PSGlimpsMalware

1.0.3.1

Public/Get-GlimpsMalwareReport.ps1

                                function Get-GlimpsMalwareReport {

    <#

    .SYNOPSIS

    Get the report from Glimps Malware API

    .DESCRIPTION

    Get the report from Glimps Malware API

    .PARAMETER UUID

    Hash of the File

    .PARAMETER File

    File information pointing on the uploaded file

    .PARAMETER Wait

    Wait for result if analysis is pending

    .PARAMETER TimeOut

    Timeout (in s) before stop waiting

    .PARAMETER Interval

    Interval between each attempts

    .EXAMPLE

    .NOTES

    #>

    [CmdletBinding(DefaultParameterSetName = 'none')]

    Param(<#

        [Parameter(Mandatory, ParameterSetName = "UUID", ValueFromPipeline, ValueFromPipelineByPropertyName)]

        #[ValidatePattern('(\{|\()?[A-Za-z0-9]{4}([A-Za-z0-9]{4}\-?){4}[A-Za-z0-9]{12}(\}|\()?')]

        [string] $UUID,#>

        [Parameter(Mandatory, ParameterSetName = "UUID", ValueFromPipeline, ValueFromPipelineByPropertyName, Position = 0)]

        [ValidatePattern('(\{|\()?[A-Za-z0-9]{4}([A-Za-z0-9]{4}\-?){4}[A-Za-z0-9]{12}(\}|\()?')]

        [string[]] $UUIDs ,

        [Parameter(ValueFromPipeline, ValueFromPipelineByPropertyName)]

        [switch] $Wait,

        [Parameter(ValueFromPipeline, ValueFromPipelineByPropertyName)]

        [int] $TimeOut = 1800,

        [Parameter(ValueFromPipeline, ValueFromPipelineByPropertyName)]

        [int] $interval = 30

    )

    Begin {

        Test-GlimpsMalwareConnection

    }

    Process {

        $results = [System.Collections.ArrayList]@()

        $start = Get-Date

        Try {

            foreach ($uuid in $UUIDs) {

                $params = @{

                    Method      = "GET"

                    Uri         = $($_ApiURL.AbsoluteUri + "results/$uuid")

                    Headers     = @{"Accept"="application/json"; "X-Auth-Token"=$(New-Object PSCredential 0, $_ApiKey).GetNetworkCredential().Password}

                }

                Do {

                    Try {

                        Write-Verbose "Request report for $uuid"

                        $WebResponse = Invoke-WebRequest @params

                    } Catch {

                        throw "Unknown problem result retrieval for uuid $($uuid): $_"    

                    }

                    Try {

                        Write-Verbose "Response $($WebResponse.Content)"

                        $response = $WebResponse.Content | ConvertFrom-Json

                        if ($response.uuid -eq $uuid) {

                            if ($Wait -eq $true -and (-not $response.done) -and ($($(get-date) - $start).TotalSeconds -lt $Timeout)) {

                                Write-Verbose "Report still not ready $($response.done). Elapsed: $($response.duration). Waiting ${interval}/${TimeOut}s"

                                Start-Sleep $interval

                                $continue = $true

                            } else {

                                $continue = $false

                                $results.Add($response) | Out-Null

                            }                      

                        } else {

                            throw "Unknown problem result retrieval $($WebResponse.Content)"                 

                        }

                    } Catch {

                        throw "Can't parse content $($WebResponse.Content): $_"

                    }

                } While ($continue)

            }

            Write-Verbose "Return $($results.Count)"

            $results

        } Catch {

            Write-Verbose "Response $($WebResponse.Content)"

            $details = $_.Exception

            throw $details

        }

    }

}