class DockerConfig(odm.Model): allow_internet_access: bool = odm.Boolean( default=False, description="Does the container have internet-access?") command: Opt[list[str]] = odm.Optional( odm.List(odm.Keyword()), description="Command to run when container starts up.") cpu_cores: float = odm.Float(default=1.0, description="CPU allocation") environment: list[EnvironmentVariable] = odm.List( odm.Compound(EnvironmentVariable), default=[], description="Additional environemnt variables for the container") image: str = odm.Keyword( description= "Complete name of the Docker image with tag, may include registry") registry_username: Opt[str] = odm.Optional( odm.Keyword(), description="The username to use when pulling the image") registry_password: Opt[str] = odm.Optional( odm.Keyword(), description="The password or token to use when pulling the image") registry_type: str = odm.Enum(values=["docker", "harbor"], default='docker', description="The type of container registry") ports: list[str] = odm.List( odm.Keyword(), default=[], description="What ports of container to expose?") ram_mb: int = odm.Integer(default=512, description="Container RAM limit") ram_mb_min: int = odm.Integer(default=128, description="Container RAM request")
class Alerter(odm.Model): alert_ttl: int = odm.Integer( description="Time to live (days) for an alert in the system") constant_alert_fields: List[str] = odm.List( odm.Keyword(), description= "List of fields that should not change during an alert update") default_group_field: str = odm.Keyword( description="Default field used for alert grouping view") delay: int = odm.Integer( description= "Time in seconds that we give extended scans and workflow to complete their work " "before we start showing alerts in the alert viewer.") filtering_group_fields: List[str] = odm.List( odm.Keyword(), description= "List of group fields that when selected will ignore certain alerts where this field is missing." ) non_filtering_group_fields: List[str] = odm.List( odm.Keyword(), description= "List of group fields that are sure to be present in all alerts.") process_alert_message: str = odm.Keyword( description= "Python path to the function that will process an alert message.") threshold: int = odm.Integer( description= "Minimum score to reach for a submission to be considered an alert.")
class ALResults(odm.Model): # Assemblyline result block attrib = odm.List(odm.Keyword(), default=[], copyto="__text__") # List of attribution av = odm.List(odm.Keyword(), default=[], store=True, copyto="__text__") # List of AV hits behavior = odm.List(odm.Keyword(), default=[], copyto="__text__") # List of behaviors for the alert domain = odm.List(odm.Domain(), default=[], copyto="__text__") # List of all domains domain_dynamic = odm.List( odm.Domain(), default=[]) # List of domains found during dynamic analysis domain_static = odm.List( odm.Domain(), default=[]) # List of domains foudn during static analysis ip = odm.List(odm.IP(), default=[], copyto="__text__") # List of all IPs ip_dynamic = odm.List( odm.IP(), default=[]) # List of IPs found during dynamic analysis ip_static = odm.List( odm.IP(), default=[]) # List of IPs found during static analysis request_end_time = odm.Date( index=False) # End time of the Assemblyline submission score = odm.Integer(store=True) # Maximum score found in the submission yara = odm.List(odm.Keyword(), default=[], copyto="__text__") # List of yara hits
class Submission(odm.Model): archive_ts = odm.Date(store=False) # Archiving timestamp classification = odm.Classification() # Classification of the submission error_count = odm.Integer() # Total number of errors in the submission errors = odm.List(odm.Keyword(), store=False) # List of error keys expiry_ts = odm.Optional(odm.Date(store=False)) # Expiry timestamp file_count = odm.Integer() # Total number of files in the submission files: List[File] = odm.List( odm.Compound(File)) # List of files that were originally submitted max_score = odm.Integer() # Maximum score of all the files in the scan metadata = odm.FlattenedObject( store=False) # Metadata associated to the submission params: SubmissionParams = odm.Compound( SubmissionParams) # Submission detail blocs results: List[str] = odm.List(odm.Keyword(), store=False) # List of result keys sid = odm.UUID(copyto="__text__") # Submission ID state = odm.Enum(values=SUBMISSION_STATES) # Status of the submission times = odm.Compound(Times, default={}) # Timing bloc verdict = odm.Compound(Verdict, default={}) # Verdict timing def is_submit(self): return self.state == 'submitted' def is_complete(self): return self.state == 'completed' def is_initial(self): return self.is_submit() and not self.params.psid
class FilePListDTPlatform(odm.Model): build = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) name = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) version = odm.Optional( odm.List(odm.Keyword(copyto="__text__")))
