- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi there,
I'm currently playing around with the Threat Prevention API and my goal is to create a web interface to upload a suspicious file to the (on premise) Sandblast appliance.
This is my current partly working Python(Flask) code:
@app.route('/upload', methods=['GET', 'POST'])
def upload():
if request.method == 'POST':
file = request.files['file']
resp=do_upload(file)
return render_template('index.html', msg='success', json=resp)
else:
return render_template('upload.html')
def do_upload(file):
filestream = file.stream
hostname='https://LOCALSANDBLAST:18194/tecloud/api/v1/file/upload'
payload={"request":{"file_name":file.filename}}
files = {
'request': (None, json.dumps(payload), 'application/json'),
'file': (file.filename, filestream)
}
response=requests.post(hostname, files=files)
return response.text
print response.text
However the response I get from the Threat Prevention API contains the code '1006' which according to the documentation is 'PARTIALLY_FOUND: Part of the request found. If the missing data is required, upload the file.'
The complete response is attached to this post.
What am I doing wrong? Am I not uploading the whole file?
Can you maybe provide a working example for uploading and successfully querying a threat emulation via HASH afterwards?
Would be very happy to hear your ideas / approaches.
Thanks in advance,
Johanna
Hi All
This is a very interesting question. For me it is also not clear what to do with the state partially_found.
Can you provide an answer here please?
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY