Ejemplo n.º 1
0
class UpdateSource(odm.Model):
    name = odm.Keyword()
    password = odm.Optional(odm.Keyword(default=""))
    pattern = odm.Optional(odm.Keyword(default=""))
    private_key = odm.Optional(odm.Keyword(default=""))
    ca_cert = odm.Optional(odm.Keyword(default=""))
    ssl_ignore_errors = odm.Boolean(default=False)
    proxy = odm.Optional(odm.Keyword(default=""))
    uri = odm.Keyword()
    username = odm.Optional(odm.Keyword(default=""))
    headers = odm.List(odm.Compound(EnvironmentVariable), default=[])
    default_classification = odm.Classification(default=Classification.UNRESTRICTED)
Ejemplo n.º 2
0
            class FilePListDT(odm.Model):
                @odm.model(index=True, store=False)
                class FilePListDTPlatform(odm.Model):
                    build = odm.Optional(
                        odm.List(odm.Keyword(copyto="__text__")))
                    name = odm.Optional(
                        odm.List(odm.Keyword(copyto="__text__")))
                    version = odm.Optional(
                        odm.List(odm.Keyword(copyto="__text__")))

                compiler = odm.Optional(
                    odm.List(odm.Keyword(copyto="__text__")))
                platform = odm.Optional(odm.Compound(FilePListDTPlatform))
Ejemplo n.º 3
0
class Alert(odm.Model):
    alert_id = odm.Keyword(copyto="__text__", description="ID of the alert")
    al = odm.Compound(ALResults, description="Assemblyline Result Block")
    archive_ts = odm.Date(store=False, description="Archiving timestamp")
    attack = odm.Compound(Attack, description="ATT&CK Block")
    classification = odm.Classification(description="Classification of the alert")
    expiry_ts = odm.Optional(odm.Date(store=False), description="Expiry timestamp")
    extended_scan = odm.Enum(values=EXTENDED_SCAN_VALUES, description="Status of the extended scan")
    file = odm.Compound(File, description="File Block")
    filtered = odm.Boolean(default=False, description="Are the alert results filtered?")
    heuristic = odm.Compound(Heuristic, description="Heuristic Block")
    label = odm.List(odm.Keyword(), copyto="__text__", default=[], description="List of labels applied to the alert")
    metadata = odm.FlattenedObject(default={}, store=False, description="Metadata submitted with the file")
    owner = odm.Optional(odm.Keyword(), description="Owner of the alert")
    priority = odm.Optional(odm.Enum(values=PRIORITIES), description="Priority applied to the alert")
    reporting_ts = odm.Date(description="Alert creation timestamp")
    sid = odm.UUID(description="Submission ID related to this alert")
    status = odm.Optional(odm.Enum(values=STATUSES), description="Status applied to the alert")
    ts = odm.Date(description="File submission timestamp")
    type = odm.Keyword(description="Type of alert")
    verdict = odm.Compound(Verdict, default={}, description="Verdict Block")
    workflows_completed = odm.Boolean(default=False, description="Have all workflows ran on this alert?")
Ejemplo n.º 4
0
class Heuristic(odm.Model):
    attack_id = odm.List(odm.Keyword(copyto="__text__"), default=[], description="List of all associated ATT&CK IDs")
    classification = odm.Classification(default=Classification.UNRESTRICTED,
                                        description="Classification of the heuristic")
    description = odm.Text(copyto="__text__", description="Description of the heuristic")
    filetype = odm.Keyword(copyto="__text__", description="What type of files does this heuristic target?")
    heur_id = odm.Keyword(copyto="__text__", description="ID of the Heuristic")
    name = odm.Keyword(copyto="__text__", description="Name of the heuristic")
    score = odm.Integer(description="Default score of the heuristic")
    signature_score_map = odm.Mapping(odm.Integer(), default={},
                                      description="Score of signatures for this heuristic")
    stats = odm.Compound(Statistics, default={}, description="Statistics related to the Heuristic")
    max_score = odm.Optional(odm.Integer(), description="Maximum score for heuristic")
Ejemplo n.º 5
0
        class Entry(odm.Model):
            @odm.model(index=True, store=False)
            class Forward_Information(odm.Model):
                function = odm.Optional(
                    odm.EmptyableKeyword(copyto="__text__"))
                library = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))

