Behind the curtains: capabilities of the FileScan.IO backend

It's been way too long since we published a blogpost, but our product management and R&D team has been quite busy over the past year. Our main focus has been around hardening the analysis engine, supporting additional threat types (e.g. our newly added URL analysis capability), growing the community and building an enterprise grade product. In this short blogpost, we will start out our blog revival and showcase a few capabilities of the admin panel / backend. Something most users have not seen yet, as it is only available to admins. Duh. ;)

Accessing the admin panel

When logged in to the webservice as an admin (note: the initial admin is the first user that is setup when deploying a vanilla system), the user menu at the top right will be populated with an "Admin panel" menu item:

The landing page of the admin panel is the "Statistics" sub-page (see top menu) and will look similar to this:

The statistics pages contain a variety of data analytics on the file types seen, total number of active users, top uploaders, uploader count, etc.

The "Errors" subpage also contains a de-duplicated view (with filtering capabilities) of client errors that may be experienced by users. It is a regular go-to place that we visit to pick up on edge cases not considered, etc. Note: one of the benefits of operating a public community service is that we receive a very wide-spread range of files/URLs, continuously hardening our system with real-world data.

User Management

The user management is a typical interface, allowing to see a paginated list of users, their user account status, group name, last login date, etc. For data privacy reasons, we will not include a screenshot. However, it may be noted that there is a very configurable user group capability, which allows the admin to create any number of groups and assign permissions. Any user can be a member of a single or multiple groups and the final access permissions are determined based on the aggregate. Similar to how users work on un*x systems.

The individual group permissions (i.e. which group is allowed to access which feature) are configurable at the Settings - Feature Access subpage:

Note: as by default every user is part of the "User" group, the "Intel" user will be able to access both basic "Threat intelligence" and "Advanced intelligence" features.

API Quotas

We have a very extensive API quota settings subpage that allows setting an API quota on either a route or per group basis with very granular configuration options:

OAuth 2.0

A lesser known feature is the ability to allow authentication with the webservice using OAuth 2.0 (such as Google or Azure Active Directory):

In case this feature is enabled, a user will be able to login to the webservice either using the local account or the OAuth 2.0 service provider. Note: an interesting feature is that we allow specifying multiple OAuth providers and automatically detect & merge users with the same identifier.

Scan Sources

Another (new!) webservice feature is the "Scan sources" feature accessible from the top menu. In effect, it allows configuring a webservice to pull in files/URLs from a variety of sources. Currently, we support the configuration of IMAP accounts that are then regularly polled with a background (cron-like) job and ingested into the webservice. As this is still a work in progress, we will only show a few snippits:

However, setting up an E-Mail scan source is mostly self-explanatory and it's a fully working and implemented feature at this point, part of our next product release.

Other features that are often overlooked

URL Phishing Detection

When submitting an URL, Filescan.io will automatically determine if it's an "URL to a file" or a webpage. In case of a regular webpage, a full browser emulation is performed, including machine-learning based image analysis of a phishing attack. Here's a great example:

https://www.filescan.io/uploads/63c6f5a486e9647bb4c9c3dd/reports/2e496d50-da49-4633-a8a4-25f49252f8dc/url_details

OpenAPI / Python CLI

An extensive API and OpenAPI (OAS3) Documentation is available from the API link at the top menu. You can generate your API key for authorization at the API Key tab of your profile settings. A convenient pip package / CLI tool is available here: https://github.com/filescanio/fsio-cli

Certificate Whitelisting and Validation

Filesan.io extracts certificates not only from PE files, but also productivity files, such as PDF or VBA macros. All extracted certificates are checked on whether they are expired, revoked or self-signed. When a certificate is issued by a trusted software vendor, the verdict for that binary artefact is set to benign automatically.

Final Words

In this blogpost, a few key areas of the admin panel and backend features were showcased, outlining the maturity of the overall product and its flexibility in terms of ACL and customization.

Do you like what you see at www.filescan.io or in this blogpost and are interested in a live technical demo, data sheets and/or quote? Please get in touch with sales via our company contact form: https://www.filescan.com/contact/sales or E-Mail sales@filescan.io

Disclaimer: all screenshots were taken from a dev staging server populated with test data. Actual commercial product UX may differ slightly.