FalconX - Issue with results from sandbox.get_reports()

[philldtaylor]

I've been having issues with results returned by sandbox.get_reports(), in that when i submit certain files to the sandbox using falconx, when i attempt to get artifact ID's for these using v i get a response that contains '"resources": null' despite the fact that when i look on the GUI the sample has submitted fine and there are plenty of artifacts to download. Example trace-id is "e34014a6-f91a-4026-918a-865d0c6b2ff8".

Example response:

{
    "status_code": 200,
    "headers": {
        "Content-Encoding": "gzip",
        "Content-Length": "204",
        "Content-Type": "application/json",
        "Date": "Fri, 14 Jan 2022 16:07:59 GMT",
        "Strict-Transport-Security": "max-age=31536000; includeSubDomains, max-age=15724800; includeSubDomains",
        "X-Cs-Region": "us-1",
        "X-Cs-Traceid": "e34014a6-f91a-4026-918a-865d0c6b2ff8",
        "X-Ratelimit-Limit": "6000",
        "X-Ratelimit-Remaining": "5999"
    },
    "body": {
        "meta": {
            "query_time": 1.270521674,
            "powered_by": "falconx-api",
            "trace_id": "e34014a6-f91a-4026-918a-865d0c6b2ff8",
            "quota": {
                "total": 500,
                "used": 56,
                "in_progress": 1
            }
        },
        "resources": null,
        "errors": []
    }
}

This issue seems to be isolated to files detonated in the Windows10 sandbox, when files are detonated in the Ubuntu sandbox the response from sandbox.get_reports() seems to be OK (in that i get details of the detonation and associated IoCs). Example trace-id of submission that returns correct response is "e7e86000-f462-4166-a485-5febfd065c89"

The same code has worked earlier today, and the same code is being used for Windows and Ubuntu detonations so this makes me suspect it may be a bug? Is anyone else experiencing this issue?

[jshcodes]

Hi @philldtaylor!

I'll try and recreate this. Anything special about the file being detonated in the Windows 10 sandbox?

[philldtaylor]

Hi @jshcodes
No, nothing unusual (other than being malware!). The sha256 hash of the file in question is:
998746d0f5d0c13df720f0bf3981d652c828ea64d64d2e16736a80123fb534aa

Thanks!

[jshcodes]

Here's what I've done so far.

1. Downloaded a sample of this malware using MalQuery. (Thank you for providing the sha256 hash.)

   from falconpy import MalQuery
   
   mq = MalQuery(client_id="ID_HERE", client_secret="SECRET_HERE")
   
   with open("testmalware", "wb") as save_file:
       save_file.write(mq.get_download(ids="998746d0f5d0c13df720f0bf3981d652c828ea64d64d2e16736a80123fb534aa"))

2. Fed this malware to our Falcon X single scan sample (located here)

   python3 falconx_scan_example.py -k "ID_HERE" -s "SECRET_HERE" -e win10 -f testmalware

3. Results were received for both Win 10 and Win 7 environments. (After I fixed a bug on line 270 in the sample.)

   Detonated on: Windows 10 64 bit
   File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
   
   Classifications
   55.8% (.EXE) Generic CIL Executable (.NET, Mono, etc.)
   21.0% (.EXE) Win64 Executable (generic)
   9.9% (.SCR) Windows screen saver
   5.0% (.DLL) Win32 Dynamic Link Library (generic)
   3.4% (.EXE) Win32 Executable (generic)
   