            address = odm.Optional(odm.Integer())
            forward_information = odm.Optional(
                odm.Compound(Forward_Information))
            function_rva = odm.Optional(odm.Integer())
            is_extern = odm.Optional(odm.Boolean())
            name = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
            ordinal = odm.Optional(odm.Integer())
Ejemplo n.º 6
0
        class FileSWF(odm.Model):
            @odm.model(index=True, store=False, description="SWF Header Model")
            class FileSWFHeader(odm.Model):
                @odm.model(index=True, store=False, description="SWF Header Frame")
                class FileSWFHeaderFrame(odm.Model):
                    count = odm.Optional(odm.List(odm.Integer()), description="Number of Frames")
                    rate = odm.Optional(odm.List(odm.Keyword()), description="Speed of Animation")
                    size = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Size of Frame")

                frame = odm.Optional(odm.Compound(FileSWFHeaderFrame), description="Header Frame Information")
                version = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Version")

            header = odm.Optional(odm.Compound(FileSWFHeader), description="Header Information")
            tags_ssdeep = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Tags SSDeep")
Ejemplo n.º 7
0
        class FileAPK(odm.Model):
            @odm.model(index=True, store=False)
            class FileAPKApp(odm.Model):
                label = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
                version = odm.Optional(odm.List(
                    odm.Keyword(copyto="__text__")))

            @odm.model(index=True, store=False)
            class FileAPKSDK(odm.Model):
                min = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
                target = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))

