Forum Discussion
Files query
Hi,
I'm brand new to Defender API and I've got 2 stupid questions:
1) Are you meant to specify the hash type of a file that I'm searching for?
For example, I'm using the UK API I use this:
https://api-uk.securitycenter.windows.com/api/files/
If add this sha256 hash on the end:
a5516c47fda1033a8212d76ba38ef5d9ec129c6369a73377a204268c16168202
I get no results
If I add this sha1 hash instead:
93ff13c276abb159853cc8cbd8f6ef2fb1d6729f
I get results - BUT part of those results included the initial hash which returned no results!!
Part of the results also includes the md5 version
(b014dc168f69166be8e844f78ce5e7f2)
Again, if I search for that, I also get no results.
What am I missing? Am I meant to supply the hash type?
2) Sorry for this one - am I able to supply the get query with either a list or a call to an external txt\csv file to search for multiple hashes?
Thanks for your time, sorry for the nooby questions.
- Hi CodnChips
Try to leave out the Tenant name at the front of the URL - api-uk?
It might be better to step back a level or so - what are you trying to achieve?
Cheers,
Dave CI've found the answer to part 1 - you can't specify MD5 hashes in the GET:
So I just need some wisdom on if I can provide multiple GETs in one shot or call a list\txt file that contains multiple hashes to search for.
- David_Caddick
Hey Dave, thanks for your reply.
A different security product vendor wants to sell us a service and I'm looking to ratify their findings and determine if our Defender would know about the malicious files.
Part 1
They've provided me a list of MD5 hashes, which return no results through the API explorer. Where I've acquired the SHA256 equivalent, I get a result hit, which includes the exact MD5 hash I'd searched for (that returned no results). Therefore I don't understand the search logic.
Part 2
If I had a list\txt\csv of hashes, how can I call it into a query so that I don't have to perform a single query for every hash in the list?
Thankyou
