OrangeCyberDefense Sandbox (P2A) P2A Sandbox Doc Reference

Using P2A: Submitting and Managing Analyses

Using the Graphical User Interface (GUI)

Submitting an Analysis

To submit an analysis using the Graphical User Interface (GUI), follow these steps:

  1. Login to your P2A account.
  2. Click on "Submit" in the navigation bar.
  3. Choose the appropriate method for analysis submission:
    • File: For local files Upload.
    • Online File: For files available on the internet.
    • Websites: For analyzing website URLs.
    • Search: For analyzing hashes.
  4. Follow the on-screen prompts to provide the required information and submit your analysis.

Managing Analyses

You can manage your submitted analyses by navigating to the "Manage Analyses" section of the GUI. Here, you can view the status, results, and details of your analyses.

Using the P2A API

Generating an API Key

To obtain an API key for accessing the P2A API, follow these steps:

  1. Login to your P2A account.
  2. Go to Menu -> Preferences -> Web API Key.
  3. Click on "Generate a new key".

Submitting an Analysis via API

To submit an analysis using the P2A API, you can make a POST request to the API endpoint with the necessary parameters. Here are examples using CURL and Python (requests library):

Example using CURL

        
curl -X POST "https://p2a.cert.orangecyberdefense.com/submit" \
  -H "Content-Type: multipart/form-data" \
  -H "ocd-p2a-apikey: Your-API-Key" \
  -H "ocd-p2a-dtype: file" \
  -F "file=@/path/to/your/file" \
  -F "timeout=60" \
  -F "vm=Windows10x64"

Example using Python (requests library)

        
import requests

url = "https://p2a.cert.orangecyberdefense.com/submit"
headers = {
    "ocd-p2a-apikey": "Your-API-Key",
    "ocd-p2a-dtype" : "file"
}

files = {
    "file": ("/path/to/your/file", open("/path/to/your/file", "rb"))
}

data = {
    "timeout": "60",
    "vm": "Windows10x64"
}

response = requests.post(url, headers=headers, files=files, data=data)

print(response.text)

You can check whether the analysis is ready: 

            
import requests

url = "https://p2a.cert.orangecyberdefense.com/api/{analysis}/status"
headers = {
    "ocd-p2a-apikey": "Your-API-Key"
}

response = requests.get(url, headers=headers)

if response.ok:
    status_data = response.json()
    if status_data["status"] == "ready":
        print("Analysis is completed and ready.")
    else:
        print("Analysis is still in progress.")
else:
    print(f"Failed to check analysis status. Status code: {response.status_code}")

Supported Data Types

P2A Sandbox supports various data types for analysis. These include:

  • Windows executable files (32 and 64 bits): .exe, .scr
  • Windows dynamic library (32 and 64 bits): .dll, .cpl
  • Office documents: Word, Excel, and PowerPoint files: .doc, .docm, .docx, .rtf, .xls, .xlsm, .xlsx, .mshtml, .hta, .ppt, .pptx, .ppam
  • Script files: Javascript: .js, .jse, .wsf
  • Script files: Visual Basic Script: .vbs, .vbe, .wsf
  • Shortcut files: .lnk
  • PDF files: .pdf
  • JAR files: .jar
  • Microsoft installers: .msi
  • PowerShell files: .ps1
  • Batch files: .bat, .cmd
  • Iso files: .iso (currently not available on the API)
  • Web files: .html
  • Message files: .eml (eml only)
  • Compressed files: formats supported by 7z (see here )

Note: Depending on the selected VM, the amount of supported file types may vary, and the limit size is set up to 500MB. If you submit a file whose type is not supported, the analysis will cancel immediately, and you should see the following error message on the submission page:

Error, file format was not recognized for file.unk. All supported file formats are listed on /faq/. You can also try to rename the file extension or specify an environment to use in "Advanced" -> "Specific launch environment"

Submission Methods and Data Privacy

P2A (Antivirus Analysis Platform) offers multiple ways for users to submit data for analysis, ensuring data privacy and security. Here are the different submission methods and considerations:

  1. File Submission: Users can submit individual files from their local storage for analysis. These files are private by default and are only accessible to the owner of the analysis.
  2. Online File Submission: Users can submit files from online sources by providing a URL pointing to the file. This allows for the analysis of files hosted on the internet. Similar to local file submissions, online file submissions are private by default.
  3. Website URL Submission: Users can submit URLs of websites for analysis. P2A can analyze the contents of the specified web page. The results of this analysis are private and accessible only to the owner.
  4. Hash Submission: Users can submit file hashes (e.g., MD5, SHA-256) for analysis. This is useful when users want to analyze a file that has already been analyzed or is known by its hash value. The results of the analysis are private and accessible to the submitter.
  5. VirusTotal Integration: Users can submit files or file hashes that have already been submitted to VirusTotal. VirusTotal is a widely used malware analysis service. When users submit data from VirusTotal, P2A can perform additional analysis or provide supplementary information. The privacy settings for these analyses depend on the user's P2A account and are generally private.

It's important to note that all submitted data, whether files, URLs, or hashes, is private by default. This means that only the owner of the analysis can access the results unless the user chooses to share or make the analysis public. P2A prioritizes data privacy and security to ensure that sensitive information remains protected.

Users have the flexibility to manage the privacy settings of their analyses, allowing them to share results with others or keep them entirely private, depending on their needs and preferences.