Hi all,
When using the Virus Total connector action "Get Analysis Details", the execution output shows the API request is 'queued'. Does anyone have any experience building in steps to keep checking when the status becomes complete?
Using google.ca just as a test in the screenshot.
Thanks in advance,
Nelson
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
My observation is for Get Analysis action when we execute it for a file it takes some couple of minutes to complete depending on the file size, so the status is displayed as 'queued' initially. If we re-execute the same action again after sometime like around 5-10 minutes(in my case) it gets 'completed'.
And if we don't want to re-execute the action again and use the same connector, then here we can use "do until loop" and apply a condition (As shown in the screenshot) where we will keep checking till the status becomes completed and once status is changed to completed then action will be completed with the required output.
jinja entered in "do until" is
vars.steps.Get_Analysis_Details.data.data.attributes.status == queued
Hope this helps.
Thanks,
Junaid
Hey, I guess if VT doing deep analysis, it will provide result in couple of minutes or hours after, it's depends, reason why you have to wait the result till it's "completed" ( by using a "wait" step for checking again )
I guess for such kind of sandboxing it's normal behavior that result is not provided in live
For my part as I cannot wait, I doing some deep analysis w/ capabilities that provide a "fast" scan, means you are getting the result in real time maybe w/ less data, but w/o need to wait ...
For instance Hybrid Analysis provide a fast scan, URLSCAN.IO also, but Falcon Sandow does not ... I don't know for Joe sandbox
Hope it can help
Fabien
Hello,
My observation is for Get Analysis action when we execute it for a file it takes some couple of minutes to complete depending on the file size, so the status is displayed as 'queued' initially. If we re-execute the same action again after sometime like around 5-10 minutes(in my case) it gets 'completed'.
And if we don't want to re-execute the action again and use the same connector, then here we can use "do until loop" and apply a condition (As shown in the screenshot) where we will keep checking till the status becomes completed and once status is changed to completed then action will be completed with the required output.
jinja entered in "do until" is
vars.steps.Get_Analysis_Details.data.data.attributes.status == queued
Hope this helps.
Thanks,
Junaid
Created on 03-08-2024 06:45 AM Edited on 03-08-2024 07:01 AM
Thanks Jtamboli, this is brilliant - exactly the logic I was looking for. I hadn't thought of using a do until loop so thanks for pointing that out. I tested it out and it works if I set the condition to
vars.steps.Get_Analysis_Details.data.data.attributes.status == completed
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.