Help
FortiSandbox
FortiSandbox provides a solution to protect against advanced threats and ransomware for companies who don’t want to implement and maintain a sandbox environment on their own.
Ted
Staff
Staff

Created on ‎09-22-2025 01:49 AM

Article Id 411553

Technical Tip: Submitting a scan file to FortiSandbox via cURL

Description

This article describes how to upload a scan file under 20MB to FortiSandbox via cURL. FortiSandbox supports submitting a file via API for analysis. If a scan file is under 20 MB, an API client can send an API request without including an HTTP body as a multi-part file, but load a file in BASE64 encoded format.
Scope FortiSandbox.
Solution

To submit a file using either cURL, Postman, or Python's requests library, need to build a request body similar to the following JSON object:

 

data = {

"file": <base64 encoded file>,
"filename": <base64 encoded file name>,
"skip_steps": "<skip_steps>",
"url": "/alert/ondemand/submit-file",
"type": "file",
"server_type": "",
"depth": "1",
"skip_steps": "",
"overwrite_vm_list": "",
"malpkg": 0,
"vrecord": "0",
"forcedvm": 0,
"enable_ai": 0,
"archive_password": "",
"timeout": "3600",
"session": <api_token>

}

 

To fill up 'file' and 'filename' values, respectively, in the payload:

  • Encodes the file's contents in Base64.


base64 <file name>

 

  • Encodes the text of the file name, not the file contents.


echo "<file name>" | base64

 

fsa1.png

 

cURL commands:

  1. File submission:


curl -k -X POST https://<FSA IP>:<port>/jsonrpc -H "'content-type': 'application/json', 'user-agent': 'advanced-rest-client', 'accept': '*/*', 'content-length': '100'"-d '{"method": "set", "params": [{"file": "<base64 encoded file>","filename": "<base64 encoded file name>","skip_steps": "2","url": "/alert/ondemand/submit-file","type": "file","overwrite_vm_list": "","archive_password": "","malpkg": 0,"timeout": "3600","vrecord": "0","enable_ai": 0,"forcedvm": 0,"browser": 0}],"session": "<session key>","id": "11","version": "4.2.4"}'

 

  1. Retrieving job IDs for the submission ID:


curl -k -X POST https://<FSA IP>:<port>/jsonrpc -H "'content-type': 'application/json', 'user-agent': 'advanced-rest-client', 'accept': '*/*', 'content-length': '100'" -d '{"method": "get","params": [{"url": "/scan/result/get-jobs-of-submission","sid": "<submission ID>"}],"session": "<session key>","id": "17","version": "4.2.4"}'

  1. Retrieving job verdict detail for the job ID:

 

curl -k -X POST https://<FSA IP>:<port>/jsonrpc -H "'content-type': 'application/json', 'user-agent': 'advanced-rest-client', 'accept': '*/*', 'content-length': '100'" -d '{"method": "get","params": [{"url": "/scan/result/job","jid": "<job ID>"}], "session": "<session key>","id": "17","version": "4.2.4"}'

 

Examples:

 

94100bb5-3e99-4e38-970f-121b227e4c70.png

 

  1. File Submission:

curl -k -X POST https://192.168.11.90:443/jsonrpc -H "'content-type': 'application/json', 'user-agent': 'advanced-rest-client', 'accept': '*/*', 'content-length': '100'" -d '{"method": "set", "params": [{"file": "VGhpcyBmaWxlIHJlcXVpcmVkIHRvIEZTQSBzY2FuLgo=","filename": "c2Nhbl9maWxlLnR4dAo=","skip_steps": "2","url": "/alert/ondemand/submit-file","type": "file","overwrite_vm_list": "","archive_password": "","malpkg": 0,"timeout": "3600","vrecord": "0","enable_ai": 0,"forcedvm": 0,"browser": 0}],"session": "46659de96e059df78b04086f111765c2","id": "11","version": "4.2.4"}'

{"id": 11, "result": {"url": "/alert/ondemand/submit-file", "status": {"code": 0, "message": "OK"}, "data": {"msg": "File was submitted successfully", "error": "", "sid": "7872904740695026069"}}}

  1.  
  2. A Job ID for the Submission ID:

    curl -k -X POST https://192.168.11.90:443/jsonrpc -H "'content-type': 'application/json', 'user-agent': 'advanced-rest-client', 'accept': '*/*', 'content-length': '100'" -d '{"method": "get","params": [{"url": "/scan/result/get-jobs-of-submission","sid": "7872904740695026069"}],"session": "46659de96e059df78b04086f111765c2","id": "17","version": "4.2.4"}'

    {"id": 17, "result": {"url": "/scan/result/get-jobs-of-submission", "status": {"code": 0, "message": "OK"}, "data": {"jids": ["7872904758223138269"], "total_jids": 1}}}

  3. A verdict for the Job ID:

curl -k -X POST https://192.168.11.90:443/jsonrpc -H "'content-type': 'application/json', 'user-agent': 'advanced-rest-client', 'accept': '*/*', 'content-length': '100'" -d '{"method": "get","params": [{"url": "/scan/result/job","jid": "7872904758223138269"}],"session": "46659de96e059df78b04086f111765c2","id": "17","version": "4.2.4"}'

 

{"id": 17, "result": {"url": "/scan/result/job", "status": {"code": 0, "message": "OK"}, "data": {"jid": "7872904758223138269", "start_ts": 1758263371, "finish_ts": 1758263372, "untrusted": 0, "now": 1758263478, "rating": "Clean", "score": 0, "sha256": "1c465713d565ab3bca635ff4f3f8858b0366074126e1c0c46a8f1b1c6aab5fa8", "sha1": "1f4bd293cc4d7389d9dd88d0fe19578adb6f0f01", "malware_name": "N/A", "vid": 0, "infected_os": "", "detection_os": "", "rating_source": "Static Scan Engine", "category": "NotApplicable", "detail_url": "https://192.168.11.90/job-detail/?sid=7872904740695026069&jid=7872904758223138269&req_type=file-csea...", "download_url": "c2Nhbl9maWxlLnR4dAo=", "false_positive_negative": 0}}}
53
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.