Beispiel #1
0
class Event(DocType):
    ip = Ip()
    coords = GeoPoint()
    learning = Boolean()
    total_processed = Integer()
    total_blocked = Integer()
    blocked = Boolean()
    cscore0 = Keyword()
    score0 = Integer()
    zone = Keyword()
    id = Integer()
    var_name = Keyword()
    date = Date()
    whitelisted = Boolean()
    uri = Text(fields={'raw': Keyword(index='not_analyzed')})
    server = Text(fields={'raw': Keyword(index='not_analyzed')})
    comments = Text(fields={'raw': Keyword(index='not_analyzed')})
    vers = Text(fields={'raw': Keyword(index='not_analyzed')})

    class Meta:
        doc_type = 'events'
Beispiel #2
0
class _ForensicReportDoc(Document):
    class Index:
        name = "dmarc_forensic"

    feedback_type = Text()
    user_agent = Text()
    version = Text()
    original_mail_from = Text()
    arrival_date = Date()
    domain = Text()
    original_envelope_id = Text()
    authentication_results = Text()
    delivery_results = Text()
    source_ip_address = Ip()
    source_country = Text()
    source_reverse_dns = Text()
    source_authentication_mechanisms = Text()
    source_auth_failures = Text()
    dkim_domain = Text()
    original_rcpt_to = Text()
    sample = Object(_ForensicSampleDoc)
Beispiel #3
0
class Indicator(DocType):
    indicator = String(index="not_analyzed")
    indicator_ipv4 = Ip()
    group = String(multi=True, index="not_analyzed")
    itype = String(index="not_analyzed")
    tlp = String(index="not_analyzed")
    provider = String(index="not_analyzed")
    portlist = String()
    asn = Float()
    asn_desc = String()
    cc = String()
    protocol = String()
    reporttime = Date()
    lasttime = Date()
    firsttime = Date()
    confidence = Integer()
    timezone = String()
    city = String()
    description = String(index="not_analyzed")
    additional_data = String(multi=True)
    tags = String(multi=True)
    rdata = String(index="not_analyzed")
Beispiel #4
0
class CymruASInfoDoc(GenericDoc):
    class Meta:
        doc_type = "cymru_asinfo"

    allocation_date = Date()
    asnum = Integer()
    ip = Ip()
    asname = String()
    prefix = String()
    registry = String()
    country = String()

    # def __setattr__(self, key, value):
    #     if key == "prefix":
    #         value = convert_cidr(value)
    #     super(CymruASNumInfoDoc, self).__setattr__(key, value)

    def __init__(self, jdata={}):
        GenericDoc.__init__(self)
        for k, v in jdata.items():
            if v is None:
                v = {}
            setattr(self, k, v)