   Interesting strings
   Source: Memory/File Scan   Type: Ansi
   $$$$$$$$\\ $$\\ $$\\ $$\\ $$\\ $$\\ $$\\ \n$$ _____| \\__| $$ | $$$\\ $$$ | $$ | \\__| \n$$ | $$$$$$\\ $$\\ $$\\$$\\$$$$$$\\ $$$$\\ $$$$ |$$$$$$\\ $$$$$$$\\$$$$$$$\\ $$\\$$$$$$$\\ $$$$$$\\ \n$$$$$\\$$ __$$\\$$ | $$ $$ \\_$$ _| $$\\$$\\$$ $$ |\\____$$\\$$ _____$$ __$$\\$$ $$ __$$\\$$ __$$\\ \n$$ __$$ | \\__$$ | $$ $$ | $$ | $$ \\$$$ $$ |$$$$$$$ $$ / $$ | $$ $$ $$ | $$ $$$$$$$$ |\n$$ | $$ | $$ | $$ $$ | $$ |$$\\ $$ |\\$ /$$ $$ __$$ $$ | $$ | $$ $$ $$ | $$ $$ ____|\n$$ | $$ | \\$$$$$$ $$ | \\$$$$ | $$ | \\_/ $$ \\$$$$$$$ \\$$$$$$$\\$$ | $$ $$ $$ | $$ \\$$$$$$$\\ \n\\__| \\__| \\______/\\__| \\____/ \\__| \\__|\\_______|\\_______\\__| \\__\\__\\__| \\__|\\_______|\n\n\n\n
   
   Source: Memory/File Scan   Type: Ansi
   $89083daf-3f40-4ffe-8ebc-fb03a5a4c749
   
   Source: Memory/File Scan   Type: Unicode
   &About ... ...
   
   Source: Image Processing   Type: Ansi
   -!.;__;_._-_
   
   Source: Process Commandline   Type: Ansi
   /enable-feature:NetFx3 /caller-name:mscoreei.dll
   
   Source: Process Commandline   Type: Ansi
   /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
   
   Source: Memory/File Scan   Type: Ansi
   6{0IjRgSE
   
   Source: Memory/File Scan   Type: Ansi
   <?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">    <security>      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>      </requestedPrivileges>    </security>  </trustInfo></assembly>
   
   Source: Memory/File Scan   Type: Ansi
   <DuplicatedKey>k__BackingField
   
   Source: Memory/File Scan   Type: Ansi
   <ExecutingAction>k__BackingField
   
   Source: Memory/File Scan   Type: Ansi
   <FromState>k__BackingField
   
   Source: Memory/File Scan   Type: Ansi
   <Key>k__BackingField
   
   Source: Memory/File Scan   Type: Ansi
   <StateKey>k__BackingField
   
   Source: Memory/File Scan   Type: Ansi
   <TransitionKey>k__BackingField
   
   Source: Memory/File Scan   Type: Ansi
   [b] Bet an amount! [s] Start the machine!
   
   Source: Memory/File Scan   Type: Ansi
   \r\n\r\nWelcome to this simple ASCII fruit machine!\r\n\r\nThe instructions are painfully simple:\r\n\r\n1. Press b to place a bet. You can change it as many times as\r\n you like before starting!\r\n2. Press s to start the machine.\r\n3. Press q to quit the game. \r\n\r\nPress enter to continue...\r\n\r\n
   
   Source: Runtime Data   Type: Unicode
   \Sessions\1\Windows\ApiPort
   
   Source: Runtime Data   Type: Unicode
   \Sessions\1\Windows\DwmApiPort
   
   Source: Runtime Data   Type: Unicode
   \ThemeApiPort
   
   Source: Memory/File Scan   Type: Ansi
   _CorExeMain
   
   Source: Runtime Data   Type: Unicode
   `\??\Volume{815ead30-0000-0000-0000-100000000000}
   
   Source: Runtime Data   Type: Unicode
   `\??\Volume{815ead30-0000-0000-0000-501f00000000}
   
   Source: Runtime Data   Type: Unicode
   `\??\Volume{cf69d5ac-242f-11eb-9bff-806e6f6e6963}
   
