MalQuery Exact Search
action.
Parameter | Description |
---|---|
Patterns | Specify an array of hex patterns or strings to search for within file contents at the byte level. Each pattern should be an object with “type” and “value” fields. For example: [ { "type":"hex", "value":"8948208b480833ca33f989502489482889782c8bd7" }, { "type":"ascii", "value":"suspicious_string" } ] |
Parameter | Description |
---|---|
Limit | The maximum number of matching files to return in the response. |
Metadata Fields | A comma-separated list of metadata fields to include in results. For example: * sha256 * md5 * type * size * first_seen * label * family |
{
"errors": [
{
"code": 0,
"id": "string",
"message": "string",
"type": "string"
}
],
"meta": {
"pagination": {
"limit": 0,
"offset": 0,
"total": 0
},
"powered_by": "string",
"query_time": 0,
"reqid": "Request ID returned after creating a hunt or exact search",
"stats": {
"clean_count": 0,
"malware_count": 0,
"pua_count": 0,
"total_count": 0,
"unknown_count": 0
},
"status": "Request status. Possible values: inprogress, failed, done",
"trace_id": "string",
"writes": {
"resources_affected": 0
}
},
"resources": [
{
"family": "Sample family",
"filesize": 0,
"filetype": "Sample file type",
"first_seen": "Date when it was first seen",
"label": "Sample label",
"md5": "Sample MD5",
"sha1": "Sample SHA1",
"sha256": "Sample SHA256"
}
]
}
Was this page helpful?