API Exercise #5: What About Custom Tradecraft?

Scenario

“I can’t use Assemblyline’s Python/Java client to integrate with my existing tradecraft. What can I do?”

In previous exercises, we’ve shown that you can use the Assemblyline client or a language’s network requests library to interact with the Assemblyline’s API, but what about tools like cURL or Postman?

Expected Results

Send files to Assemblyline through Ingest/Submit API using cURL

APIs Involved

Web

POST /api/v4/submit/

POST /api/v4/ingest/

cURL Cheatsheet

# CURL cheat sheet
#  to pass headers: -H 'key: value'
#  to set the request type: -X GET
#  to stop cert validation: -k
#  to add a multipart form data:
#        -F 'name=data'
#    OR  -F 'name=@path_to_file'

# Ingest / Submit API cheatsheet
#   * JSON parameters to the submission are passed inside a multipart object named 'json'
#   * The file binary is passed inside a multipart object named 'bin'

# ** Tip: you can pipe the curl output to json_pp so you can actually read it

Solution

# Send a file for asynchronous processing using CURL
# ** API to use: /api/v4/ingest/ (POST)
echo "Send to ingest API:"
curl -s -k -X POST https://$AL_HOST/api/v4/ingest/ \
    -H "x-user: ${AL_USER}" \
    -H "x-apikey: ${AL_APIKEY}" \
    -H 'accept: application/json' \
    -F 'json={"params": {"description": "My CURL test"}, "metadata": {"any_key": "any_value"}}' \
    -F 'bin=@myfile.txt' | json_pp

# Send a file for live processing using CURL
# ** API to use: /api/v4/submit/
echo ""
echo "Send to submit API:"
curl -s -k -X POST https://$AL_HOST/api/v4/submit/ \
    -H "x-user: ${AL_USER}" \
    -H "x-apikey: ${AL_APIKEY}" \
    -H 'accept: application/json' \
    -F 'json={"params": {"description": "My CURL test"}, "metadata": {"any_key": "any_value"}}' \
    -F 'bin=@myfile.txt' | json_pp