            activity = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
            app = odm.Optional(odm.Compound(FileAPKApp))
            feature = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
            locale = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
            permission = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
            pkg_name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
            provides_component = odm.Optional(
                odm.List(odm.Keyword(copyto="__text__")))
            sdk = odm.Optional(odm.Compound(FileAPKSDK))
            used_library = odm.Optional(
                odm.List(odm.Keyword(copyto="__text__")))
Ejemplo n.º 8
0
class Alert(odm.Model):
    alert_id = odm.Keyword(copyto="__text__")  # ID of the alert
    al = odm.Compound(ALResults)  # Assemblyline result block
    archive_ts = odm.Date(store=False)  # Archiving timestamp
    classification = odm.Classification()  # Classification of the alert
    expiry_ts = odm.Optional(odm.Date(store=False))  # Expiry timestamp
    extended_scan = odm.Enum(values=EXTENDED_SCAN_VALUES,
                             store=False)  # Status of the extended scan
    file = odm.Compound(File)  # File block
    label = odm.List(odm.Keyword(), copyto="__text__",
                     default=[])  # List of labels applied to the alert
    metadata = odm.Mapping(odm.Keyword(),
                           store=False)  # Metadata submitted with the file
    owner = odm.Optional(odm.Keyword())  # Owner of the alert
    priority = odm.Optional(
        odm.Enum(values=PRIORITIES))  # Priority applied to the alert
    reporting_ts = odm.Date()  # Time at which the alert was created
    sid = odm.UUID(store=False)  # ID of the submission related to this alert
    status = odm.Optional(
        odm.Enum(values=STATUSES))  # Status applied to the alert
    ts = odm.Date()  # Timestamp at which the file was submitted
    type = odm.Keyword()  # Type of alert
    verdict = odm.Compound(Verdict, default={})  # Verdict timing
Ejemplo n.º 9
0
class Heuristic(odm.Model):
    attack_id = odm.List(odm.Keyword(copyto="__text__"),
                         default=[])  # List of all associated Att&ck IDs
    classification = odm.Classification(
        default=Classification.UNRESTRICTED)  # Classification of the heuristic
    description = odm.Text(copyto="__text__")  # Description of the heuristic
    filetype = odm.Keyword(copyto="__text__")  # Type of file targeted
    heur_id = odm.Keyword(copyto="__text__")  # Heuristic ID
    name = odm.Keyword(copyto="__text__")  # Name of the heuristic
    score = odm.Integer()  # Default score of the heuristic
    signature_score_map = odm.Mapping(
        odm.Integer(), default={})  # Score of signatures for this heuristic
    stats = odm.Compound(Statistics, default={})
    max_score = odm.Optional(odm.Integer())  # Maximum score for heuristic
Ejemplo n.º 10
0
class NetworkHTTP(odm.Model):
    connection_details = odm.Compound(
        NetworkConnection,
        description="The low-level details of the HTTP request")
    request_uri = odm.URI(description="The URI requested")
    request_headers = odm.Mapping(
        odm.Json(), description="Headers included in the request")
    request_body = odm.Optional(odm.Text(),
                                description="The body of the request")
    request_method = odm.Enum(
        [
            # Standard HTTP methods
            "GET",
            "POST",
            "PUT",
            "DELETE",
            "HEAD",
            "CONNECT",
            "OPTIONS",
            "TRACE",
            "PATCH",
            # WebDAV HTTP methods
            "BCOPY",
            "BDELETE",
            "BMOVE",
            "BPROPFIND",
            "BPROPPATCH",
            "COPY",
            "DELETE",
            "LOCK",
            "MKCOL",
            "MOVE",
            "NOTIFY",
            "POLL",
            "PROPFIND",
            "PROPPATCH",
            "SEARCH",
            "SUBSCRIBE",
            "UNLOCK",
            "UNSUBSCRIBE",
            "X-MS-ENUMATTS"
        ],
        description="The method of the request")
    response_headers = odm.Mapping(
        odm.Json(), description="Headers included in the response")
    response_status_code = odm.Optional(
        odm.Integer(), description="The status code of the response")
    response_body = odm.Optional(odm.Text(),
                                 description="The body of the response")
Ejemplo n.º 11
0
class DockerConfig(odm.Model):
    allow_internet_access: bool = odm.Boolean(default=False)
    command: Opt[List[str]] = odm.Optional(odm.List(odm.Keyword()))
    cpu_cores: float = odm.Float(default=1.0)
    environment: List[EnvironmentVariable] = odm.List(
        odm.Compound(EnvironmentVariable), default=[])
    image: str = odm.Keyword(
    )  # Complete name of the Docker image with tag, may include registry
    registry_username = odm.Optional(
        odm.Keyword())  # The username to use when pulling the image
    registry_password = odm.Optional(
        odm.Keyword())  # The password or token to use when pulling the image
    ports: List[str] = odm.List(odm.Keyword(), default=[])
    ram_mb: int = odm.Integer(default=512)
    ram_mb_min: int = odm.Integer(default=128)
Ejemplo n.º 12
0
    class Network(odm.Model):
        @odm.model(index=True, store=False, description="Network IOC Model")
        class NetworkIOCs(odm.Model):
            domain = odm.Optional(odm.List(odm.Domain(copyto="__text__")), description="Domain")
            ip = odm.Optional(odm.List(odm.IP(copyto="__text__")), description="IP")
            uri = odm.Optional(odm.List(odm.URI(copyto="__text__")), description="URI")
            uri_path = odm.Optional(odm.List(odm.URIPath(copyto="__text__")), description="URI Path")

        @odm.model(index=True, store=False, description="Network Email Model")
        class NetworkEmail(odm.Model):
            address = odm.Optional(odm.List(odm.Email(copyto="__text__")), description="Email Address")
            date = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Date")
            subject = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Subject")
            msg_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Message ID")

        @odm.model(index=True, store=False, description="Network Signature Model")
        class NetworkSignature(odm.Model):
            signature_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Signature ID")
            message = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Signature Message")

        @odm.model(index=True, store=False, description="Network TLS Model")
        class NetworkTLS(odm.Model):
            ja3_hash = odm.Optional(odm.List(odm.MD5(copyto="__text__")), description="JA3 Hash")
            ja3_string = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="JA3 String")
            sni = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="SNI")

