Questions about API

I understand that “Valkryie” has/had? an API, I’m not sure if VC does or not, what API resources does XCITIUM/COMODO/etc still support that our Valkryie “PREMIUM_LICENSE” will be valid for? Ty in advance <3

Also, why is the title requirement for forum posts 15 characters minimum? “API Questions” had to turn into “Questions about API” :frowning:

what is your usecase exactly? (we do have APIs)

Hey melih!

To be honest with you, that’s what we’re figuring out.

I was doing some digging thru the historical Valkryie API and noticed some interesting calls there, for defanging binaries. That’s fascinating; but I should probably ask whether it works or not because uh…incorrectly defanged samples are still detonate-able, and that ends poorly.

For simple tasks as returning verdicts, submitting samples, getting file info, I imagine VC would have an endpoint somewhere for that, no?

For returning endpoint info…We keep a running list of all of the “vulnerabilities” (CVE’s) that are published, so when we fetch and curate these messages, it would be helpful in our workflow to be able to trigger patches, summarize how many devices were patched and etc.

More so just having that metaphorical “moment” with XCITIUM where we open all of your toolbox drawers and check your tool collection before we pull our car in. Hope that makes more sense as to the position. If you have new endpoints or specific features and etc that you’d like to highlight, more than happy to hear about em equally.

1 Like

correct.

I like how you are thinking!
With valkyrie we have
-Dynamic analysis
-Static analysis
-Human analysis
of all executable files. We have many capabilities that we use from AI to Heuristic etc when giving a verdict.
You should be able to give Valkyrie a file it should be able to give you a “trusted verdict” with human validation.
sounds like an interesting project, please keep us fully involved.

The issue we’re having is that XCITIUM’s documentation really isn’t…unified.

If you asked me for the “VT API docs”, I’d send you to VirusTotal API v3 Overview. Following this level of documentation accuracy, I was all but a pro @ their API in…sub 15 minutes. High quality, well-documented, well written.

I’m…one might say having trouble, finding XCITIUM’s equal to this. Does this exist, or is there a “master dashboard” for documentation?

Also, any OF these endpoints, is there any potential changes coming soon to them that would have us checking logs in yknow…less time than preferred, wondering why something’s 500ing? I understand there is some overall brand re-alignment in motion re: XCITIUM/COMODO, BUT, we just need to know beforehand so workflows don’t go dead (ex: API route switching from comodo to xcitium name or changing reference names, etc)

1 Like

hi @BeeHiveCyberSecurity , you can check our Valkyrie API Doc from here.

considering your use case:
1- you can check whether a file has verdict or not using
/api/v1/file/query/{SHA1}
2- you can submit files to Valkyrie using
/api/v1/file/scan
3- you can validate a verdict with human experts by sending already analyzed file using
/api/v1/file/sendto/human/analysis

we already have a project to merge all documentation and allow users to access everything from a single location (fully categorized).
CS-29147: API Doc Improvements

2 Likes

@ilgaz I’ve seen this referred to a few times over the last few days- is this project list publicized anywhere? Or even in a restricted area for customers? I’d love to be able to see what’s already being worked on- why make us ring the same bell 15 times if you already know and are working on the issue?

currently not, but we are working on making currently worked projects, next items etc. publicly available so that you can track what we are working on, what we will work on next.
we aim to make this available by the beginning of next week.

1 Like

@ilgaz was this made available? Is there a link you could provide?

1 Like

An update on this,

We’ve been attempting to integrate some API-based stuff, with zero luck. Keep getting this error

image

Have tried

  • verdict api key
  • verdict license key
  • valkyrie keys by creating a linked valkyrie accounts

And I’m getting this while attempting to use a PREMIUM_LICENSE key.

Any advice, team?

@nivedithab for followup

hi @BeeHiveCyberSecurity
apologies for the delay , let me check with internal team and get back to you,

1 Like

hi @BeeHiveCyberSecurity

our team wants detailed information on what API you are testing with and what error with screenshots are requested to investigate further

Hey Niv,

Using the built-in tools at Valkyrie Verdict (comodo.com) to test it, that was linked earlier in this forum post. Trying both license id and api key, returns the error mentioned in the screenshot for us.

hi @BeeHiveCyberSecurity

could you please share full request along with license id and api key and our backend team will check with Valkyrie team in case , they will receive the same error

The…requests being used are the ones built into the trial site. I couldn’t get requests to respond correctly, so tried the test site provided, and requests fail there too using BOTH my apikey and license id, as well as VC key shown in XCS. Neither is able to correctly authenticate, at least for us.

yes @BeeHiveCyberSecurity

we understand your concern , our team need the full request which you initiated along with license id and api key to investigate further with the valkyrie team , please do share us the same.

Will send via DM shortly

1 Like