   Source: Memory/File Scan   Type: Unicode
   Assembly Version
   
   Source: Memory/File Scan   Type: Ansi
   AssemblyCompanyAttribute
   
   Source: Memory/File Scan   Type: Ansi
   AssemblyDescriptionAttribute
   
   Source: Memory/File Scan   Type: Ansi
   AssemblyFileVersionAttribute
   
   Source: Memory/File Scan   Type: Ansi
   CanExecuteTransition
   
   Source: Memory/File Scan   Type: Unicode
   CompanyName
   
   Source: Memory/File Scan   Type: Ansi
   CompilationRelaxationsAttribute
   
   Source: Memory/File Scan   Type: Ansi
   CompilerGeneratedAttribute
   
   Source: Memory/File Scan   Type: Ansi
   ComponentResourceManager
   
   Source: Memory/File Scan   Type: Ansi
   components
   
   Source: Memory/File Scan   Type: Ansi
   ComVisibleAttribute
   
   Source: Memory/File Scan   Type: Ansi
   ConsoleKeyInfo
   
   Source: Memory/File Scan   Type: Ansi
   CreateInstance
   
   Source: Memory/File Scan   Type: Ansi
   CultureInfo
   
   Source: Memory/File Scan   Type: Ansi
   DataGridViewCellEventArgs
   
   Source: Memory/File Scan   Type: Ansi
   defaultInstance
   
   Source: Memory/File Scan   Type: Ansi
   duplicatedKey
   
   Source: Memory/File Scan   Type: Ansi
   DuplicatedKeyException
   
   Source: Memory/File Scan   Type: Ansi
   EnableVisualStyles
   
   Source: Memory/File Scan   Type: Ansi
   ErrorCode
   
   Source: Memory/File Scan   Type: Ansi
   errorCode
   
   Source: Memory/File Scan   Type: Ansi
   executingAction
   
   Source: Memory/File Scan   Type: Unicode
   FileDescription
   
   Source: Memory/File Scan   Type: Unicode
   FileVersion
   
   Source: Memory/File Scan   Type: Ansi
   FindTransitionFromState
   
   Source: Runtime Data   Type: Unicode
   FonDUE.EXE
   
   Source: Memory/File Scan   Type: Ansi
   FormStartPosition
   
   Source: Memory/File Scan   Type: Ansi
   fromState
   
   Source: Memory/File Scan   Type: Ansi
   fromStateKey
   
   Source: Memory/File Scan   Type: Ansi
   get_ActiveBorder
   
   Source: Memory/File Scan   Type: Ansi
   get_Assembly
   
   Source: Memory/File Scan   Type: Ansi
   get_Black
   
   Source: Memory/File Scan   Type: Ansi
   get_Cells
   
   Source: Memory/File Scan   Type: Ansi
   get_ColumnIndex
   
   Source: Memory/File Scan   Type: Ansi
   get_Columns
   
   Source: Memory/File Scan   Type: Ansi
   get_Controls
   
   Source: Memory/File Scan   Type: Ansi
   get_copyToolStripMenuItem_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_Count
   
   Source: Memory/File Scan   Type: Ansi
   get_Culture
   
   Source: Memory/File Scan   Type: Ansi
   get_Current
   
   Source: Memory/File Scan   Type: Ansi
   get_CurrentState
   
   Source: Memory/File Scan   Type: Ansi
   get_cutToolStripMenuItem_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_Default
   
   Source: Memory/File Scan   Type: Ansi
   get_DisplayName
   
   Source: Memory/File Scan   Type: Ansi
   get_DropDownItems
   
   Source: Memory/File Scan   Type: Ansi
   get_DuplicatedKey
   
   Source: Memory/File Scan   Type: Ansi
   get_ElapsedMilliseconds
   
   Source: Memory/File Scan   Type: Ansi
   get_ExecutingAction
   
   Source: Memory/File Scan   Type: Ansi
   get_FromState
   
   Source: Memory/File Scan   Type: Ansi
   get_helpToolStripButton_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_Index
   
   Source: Memory/File Scan   Type: Ansi
   get_indexToolStripMenuItem_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_IsEndState
   