class Ingester(odm.Model): default_user: str = odm.Keyword() default_services: List[str] = odm.List(odm.Keyword()) default_resubmit_services: List[str] = odm.List(odm.Keyword()) # When a description is automatically generated, it will be the # hash prefixed by this string description_prefix: str = odm.Keyword() # Path to a callback function filtering ingestion tasks that should have their # priority forcefully reset to low is_low_priority: str = odm.Keyword() get_whitelist_verdict: str = odm.Keyword() whitelist: str = odm.Keyword() # Default values for parameters that may be overridden on a per submission basis # How many extracted files may be added to a Submission default_max_extracted: int = odm.Integer() # How many supplementary files may be added to a submission default_max_supplementary: int = odm.Integer() # Drop a task altogether after this many seconds expire_after: int = odm.Integer() stale_after_seconds: int = odm.Integer() # How long should scores be cached in the ingester incomplete_expire_after_seconds: int = odm.Integer() incomplete_stale_after_seconds: int = odm.Integer() # How long can a queue get before we start dropping files sampling_at: Dict[str, int] = odm.Mapping(odm.Integer()) max_inflight = odm.Integer() # How long are files results cached cache_dtl: int = odm.Integer()
class Signature(odm.Model): @odm.model( description= "The subject of the signature, aka something interesting that the signature was raised on that is worth reporting" ) class Subject(odm.Model): ip = odm.Optional(odm.IP(), description="Subject's IP") domain = odm.Optional(odm.Domain(), description="Subject's domain") uri = odm.Optional(odm.URI(), description="Subject's URI") process = odm.Optional(odm.Compound(Process), description="Subject's process") file = odm.Optional(odm.Text(), description="Subject's file") registry = odm.Optional(odm.Text(), description="Subject's registry key") name = odm.Keyword(description="The name of the signature") process = odm.Optional( odm.Compound(Process), description="The process associated with the signature") subjects = odm.Optional( odm.List(odm.Compound(Subject)), description= "A list of subjects. A signature can have more than one subject.") description = odm.Optional( odm.Keyword(), description="The description of the signature") attack = odm.Optional( odm.List(odm.Compound(Attack)), description= "A list of Att&ck patterns and categories of the signature")
class Certificate(odm.Model): @odm.model(index=True, store=False) class RSA_Info(odm.Model): d_param = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) e_param = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) n_param = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) p_param = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) q_param = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) version = odm.Optional(odm.Integer()) subject = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) issuer = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) serial_number = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) key_size = odm.Optional(odm.Integer()) key_type = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) key_usage = odm.Optional(odm.List(odm.EmptyableKeyword(copyto="__text__"))) certificate_policies = odm.Optional( odm.List(odm.EmptyableKeyword(copyto="__text__"))) ext_key_usage = odm.Optional( odm.List(odm.EmptyableKeyword(copyto="__text__"))) valid_from = odm.Optional(odm.Date()) valid_to = odm.Optional(odm.Date()) signature = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) signature_algorithm = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) is_trusted = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) raw_hex = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) rsa_info = odm.Optional(odm.Compound(RSA_Info))
class Signature(odm.Model): @odm.model(index=True, store=False) class Signer(odm.Model): version = odm.Optional(odm.Integer()) issuer = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) serial_number = odm.Optional( odm.EmptyableKeyword(copyto="__text__")) encryption_algorithm = odm.Optional( odm.EmptyableKeyword(copyto="__text__")) digest_algorithm = odm.Optional( odm.EmptyableKeyword(copyto="__text__")) encrypted_digest = odm.Optional( odm.EmptyableKeyword(copyto="__text__")) cert = odm.Optional(odm.Compound(Certificate)) authenticated_attributes = odm.Optional( odm.List(odm.EmptyableKeyword(copyto="__text__"))) unauthenticated_attributes = odm.Optional( odm.List(odm.EmptyableKeyword(copyto="__text__"))) @odm.model(index=True, store=False) class Content_Info(odm.Model): algorithm = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) digest = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) content_type = odm.Optional( odm.EmptyableKeyword(copyto="__text__")) version = odm.Optional(odm.Integer()) algorithm = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) signers = odm.Optional(odm.List(odm.Compound(Signer))) certificates = odm.Optional(odm.List(odm.Compound(Certificate))) content_info = odm.Optional(odm.Compound(Content_Info)) check = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
