Aller au contenu

What About Custom Tradecraft?

Scenario

“I can’t use Assemblyline’s Python/Java client to integrate with my existing tradecraft. What can I do?”

In previous exercises, we’ve shown that you can use the Assemblyline client or a language’s network requests library to interact with the Assemblyline’s API, but what about tools like cURL or Postman?

Expected Results

Send files to Assemblyline through Ingest/Submit API using cURL

REST APIs Involved

POST /api/v4/submit/
POST /api/v4/ingest/
cURL Cheatsheet
to pass headers: -H 'key: value'
to set the request type: -X GET
to stop cert validation: -k
to add a multipart form data:
      -F 'name=data'
  OR  -F 'name=@path_to_file'

# Ingest / Submit API cheatsheet
 * JSON parameters to the submission are passed inside a multipart object named 'json'
 * The file binary is passed inside a multipart object named 'bin'

# ** Tip: you can pipe the curl output to json_pp so you can actually read it

Solution

# Send a file for live processing using CURL
# ** API to use: /api/v4/submit/ (POST)
echo "Send to submit API:"
curl -s -k -X POST https://$AL_HOST/api/v4/submit/ \
    -H "x-user: ${AL_USER}" \
    -H "x-apikey: ${AL_APIKEY}" \
    -H 'accept: application/json' \
    -F 'json={"params": {"description": "My CURL test"}, "metadata": {"any_key": "any_value"}}' \
    -F 'bin=@myfile.txt' | json_pp
# Send a file for asynchronous processing using CURL
# ** API to use: /api/v4/ingest/ (POST)
echo "Send to ingest API:"
curl -s -k -X POST https://$AL_HOST/api/v4/ingest/ \
    -H "x-user: ${AL_USER}" \
    -H "x-apikey: ${AL_APIKEY}" \
    -H 'accept: application/json' \
    -F 'json={"params": {"description": "My CURL test"}, "metadata": {"any_key": "any_value"}}' \
    -F 'bin=@myfile.txt' | json_pp