API complete

5 years ago · 8fe6708917
6 changed files with 149 additions and 25 deletions
--- a/2
+++ b/2
@ -1,8 +1,10 @@
 # Generated by roxygen2: do not edit by hand
 export(packettotal_api_key)
 export(pt_deep_search)
 export(pt_detail)
 export(pt_download)
 export(pt_get_search_results)
 export(pt_info)
 export(pt_random)
 export(pt_search)
--- a/R/deep-search.R
+++ b/R/deep-search.R
@ -0,0 +1,73 @@
 #' Create a new deep search task. Search for a term or with a Lucene query.
 #'
 #' Unlike the more lighweight [pt_search()] results from this endpoint
 #' will be available at the returned URL.
 #'
 #' @param query search term (e.g. an IP address, domain, or file hash) or valid Lucene query
 #' @param api_key your [packettotal_api_key()].
 #' @export
 #' @references <https://packettotal.com/api-docs/#/search
 #' @examples
 #' str(try(pt_deep_search("botnet OR malware"), silent=TRUE), 1)
 pt_deep_search <- function(query, api_key = packettotal_api_key()) {
  httr::POST(
    url = "https://api.packettotal.com/v1/search/deep",
    body = list(
      query = query
    ),
    encode = "json",
    httr::add_headers(
      `x-api-key` = api_key
    ),
    .PACKETTOTAL_UA
  ) -> res
  httr::stop_for_status(res)
  out <- httr::content(res, as = "text", encoding = "UTF-8")
  out <- jsonlite::fromJSON(out)
  class(out) <- "pt_search_result"
  out
 }
 #' @rdname pt_deep_search
 #' @param search_result output from [pt_deep_search()] or a plain search results id
 #' @export
 pt_get_search_results <- function(search_result, api_key = packettotal_api_key()) {
  res_url <- NULL
  if (inherits(search_result, "pt_search_result")) {
    res_url <- sprintf("https://api.packettotal.com%s", search_result$results_uri)
  } else if (is.character(search_result)) {
    search_result <- search_result[1]
    if (grepl("v1/", search_result)) {
      res_url <- sprintf("https://api.packettotal.com%s", search_result)
    } else {
      res_url <- sprintf("https://api.packettotal.com/v1/search/deep/results/%s", search_result)
    }
  }
  if (is.null(res_url)) stop("Unrecognized search result.", call.=FALSE)
  httr::GET(
    url = res_url,
    httr::add_headers(
      `x-api-key` = api_key
    ),
    .PACKETTOTAL_UA
  ) -> res
  httr::stop_for_status(res)
  out <- httr::content(res, as = "text", encoding = "UTF-8")
  out <- jsonlite::fromJSON(out)
  out
 }
--- a/R/search.R
+++ b/R/search.R
@ -29,4 +29,5 @@ pt_search <- function(query, api_key = packettotal_api_key()) {
  out
-}
+}
--- a/README.Rmd
+++ b/README.Rmd
@ -1,7 +1,7 @@
 ---
 output: rmarkdown::github_document
 editor_options: 
-  chunk_output_type: inline
+  chunk_output_type: console
 ---
 ```{r pkg-knitr-opts, include=FALSE}
 knitr::opts_chunk$set(collapse=TRUE, fig.retina=2, message=FALSE, warning=FALSE)
@ -24,16 +24,12 @@ with the information security community in mind and has applications in malware
 analysis and network forensics. Methods are provided to query search for and 
 analyze packet capture files.
 ## TODO
 - `/search/deep/` : <https://packettotal.com/api-docs/#/search/post_search_deep>
 - `/search/deep/results/{search_id}` : <https://packettotal.com/api-docs/#/search/get_search_deep_results__search_id_>
 ## What's Inside The Tin
 The following functions are implemented:
 - `packettotal_api_key`:	Get or set PACKETTOTAL_API_KEY value
 - `pt_deep_search`/`pt_get_search_results`:	Create a new deep search task. Search for a term or with a Lucene query.
 - `pt_detail`:	Get a detailed report of PCAP traffic, carved files, signatures, and top-talkers.
 - `pt_download`:	Download a PCAP analysis archive. The result is a zip archive containing the PCAP itself, CSVs representing various analysis results, and all carved files.
 - `pt_info`:	Get high-level information about a specific PCAP file.
@ -68,6 +64,12 @@ str(pt_random(), 2)
 str(pt_search("evil.com"), 2)
 ```
 ```{r deep-search}
 (res <- pt_deep_search("botnet OR malware"))
 str(pt_get_search_results(res), 2)
 ```
 ```{r info}
 str(pt_info("d210f4dbea97949f694e849507951881"), 2)
 ```
--- a/README.md
+++ b/README.md
@ -17,18 +17,13 @@ built with the information security community in mind and has
 applications in malware analysis and network forensics. Methods are
 provided to query search for and analyze packet capture files.
 ## TODO
  - `/search/deep/` :
    <https://packettotal.com/api-docs/#/search/post_search_deep>
  - `/search/deep/results/{search_id}` :
    <https://packettotal.com/api-docs/#/search/get_search_deep_results__search_id_>
 ## What’s Inside The Tin
 The following functions are implemented:
  - `packettotal_api_key`: Get or set PACKETTOTAL\_API\_KEY value
  - `pt_deep_search`/`pt_get_search_results`: Create a new deep search
    task. Search for a term or with a Lucene query.
  - `pt_detail`: Get a detailed report of PCAP traffic, carved files,
    signatures, and top-talkers.
