Telepath API
- class synmods.yara.service.YaraApi
Bases:
StormSvc,CellApiA Telepath API for the Yara service.
- async addYaraJob(rules)
Add a new Yara match job.
- Parameters:
rules (list) – List of (rule id, rule text, rule version) tuples.
- Returns:
Swarm job id.
- Return type:
str
- async addYaraWork(jobid, sha256)
Add a new Yara match work item to an existing match job.
- Parameters:
jobid (str) – Swarm job id.
sha256 (str) – SHA256 of the file to analyze for matches.
- Returns:
Swarm work id.
- Return type:
str
- async getYaraErr(text)
Validate a Yara rule by compiling it and returning syntax errors if any.
- Parameters:
text (str) – Yara rule to validate.
- Returns:
Rule compile error or None if no error.
- Return type:
str
- async initJobQueue(name, desc=None)
Initialize a Swarm job queue.
- Parameters:
name (str) – Job queue name.
desc (str or None) – Optional description for the job queue.
- async initRetnChan(chan, desc=None)
Initialize a Swarm return channel.
- Parameters:
chan (str) – Return channel name.
desc (str or None) – Optional return channel description.
- async iterJobRetn(jobid, offs=0, wait=True)
Iterate completed work items for a job.
- Parameters:
jobid (str) – Swarm job id.
offs (int) – Offset to start iterating from.
wait (bool) – If False, return once the job is no longer running
- Yields:
tuple – Offset, work id, and return for a completed work unit.
- async iterRetnChan(chan, offs=0)
Iterate completed work items from a Swarm return channel.
- Parameters:
chan (str) – GUID for the Swarm return channel.
offs (int) – Offset to start iterating from.
- Yields:
tuple – Offset, work id, and return for a completed work unit.
- async setJobFull(jobid)
Set a Swarm job as “full” which allows the job to complete once all the work is done.
- Parameters:
jobid (str) – Swarm job id.