: Number of items per page (default: 10)

Get public submissions with pagination.

Args: page: Page number (default: 1) jump: Number of items per page (default: 10)

Search submissions by file hash (MD5, SHA1, or SHA256).

Args: hash: File hash to search for page: Page number (default: 1) jump: Number of items per page (default: 10)

Download the CDR-sanitized file for a given submission UUID.

Args: uuid: Submission UUID

Returns: Base64-encoded file content

Download HTML analysis report for a submission.

Args: uuid: Submission UUID

Returns: HTML report content