sandbox_submission

package
v3.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 7, 2024 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ScanResult

type ScanResult struct {
	Code              int    `json:"code,omitempty"`
	Message           string `json:"message,omitempty"`
	FileType          string `json:"fileType,omitempty"`
	Md5               string `json:"md5,omitempty"`
	SandboxSubmission string `json:"sandboxSubmission,omitempty"`
	VirusName         string `json:"virusName,omitempty"`
	VirusType         string `json:"virusType,omitempty"`
}

Information about the file inspection results

func Discan

func Discan(ctx context.Context, service *zscaler.Service, filename string, file io.Reader) (*ScanResult, error)

Discan Submits raw or archive files (e.g., ZIP) to the Zscaler service for out-of-band file inspection to generate real-time verdicts for known and unknown files. It leverages capabilities such as Malware Prevention, Advanced Threat Prevention, Sandbox cloud effect, AI/ML-driven file analysis, and integrated third-party threat intelligence feeds to inspect files and classify them as benign or malicious instantaneously. All file types that are currently supported by the Malware Protection policy and Advanced Threat Protection policy are supported for inspection, and each file is limited to a size of 400 MB. Note: Dynamic file analysis is not included in out-of-band file inspection.

func SubmitFile

func SubmitFile(ctx context.Context, service *zscaler.Service, filename string, file io.Reader, force string) (*ScanResult, error)

Submit: Submits raw or archive files (e.g., ZIP) to Sandbox for analysis. You can submit up to 100 files per day and it supports all file types that are currently supported by Sandbox. To learn more, see About Sandbox. By default, files are scanned by Zscaler antivirus (AV) and submitted directly to the sandbox in order to obtain a verdict. However, if a verdict already exists for the file, you can use the 'force' parameter to make the sandbox to reanalyze it. You must have a Sandbox policy rule configured within the ZIA Admin Portal in order to analyze files that aren't present in the default policy rule. Ensure that you have explicitly added Sandbox policy rules that include the appropriate file types within your request. If not, an 'Unknown' message is shown in the response. To learn more, see Configuring the Sandbox Policy and Configuring the Default Sandbox Rule. After files are sent for analysis, you must use GET /sandbox/report/{md5Hash} in order to retrieve the verdict. You can get the Sandbox report 10 minutes after a file is sent for analysis. SubmitFile submits a file for scanning and returns the result of the scan.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL