You can use the API to gather these. The RAPI system returns data in JSON format, with some exceptions.
Note: The API is usually authenticated via token, but if you SSH into the appliance and use 'localhost' for the queries, you don't need to supply an API token.
1) To get a list of configured users
$ curl http://localhost/rapi/system/users
2) List of samples (whether analyzed or not)
$ curl http://localhost/rapi/samples
Detail on a specific sample
$ curl http://localhost/rapi/samples/<sample_id>
3) Retreive/save a sample's resource (file)
The above API calls in #2 return a list of samples. Each sample resource includes this metadata among others:
You can pull files off of the appliance using SCP. If you get the entire list of samples (
curl http://localhost/rapi/samples) and the entire
/opt/mat2/store/sample_resources folder, you've got them all.
4) Retrieve previous analysis –
a. List of tasks that were run
$ curl http://localhost/rapi/tasks
b. Info about specific tasks, including the resulting risk score (task_global_risk_score) and the sample_id that was analyzed so you can link it up with the samples above
$ curl http://localhost/rapi/tasks/<task_id>
c. All the found events for a task (HTML formatted)
$ curl http://localhost/rapi/widgets/task_report/<task_id>
d. All the found events for a task (JSON)
$ curl http://localhost/rapi/tasks/<task_id>/events
Imported Document ID: 000022026
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.