   Source: Memory/File Scan   Type: Ansi
   get_IsRunning
   
   Source: Memory/File Scan   Type: Ansi
   get_Items
   
   Source: Memory/File Scan   Type: Ansi
   get_KeyChar
   
   Source: Memory/File Scan   Type: Ansi
   get_menuStrip_TrayLocation
   
   Source: Memory/File Scan   Type: Ansi
   get_newToolStripButton_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_newToolStripMenuItem_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_OnEnter
   
   Source: Memory/File Scan   Type: Ansi
   get_OnExit
   
   Source: Memory/File Scan   Type: Ansi
   get_openToolStripButton_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_openToolStripMenuItem_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_pasteToolStripMenuItem_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_printPreviewToolStripButton_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_printPreviewToolStripMenuItem_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_printToolStripButton_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_printToolStripMenuItem_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_redoToolStripMenuItem_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_Reels
   
   Source: Memory/File Scan   Type: Ansi
   get_ResourceEnumerat
   
   Source: Memory/File Scan   Type: Ansi
   get_ResourceManager
   
   Source: Memory/File Scan   Type: Ansi
   get_RowIndex
   
   Source: Memory/File Scan   Type: Ansi
   get_saveToolStripButton_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_saveToolStripMenuItem_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_searchToolStripMenuItem_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_StateKey
   
   Source: Memory/File Scan   Type: Ansi
   get_States
   
   Source: Memory/File Scan   Type: Ansi
   get_statusStrip_TrayLocation
   
   Source: Memory/File Scan   Type: Ansi
   get_toolStrip_TrayLocation
   
   Source: Memory/File Scan   Type: Ansi
   get_toolTip_TrayLocation
   
   Source: Memory/File Scan   Type: Ansi
   get_ToState
   
   Source: Memory/File Scan   Type: Ansi
   get_Transition
   
   Source: Memory/File Scan   Type: Ansi
   get_TransitionKey
   
   Source: Memory/File Scan   Type: Ansi
   get_Transitions
   
   Source: Memory/File Scan   Type: Ansi
   get_Transparent
   
   Source: Memory/File Scan   Type: Ansi
   get_undoToolStripMenuItem_Image
   
   Source: Memory/File Scan   Type: Ansi
   get_Value
   
   Source: Memory/File Scan   Type: Ansi
   GetAllTransitions
   
   Source: Memory/File Scan   Type: Ansi
   GetCurrentState
   
   Source: Memory/File Scan   Type: Ansi
   GetCurrentTransitions
   
   Source: Memory/File Scan   Type: Ansi
   GetEncoding
   
   Source: Memory/File Scan   Type: Ansi
   GetEnumerator
   
   Source: Memory/File Scan   Type: Ansi
   GetErrorMessage
   
   Source: Memory/File Scan   Type: Ansi
   GetObject
   
   Source: Memory/File Scan   Type: Ansi
   GetPossibleToStates
   
   Source: Memory/File Scan   Type: Ansi
   GetPossibleToStatesByKey
   
   Source: Memory/File Scan   Type: Ansi
   GetTypeFromHandle
   
   Source: Memory/File Scan   Type: Ansi
   hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3agSystem.Drawing.Point, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADM
   
   Source: Memory/File Scan   Type: Ansi
   hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD~
   
   Source: Memory/File Scan   Type: Ansi
   InitializeComponent
   
   Source: Memory/File Scan   Type: Ansi
   initialStateKey
   
   Source: Memory/File Scan   Type: Ansi
   InsertState
   
   Source: Memory/File Scan   Type: Ansi
   InsertTransition
   
   Source: Memory/File Scan   Type: Ansi
   Instructions
   
   Source: Memory/File Scan   Type: Ansi
   Instructions:
   
   Source: Memory/File Scan   Type: Ansi
   Invalid number. Press any key co continue...
   
