Questions etc. relating to Sophos InteliX, an API available via AWS to access SophosLabs threat intelligence data. Documentation is available at https://api.labs.sophos.com/doc/index.html
Questions tagged [sophoslabs-intelix]
24 questions
4
votes
1 answer
Uploading big samples for analysis giving unexpected response
While doing the 'POST' request to 'https://de.api.labs.sophos.com/analysis/file/static/v1', I am getting 'HTTP content length exceeded 10485760 bytes.' response.
I know there is a limit to file size we can upload, but earlier we used to get…
rai-gaurav
- 536
- 1
- 8
- 19
3
votes
1 answer
Scan Uploaded File using Sophos Labs Intelix in c#
I am new to SophosLabs Intelix. I am trying to build a sample in my ASP .Net Application(webforms/MVC) in which I want to run an Antivirus Scan on the uploaded file by the User. If the Uploaded file is clean I want to upload it to the server else I…
Jimesh
- 479
- 5
- 17
3
votes
2 answers
POST file (as binary stream) using java.net.HttpURLConnection as a param file=
I am trying to upload (POST) a file to an endpoint using java.net.HttpURLConnection but I keep getting http code 400 (bad request).
I refered to Send File And Parameters To Server With HttpURLConnection in android API 23
but problem is that I need…
Deval Jain
- 105
- 1
- 7
3
votes
1 answer
Restrictions of Intellix APIs
The below documentation given for Sophos Intellix APIs does not mention the restrictions on file size or a number of submissions that can be made in a given time, are there any such restrictions in place or we can submit the file of any size and can…
Deval Jain
- 105
- 1
- 7
3
votes
1 answer
What do reputationScore values mean in SophosLabs File Malware Cloud Lookup API
The File Malware Cloud Lookup API returns 'reputationScore' in response. The doc page has various values of reputation score in examples, but it doesn't say what those values mean. How we can make use of those…
RPC
- 58
- 4
2
votes
1 answer
Sophos Intellix Authenticate API Error trying to Authenticate
I am trying to authenticate to the sophos intellix authenticate api:
curl --location --request POST 'https://api.labs.sophos.com/oauth2/token'
--header 'Content-Type: application/json;charset=UTF-8'
--header 'Authorization: Basic {encoded…
c_Reg_c_Lark
- 142
- 9
2
votes
1 answer
How long does Static / Dynamic analysis take in Intelix?
I am currently testing the Intelix API within my service.
Please could you tell me the average time a static and dynamic analysis will take?
Thank you in advance
Youngsoo
- 21
- 1
2
votes
1 answer
How should I specify a URI in the SophosLabs Intelix Malware and Productivity URL Lookup API?
I'm trying to use the Malware and Productivity URL Lookup API to perform a lookup for a URI. The documentation suggests the form should be:
[ scheme ":" "//" ] [ userinfo "@" ] host [ ":" port ] path-abempty [ "?" query ] [ "#" fragment ]
yet I'm…
Foam Guppies
- 23
- 2
1
vote
0 answers
Intellij Plugin to scan code security (locally)
any recommendation to install and run locally any plugin on Intellij to avoid security vulnerabilities like SQL Injections, it is not an open source project, written in Java.
Thanks a lot
Manu Bouzas
- 31
- 4
1
vote
1 answer
Sophos Intelix File Hash Lookup for unknown file hash always returns reputation score 30
A sophos intelix file hash lookup for an unknown file hash returns a reputation score of 30, although the file hash is not yet known by Sophos. When we then upload the file for static file analysis, we get as well a score of 30. Is this intended? I…
Wolfgang
- 123
- 7
1
vote
1 answer
SophosLabs Intelix - Scanning speed is slow
Small PDF files are (under 200KB) are being used to test the performance of the SophosLabs Intelix.
The official example code has been used:
https://github.com/sophoslabs/intelix-lambda-example/blob/master/resources/intelix_file_check.py
According…
PagedownPageUp
- 13
- 3
1
vote
1 answer
Interpreting sophos static file analysis score
Is there an explanation anywhere for what the score field from the sophos static/dynamic file analysis report means?
The schema simply states: Maliciousness score of the analyzed file (0 = malicious, 100 = benign).
I expected this to be interpreted…
Cole Omni
- 33
- 6
1
vote
1 answer
Cannot instal Sophos Endpoint Security and Control because existing 3rd party AV software could not be uninstalled
I have a Windows 10 laptop which was happily running Sophos ECC for several years but recently stopped updating. I was advised by Sophos tech support to uninstall and reinstall. But reinstall stops because it detects 3rd party software - presumably…
Zaheer Ali
- 11
- 2
1
vote
2 answers
Unable to submit for static analysis
We are not able to submit file for static analysis
Tried with the request as below :
curl -X POST "https://de.api.labs.sophos.com/analysis/file/static/v1/"
-H "Authorization: "
-H "Content-Type: multipart/form-data"
-F…
Priyanka Gadhiya
- 31
- 4
1
vote
1 answer
What would happen if I send the same correlation id for multiple lookup requests to SophosLabs lookup?
In the documentation for SophosLabs File Malware Cloud Lookup API (https://api.labs.sophos.com/doc/lookup/files.html), a correlationId is mentioned. How should this be generated? Should be unique for a caller or for each lookup?
Bulletmagnet
- 5,665
- 2
- 26
- 56