        attack = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Attack")
        dynamic = odm.Optional(odm.Compound(NetworkIOCs), description="Dynamic IOCs")
        email = odm.Optional(odm.Compound(NetworkEmail), description="Email")
        mac_address = odm.Optional(odm.List(odm.MAC(copyto="__text__")), description="MAC Address")
        port = odm.Optional(odm.List(odm.Integer()), description="Port")
        protocol = odm.Optional(odm.List(odm.Keyword()), description="Protocol")
        signature = odm.Optional(odm.Compound(NetworkSignature), description="Signatures")
        static = odm.Optional(odm.Compound(NetworkIOCs), description="Static IOCs")
        tls = odm.Optional(odm.Compound(NetworkTLS), description="TLS")
        user_agent = odm.Optional(odm.List(odm.Keyword()), description="User Agent")
class Signature(odm.Model):
    classification = odm.Classification(store=True,
                                        default=Classification.UNRESTRICTED)
    data = odm.Text(index=False, store=False)
    last_modified = odm.Date(default="NOW")
    name = odm.Keyword(copyto="__text__")
    order = odm.Integer(default=1, store=False)
    revision = odm.Keyword(default="1")
    signature_id = odm.Optional(odm.Keyword())
    source = odm.Keyword()
    state_change_date = odm.Optional(odm.Date(store=False))
    state_change_user = odm.Optional(odm.Keyword(store=False))
    stats = odm.Compound(Statistics, default={})
    status = odm.Enum(values=RULE_STATUSES, copyto="__text__")
    type = odm.Keyword(copyto="__text__")
class DockerConfigDelta(odm.Model):
    allow_internet_access = odm.Optional(odm.Boolean())
    command = odm.Optional(odm.List(odm.Keyword()))
    cpu_cores = odm.Optional(odm.Float())
    environment = odm.Optional(odm.List(odm.Compound(EnvironmentVariable)))
    image = odm.Optional(
        odm.Keyword()
    )  # The docker image and tag, optionally including registry in the normal way
    registry_username = odm.Optional(
        odm.Keyword())  # The username to use when pulling the image
    registry_password = odm.Optional(
        odm.Keyword())  # The password or token to use when pulling the image
    ports = odm.Optional(odm.List(odm.Keyword()))
    ram_mb = odm.Optional(odm.Integer())
    ram_mb_min = odm.Optional(odm.Integer())
Ejemplo n.º 15
0
    class Network(odm.Model):
        @odm.model(index=True, store=False)
        class NetworkIOCs(odm.Model):
            domain = odm.Optional(odm.List(odm.Domain(copyto="__text__")))
            ip = odm.Optional(odm.List(odm.IP(copyto="__text__")))
            uri = odm.Optional(odm.List(odm.URI(copyto="__text__")))
            uri_path = odm.Optional(odm.List(odm.URIPath(copyto="__text__")))

        @odm.model(index=True, store=False)
        class NetworkEmail(odm.Model):
            address = odm.Optional(odm.List(odm.Email(copyto="__text__")))
            date = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
            subject = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
            msg_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))

        @odm.model(index=True, store=False)
        class NetworkSignature(odm.Model):
            signature_id = odm.Optional(
                odm.List(odm.Keyword(copyto="__text__")))
            message = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))

        @odm.model(index=True, store=False)
        class NetworkTLS(odm.Model):
            ja3_hash = odm.Optional(odm.List(odm.MD5(copyto="__text__")))
            ja3_string = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
            sni = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))

