Jump to content
Kaspersky Support Forum

How to send file to KATA via API [KATA/KEDRE]

svc_kms

Entry posted by svc_kms in How-to

4 views

 Share

This article provides additional details to the Online Help article.

Modern web servers use gzip compression for transferred web pages. Such compressed web pages should not be sent to KATA API as these files will create unnecessary load on Sandbox.

Content-Type - Optional parameter
objectType - must always be a file (other types are not supported)
content - object to send

scanId - ID of the object sent to KATA (must be unique)
sensorId - ID of the system sending file. Could be random UID, authorized in KATA Web UI (External Systems tab)

Examples:

# curl -k --noproxy '*' --cert ./cert.pem --key ./server.key -F scanId=9000001 -F objectType=file -F content=@/tmp/test.pdf -X POST https://<KATA_IP>:443/kata/scanner/v1/sensors/11111-111-11111/scans
 
 # curl -k --noproxy '*' --cert ./cert.pem --key ./server.key -F scanId=9000002 -F objectType=file -F content=@/tmp/test.docx -X POST https://<KATA_IP>:443/kata/scanner/v1/sensors/11111-111-11111/scans

How to generate key and certificate:

openssl genrsa -out server.key 2048
openssl rsa -in server.key -out server.key
openssl req -sha256 -new -key server.key -out server.csr -subj '/CN=localhost'
openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
cat server.crt server.key > cert.pem

Or use the one-liner:

openssl req -x509 -newkey rsa:2048 -keyout ./server.key -out ./cert.pem -days 365 -nodes -subj "/C=RU/ST=MSK/L=Moscow/O=Company Name/OU=Org/CN=www.example.com"

To retrieve scan results:

# curl -k --noproxy '*' --cert ./cert.pem --key ./server.key -X GET "https://<KATA_IP>:443/kata/scanner/v1/sensors/11111-111-11111/scans/state?&state=detect,not detected,error,timeout" -H "accept: application/json"
 
{
  "scans": [
    {
      "scanId": "9000001",
      "state": "detect"
    },
    {
      "scanId": "9000002",
      "state": "detect"
    }
  ]
}

 

To view all scan results from KATA CN 3.7.2

# sudo -u postgres psql antiapt -c "select count (*) from all_alerts where meta_type='EXTERNAL' and object_type='FILE';"

To view all scan results from KATA CN 4.0/4.1/5.0

# sudo -i
# docker exec -it `docker ps | grep kedr_database_server | awk '{print $1}'` psql -U kluser antiapt -c "select count (*) from all_alerts where meta_type='EXTERNAL' and object_type='FILE';"

How to use pfx for curl authentication

This has more to do with curl than with the product. If curl is based on an SSL library that supports pfx, the integration will work correctly. MacOS example (curl is based on Secure Transport).

# curl -k --noproxy '*' --cert-type P12 --cert ./<certificate>.pfx:<password>  -F scanId="<ID>" -F objectType=file -F content=@/tmp/test -X POST https://<KATA_IP>:443/kata/scanner/v1/sensors/11111-111-11111/scans

 

How to retrieve detects from detects API

Typical curl request:

curl -k --noproxy '*' --cert ./cert.pem --key ./server.key -X GET "https://127.0.0.1:443/kata/scanner/v1/sensors/11111-111-11111/detects"
 Share

0 Comments

Recommended Comments

There are no comments to display.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...