I understand that “Valkryie” has/had? an API, I’m not sure if VC does or not, what API resources does XCITIUM/COMODO/etc still support that our Valkryie “PREMIUM_LICENSE” will be valid for? Ty in advance <3
Also, why is the title requirement for forum posts 15 characters minimum? “API Questions” had to turn into “Questions about API”
To be honest with you, that’s what we’re figuring out.
I was doing some digging thru the historical Valkryie API and noticed some interesting calls there, for defanging binaries. That’s fascinating; but I should probably ask whether it works or not because uh…incorrectly defanged samples are still detonate-able, and that ends poorly.
For simple tasks as returning verdicts, submitting samples, getting file info, I imagine VC would have an endpoint somewhere for that, no?
For returning endpoint info…We keep a running list of all of the “vulnerabilities” (CVE’s) that are published, so when we fetch and curate these messages, it would be helpful in our workflow to be able to trigger patches, summarize how many devices were patched and etc.
More so just having that metaphorical “moment” with XCITIUM where we open all of your toolbox drawers and check your tool collection before we pull our car in. Hope that makes more sense as to the position. If you have new endpoints or specific features and etc that you’d like to highlight, more than happy to hear about em equally.
I like how you are thinking!
With valkyrie we have
-Dynamic analysis
-Static analysis
-Human analysis
of all executable files. We have many capabilities that we use from AI to Heuristic etc when giving a verdict.
You should be able to give Valkyrie a file it should be able to give you a “trusted verdict” with human validation.
sounds like an interesting project, please keep us fully involved.
The issue we’re having is that XCITIUM’s documentation really isn’t…unified.
If you asked me for the “VT API docs”, I’d send you to VirusTotal API v3 Overview. Following this level of documentation accuracy, I was all but a pro @ their API in…sub 15 minutes. High quality, well-documented, well written.
I’m…one might say having trouble, finding XCITIUM’s equal to this. Does this exist, or is there a “master dashboard” for documentation?
Also, any OF these endpoints, is there any potential changes coming soon to them that would have us checking logs in yknow…less time than preferred, wondering why something’s 500ing? I understand there is some overall brand re-alignment in motion re: XCITIUM/COMODO, BUT, we just need to know beforehand so workflows don’t go dead (ex: API route switching from comodo to xcitium name or changing reference names, etc)
considering your use case:
1- you can check whether a file has verdict or not using
/api/v1/file/query/{SHA1}
2- you can submit files to Valkyrie using
/api/v1/file/scan
3- you can validate a verdict with human experts by sending already analyzed file using
/api/v1/file/sendto/human/analysis
we already have a project to merge all documentation and allow users to access everything from a single location (fully categorized).
CS-29147: API Doc Improvements
@ilgaz I’ve seen this referred to a few times over the last few days- is this project list publicized anywhere? Or even in a restricted area for customers? I’d love to be able to see what’s already being worked on- why make us ring the same bell 15 times if you already know and are working on the issue?
currently not, but we are working on making currently worked projects, next items etc. publicly available so that you can track what we are working on, what we will work on next.
we aim to make this available by the beginning of next week.
Using the built-in tools at Valkyrie Verdict (comodo.com) to test it, that was linked earlier in this forum post. Trying both license id and api key, returns the error mentioned in the screenshot for us.
could you please share full request along with license id and api key and our backend team will check with Valkyrie team in case , they will receive the same error
The…requests being used are the ones built into the trial site. I couldn’t get requests to respond correctly, so tried the test site provided, and requests fail there too using BOTH my apikey and license id, as well as VC key shown in XCS. Neither is able to correctly authenticate, at least for us.
we understand your concern , our team need the full request which you initiated along with license id and api key to investigate further with the valkyrie team , please do share us the same.
Hey Melih, below is a list of things we’d love to complete via the API if it had more functionality - we’re an MSP so have different requirements verses an internal IT team.
Automate the onboarding of customers
If the API had the ability to create customers & create profiles, we could automate the customer setup. Aside from efficiency benefits, we’re removing human error that comes with manual profile creation every time. We could pass through a customised profile that meets our internal standards & have that auto-configured for every customer automatically. Then our technicians only need to create minor adjustments on a per-customer basis.
Deploy large scale profile updates
As an MSP we have many ‘profiles’ in Xcitium that are customised to suit our customer’s requirements. If a new feature is released in Xcitium that we want to include or customise in a profile, we need to manually update every profile. Ideally we can deploy updates to profiles via the API.
Retrieve additional endpoint/compliance information
We utilize the API of other products we resell to customers & this allows us to retrieve detailed information that we use to compile our own client reports. The Xcitium API only has basic information available via the API such as device name, operating system etc. Ideally there’s more information made available such as a list of infections/detections, files detected as unknown & run in containment etc - this would allow us to include Xcitium information on our custom reports that go out to our client base. Taking note that Xcitium does have it’s own report functionality, but as an MSP we can’t send multiple reports for every product we resell to our clients, our approach is typically to utilise the APIs of each product and build our own custom reports.