The legacy Detonation API allows you to programmatically submit a file for detonation, in addition to retrieving the results.

Access the API

Use the following information to access the API:

https://app.stairwell.com/v202112/detonations/<SHA256 HASH>
Authentication: Pass Authorization header with your Auth Token

You will leverage the same API endpoint (https://app.stairwell.com/v202112/detonations) for submitting and retrieving detonation results. The only difference is that you will send a POST for submitting a file for detonation, and will render a GET for retrieving results.

Please note that detonation may take a few minutes to run. It is best practice to wait a few minutes between submitting a file for detonation and retrieving results. You will notice the “overview" and "raw_triage_reports" properties in the API response when fetching the results, which is an indication that the detonation has been completed.

Example of submitting a file for detonation:

curl -X POST -H "Authorization: YOURAPIKEY" https://app.stairwell.com/v202112/detonations/&lt;SHA256 HASH&gt;\

Note: Make sure to render a POST when submitting a file.

Example output of successfully submitting a file for detonation:

{  
"submit_detonation":  
{  
"body":  
{  
},  
"headers":  
{  
"content-type":  
"application/json"  
,  
"strict-transport-security":  
"max-age=63072000"  
,  
"date":  
"Wed, 31 Aug 2022 16:45:37 GMT"  
,  
"content-length":  
"57"  
,  
"via":  
"1.1 google"  
,  
"alt-svc":  
"h3=":443"; ma=2592000,h3-29=":443"; ma=2592000"  
},  
"status":200  
}  
}

Example of retrieving detonation results:

curl -X GET -H "Authorization: YOURAPIKEY" https://app.stairwell.com/v202112/detonations/&lt;SHA256 HASH&gt;

Note: Make sure to render a GET for retrieving results.

Example output of successfully retrieving a detonation:

{  
"get_detonation":  
{  
"body":  
{  
"link":  
"https://private.tria.ge/220831-t9pc2apvk8"  
,  
"sample_id":  
"220831-t9pc2apvk8"  
,  
"object_id":  
"87e6f28f1289b045852f186e6f728930af202c50a288b6eba75443ce56980b34"  
,  
"tags":  
[  
],  
"overview":  
{"tasks": [{"kind": "behavioral", "name": "behavioral1", "tags": ["discovery"], "score": 7, "sample": "220831-t9pc2apvk8", "status": "reported", "target": "filename.exe", "backend": "sbx4m9", "resource": "win7-20220806-en"}, {"kind": "behavioral", "name": "behavioral2", "tags": ["discovery"], "score": 7, "sample": "220831-t9pc2apvk8", "status": "reported", "target": "filename.exe", "backend": "sbx4m9", "resource": "win10-20220806-en"}, {"kind": "static", "name": "static1", "sample": "220831-t9pc2apvk8", "status": "reported"}], "sample": {"id": "220831-t9pc2apvk8", "md5": "674fcd56fd8e862670c8c009a1638993", "sha1": "5f95b0d277b78fa81864841c1408a24b42a2eddd", "size": 14683976, "score": 7, "sha256": "87e6f28f1289b045852f186e6f728930af202c50a288b6eba75443ce56980b34", "sha512": "5c7761c9185bd0d9ea4ddd6b69b078764ce7cd5d03c1a530afe047496c45c4004259f068bfcbf764ec75f2a393467acf2c08c7542d01c0393f56b3e0126cf52e", "target": "filename", "created": "2022-08-31T16:45:36Z", "completed": "2022-08-31T16:48:16Z"}, "targets": [{"md5": "674fcd56fd8e862670c8c009a1638993", "sha1": "5f95b0d277b78fa81864841c1408a24b42a2eddd", "size": 14683976, "tags": ["discovery"], "score": 7, "tasks": ["behavioral1", "behavioral2"], "sha256": "87e6f28f1289b045852f186e6f728930af202c50a288b6eba75443ce56980b34", "sha512": "5c7761c9185bd0d9ea4ddd6b69b078764ce7cd5d03c1a530afe047496c45c4004259f068bfcbf764ec75f2a393467acf2c08c7542d01c0393f56b3e0126cf52e", "target": "filename", "signatures": [{"name": "Loads dropped DLL", "score": 7}, {"ttp": ["T1012"], "desc": "Looks up Uninstall key entries in the registry to enumerate software on the system.", "name": "Checks installed software on the system", "tags": ["discovery"], "label": "checks_uninstall_regkeys", "score": 6}, {"name": "Suspicious behavior: EnumeratesProcesses"}, {"name": "Suspicious use of AdjustPrivilegeToken"}, {"name": "Suspicious use of WriteProcessMemory"}]}], "version": "0.2.3", "analysis": {"tags": ["discovery"], "score": 7}}  
,  
"raw_triage_reports":  
{  
}  
},  
"headers":  
{  
},  
"status":200  
}  
}