   Source: Memory/File Scan   Type: Ansi
   ISupportInitialize
   
   Source: Memory/File Scan   Type: Ansi
   KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator16.10.0.0
   
   Source: Memory/File Scan   Type: Ansi
   krajBindingSource
   
   Source: Memory/File Scan   Type: Ansi
   lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
   
   Source: Memory/File Scan   Type: Ansi
   mscoree.dll
   
   Source: Memory/File Scan   Type: Ansi
   Not enough credits! Press any key to continue...
   
   Source: Runtime Data   Type: Unicode
   OptionalFeatures.EXE
   
   Source: Memory/File Scan   Type: Ansi
   PaintEventArgs
   
   Source: Memory/File Scan   Type: Ansi
   Portrait Editor
   
   Source: Memory/File Scan   Type: Ansi
   PortraitEditor
   
   Source: Memory/File Scan   Type: Ansi
   PortraitEditor.Exceptions
   
   Source: Memory/File Scan   Type: Ansi
   PortraitEditor.Form1.resources
   
   Source: Memory/File Scan   Type: Unicode
   PortraitEditor.MZAAAAAAAAAAAAAAAAAAA
   
   Source: Memory/File Scan   Type: Ansi
   PortraitEditor.MZAAAAAAAAAAAAAAAAAAA.resources
   
   Source: Memory/File Scan   Type: Ansi
   PortraitEditor.Properties
   
   Source: Memory/File Scan   Type: Unicode
   PortraitEditor.Properties.Resources
   
   Source: Memory/File Scan   Type: Ansi
   PortraitEditor.Properties.Resources.resources
   
   Source: Memory/File Scan   Type: Unicode
   ProductVersion
   
   Source: Memory/File Scan   Type: Ansi
   QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
   
   Source: Memory/File Scan   Type: Ansi
   RemotingCachedDa.exe
   
   Source: Memory/File Scan   Type: Ansi
   RemoveStateByKey
   
   Source: Memory/File Scan   Type: Ansi
   RemoveTransitionByKey
   
   Source: Memory/File Scan   Type: Ansi
   RuntimeCompatibilityAttribute
   
   Source: Memory/File Scan   Type: Ansi
   SerializationInfo
   
   Source: Memory/File Scan   Type: Ansi
   set_DuplicatedKey
   
   Source: Memory/File Scan   Type: Ansi
   set_ExecutingAction
   
   Source: Memory/File Scan   Type: Ansi
   set_FromState
   
   Source: Memory/File Scan   Type: Ansi
   set_ImageTransparentColor
   
   Source: Memory/File Scan   Type: Ansi
   set_ScrollBars
   
   Source: Memory/File Scan   Type: Ansi
   set_ShortcutKeys
   
   Source: Memory/File Scan   Type: Ansi
   set_StateKey
   
   Source: Memory/File Scan   Type: Ansi
   set_TabIndex
   
   Source: Memory/File Scan   Type: Ansi
   set_TransitionKey
   
   Source: Memory/File Scan   Type: Ansi
   set_UseVisualStyleBackColor
   
   Source: Memory/File Scan   Type: Ansi
   SetCompatibleTextRenderingDefault
   
   Source: Memory/File Scan   Type: Ansi
   SetCurrentStateByKey
   
   Source: Memory/File Scan   Type: Ansi
   SetExecutingAction
   
   Source: Memory/File Scan   Type: Unicode
   StringFileInfo
   
   Source: Memory/File Scan   Type: Ansi
   System.CodeDom.Compiler
   
   Source: Memory/File Scan   Type: Ansi
   System.ComponentModel
   
   Source: Memory/File Scan   Type: Ansi
   System.Runtime.CompilerServices
   
   Source: Memory/File Scan   Type: Ansi
   System.Runtime.InteropServices
   
   Source: Runtime Data   Type: Unicode
   ThemeApiConnectionRequest
   
   Source: Memory/File Scan   Type: Ansi
   toStateKey
   
   Source: Memory/File Scan   Type: Ansi
   transitionKey
   
   Source: Memory/File Scan   Type: Unicode
   VarFileInfo
   
   Source: Memory/File Scan   Type: Unicode
   VS_VERSION_INFO
   
   Source: Memory/File Scan   Type: Unicode
   Welcome to this simple ASCII fruit machine!The instructions are painfully simple:1. Press b to place a bet. You can change it as many times as  you like before starting!2. Press s to start the machine.3. Press q to quit the game.  Press enter to continue...
   
