Analysis Report Format

The Analyst API uses different internal analysis engines to analyze a submission of a supported type. The analysis engine determines the fields in the report and the report’s format.

Report contents

• uuid.

  Type: Hexadecimal string.

  Example: 2fbffe68406f500f3e3ef9c:ba675cc0ey-qSdKdW1_rEA.

  Unique identifier for the analysis report. This value can be used to retrieve result artifacts or analysis metadata (see get_result_artifact()).

• format.

  Type: Dictionary.

  • name.

    Type: String.

    Example: “ll-int-win”.

    Example: “ll-int-osx”.

    Example: “ll-win-timeline-based”.

    Example: “ll-osx-timeline-based”.

    Example: “ll-int-win-doc”.

    Example: “ll-int-apk”.

    Example: “ll-web”.

    Example: “ll-doc”.

    Format of the analysis report. This value can be used to determine the expected values in addition to uuid and format. For details on each report format, see Report Format ll-int-win, Report Format ll-int-osx, Report Format ll-int-win-doc, Report Format ll-int-apk, Report Format ll-int-archive, Report Format ll-web, Report Format ll-static, Report Format ll-ioc-json, Report Format ll-win-timeline-based, Report Format ll-osx-timeline-based, Report Format ll-pcap, and Report Format ll-flash, Report Format ll-doc.

    Note: Reports in format ll-win-timeline-thread-based are identical to reports in format ll-win-timeline-based. The latter is merely a backwards-compatible naming for the former.

  • major_version.

    Type: Integer.

    Example: 1.

    Major part of the report version with format <major>.<minor>.<build>.

  • minor_version.

    Type: Integer.

    Example: 1.

    Minor part of the report version with format <major>.<minor>.<build>.

  • build_version.

    Type: Integer.

    Example: 0.

    Build part of the report version with format <major>.<minor>.<build>.