fix(offline-scans): Send autoruns info from offline scan

intezer · Jan 7, 2025 · 5d38dbd · 5d38dbd
1 parent 4c9391d
commit 5d38dbd
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 1 deletion.
diff --git a/intezer_sdk/__init__.py b/intezer_sdk/__init__.py
@@ -1 +1 @@
-__version__ = '1.21.8'
+__version__ = '1.21.9'
diff --git a/intezer_sdk/_endpoint_analysis_api.py b/intezer_sdk/_endpoint_analysis_api.py
@@ -62,6 +62,12 @@ def send_scheduled_tasks_info(self, scheduled_tasks_info: dict):
                                                                   method='POST')
         raise_for_status(response)
 
+    def send_autoruns_info(self, autoruns_info: dict):
+        response = self.request_with_refresh_expired_access_token(path='/autoruns-info',
+                                                                  data=autoruns_info,
+                                                                  method='POST')
+        raise_for_status(response)
+
     def send_file_module_differences(self, file_module_differences: dict):
         response = self.request_with_refresh_expired_access_token(path='/file-module-differences',
                                                                   data=file_module_differences,

diff --git a/intezer_sdk/endpoint_analysis.py b/intezer_sdk/endpoint_analysis.py
@@ -137,6 +137,7 @@ def _send_analyze_to_api(self, **additional_parameters) -> str:
 
             self._send_host_info()
             self._send_scheduled_tasks_info()
+            self._send_autoruns_info()
             self._send_processes_info()
             self._send_loaded_modules_info()
             self._send_files_info_and_upload_required()
@@ -198,6 +199,19 @@ def _send_scheduled_tasks_info(self):
         except BaseException:
             logger.warning(f'Endpoint analysis: {self.analysis_id}, failed to upload scheduled tasks info')
 
+    def _send_autoruns_info(self):
+        autoruns_info_path = os.path.join(self._offline_scan_directory, 'autoruns_info.json')
+        if not os.path.isfile(autoruns_info_path):
+            return
+        logger.info(f'Endpoint analysis: {self.analysis_id}, uploading autoruns info')
+        try:
+            with open(autoruns_info_path, encoding='utf-8') as f:
+                autoruns_info = json.load(f)
+            self._scan_api.send_autoruns_info(autoruns_info)
+        except BaseException:
+            logger.warning(f'Endpoint analysis: {self.analysis_id}, failed to upload autoruns info')
+
+
     def _send_loaded_modules_info(self):
         logger.info(f'Endpoint analysis: {self.analysis_id}, uploading loaded modules info')
         unified_modules_file_path = os.path.join(self._offline_scan_directory, 'all_loaded_modules_info.json')