        attack = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
        dynamic = odm.Optional(odm.Compound(NetworkIOCs))
        email = odm.Optional(odm.Compound(NetworkEmail))
        mac_address = odm.Optional(odm.List(odm.MAC(copyto="__text__")))
        port = odm.Optional(odm.List(odm.Integer()))
        protocol = odm.Optional(odm.List(odm.Keyword()))
        signature = odm.Optional(odm.Compound(NetworkSignature))
        static = odm.Optional(odm.Compound(NetworkIOCs))
        tls = odm.Optional(odm.Compound(NetworkTLS))
Ejemplo n.º 16
0
class ScalerServiceDefaults(odm.Model):
    growth: int = odm.Integer(
        description=
        "Period, in seconds, to wait before scaling up a service deployment")
    shrink: int = odm.Integer(
        description=
        "Period, in seconds, to wait before scaling down a service deployment")
    backlog: int = odm.Integer(
        description="Backlog threshold that dictates scaling adjustments")
    min_instances: int = odm.Integer(
        description="The minimum number of service instances to be running")
    environment: List[EnvironmentVariable] = odm.List(
        odm.Compound(EnvironmentVariable),
        default=[],
        description="Environment variables to pass onto services")
Ejemplo n.º 17
0
class Config(odm.Model):
    # Authentication module configuration
    auth: Auth = odm.Compound(Auth, default=DEFAULT_AUTH)
    # Core component configuration
    core: Core = odm.Compound(Core, default=DEFAULT_CORE)
    # Datastore configuration
    datastore: Datastore = odm.Compound(Datastore, default=DEFAULT_DATASTORE)
    # Datasources configuration
    datasources: Dict[str,
                      Datasource] = odm.Mapping(odm.Compound(Datasource),
                                                default=DEFAULT_DATASOURCES)
    # Filestore configuration
    filestore: Filestore = odm.Compound(Filestore, default=DEFAULT_FILESTORE)
    # Logging configuration
    logging: Logging = odm.Compound(Logging, default=DEFAULT_LOGGING)
    # Service configuration
    services: Services = odm.Compound(Services, default=DEFAULT_SERVICES)
    # System configuration
    system: System = odm.Compound(System, default=DEFAULT_SYSTEM)
    # UI configuration parameters
    ui: UI = odm.Compound(UI, default=DEFAULT_UI)
    # Options for how submissions will be processed
    submission: Submission = odm.Compound(Submission,
                                          default=DEFAULT_SUBMISSION)
Ejemplo n.º 18
0
    class Dynamic(odm.Model):
        @odm.model(index=True, store=False)
        class DynamicProcess(odm.Model):
            command_line = odm.Optional(
                odm.List(odm.Keyword(copyto="__text__")))
            file_name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))

        @odm.model(index=True, store=False)
        class DynamicSignature(odm.Model):
            category = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
            family = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
            name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))

        @odm.model(index=True, store=False)
        class DynamicSSDeep(odm.Model):
            cls_ids = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")))
            dynamic_classes = odm.Optional(
                odm.List(odm.SSDeepHash(copyto="__text__")))
            regkeys = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")))

        @odm.model(index=True, store=False)
        class DynamicWindow(odm.Model):
            cls_ids = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
            dynamic_classes = odm.Optional(
                odm.List(odm.Keyword(copyto="__text__")))
            regkeys = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))

        autorun_location = odm.Optional(
            odm.List(odm.Keyword(copyto="__text__")))
        dos_device = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
        mutex = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
        registry_key = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
        process = odm.Optional(odm.Compound(DynamicProcess))
        signature = odm.Optional(odm.Compound(DynamicSignature))
        ssdeep = odm.Optional(odm.Compound(DynamicSSDeep))
        window = odm.Optional(odm.Compound(DynamicWindow))
Ejemplo n.º 19
0
        class FileOLE(odm.Model):
            @odm.model(index=True, store=False)
            class FileOLEMacro(odm.Model):
                sha256 = odm.Optional(odm.List(odm.SHA256(copyto="__text__")))
                suspicious_string = odm.Optional(
                    odm.List(odm.Keyword(copyto="__text__")))

            @odm.model(index=True, store=False)
            class FileOLESummary(odm.Model):
                author = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
                codepage = odm.Optional(
                    odm.List(odm.Keyword(copyto="__text__")))
                comment = odm.Optional(odm.List(
                    odm.Keyword(copyto="__text__")))
                company = odm.Optional(odm.List(
                    odm.Keyword(copyto="__text__")))
                create_time = odm.Optional(
                    odm.List(odm.Keyword(copyto="__text__")))
                last_printed = odm.Optional(
                    odm.List(odm.Keyword(copyto="__text__")))
                last_saved_by = odm.Optional(
                    odm.List(odm.Keyword(copyto="__text__")))
                last_saved_time = odm.Optional(
                    odm.List(odm.Keyword(copyto="__text__")))
                manager = odm.Optional(odm.List(
                    odm.Keyword(copyto="__text__")))
                subject = odm.Optional(odm.List(
                    odm.Keyword(copyto="__text__")))
                title = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))

