User wants to get sample information from the box using the API · Returns the high-level metadata for a sample by either the integer sample_id provided or query strings. · If more than one sample is returned, it will be as a list under the results element. · If a sample is not found, an empty set will be returned. · By default it returns the last 100 samples. The max limit is 1000, if more results are required use the offset parameter to page the results back.
Examples using curl.
Return a single sample’s metadata.
Return all samples marked with a source of customerOne.
Return all samples that were uploaded by Robert Bob (rbob).
Return all samples that have both the 'zeus' AND the 'bad' tags in the description.
Return all URL samples that have 'malicious_site' as part of their address.
Description:Query String Options sample_type The type of sample. Options are 'basic' and 'url'.
label The sample's label, which is either the file name or url by default. Unicode is allowed, but RegEx are not. Use the exact parameter to ignore partial matches.
owner A substring of the owner submitted the sample. Use the exact parameter to ignore partial matches.
source Sample source is 'www' if uploaded by the UI and only configurable through a RAPI call. Use the exact parameter to ignore partial matches.
url Only applies to sample's of type 'url', and is the url submitted. RegEx are not allowed. Use the exact parameter to ignore partial matches.
md5 The md5 to search for; substrings are not allowed.
sha256 The sha256 to search for; substrings are not allowed.
resource_name Only applies to sample's of type 'basic', and is the file's name including extension. Use the exact parameter to ignore partial matches.
resource_magic The partial resource magic string to search on. (Example: PE32:win32)
hashtags Finds samples that match all the provided hash tags. Separate multiples with a | symbol. Partial matches are ignored.
exact If set to 1, exact strings will be used for other query parameters. Default value is 0 to allow substrings.
limit The default limit is 100 items with a max of 1000. If more results are needed use theoffset parameter to provide paging support.
offset The starting index for the the result set. Use with limit to provide paging support.
hashtags A comma separated list of tags assigned to the sample.
Tags are prepended by a # in the description field of a sample. This is editable through either the view_sample UI or a POST call to /rapi/samples/[sample_id]. For example, if the description is: "Potentially a #zeus variant. #banking_trojan", zeus and banking_trojan will be a tags. Tags can be made up of standard text unicode characters.
samples_basic_resource_id INTERNAL USE The resource id of the binary sample. It is unlikely this would be needed for public consumption.
samples_basic_sample_id The sample's integer ID.
samples_date_added The local system time the sample was added to the processing queue.
samples_description Matches to the sample comments in the UI. Includes any hashtags that were set.
samples_exec_arguments Will be null unless the sample was submitted with execution arguments to override the default behavior for the sample. This effects all tasks for the sample, unless the task itself overrides the property.
samples_label The configurable label for the sample. By default it is the file name or url address.
owner The user account that submitted the sample.
sample_sample_id The integer sample ID.
samples_source The source of the sample. Samples submitted in the UI will be 'www' unless changed through the RAPI.
resource_magic_magic String indicating the type of file run.
resource_magic_magic_id An integer ID that is paired with the resource_magic_magic string value.
sample_resources_date_added Same as samples_date_added for the time when the sample was loaded into the queue.
sample_resources_magic_id Same as resource_magic_magic_id.
sample_resources_md5 MD5 of the sample. Only applies to samples of type 'basic'.