Verify blacklisted and whitelisted hash values This URL is to check if a user submitted hash value is either blacklisted or whitelisted. Only single hash value can be verified at a time. Resource URL POST https://<MATD_IP>/php/atdHashLookup.php Input parameters The following HTTP headers should be specified in the resource URL request: Accept: application/vnd.ve.v1.0+json VE-SDK-API: Base64 encoded "session:user id" string Input parameter Description Data type data Contains the following parameters defined in a json string. md5: Any valid 32 digit hexadecimal number Example: {'data': '{"md5":"A3CCFD0AA0B17FD23AA9FD0D84B86C05"}'} Hexadecimal Output parameters Input parameter Description results Displays input hash value and its corresponding character. 'w' — hash value is whitelisted by user. 'b' — hash value is blacklisted. '0' — hash value is not in the whitelist or blacklist. 'j' — hash is submitted in last three days. 'Invalid input data' — invalid hash value. The valuation is performed in the following order: Check if it is 'b'. Return 'b' if it is the case. Check if it is 'j'. Return 'j' if it is the case. Check if it is 'w'. Return 'w' if it is the case. Otherwise return '0'. Note: If the check returns 'j' then the API finishes processing the API call, and returns 'j'. In this case, evaluation logic does not reach 'w'. If the file is submitted again after 3 days since the scanning of MD5, the API will return 'w' for the MD5, instead of 'j'. Note: For hashes present in native whitelist database, the output returns 'j' if the hash is submitted in the last 3 days. Example Input An example of data json string: {'data': '{"md5":"A3CCFD0AA0B17FD23AA9FD0D84B86C05"}'} Output {"success":true, "results":{"A3CCFD0AA0B17FD23AA9FD0D84B86C05":"w"}} Parent topic: McAfee Advanced Threat Defense APIs
Verify blacklisted and whitelisted hash values This URL is to check if a user submitted hash value is either blacklisted or whitelisted. Only single hash value can be verified at a time. Resource URL POST https://<MATD_IP>/php/atdHashLookup.php Input parameters The following HTTP headers should be specified in the resource URL request: Accept: application/vnd.ve.v1.0+json VE-SDK-API: Base64 encoded "session:user id" string Input parameter Description Data type data Contains the following parameters defined in a json string. md5: Any valid 32 digit hexadecimal number Example: {'data': '{"md5":"A3CCFD0AA0B17FD23AA9FD0D84B86C05"}'} Hexadecimal Output parameters Input parameter Description results Displays input hash value and its corresponding character. 'w' — hash value is whitelisted by user. 'b' — hash value is blacklisted. '0' — hash value is not in the whitelist or blacklist. 'j' — hash is submitted in last three days. 'Invalid input data' — invalid hash value. The valuation is performed in the following order: Check if it is 'b'. Return 'b' if it is the case. Check if it is 'j'. Return 'j' if it is the case. Check if it is 'w'. Return 'w' if it is the case. Otherwise return '0'. Note: If the check returns 'j' then the API finishes processing the API call, and returns 'j'. In this case, evaluation logic does not reach 'w'. If the file is submitted again after 3 days since the scanning of MD5, the API will return 'w' for the MD5, instead of 'j'. Note: For hashes present in native whitelist database, the output returns 'j' if the hash is submitted in the last 3 days. Example Input An example of data json string: {'data': '{"md5":"A3CCFD0AA0B17FD23AA9FD0D84B86C05"}'} Output {"success":true, "results":{"A3CCFD0AA0B17FD23AA9FD0D84B86C05":"w"}} Parent topic: McAfee Advanced Threat Defense APIs