            macro = odm.Optional(odm.Compound(FileOLEMacro))
            summary = odm.Optional(odm.Compound(FileOLESummary))
            clsid = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
            dde_link = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
            fib_timestamp = odm.Optional(
                odm.List(odm.Keyword(copyto="__text__")))
Ejemplo n.º 20
0
class UI(odm.Model):
    # Allow to user to download raw files
    allow_raw_downloads: bool = odm.Boolean()
    # Allow file submissions via url
    allow_url_submissions: bool = odm.Boolean()
    # Should API calls be audited and saved to a separate log file?
    audit: bool = odm.Boolean()
    # Turn on debugging
    debug: bool = odm.Boolean()
    # Which encoding will be used
    download_encoding = odm.Enum(values=["raw", "cart"])
    # Assemblyline admins email address
    email: str = odm.Optional(odm.Email())
    # Enforce the user's quotas
    enforce_quota: bool = odm.Boolean()
    # Fully qualified domain name to use for the 2-factor authentication validation
    fqdn: str = odm.Text()
    # Maximum priority for ingest API
    ingest_max_priority: int = odm.Integer()
    # Turn on read only mode in the UI
    read_only: bool = odm.Boolean()
    # Offset of the read only mode for all paging and searches
    read_only_offset: str = odm.Keyword(default="")
    # Flask secret key to store cookies and stuff
    secret_key: str = odm.Keyword()
    # Duration of the user session before the user has to login again
    session_duration: int = odm.Integer()
    # Statistics configuration
    statistics: Statistics = odm.Compound(Statistics,
                                          default=DEFAULT_STATISTICS)
    # Terms of service
    tos: str = odm.Optional(odm.Text())
    # Lock out user after accepting the terms of service
    tos_lockout: bool = odm.Boolean()
    # List of admins to notify when a user gets locked out
    tos_lockout_notify: bool = odm.Optional(odm.List(odm.Keyword()))
    # UI 4 path
    ui4_path: str = odm.Optional(odm.Keyword())
    # Headers that will be used by the url_download method
    url_submission_headers: Dict[str, str] = odm.Optional(
        odm.Mapping(odm.Keyword()))
    # Proxy that will be used by the url_download method
    url_submission_proxies: Dict[str, str] = odm.Optional(
        odm.Mapping(odm.Keyword()))
    # Validate if the session ip matches the ip the session was created from
    validate_session_ip: bool = odm.Boolean()
    # Validate if the session useragent matches the useragent the session was created with
    validate_session_useragent: bool = odm.Boolean()
Ejemplo n.º 21
0
        class FileIMG(odm.Model):
            @odm.model(index=True, store=False, description="Exiftool Information Model")
            class FileIMGExiftool(odm.Model):
                creator_tool = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Image Creation Tool")
                derived_document_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")),
                                                   description="Derived Document ID")
                document_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Document ID")
                instance_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Instance ID")
                toolkit = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Toolkit")

            exif_tool = odm.Optional(odm.Compound(FileIMGExiftool), description="Exiftool Information")
            mega_pixels = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Megapixels")
            mode = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Image Mode")
            size = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Image Size")
            sorted_metadata_hash = odm.Optional(odm.List(odm.Keyword(copyto="__text__")),
                                                description="Sorted Metadata Hash")
Ejemplo n.º 22
0
            class FilePListCFBundle(odm.Model):
                @odm.model(index=True, store=False, description="PList CF Bundle Version Model")
                class FilePListCFBundleVersion(odm.Model):
                    long = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Long Version")
                    short = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Short Version")

                development_region = odm.Optional(odm.List(odm.Keyword(copyto="__text__")),
                                                  description="Development Region")
                display_name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Display Name")
                executable = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Executable Name")
                identifier = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Identifier Name")
                name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Bundle Name")
                pkg_type = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Package Type")
                signature = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Signature")
                url_scheme = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="URL Scheme")
                version = odm.Optional(odm.Compound(FilePListCFBundleVersion), description="Bundle Version Information")
Ejemplo n.º 23
0
class FileTask(odm.Model):
    """Dispatcher internal model for tracking each file in a submission."""
    sid = odm.Keyword()
    min_classification = odm.Classification()  # Minimum classification of the file being scanned
    parent_hash = odm.Optional(odm.Keyword())
    file_info: FileInfo = odm.Compound(FileInfo)
    depth = odm.Integer()
    max_files = odm.Integer()

