Intezer - New! API for Intezer Analyze Community

Blog

Cybersecurity DNA

New! API for Intezer Analyze Community

Or Fridman
15.01.19 | 2:27 pm
Share:
FacebookTwitterLinkedIn

On behalf of Intezer, I am pleased to announce the release of an API for the Intezer Analyze community edition. Members of the free Intezer Analyze community can now create automation scripts to analyze files without manual intervention. Highlighted later in this blog are some of the ways in which community users can utilize the API.


What’s Different?

Prior to today’s release, community users could access Intezer Analyze’s web interface, manually uploading their files to detect code reuse and review the analysis reports. Adding an API was a priority for our product and development teams, to enhance the community experience by providing members with the ability to create automation scripts. With access to our API, community users will have greater flexibility and additional tools at hand to assist in their malware analysis and classification operations.


What can Users Achieve with the New API?

Below are just some of the examples in which community users can utilize the API in their genetic malware analysis. I am certain that members of our community will also implement their own use cases, and we encourage you to share these examples on Twitter, tagging #IntezerAnalyze and @IntezerLabs.

1) Plugins for other Security Systems. Many security products today enable integrations to external malware analysis engines. Using our API, it is now possible to produce Intezer-powered plugins to your preferred security products. We have seen this implemented by one of our active community users, Mickey Perre, who created a plugin between Intezer and Splunk, which can be accessed on GitHub here.

Another example is MalScanBot, created by Omri Moyal, and integrates with Intezer Analyze to provide a convenient chat-based malware analysis. We encourage you to write your own plugins with your preferred tools, and to publish them for the benefit of the security community.

2) Create Graphs based on Code Similarities. Users can now create scripts, including a graph to demonstrate code similarities between files. This can be useful for displaying similarities between sets of malware samples.

The following graph demonstrates how genes are shared between five malware samples. The code to create this graph can be found in our SDK.
Graph: Code Similarities between Files

3) Automatic Submission of Files to Intezer Analyze. Highlighted above, community users can produce a scheduled task that will upload their daily quota of 10 files to Intezer Analyze, requiring no manual intervention. Users can then review the results through the history tab.


How Can I Get Started?

Not an Intezer Analyze community member? First, sign up for free here.

1) Access the API by authenticating your account with an API key. To generate the key, click on “Generate API Key” located in your profile icon. Account Details Page.

Account Settings: Intezer Analyze

2) Read the latest API documentation located in your profile page, or check out our Python code examples to use as a template.

3) Analyze files using the “POST /analyze” API function.

4) Obtain results, including:

  • A summary of the file analyses, including the verdict, malware family name, and report URL.
  • Code reuse findings. (GET {sub-analysis}/code-reuse)
  • Related samples. Retrieve the list of file hashes that share code with a specific piece of malware or trusted sample. (POST {sub-analysis}/code-
    reuse/families/:family-id/find-related-files
    )

More information can be found in the community user API document located in the platform, and you can also use our SDK in GitHub to browse some Python code examples. I highly encourage you to watch this repository for future releases!


About Intezer Analyze:

Powered by Genetic Malware Analysis technology, Intezer Analyze identifies new malware by comparing its code with previously seen threats. Detecting even the smallest fragments of code similarities, Intezer recognizes malicious files, classifies threats to the relevant malware families, and enables security teams to prioritize alerts according to risk and severity.


About us:

Intezer introduces a Genetic Malware Analysis approach, offering enterprises unparalleled and accelerated incident response.

Intezer provides a fast, in-depth understanding of any file by mapping its code DNA at the ‘gene’ level — offering the most advanced level of malware analysis. By identifying the origins of every piece of code, Intezer is able to detect code reuse from known malware, as well as code that was seen in trusted applications. For more information, visit https://www.intezer.com/ or follow us on Twitter at @IntezerLabs.

By Or Fridman

Or has 10 years of experience in technology development and product management. He is responsible for developing and executing the product roadmap and technological integrations behind Intezer Analyze. Or began his career in cybersecurity through a programming course in the Israeli Defense Force (IDF) and later became a developer and product manager for the unit. Or previously served as a product manager for CyberArk for three years. Or earned his Bachelor of Science in computer science from the Open University of Israel.

Register to our free community

© Intezer.com 2019 All rights reserved