   Source: Memory/File Scan   Type: Ansi
   |(:::) |
   
   Source: Memory/File Scan   Type: Ansi
   |\\`.__.|
   
   Source: Memory/File Scan   Type: Ansi
   發生錯誤碼為「{0}({1})」的錯誤！
   
   
   Verdict: malicious
   Total running time: 0:08:03.588158

• Can you try using the sample linked above and let us know if you still get an error? (I'll submit the fix for line 270 here shortly.)
• I'm going to try creating this error manually and will let you know what I find.

[jshcodes]

Pull Request #524 is published and will merge to main shortly. You can grab the version from the jan1422-single-scan-sample branch to test if you don't want to wait. 😄

[jshcodes]

Pull Request #524 is published and will merge to main shortly.

Merged!

[philldtaylor]

Hi @jshcodes,
Apologies i finished for the weekend when you replied.

I attempted to run the falconx_scan_example.py however i got an error on line 225 as per below:

FLARE 17/01/2022 10:25:33
PS C:\Users\joe\Desktop > python .\falconx_scan_example.py -f c28af37cb3bcc7cc371f29cbf901ac2af4a6243fb83c4272166bc6ac20d2c6cc.doc -e win10 -k my_id -s my_secret
Traceback (most recent call last):0:01.421263 ]
File ".\falconx_scan_example.py", line 225, in
f"FalconX File Analysis: {time.strftime('%v %r %Z')}",
ValueError: Invalid format string
FLARE 17/01/2022 10:25:45

I think the issue might be with the '%v' in strftime? If i change that to '%V' i get the response below:

FLARE 17/01/2022 10:54:26
PS C:\Users\joe\Desktop > python .\falconx_scan_example.py -f c28af37cb3bcc7cc371f29cbf901ac2af4a6243fb83c4272166bc6ac20d2c6cc.doc -e win10 -k my_id -s my_secret Detonated on: Windows 10 64 bit File type: Microsoft Word 2007+

Interesting strings
Source: Runtime Data Type: Unicode
%PROGRAMFILES%(x86)\Common Files\Microsoft Shared\Tex

Source: Process Commandline Type: Ansi
/n "C:\c28af37cb3bcc7cc371f29cbf901ac2af4a6243fb83c4272166bc6ac20d2c6cc.doc"

Source: Runtime Data Type: Unicode
`??\Volume{815ead30-0000-0000-0000-100000000000}

Source: Runtime Data Type: Unicode
`??\Volume{815ead30-0000-0000-0000-501f00000000}

Source: Runtime Data Type: Unicode
`??\Volume{cf69d5ac-242f-11eb-9bff-806e6f6e6963}

Source: Runtime Data Type: Unicode
mspim_wnd32

Verdict: malicious
Unable to remove test file from Falcon X Sandbox Total running time: 0:07:24.358353 FLARE 17/01/2022 11:04:17 PS C:\Users\joe\Desktop >

[jshcodes]

Line #255 of that sample calls get_reports and parses the response out of the resources branch, so it worked as expected for that test. (I'll look into what's up with the time format string and get that resolved.)

Can I see an example of your code? I've been unable to recreate an instance of the API returning an empty resource branch for this call, but I've been mostly using the sample code to test, I might not be matching what you're executing.

[jshcodes]

Follow up: Will be posting a fix for the time format call on line #225. You're correct this should be a %V and not %v.

[philldtaylor]

Hi @jshcodes,

Thanks for the above. I hadn't noticed that your sample used get_reports. I used some of your sample above to rework the code i was using and it turns out there was a race condition that was causing issues with some of the report ids. Once i solved the race condition i seem to be getting consistent results. Thanks for your help.

Thanks