robust-atd is an *UnOfficial/Unsupported* Command line tools for managing McAfee ATD – Advanced Threat Defense API malware submissions.
“Robust” is a set of tools to leverage the HTTPS REST API of the McAfee Advanced Threat Detection 3.8 – 4.x appliance.
+ robust : basic cli submission of a single piece of malware to a MATD server.
+ robust-profiles : list the available MATD profiles
+ robust-search : search MATD via MD5 for a report.
+ robust-watchdog : monitor a directory for files and submit multithreaded to MATD
+ robust-convict : submit multithreaded a directory filled with samples and sort into malicious, clean, error, etc.
+ robust-reporter : parse offline the json files returned during large batch submissions.
+ robust-version-checker : Check the MATD Server Version
This is not a supported or official application of McAfee. This work is based off of publicly available published documentation for integrating with the McAfee ATD REST API 3.6.x to 4.x
Official API Documentation is available here:
McAfee ATD – Advanced Threat defense
McAfee ATD is a commercial grade enterprise security sandbox analysis appliance. It main function is to provide advanced detection for stealthy, zero-day malware. McAfee Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace.
+ Python 2.7.x
Use and Download:
git clone https://github.com/shadowbq/robust-atd && cd robust-atd
python setup.py install
python robust.py -h
python robust-version-checker.py -u robust -p password. -i atd.example.com -n