Cloud Sandbox file submission API example

Hello Zscaler Cloud Sandbox users,
I was recently presented with a request to submit files to our Cloud Sandbox using our recently released API.
While our documentation covers everything a developer would need to know, there was not a simple walkthrough of how to submit a file.
https://help.zscaler.com/zia/api
https://help.zscaler.com/zia/getting-started-zia-api

For starters, Cloud Sandbox uses a different API base URL.

If you are accessing the Cloud Sandbox Submission API, your host and basePath is csbapi.<Zscaler Cloud Name>/zscsb . (e.g., csbapi.zscalerbeta.net/zscsb ).

Cloud Sandbox also uses a different API key than the rest of the public APIs and must be enabled separately. For subscribers of Zscaler’s Advanced Cloud Sandbox SKU, a support ticket requesting this API key is all that is needed. When opening a support ticket mention that you need the “Cloud Sandbox file submission API key.”

Sandbox API key

Click on the eyeball to view the API key.

You can then use a CURL command to send a file to sandbox using the following command:

curl -k --location --request POST “https://csbapi.zscalertwo.net/zscsb/submit?force=0&api_token=XXXXXXXXX” --data-binary @MalDoc.docx

Replace zscalertwo with the actual cloud name and the X’s with the API token.

If the command was successful, the API service should receive a 200 OK and the MD5 of the file.

chris@ % curl -k --location --request POST “https://csbapi.zscalertwo.net/zscsb/submit?force=0&api_token=XXXXXXXXXXX” --data-binary @MalDoc.docx
{
“code”: 200,
“message”: “/submit response OK”,
“virusName”: “CVE180802”,
“virusType”: “Virus”,
“fileType”: “encrpt”,
“md5”: “BD74930ECC1B91CAFA74E1B0268650AF”,
“sandboxSubmission”: “Virus”
}%

Hope this helps!

Warm Regards,
Chris

6 Likes

@Chris_Louie this is EXCELLENT! Works like a charm. FYI, this will not work on a TRIAL license of Z-BA until https://jira.corp.zscaler.com/browse/BUG-105588 is resolved.

@Chris_Louie thank you, it helped me to save a lot of time!
Alternatively you can use Postman with the following. I used the force=1 value to make sure the detonation is triggered.

Hi Charles,
Thank you for that tip. I have not had an occasion to use the force=1 flag, but will test it when I do need it.

Warm Regards,
Chris

@Chris_Louie does this require a subscription outside of advance cloud sandbox? I don’t have the Sandbox API token option even though I have advanced cloud sandbox.

Hi Fahad,
If you open a ticket with support and request the Sandbox API key, they should be able to provision it for you. You need to specify that it is for Cloud Sandbox file submission API key and not just general API key.

Warm Regards,
Chris