    def get_tag_set_name(self) -> str:
        """Get the name of a redis set where the task tags are collected."""
        return get_tag_set_name(self.sid, self.file_info.sha256)

    def get_temporary_submission_data_name(self) -> str:
        """Get the name of a redis hash where tags for a submission are collected."""
        return get_temporary_submission_data_name(self.sid, self.file_info.sha256)
Ejemplo n.º 24
0
 class Signer(odm.Model):
     version = odm.Optional(odm.Integer())
     issuer = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
     serial_number = odm.Optional(
         odm.EmptyableKeyword(copyto="__text__"))
     encryption_algorithm = odm.Optional(
         odm.EmptyableKeyword(copyto="__text__"))
     digest_algorithm = odm.Optional(
         odm.EmptyableKeyword(copyto="__text__"))
     encrypted_digest = odm.Optional(
         odm.EmptyableKeyword(copyto="__text__"))
     cert = odm.Optional(odm.Compound(Certificate))
     authenticated_attributes = odm.Optional(
         odm.List(odm.EmptyableKeyword(copyto="__text__")))
     unauthenticated_attributes = odm.Optional(
         odm.List(odm.EmptyableKeyword(copyto="__text__")))
class UserSettings(odm.Model):                                      # User's default settings
    classification = odm.Classification(
        default=Classification.UNRESTRICTED)                          # Default submission classification
    deep_scan = odm.Boolean(default=False)                            # Should a deep scan be performed
    description = odm.Keyword(default="")                             # Default description
    download_encoding = odm.Enum(values=ENCODINGS, default="cart")    # Default download encoding when downloading files
    expand_min_score = odm.Integer(default=500)                       # Auto-expand section when score bigger then this
    ignore_cache = odm.Boolean(default=False)                         # Ignore service caching
    ignore_dynamic_recursion_prevention = odm.Boolean(default=False)  # Ignore dynamic recursion prevention
    ignore_filtering = odm.Boolean(default=False)                     # Ignore filtering services
    malicious = odm.Boolean(default=False)                            # Is the file submitted known to be malicious
    priority = odm.Integer(default=1000)                              # Default priority for the submissions
    profile = odm.Boolean(default=False)                              # Should the submission do extra profiling
    service_spec = odm.Mapping(odm.Keyword(), default={})             # Default service specific settings
    services = odm.Compound(ServiceSelection, default={})             # Default service selection
    submission_view = odm.Enum(values=VIEWS, default="report")        # Default view for completed submissions
    ttl = odm.Integer(default=30)                                     # Default submission Time to Live (days)
Ejemplo n.º 26
0
class OAuthProvider(odm.Model):
    auto_create: str = odm.Boolean(default=True)
    auto_sync: str = odm.Boolean(default=False)
    auto_properties: List[OAuthAutoProperty] = odm.List(odm.Compound(OAuthAutoProperty), default=[])
    uid_regex: str = odm.Optional(odm.Keyword())
    uid_format: str = odm.Optional(odm.Keyword())
    client_id: str = odm.Optional(odm.Keyword())
    client_secret: str = odm.Optional(odm.Keyword())
    request_token_url: str = odm.Optional(odm.Keyword())
    request_token_params: str = odm.Optional(odm.Keyword())
    access_token_url: str = odm.Optional(odm.Keyword())
    access_token_params: str = odm.Optional(odm.Keyword())
    authorize_url: str = odm.Optional(odm.Keyword())
    authorize_params: str = odm.Optional(odm.Keyword())
    api_base_url: str = odm.Optional(odm.Keyword())
    client_kwargs: Dict[str, str] = odm.Optional(odm.Mapping(odm.Keyword()))
    user_get: str = odm.Keyword()
Ejemplo n.º 27
0
class ALResults(odm.Model):
    attrib = odm.List(odm.Keyword(), default=[], store=True, copyto="__text__", description="List of attribution")
    av = odm.List(odm.Keyword(), default=[], store=True, copyto="__text__", description="List of AV hits")
    behavior = odm.List(odm.Keyword(), default=[], copyto="__text__", description="List of behaviors for the alert")
    detailed = odm.Compound(DetailedResults, description="Assemblyline Detailed result block")
    domain = odm.List(odm.Domain(), default=[], copyto="__text__", description="List of all domains")
    domain_dynamic = odm.List(odm.Domain(), default=[], description="List of domains found during Dynamic Analysis")
    domain_static = odm.List(odm.Domain(), default=[], description="List of domains found during Static Analysis")
    ip = odm.List(odm.IP(), default=[], copyto="__text__", description="List of all IPs")
    ip_dynamic = odm.List(odm.IP(), default=[], description="List of IPs found during Dynamic Analysis")
    ip_static = odm.List(odm.IP(), default=[], description="List of IPs found during Static Analysis")
    request_end_time = odm.Date(index=False, description="Finish time of the Assemblyline submission")
    score = odm.Integer(store=True, description="Maximum score found in the submission")
    uri = odm.List(odm.URI(), default=[], copyto="__text__", description="List of all URIs")
    uri_dynamic = odm.List(odm.URI(), default=[], description="List of URIs found during Dynamic Analysis")
    uri_static = odm.List(odm.URI(), default=[], description="List of URIs found during Static Analysis")
    yara = odm.List(odm.Keyword(), default=[], copyto="__text__", description="List of YARA rule hits")
Ejemplo n.º 28
0
        class FileSWF(odm.Model):
            @odm.model(index=True, store=False)
            class FileSWFHeader(odm.Model):
                @odm.model(index=True, store=False)
                class FileSWFHeaderFrame(odm.Model):
                    count = odm.Optional(odm.List(odm.Integer()))
                    rate = odm.Optional(odm.List(odm.Keyword()))
                    size = odm.Optional(
                        odm.List(odm.Keyword(copyto="__text__")))

