sandbox#

The following methods allow for interaction with the ZIA Cloud Sandbox API endpoints.

Methods are accessible via zia.sandbox

class CloudSandboxAPI#

Bases: object

add_hash_to_custom_list(file_hashes_to_be_blocked)#

Updates the custom list of MD5 file hashes that are blocked by Sandbox.

Parameters:: file_hashes_to_be_blocked (list of str) – The list of MD5 Hashes to be added. Pass an empty list to clear the blocklist.
Returns:: The updated custom list of MD5 Hashes.
Return type:: Box

Examples

>>> zia.sandbox.add_hash_to_custom_list(['42914d6d213a20a2684064be5c80ffa9', 'c0202cf6aeab8437c638533d14563d35'])
>>> zia.sandbox.add_hash_to_custom_list([])  # Clear the list

get_behavioral_analysis()#

Returns the custom list of MD5 file hashes that are blocked by Sandbox.

Returns:: The custom list of MD5 file hashes that are blocked by Sandbox.
Return type:: Box

Examples

>>> pprint(zia.sandbox.get_behavioral_analysis())

get_quota()#

Returns the Cloud Sandbox API quota information for the organisation.

Returns:: The Cloud Sandbox quota report.
Return type:: Box

Examples

>>> pprint(zia.sandbox.get_quota())

get_report(md5_hash, report_details='summary')#

Returns the Cloud Sandbox Report for the provided hash.

Parameters:

md5_hash (str) – The MD5 hash of the file that was analysed by Cloud Sandbox.
report_details (str) – The type of report. Accepted values are ‘full’ or ‘summary’. Defaults to ‘summary’.

Returns:

The cloud sandbox report.

Return type:

Box

Examples

Get a summary report:

>>> zia.sandbox.get_report('8350dED6D39DF158E51D6CFBE36FB012')

Get a full report:

>>> zia.sandbox.get_report('8350dED6D39DF158E51D6CFBE36FB012', 'full')

submit_file(file, force=False)#

Submits a file to the ZIA Advanced Cloud Sandbox for analysis.

Parameters:

file (str) – The filename that will be submitted for sandbox analysis.
force (bool) – Force ZIA to analyse the file even if it has been submitted previously.

Returns:

The Cloud Sandbox submission response information.

Return type:

Box

Examples

Submit a file in the current directory called malware.exe to the cloud sandbox, forcing analysis.

>>> zia.sandbox.submit_file('malware.exe', force=True)

submit_file_for_inspection(file)#

Submits raw or archive files to Zscaler service for out-of-band file inspection.

Parameters:: file (str) – The filename that will be submitted for inspection.
Returns:: The Cloud Sandbox inspection response information.
Return type:: Box

Examples

Submit a file in the current directory called sample.zip for inspection.

>>> zia.sandbox.submit_file_for_inspection('sample.zip')