Skip to main content

Getting Started

Review the steps to integrate File Intel into your app

Introduction

The File Intel service must be enabled from the Pangea Console before use. Make sure you have access to the Pangea Console and you’ve created a project.

note

To create a project or learn about projects, visit Creating a project.

Create a token

Expand for details

Create a token so that you can access the File Intel endpoints:

  1. Go to the Pangea Console and click File Intel in the left-hand navigation menu. The File Intel Overview page will appear.
  2. On the File Intel Overview page, you'll see a notification asking you to set a service token. Click Create new token toward the bottom right side of your screen.

Add a token

  1. You’ll be prompted to create a token. Enter a Token name and select an Expiration Date. You may also create a token for all Intel services, if you wish.

Create a token

  1. Once configured, the token is available in the Tokens section of the File Intel Overview page.

Location of tokens

Select your provider

Expand for details

Providers can be selected as default in the Pangea Console . Setting a provider as default in the Pangea Console means your API request calls will use this provider, unless another provider is specified as part of your API request.

To select a provider as default for an API:

  1. Go to the Pangea Console
  2. On the left-hand navigation menu, select File Intel
  3. Go to Settings
  4. Click Set as default for your preferred provider

Set provider as default

tip

You can also select a provider and override the default provider by specifying their name in the provider field when making an API request to the /reputation endpoint. This is helpful if your default provider returns a verdict of Unknown and you want a second opinion from another provider.

Test the service

The interactive File Intel API Reference allows you to test API endpoints from the documentation. This is an easy way to play around with different hash types and providers to see what kind of data is returned.

Configure your app for communication with the Pangea service

For your app to communicate with the Pangea service, you must put the values of the following Configuration Details into the PANGEA_INTEL_TOKEN and PANGEA_DOMAIN environment variables:

  • token
  • domain

All of these variables are created when you enable File Intel and can be found in the Overview section under File Intel.

Required environment variables

Set environment variables

To set each variable in bash:

export PANGEA_DOMAIN="yourServiceDomain"
export PANGEA_INTEL_TOKEN="yourAccessToken"

Calculate and submit hash

The ways you acquire a file hash may vary. For example, you might:

  • Use a reporting tool that generates a hash for suspicious files
  • Calculate a hash using your app

If you add hash calculation functionality to your app, it may look something like this:

import hashlib
def main():
  myfile = open('/path/to/file', 'rb')
  print(hashlib.sha256(myfile.read()).hexdigest())
if __name__ == '__main__':
  main()

Your result will look something like this:

% python ~/scratch/hash.py
142b638c6a60b60c7f9928da4fb85a5a8e1422a9ffdc9ee49e17e56ccca9cf6e

Submit the hash to the File Intel service. The code in your app might look something like this:

import os

import pangea.exceptions as pe
from pangea.config import PangeaConfig
from pangea.services import FileIntel

token = os.getenv("PANGEA_INTEL_TOKEN")
domain = os.getenv("PANGEA_DOMAIN")
config = PangeaConfig(domain=domain)
intel = FileIntel(token, config=config)


def main():
   print(f"Checking file...")

   try:
       response = intel.reputation(
           hash="142b638c6a60b60c7f9928da4fb85a5a8e1422a9ffdc9ee49e17e56ccca9cf6e",
           hash_type="sha256",
       )
       print(f"Response: {response.result}")
   except pe.PangeaAPIException as e:
       print(f"Request Error: {e.response.summary}")
       if e.errors:
           for err in e.errors:
               print(f"\t{err.detail}")
           print("")
note

For details, visit the SDK documentation. If you don't see the language you need, let us know in our

Discourse.

Receive a response

After your app submits a hash file to the File Intel service, you'll receive a JSON response that looks like this:

{
  "request_id": "prq_37fvd6ofo2sz3wbvmaqrb4bmzrzcuhxh",
  "request_time": "2022-09-27T21:23:19.682Z",
  "response_time": "2022-09-27T21:23:20.258Z",
  "status": "Success",
  "summary": "Hash was found",
  "result": {
    "data": {
      "category": [
        "Trojan"
      ],
      "score": 100,
      "verdict": "malicious"
    },
    "parameters": {
      "hash": "142b638c6a60b60c7f9928da4fb85a5a8e1422a9ffdc9ee49e17e56ccca9cf6e",
      "hash_type": "sha256",
      "provider": "reversinglabs",
      "raw": true,
      "verbose": true
    },
    "raw_data": {
      "rl": {
        "entries": [
          {
            "classification": {
              "family_name": "BoxerSms",
              "is_generic": false,
              "platform": "Android",
              "type": "Trojan"
            },
            "first_seen": "2012-08-30T09:50:00",
            "last_seen": "2021-07-17T08:24:17",
            "query_hash": {
              "sha256": "142b638c6a60b60c7f9928da4fb85a5a8e1422a9ffdc9ee49e17e56ccca9cf6e"
            },
            "reason": "antivirus",
            "scanner_count": 29,
            "scanner_match": 17,
            "scanner_percent": 58.620689392089844,
            "status": "MALICIOUS",
            "threat_level": 5,
            "threat_name": "Android.Trojan.BoxerSms",
            "trust_factor": 5
          }
        ]
      }
    }
  }
}

To learn about the response fields above, visit the File Intel API Reference.

Share your implementation

Reach out to the Pangea community on our

Discourse to let us know how you've integrated File Intel into your application.

Was this article helpful?

Contact us