File Scan API Reference

Since File Scan generally requires an asynchronous response, the most common workflow is as follows:

1. Scan a file using the POST method. The scan returns a response with a 202 success code.
2. Input the Request ID from the response into the GET method.
3. The API polls the File Scan request until it receives a response.
4. Once the API's GET method receives a response, it returns the score, verdict, category, and raw data if requested.

For more information on asynchronous responses, refer to Asynchronous Responses.

CrowdStrike supports the following file formats:

• Portable Executable (PE)
• Mach object file (Mach-O)
• Executable and Linkable Format (ELF)
• Microsoft Office Word, Excel, and PowerPoint documents
• Portable Document Format (PDF)
• ZIP Archives (ZIP)

ReversingLabs supports most file types. Supported file types are subject to change and can vary between service providers.

• OpenAPI Specification

post/v1/scan

cURL

Code Snippet Language

curl -sSLX POST 'https://file-scan.aws.us.pangea.cloud/v1/scan' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: multipart/form-data'

Response

Raw Output

200

Code Snippet Language

---

Scan

POST

https://file-scan.aws.us.pangea.cloud/v1/scan

Scan a file for malicious content using the provider configured in File-Scan settings, or use the optional “provider” parameter to specify the provider to be used.

Content Type

multipart/form-data

Content Type

required parameters

request

object

upload

​

optional parameters

request

object

verbose

boolean

(default: false)

Echo the API parameters in the response.

verbose

​

verbose

raw

boolean

(default: false)

Include raw data from this provider.

raw

​

raw

provider

string

Scan file using this provider.

provider

​

provider

transfer_method

string

The transfer method used to upload the file data. Learn more about the various Transfer Methods.

transfer_method

​

transfer_method

size

number

The size (in bytes) of the file. If the upload doesn't match, the call will fail.

size

size

crc32c

string

The CRC32C hash of the file data, which will be verified by the server if provided.

crc32c

crc32c

sha256

string

The hexadecimal-encoded SHA256 hash of the file data, which will be verified by the server if provided.

sha256

sha256

source_url

string (uri)

A URL where the file to be scanned can be downloaded. Required if transfer_method is set to source-url

source_url

source_url

Response Fields

Response Schema

object

Pangea standard response schema

result

object

data

object

High-level normalized results sent by the Pangea service

category

array<string>

The categories that apply to this indicator as determined by the provider

score

integer

The score, given by the Pangea service, for the indicator

verdict

string

The verdict, given by the Pangea service, for the indicator

parameters

object

The parameters, which were passed in the request, echoed back

raw_data

object

The raw data from the provider. Each provider's data will have its own format

request_id

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"

request_time

string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"

response_time

string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"

status

string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"

summary

string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Was this article helpful?

Contact us