class FileShortcut(odm.Model): command_line = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Command Line") icon_location = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Icon Location") machine_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Machine ID") tracker_mac = odm.Optional( odm.List(odm.Keyword(copyto="__text__")), description="Possible MAC address from the Tracker block" )
class Queues(odm.Model): ingest = odm.Integer(description="Number of submissions in ingest queue") start = odm.List(odm.Integer(), description="Number of submissions that started") result = odm.List(odm.Integer(), description="Number of results in queue") command = odm.List(odm.Integer(), description="Number of commands in queue")
class Task(odm.Model): sid = odm.UUID() fileinfo: FileInfo = odm.Compound(FileInfo) # File info block filename = odm.Keyword() service_name = odm.Keyword() service_config = odm.Mapping(odm.Any(), default={}) # Service specific parameters depth = odm.Integer(default=0) max_files = odm.Integer() ttl = odm.Integer(default=0) tags = odm.List(odm.Compound(TagItem), default=[]) temporary_submission_data = odm.List(odm.Compound(DataItem), default=[]) deep_scan = odm.Boolean(default=False) # Whether the service cache should be ignored during the processing of this task ignore_cache = odm.Boolean(default=False) # Priority for processing order priority = odm.Integer(default=0) @staticmethod def make_key(sid, service_name, sha): return f"{sid}_{service_name}_{sha}" def key(self): return Task.make_key(self.sid, self.service_name, self.fileinfo.sha256)
class FileOLE(odm.Model): @odm.model(index=True, store=False, description="OLE Macro Model") class FileOLEMacro(odm.Model): sha256 = odm.Optional(odm.List(odm.SHA256(copyto="__text__")), description="SHA256 of Macro") suspicious_string = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Suspicious Strings") @odm.model(index=True, store=False, description="OLE Summary Model") class FileOLESummary(odm.Model): author = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Author") codepage = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Code Page") comment = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Comment") company = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Company") create_time = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Creation Time") last_printed = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Date Last Printed") last_saved_by = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="User Last Saved By") last_saved_time = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Date Last Saved") manager = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Manager") subject = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Subject") title = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Title") macro = odm.Optional(odm.Compound(FileOLEMacro), description="OLE Macro") summary = odm.Optional(odm.Compound(FileOLESummary), description="OLE Summary") clsid = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="CLSID") dde_link = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="DDE Link") fib_timestamp = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="FIB Timestamp")
class FileIMGExiftool(odm.Model): creator_tool = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Image Creation Tool") derived_document_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Derived Document ID") document_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Document ID") instance_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Instance ID") toolkit = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Toolkit")
class Task(odm.Model): sid = odm.UUID() metadata = odm.FlattenedObject() # Metadata associated to the submission min_classification = odm.Classification( ) # Minimum classification of the file being scanned fileinfo: FileInfo = odm.Compound(FileInfo) # File info block filename = odm.Keyword() service_name = odm.Keyword() service_config = odm.Mapping(odm.Any(), default={}) # Service specific parameters depth = odm.Integer(default=0) max_files = odm.Integer() ttl = odm.Integer(default=0) tags = odm.List(odm.Compound(TagItem), default=[]) temporary_submission_data = odm.List(odm.Compound(DataItem), default=[]) deep_scan = odm.Boolean(default=False) # Whether the service cache should be ignored during the processing of this task ignore_cache = odm.Boolean(default=False) # Whether the service should ignore the dynamic recursion prevention or not ignore_dynamic_recursion_prevention = odm.Boolean(default=False) # Priority for processing order priority = odm.Integer(default=0) @staticmethod def make_key(sid, service_name, sha): return f"{sid}_{service_name}_{sha}" def key(self): return Task.make_key(self.sid, self.service_name, self.fileinfo.sha256)
