AnsweredAssumed Answered

Sandblast - Threat Prevention API - Upload a file via an Webinterface

Question asked by fb63d0ed-41a5-422e-8ebc-c70afa69c914 on Jan 16, 2017

Hi there,



I'm currently playing around with the Threat Prevention API and my goal is to create a web interface to upload a suspicious file to the (on premise) Sandblast appliance.



This is my current partly working Python(Flask) code:



@app.route('/upload', methods=['GET', 'POST'])

def upload():

    if request.method == 'POST':

        file = request.files['file']


        return render_template('index.html', msg='success', json=resp)


        return render_template('upload.html')



def do_upload(file):

    filestream =





    files = {

        'request': (None, json.dumps(payload), 'application/json'),

        'file': (file.filename, filestream)


, files=files)

    return response.text

    print response.text



However the response I get from the Threat Prevention API contains the code '1006' which according to the documentation is 'PARTIALLY_FOUND: Part of the request found. If the missing data is required, upload the file.'



The complete response is attached to this post.



What am I doing wrong? Am I not uploading the whole file?

Can you maybe provide a working example for uploading and successfully querying a threat emulation via HASH afterwards?

Would be very happy to hear your ideas / approaches.



Thanks in advance,