Check Brief Status This URL checks the analysis status. Resource URL GET https://<MATD_IP>/php/samplestatus.php This URL takes iTaskId or jobId iTaskId Parameter: The iTaskId must be previously returned value in the File/URL submission step. Retrieve the istate or status value from the response of samplestatus.php. When analysis is complete, the istate=1 or 2. When sample is waiting in the queue, the istate=4. When sample is being analyzed, the istate=3. When analysis is failed, istate=-1. Only when the istate=1 or 2, continue to get the results. Input parameters Input parameter Description Data type iTaskId This is the returned iTaskId value in the submission step. Number Output parameters Output parameter Description Data type success Success is true if the request is processed successfully else false. String taskid Task ID of the submitted sample file. Numeric istate istate is a numeric value as explained above. Numeric status Current status of the sample. Example: waiting / analyzing / completed. String filename Name of the sample file. String md5 The MD5 hash value of the sample file as calculated by McAfee Advanced Threat Defense. Hexadecimal vmProfile The internally assigned ID for the VM Profile that was used. Numeric jobid Job ID of the submitted sample file. Numeric submitTime Time when the sample was uploaded for analysis. Timestamp summaryFiles Summary file available. This field is valid only when istate is either 1 or 2. useLogs User logs available. This field is valid only when istate is either 1 or 2. asmListing Disassembly result available. This field is valid only when istate is either 1 or 2. PEInfo PE information available. This field is valid only when istate is either 1 or 2. family Family similarity available. This field is valid only when istate is either 1 or 2. userid User ID through which the files are submitted. vmName VM name based on the operating system that was used for dynamic analysis. String vmDesc The user-provided description for the analyzer VM that was used for dynamic analysis. String jobId Parameter: When jobId is passed as parameter, output json response contains only one parameter 'status' and it contains below values. 5 — completed 3 — analyzing 2 — waiting -1 — failed 0 — sample submitted but taskid not generated yet When jobId for a zip file is passed as parameter then the status value in the json is the minimum value of status of individual samples in the zip file. When jobId is passed as parameter, output json response contains parameter 'allEngineState' and it contains below values. 1 — The sample is analyzed on all VMs submitted. 0 — The analysis is failed or canceled in any of the VMs submitted. Note: When archive samples are sent for extraction and analysis, the overall verdict of the sample is the highest reported severity for the extracted contents. However, if the highest severity happens to be less than 3 and if one of the files within the archive sample is failed to be analyzed, then the overall verdict of the sample would be Failed (-2). Example Input https://<MATD_IP>/php/samplestatus.php?iTaskId=52 Output {"success":true, "results":{"userid":1,"taskid":52,"istate":3,"status":"Analyzing", "filename":"mv0107-2.exe","md5":"b01f5c6b23f5073228aa6d1e05579be4","vmProfile":"1","jobid": 55, "submitTime":"2013-03-02 10:08:47","summaryFiles":"0","useLogs":"0", "asmListing":"0","PEInfo":"0", "family":"0","vmName":"Win-XP-SP3-32bit","vmDesc":"XP SP3 32-bit with all reports"} } Input https://<MATD_IP>/php/samplestatus.php?jobId=69 Output {'status': 5, 'allEngineState': 1, 'severity': 5, 'success': 'true'} Parent topic: McAfee Advanced Threat Defense APIs
Check Brief Status This URL checks the analysis status. Resource URL GET https://<MATD_IP>/php/samplestatus.php This URL takes iTaskId or jobId iTaskId Parameter: The iTaskId must be previously returned value in the File/URL submission step. Retrieve the istate or status value from the response of samplestatus.php. When analysis is complete, the istate=1 or 2. When sample is waiting in the queue, the istate=4. When sample is being analyzed, the istate=3. When analysis is failed, istate=-1. Only when the istate=1 or 2, continue to get the results. Input parameters Input parameter Description Data type iTaskId This is the returned iTaskId value in the submission step. Number Output parameters Output parameter Description Data type success Success is true if the request is processed successfully else false. String taskid Task ID of the submitted sample file. Numeric istate istate is a numeric value as explained above. Numeric status Current status of the sample. Example: waiting / analyzing / completed. String filename Name of the sample file. String md5 The MD5 hash value of the sample file as calculated by McAfee Advanced Threat Defense. Hexadecimal vmProfile The internally assigned ID for the VM Profile that was used. Numeric jobid Job ID of the submitted sample file. Numeric submitTime Time when the sample was uploaded for analysis. Timestamp summaryFiles Summary file available. This field is valid only when istate is either 1 or 2. useLogs User logs available. This field is valid only when istate is either 1 or 2. asmListing Disassembly result available. This field is valid only when istate is either 1 or 2. PEInfo PE information available. This field is valid only when istate is either 1 or 2. family Family similarity available. This field is valid only when istate is either 1 or 2. userid User ID through which the files are submitted. vmName VM name based on the operating system that was used for dynamic analysis. String vmDesc The user-provided description for the analyzer VM that was used for dynamic analysis. String jobId Parameter: When jobId is passed as parameter, output json response contains only one parameter 'status' and it contains below values. 5 — completed 3 — analyzing 2 — waiting -1 — failed 0 — sample submitted but taskid not generated yet When jobId for a zip file is passed as parameter then the status value in the json is the minimum value of status of individual samples in the zip file. When jobId is passed as parameter, output json response contains parameter 'allEngineState' and it contains below values. 1 — The sample is analyzed on all VMs submitted. 0 — The analysis is failed or canceled in any of the VMs submitted. Note: When archive samples are sent for extraction and analysis, the overall verdict of the sample is the highest reported severity for the extracted contents. However, if the highest severity happens to be less than 3 and if one of the files within the archive sample is failed to be analyzed, then the overall verdict of the sample would be Failed (-2). Example Input https://<MATD_IP>/php/samplestatus.php?iTaskId=52 Output {"success":true, "results":{"userid":1,"taskid":52,"istate":3,"status":"Analyzing", "filename":"mv0107-2.exe","md5":"b01f5c6b23f5073228aa6d1e05579be4","vmProfile":"1","jobid": 55, "submitTime":"2013-03-02 10:08:47","summaryFiles":"0","useLogs":"0", "asmListing":"0","PEInfo":"0", "family":"0","vmName":"Win-XP-SP3-32bit","vmDesc":"XP SP3 32-bit with all reports"} } Input https://<MATD_IP>/php/samplestatus.php?jobId=69 Output {'status': 5, 'allEngineState': 1, 'severity': 5, 'success': 'true'} Parent topic: McAfee Advanced Threat Defense APIs