                frame = odm.Optional(odm.Compound(FileSWFHeaderFrame))
                version = odm.Optional(odm.List(
                    odm.Keyword(copyto="__text__")))

            header = odm.Optional(odm.Compound(FileSWFHeader))
            tags_ssdeep = odm.Optional(
                odm.List(odm.SSDeepHash(copyto="__text__")))
Ejemplo n.º 29
0
                class LangCode_Item(odm.Model):
                    @odm.model(index=True, store=False)
                    class Item(odm.Model):
                        key = odm.Optional(
                            odm.EmptyableKeyword(copyto="__text__"))
                        value = odm.Optional(
                            odm.EmptyableKeyword(copyto="__text__"))

                    key = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
                    type = odm.Optional(odm.Integer())
                    lang = odm.Optional(
                        odm.EmptyableKeyword(copyto="__text__"))
                    sublang = odm.Optional(
                        odm.EmptyableKeyword(copyto="__text__"))
                    code_page = odm.Optional(
                        odm.EmptyableKeyword(copyto="__text__"))
                    items = odm.Optional(odm.List(odm.Compound(Item)))
Ejemplo n.º 30
0
class UpdateSourceDelta(odm.Model):
    name = odm.Optional(
        odm.Keyword(),
        description=
        "Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
    password = odm.Optional(
        odm.Keyword(default=""),
        description=
        "Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
    pattern = odm.Optional(
        odm.Keyword(default=""),
        description=
        "Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
    private_key = odm.Optional(
        odm.Keyword(default=""),
        description=
        "Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
    ca_cert = odm.Optional(
        odm.Keyword(default=""),
        description=
        "Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
    ssl_ignore_errors = odm.Boolean(
        default=False,
        description=
        "Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
    proxy = odm.Optional(
        odm.Keyword(default=""),
        description=
        "Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
    uri = odm.Optional(
        odm.Keyword(),
        description=
        "Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
    username = odm.Optional(
        odm.Keyword(default=""),
        description=
        "Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
    headers = odm.Optional(
        odm.List(odm.Compound(EnvironmentVariable)),
        description=
        "Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
    default_classification = odm.Optional(
        odm.Classification(),
        description=
        "Refer to:<br>[Service - UpdateSource](../service/#updatesource)")