This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Johanna_Müller
Explorer
‎2017-01-16 06:05 AM

Sandblast - Threat Prevention API - Upload a file via an Webinterface

Hi there,

I'm currently playing around with the Threat Prevention API and my goal is to create a web interface to upload a suspicious file to the (on premise) Sandblast appliance.

This is my current partly working Python(Flask) code:

@app.route('/upload', methods=['GET', 'POST'])

def upload():

    if request.method == 'POST':

        file = request.files['file']

        resp=do_upload(file)

        return render_template('index.html', msg='success', json=resp)

    else:

        return render_template('upload.html')

def do_upload(file):

    filestream = file.stream

    hostname='https://LOCALSANDBLAST:18194/tecloud/api/v1/file/upload'

    payload={"request":{"file_name":file.filename}}

    files = {

        'request': (None, json.dumps(payload), 'application/json'),

        'file': (file.filename, filestream)

    }

    response=requests.post(hostname, files=files)

    return response.text

    print response.text

However the response I get from the Threat Prevention API contains the code '1006' which according to the documentation is 'PARTIALLY_FOUND: Part of the request found. If the missing data is required, upload the file.'

The complete response is attached to this post.

What am I doing wrong? Am I not uploading the whole file?

Can you maybe provide a working example for uploading and successfully querying a threat emulation via HASH afterwards?

Would be very happy to hear your ideas / approaches.

Thanks in advance,

Johanna

1 Reply
hueppisam
Explorer
‎2019-10-01 12:59 AM

Hi All

This is a very interesting question. For me it is also not clear what to do with the state partially_found.

Can you provide an answer here please?

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