API Reference
Trust CenterTourStatusPageSupport

Detonation API

Note that our newer TriggerObjectDetonation and GetObjectDetonation endpoints are available under 'Objects' in our API Reference.

The legacy Detonation API allows you to programmatically submit a file for detonation, in addition to retrieving the results.

Access the API

Use the following information to access the API:

You will leverage the same API endpoint (https://app.stairwell.com/v202112/detonations) for submitting and retrieving detonation results. The only difference is that you will send a POST for submitting a file for detonation, and will render a GET for retrieving results.

Please note that detonation may take a few minutes to run. It is best practice to wait a few minutes between submitting a file for detonation and retrieving results. You will notice the “overview" and "raw_triage_reports" properties in the API response when fetching the results, which is an indication that the detonation has been completed.

Example of submitting a file for detonation:

curl -X POST -H "Authorization: YOURAPIKEY" <https://app.stairwell.com/v202112/detonations/><SHA256 HASH>\

Note: Make sure to render a POST when submitting a file.

Example output of successfully submitting a file for detonation:

{  
"submit_detonation":  
{  
"body":  
{  
},  
"headers":  
{  
"content-type":  
"application/json"  
,  
"strict-transport-security":  
"max-age=63072000"  
,  
"date":  
"Wed, 31 Aug 2022 16:45:37 GMT"  
,  
"content-length":  
"57"  
,  
"via":  
"1.1 google"  
,  
"alt-svc":  
"h3=":443"; ma=2592000,h3-29=":443"; ma=2592000"  
},  
"status":200  
}  
}

Example of retrieving detonation results:

curl -X GET -H "Authorization: YOURAPIKEY" <https://app.stairwell.com/v202112/detonations/><SHA256 HASH>

Note: Make sure to render a GET for retrieving results.

Example output of successfully retrieving a detonation:

{  
"get_detonation":  
{  
"body":  
{  
"link":  
"<https://private.tria.ge/220831-t9pc2apvk8">  
,  
"sample_id":  
"220831-t9pc2apvk8"  
,  
"object_id":  
"87e6f28f1289b045852f186e6f728930af202c50a288b6eba75443ce56980b34"  
,  
"tags":  
[  
],  
"overview":  
"{"tasks": \[{"kind": "behavioral", "name": "behavioral1", "tags": ["discovery"], "score": 7, "sample": "220831-t9pc2apvk8", "status": "reported", "target": "filename.exe", "backend": "sbx4m9", "resource": "win7-20220806-en"}, {"kind": "behavioral", "name": "behavioral2", "tags": ["discovery"], "score": 7, "sample": "220831-t9pc2apvk8", "status": "reported", "target": "filename.exe", "backend": "sbx4m9", "resource": "win10-20220806-en"}, {"kind": "static", "name": "static1", "sample": "220831-t9pc2apvk8", "status": "reported"}], "sample": {"id": "220831-t9pc2apvk8", "md5": "674fcd56fd8e862670c8c009a1638993", "sha1": "5f95b0d277b78fa81864841c1408a24b42a2eddd", "size": 14683976, "score": 7, "sha256": "87e6f28f1289b045852f186e6f728930af202c50a288b6eba75443ce56980b34", "sha512": "5c7761c9185bd0d9ea4ddd6b69b078764ce7cd5d03c1a530afe047496c45c4004259f068bfcbf764ec75f2a393467acf2c08c7542d01c0393f56b3e0126cf52e", "target": "filename", "created": "2022-08-31T16:45:36Z", "completed": "2022-08-31T16:48:16Z"}, "targets": \[{"md5": "674fcd56fd8e862670c8c009a1638993", "sha1": "5f95b0d277b78fa81864841c1408a24b42a2eddd", "size": 14683976, "tags": ["discovery"], "score": 7, "tasks": ["behavioral1", "behavioral2"], "sha256": "87e6f28f1289b045852f186e6f728930af202c50a288b6eba75443ce56980b34", "sha512": "5c7761c9185bd0d9ea4ddd6b69b078764ce7cd5d03c1a530afe047496c45c4004259f068bfcbf764ec75f2a393467acf2c08c7542d01c0393f56b3e0126cf52e", "target": "filename", "signatures": \[{"name": "Loads dropped DLL", "score": 7}, {"ttp": ["T1012"], "desc": "Looks up Uninstall key entries in the registry to enumerate software on the system.", "name": "Checks installed software on the system", "tags": ["discovery"], "label": "checks_uninstall_regkeys", "score": 6}, {"name": "Suspicious behavior: EnumeratesProcesses"}, {"name": "Suspicious use of AdjustPrivilegeToken"}, {"name": "Suspicious use of WriteProcessMemory"}]}], "version": "0.2.3", "analysis": {"tags": ["discovery"], "score": 7}}"  
,  
"raw_triage_reports":  
{  
}  
},  
"headers":  
{  
},  
"status":200  
}  
}