PacketTotal API Module

This module provides a basic interface for working with the PacketTotal API.

class packettotal_sdk.packettotal_api.PacketTotalApi(api_key: str)[source]

Client that provides search/analysis capabilities

Sign up here: https://www.packettotal.com/api.html

analyze(pcap_file_obj: BinaryIO, pcap_name=None, pcap_sources=None) → requests.models.Response[source]

Publicly analyze a PCAP file

Parameters

  • pcap_file_obj – A file like object that provides a .read() interface (E.G open(‘path_to_pcap.pcap, ‘rb’) )

  • pcap_name – The optional name of the pcap file, if none is given the md5 hash of the PCAP is used

  • pcap_sources – The optional list of URLs referencing making reference to the PCAP file

Returns

A request.Response instance, containing information such as where the finished analysis can be found

deep_search_create(query: str) → requests.models.Response[source]

Create a new deep search task. Search for a term or with a Lucene query. Deep searches run longer and can return more results than a normal search. The are executed asyncronously, and results must be fetched later using the resulting search_id https://www.packettotal.com/api-docs/#/search/post_search_deep

Parameters

query – A search term, such as an IP address or file hash.

Returns

A request.Response instance, containing the corresponding search_id, which can be used to retrieve

results at a later point

deep_search_get(search_id: str, pretty=False) → requests.models.Response[source]

Get the results from a deep search task. https://www.packettotal.com/api-docs/#/search/get_search_deep_results__search_id_

Parameters

  • search_id – An id corresponding to the search you previously created.

  • pretty – True, if you wish the response.text to be human readable

Returns

A request.Response instance, containing the results of the initial deep search query

pcap_analysis(pcap_md5: str) → requests.models.Response[source]

Get a detailed report of PCAP traffic, carved files, signatures, and top-talkers. https://www.packettotal.com/api-docs/#/pcaps/get_pcaps__pcap_id__analysis

Parameters

pcap_md5 – An md5 hash corresponding to the PCAP file submission on PacketTotal.com

Returns

A request.Response instance, containing more detailed information about the contents of a PCAP file

pcap_download(pcap_md5: str) → requests.models.Response[source]

Download a PCAP analysis archive. The result is a zip archive containing the PCAP itself, CSVs representing various analysis results, and all carved files. https://www.packettotal.com/api-docs/#/pcaps/get_pcaps__pcap_id__download

Parameters

pcap_md5 – An md5 hash corresponding to the PCAP file submission on PacketTotal.com

Returns

A request.Response instance, containing the download zip archive

pcap_info(pcap_md5: str) → requests.models.Response[source]

Get high-level information about a specific PCAP file. https://www.packettotal.com/api-docs/#/pcaps/get_pcaps__pcap_id_

Parameters

pcap_md5 – An md5 hash corresponding to the PCAP file submission on PacketTotal.com

Returns

A request.Response instance, containing high-level metadata about a PCAP submission

pcap_similar(pcap_md5: str, intensity='low', weighting_mode='behavior', prioritize_uncommon_fields=False, pretty=False) → requests.models.Response[source]

Get a similarity graph relative to the current PCAP file. https://www.packettotal.com/api-docs/#/pcaps/get_pcaps__pcap_id__similar

Parameters

  • pcap_md5 – An md5 hash corresponding to the PCAP file submission on PacketTotal.com

  • intensity – [minimal|low|medium|high] The scope of the search, basically translates to the maximum number

of aggregations to exhaust. :param weighting_mode: [behavior|content] Weight search results either based on their similarity to the behaviors exhibited or contents contained within the current PCAP file. :param prioritize_uncommon_fields: By default, the most common values are used to seed the initial similarity search. Enabling this parameter, seeds the initial search with the least common values instead. :param pretty: True, if you wish the response.text to be human readable :return: A request.Response instance, containing a graph of similar pcaps with matched terms

search(query: str, pretty=False) → requests.models.Response[source]

Search with term or with a valid Lucene query. https://www.packettotal.com/api-docs/#/search/get_search

Parameters

  • query – A search term, such as an IP address or file hash.

  • pretty – True, if you wish the response.text to be human readable

Returns

A request.Response instance, containing the results of the search query

set_api_key(api_key) → None[source]

Set the API key

Parameters

api_key – An API authentication token

set_version(version: str) → None[source]

Set the API version

Parameters

version – The version prefix for the API (E.G v1)

usage() → requests.models.Response[source]

Retrieve API usage and subscription plan information. https://www.packettotal.com/api-docs/#/usage/get_usage

Returns

A request.Response instance, containing information about requests made, and your current subscription