  - `pt_download`: Download a PCAP analysis archive. The result is a zip
@ -63,16 +58,16 @@ packageVersion("packettotal")
 str(pt_random(), 2)
 ## List of 1
 ##  $ pcap_metadata:List of 11
-##   ..$ md5               : chr "4be31ddcbfe4af10f0fbcb83681d1b67"
+##   ..$ md5               : chr "e205fca1d43f5588afa2ccde979f056a"
-##   ..$ name              : chr "20130820_c_win6_00012_pc.pcap"
+##   ..$ name              : chr "20130820_c_win1_00071_pc.pcap"
-##   ..$ byte_size         : int 1552408
+##   ..$ byte_size         : int 1694276
 ##   ..$ logs              : chr [1:8] "conn" "dns" "weird" "files" ...
-##   ..$ analyzed_date     : chr "2018-10-19 00:50:01"
+##   ..$ analyzed_date     : chr "2018-10-19 05:04:42"
-##   ..$ download_link     : chr "/pcaps/4be31ddcbfe4af10f0fbcb83681d1b67/download"
+##   ..$ download_link     : chr "/pcaps/e205fca1d43f5588afa2ccde979f056a/download"
-##   ..$ analysis_link     : chr "/pcaps/4be31ddcbfe4af10f0fbcb83681d1b67/analysis"
+##   ..$ analysis_link     : chr "/pcaps/e205fca1d43f5588afa2ccde979f056a/analysis"
-##   ..$ similar_pcaps_link: chr "/pcaps/4be31ddcbfe4af10f0fbcb83681d1b67/similar"
+##   ..$ similar_pcaps_link: chr "/pcaps/e205fca1d43f5588afa2ccde979f056a/similar"
-##   ..$ pcap_glyph_link   : chr "https://s3.amazonaws.com/packettotalpub/files/4be31ddcbfe4af10f0fbcb83681d1b67/pcap-mosaic.png"
+##   ..$ pcap_glyph_link   : chr "https://s3.amazonaws.com/packettotalpub/files/e205fca1d43f5588afa2ccde979f056a/pcap-mosaic.png"
-##   ..$ packettotal_link  : chr "https://packettotal.com/app/analysis?id=4be31ddcbfe4af10f0fbcb83681d1b67"
+##   ..$ packettotal_link  : chr "https://packettotal.com/app/analysis?id=e205fca1d43f5588afa2ccde979f056a"
 ##   ..$ message           : chr "This PCAP was selected randomly, since no id was specified."
 ```
@ -87,6 +82,29 @@ str(pt_search("evil.com"), 2)
 ```
 ``` r
 (res <- pt_deep_search("botnet OR malware"))
 ## $search_id
 ## [1] "089f9e75d8142e185e84e8668da4b9b8"
 ## 
 ## $message
 ## [1] "Deep search exists."
 ## 
 ## $results_uri
 ## [1] "/v1/search/deep/results/089f9e75d8142e185e84e8668da4b9b8"
 ## 
 ## attr(,"class")
 ## [1] "pt_search_result"
 str(pt_get_search_results(res), 2)
 ## List of 2
 ##  $ results     :'data.frame':    1819 obs. of  3 variables:
 ##   ..$ id         : chr [1:1819] "bd00b1dca3e5586dccffdc23579b0d39" "ba796317651f2064b1ca193e6e2cf947" "52419b8eba8af8fe502f8be324b67cb8" "da0023e2c4ca40ac480a4fdb930e7745" ...
 ##   ..$ found_in   :List of 1819
 ##   ..$ match_score: num [1:1819] 1584 1079 749 704 653 ...
 ##  $ result_count: int 1819
 ```
 ``` r
 str(pt_info("d210f4dbea97949f694e849507951881"), 2)
 ## List of 1
 ##  $ pcap_metadata:List of 10
@ -132,8 +150,8 @@ str(pt_similar("536cf06ca83704844d789f56caf22ee6"), 2)
 | Lang | \# Files |  (%) | LoC |  (%) | Blank lines |  (%) | \# Lines |  (%) |
 | :--- | -------: | ---: | --: | ---: | ----------: | ---: | -------: | ---: |
-| R    |       12 | 0.92 | 152 | 0.93 |          52 | 0.68 |      111 | 0.67 |
+| R    |       13 | 0.93 | 200 | 0.93 |          69 | 0.73 |      125 | 0.69 |
-| Rmd  |        1 | 0.08 |  12 | 0.07 |          25 | 0.32 |       55 | 0.33 |
+| Rmd  |        1 | 0.07 |  14 | 0.07 |          25 | 0.27 |       55 | 0.31 |
 ## Code of Conduct
--- a/man/pt_deep_search.Rd
+++ b/man/pt_deep_search.Rd
@ -0,0 +1,28 @@
 % Generated by roxygen2: do not edit by hand
 % Please edit documentation in R/deep-search.R
 \name{pt_deep_search}
 \alias{pt_deep_search}
 \alias{pt_get_search_results}
 \title{Create a new deep search task. Search for a term or with a Lucene query.}
 \usage{
 pt_deep_search(query, api_key = packettotal_api_key())
 pt_get_search_results(search_result, api_key = packettotal_api_key())
 }
 \arguments{
 \item{query}{search term (e.g. an IP address, domain, or file hash) or valid Lucene query}
 \item{api_key}{your \code{\link[=packettotal_api_key]{packettotal_api_key()}}.}
 \item{search_result}{output from \code{\link[=pt_deep_search]{pt_deep_search()}} or a plain search results id}
 }
 \description{
 Unlike the more lighweight \code{\link[=pt_search]{pt_search()}} results from this endpoint
 will be available at the returned URL.
 }
 \examples{
 str(try(pt_deep_search("botnet OR malware"), silent=TRUE), 1)
 }
 \references{
 <https://packettotal.com/api-docs/#/search
 }
`@ -29,4 +29,5 @@ pt_search <- function(query, api_key = packettotal_api_key()) {`

	`out`	`out`

	`}`	`}`