Detection on Demand API version 1.3.0

Deprecation notice:

The latest update to the extended report schema adds three fields:

  • extracted_objects
  • results
  • artifacts_info

The engine_results field is no longer necessary and will be removed from the report schema on September 15th, 2020. Be sure to update your applications to use the new fields before September 15th.

What’s New :

  • Health API

    • New API endpoint to get the health status of the service, subscription, and API key.
    • Get total and remaining quota stats for full, monthly, and daily periods.
    • -1 denotes that quota is not applied.
  • URL scan API

    • New POST endpoint to submit URLs for scanning
    • Retrieve results from reports endpoint using the report uuid
    • Dynamic analysis of all URLs
    • Max list of 10 URLs can be submitted per submission
  • Dashboard to show API utilization and service status

    • New dashboard to show API utilization, quota counters, and status of DoD service
  • UX upgrade for DoD Portal and DoD integrated reports

  • MITRE ATT&CK Mapping enhancements to show associated rule and os change events

  • Process Graph Enhancements to show Registry, File, Rules, and Network events

  • UI report enhancements to show eextracted objects, details, and graph

  • UI enhancements to show extracted IoCs

  • File distribution widget on dashboard to show top file types analyzed

    • New widget on dashboard UI to show file type distribution
  • Various UI widgets to show utilization and alert charts

    • New widgets on dashboard to show API count, malicious submissions, and recent submissions
  • Submission tab to support UX functionality

    • New tab to submit samples via DoD to multiple MVX profiles at a time. Additionally, we now track recent submissions on a per API key basis
  • Alerts tab to show alerts from different integrations and API-based submissions

    • New tab for showing malicious alerts reported from different integration(s) and API based submission(s).
  • BETA release for native integrations support

    • New beta feature for direct integration of DoD with 3rd party applications
  • Native integration for Box.com

    • Native integration of DoD file scanning for Box.com accounts
    • OAuth 2.0 Authentication
    • Support webhooks for all users’ top level folder in root directory (max 1000 directories for each user)
    • Event polling support to track new directory creation at the root level, new user creation, and admin logs to track changes for file creation at the enterprise level
    • Trash action - All malicious files will be moved to trash directory of individual user
    • Tombstone file : Once a file is trashed, the DoD service will create a tombstone file
    • Account enable/disable feature
  • Native integration for Microsoft Teams for File and URL scanning

    • Native integration of DoD file and URL scanning for Microsoft Teams
    • OAuth 2.0 Authentication
  • Quarantine support for BoX.com and Microsoft Teams

    • Admin-Level Quarantine: All malicious files will be quarantined to the admin level. DoD Service will create a folder at the root level, which will have all quarantined files.
    • User-Level Quarantine: All malicious files will be quarantined to the user level itself. DoD Service will create a folder at the root level, which will have all quarantined files.
    • Tombstone file: Once file quarantined, DoD service will create a tombstone file which will have more details of the quarantine
  • DUA support for extracted URLs.

    • Support for Dynamic URL Analysis (DUA) for extracted URLs from URL or object submissions.
  • Enhancements to reporting of results

    • New format for reporting results
    • Report API to support v1 for old format and v2 for new format
    • Separate sections for extracted objects and results from different engines
    • OS changes to be not reported in new version in reports API, and instead moved to the artifacts.
  • SHA1 support in reports API

    • New field “sha1” in report for sha1 hash of submitted file.
  • Support for memory dumps

    • New flag “memory_dump” in files API to enable memory dump
  • Support for extracted/dropped files

    • New flag “file_extraction” in files API to enable dropped file extraction
  • Support to extract video files

    • New flag “video” in files API to enable video capture
  • Support to extract pcap files

    • New flag "pcap "in files API to enable pcap extraction
  • Libmagic reporting via reports API

    • New field “magic” in report for submitted submitted file
  • Artifacts information reporting

    • New field to report details of artifacts in reports API
    • Details of os changes, vm artifacts, and screenshots extracted
    • Detailed path of artifacts from downloaded file
  • Artifacts API to report os changes

    • Artifacts API support new param “type=os_changes” to get os changes of an analysis.
  • Detailed reporting on extracted objects and their results

    • Report list of extracted objects (files or URLs) from the submitted sample with individual object uuids
    • Extracted object metadata about sample and its verdict
    • Result is a list of results for each extracted object from different engines, with weights, signatures, and other details
  • HTML Emulator for URL and HTML files

    • New HTML emulator engine to perform analysis on HTML content, downloaded from a URL or submitted directly as a sample
  • Health API integration with API key management portal

  • User guides for various integrations