class FilePE(odm.Model): @odm.model(index=True, store=False) class FilePEExports(odm.Model): function_name = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) module_name = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) @odm.model(index=True, store=False) class FilePEImports(odm.Model): fuzzy = odm.Optional( odm.List(odm.SSDeepHash(copyto="__text__"))) md5 = odm.Optional(odm.List(odm.MD5(copyto="__text__"))) sorted_fuzzy = odm.Optional( odm.List(odm.SSDeepHash(copyto="__text__"))) sorted_sha1 = odm.Optional( odm.List(odm.SHA1(copyto="__text__"))) suspicious = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) @odm.model(index=True, store=False) class FilePELinker(odm.Model): timestamp = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) @odm.model(index=True, store=False) class FilePEOEP(odm.Model): bytes = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) hexdump = odm.Optional(odm.List( odm.Keyword(copyto="__text__"))) @odm.model(index=True, store=False) class FilePEResources(odm.Model): language = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) name = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) @odm.model(index=True, store=False) class FilePESections(odm.Model): hash = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) name = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) @odm.model(index=True, store=False) class FilePEVersions(odm.Model): description = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) filename = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) api_vector = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) exports = odm.Optional(odm.Compound(FilePEExports)) imports = odm.Optional(odm.Compound(FilePEImports)) linker = odm.Optional(odm.Compound(FilePELinker)) oep = odm.Optional(odm.Compound(FilePEOEP)) pdb_filename = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) resources = odm.Optional(odm.Compound(FilePEResources)) sections = odm.Optional(odm.Compound(FilePESections)) versions = odm.Optional(odm.Compound(FilePEVersions))
class DockerConfig(odm.Model): allow_internet_access: bool = odm.Boolean(default=False) command: Opt[List[str]] = odm.Optional(odm.List(odm.Keyword())) cpu_cores: float = odm.Float(default=1.0) environment: List[EnvironmentVariable] = odm.List(odm.Compound(EnvironmentVariable), default=[]) image: str = odm.Keyword() # Complete name of the Docker image with tag ports: List[str] = odm.List(odm.Keyword(), default=[]) ram_mb: int = odm.Integer(default=1024)
class DockerConfigDelta(odm.Model): allow_internet_access = odm.Optional(odm.Boolean()) command = odm.Optional(odm.List(odm.Keyword())) cpu_cores = odm.Optional(odm.Float()) environment = odm.Optional(odm.List(odm.Compound(EnvironmentVariable))) image = odm.Optional(odm.Keyword()) ports = odm.Optional(odm.List(odm.Keyword())) ram_mb = odm.Optional(odm.Integer())
class Alerter(odm.Model): alert_ttl: int = odm.Integer() constant_alert_fields: List[str] = odm.List(odm.Keyword()) default_group_field: str = odm.Keyword() delay: int = odm.Integer() filtering_group_fields: List[str] = odm.List(odm.Keyword()) non_filtering_group_fields: List[str] = odm.List(odm.Keyword()) process_alert_message: str = odm.Keyword()
class Statistics(odm.Model): alert: List[str] = odm.List( odm.Keyword(), description="Fields used to generate statistics in the Alerts page") submission: List[str] = odm.List( odm.Keyword(), description="Fields used to generate statistics in the Submissions page" )
class FilePE(odm.Model): @odm.model(index=True, store=False, description="PE Debug Model") class FilePEDebug(odm.Model): guid = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="GUID") @odm.model(index=True, store=False, description="PE Exports Model") class FilePEExports(odm.Model): function_name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Function Name") module_name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Module Name") @odm.model(index=True, store=False, description="PE Imports Model") class FilePEImports(odm.Model): fuzzy = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Fuzzy") md5 = odm.Optional(odm.List(odm.MD5(copyto="__text__")), description="MD5") imphash = odm.Optional(odm.List(odm.MD5(copyto="__text__")), description="Imphash") sorted_fuzzy = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Sorted Fuzzy") sorted_sha1 = odm.Optional(odm.List(odm.SHA1(copyto="__text__")), description="Sorted SHA1") suspicious = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Suspicious") @odm.model(index=True, store=False, description="PE Linker Model") class FilePELinker(odm.Model): timestamp = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Timestamp") @odm.model(index=True, store=False, description="PE OEP Model") class FilePEOEP(odm.Model): bytes = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Bytes") hexdump = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Hex Dump") @odm.model(index=True, store=False, description="PE Resources Model") class FilePEResources(odm.Model): language = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Language") name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Name") @odm.model(index=True, store=False, description="PE Rich Header Model") class FilePERichHeader(odm.Model): hash = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Hash") @odm.model(index=True, store=False, description="PE Sections Model") class FilePESections(odm.Model): hash = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Hash") name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Name") @odm.model(index=True, store=False, description="PE Versions Model") class FilePEVersions(odm.Model): description = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Description") filename = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Filename") api_vector = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="API Vector") debug = odm.Optional(odm.Compound(FilePEDebug), description="PE Debug Information") exports = odm.Optional(odm.Compound(FilePEExports), description="PE Exports Information") imports = odm.Optional(odm.Compound(FilePEImports), description="PE Imports Information") linker = odm.Optional(odm.Compound(FilePELinker), description="PE Linker Information") oep = odm.Optional(odm.Compound(FilePEOEP), description="PE OEP Information") pdb_filename = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="PDB Filename") resources = odm.Optional(odm.Compound(FilePEResources), description="PE Resources Information") rich_header = odm.Optional(odm.Compound(FilePERichHeader), description="PE Rich Header Information") sections = odm.Optional(odm.Compound(FilePESections), description="PE Sections Information") versions = odm.Optional(odm.Compound(FilePEVersions), description="PE Versions Information")
class Task(odm.Model): sid = odm.UUID(description="Submission ID") metadata = odm.FlattenedObject( description="Metadata associated to the submission") min_classification = odm.Classification( description="Minimum classification of the file being scanned") fileinfo: FileInfo = odm.Compound(FileInfo, description="File info block") filename = odm.Keyword(description="File name") service_name = odm.Keyword(description="Service name") service_config = odm.Mapping(odm.Any(), default={}, description="Service specific parameters") depth = odm.Integer( default=0, description="File depth relative to initital submitted file") max_files = odm.Integer( description="Maximum number of files that submission can have") ttl = odm.Integer(default=0, description="Task TTL") tags = odm.List(odm.Compound(TagItem), default=[], description="List of tags") temporary_submission_data = odm.List( odm.Compound(DataItem), default=[], description="Temporary submission data") deep_scan = odm.Boolean(default=False, description="Perform deep scanning") ignore_cache = odm.Boolean( default=False, description= "Whether the service cache should be ignored during the processing of this task" ) ignore_dynamic_recursion_prevention = odm.Boolean( default=False, description= "Whether the service should ignore the dynamic recursion prevention or not" ) ignore_filtering = odm.Boolean( default=False, description="Should the service filter it's output?") priority = odm.Integer(default=0, description="Priority for processing order") safelist_config = odm.Compound( ServiceSafelist, description= "Safelisting configuration (as defined in global configuration)", default={'enabled': False}) @staticmethod def make_key(sid, service_name, sha): return f"{sid}_{service_name}_{sha}" def key(self): return Task.make_key(self.sid, self.service_name, self.fileinfo.sha256)
class ResultOntology(odm.Model): header = odm.Compound(ResultOntologyHeader, description="Result Ontology Header") antivirus = odm.Optional(odm.List(odm.Compound(Antivirus)), description="List of Antivirus Ontologies") pe = odm.Optional(odm.List(odm.Compound(PE)), description="List of PE Ontologies") sandbox = odm.Optional(odm.List(odm.Compound(Sandbox)), description="List of Sandbox Ontologies")
class User(odm.Model): agrees_with_tos = odm.Optional( odm.Date(index=False, store=False), description="Date the user agree with terms of service") api_quota = odm.Integer( default=10, store=False, description="Maximum number of concurrent API requests") apikeys = odm.Mapping(odm.Compound(ApiKey), default={}, index=False, store=False, description="Mapping of API keys") apps = odm.Mapping(odm.Compound(Apps), default={}, index=False, store=False, description="Applications with access to the account") can_impersonate = odm.Boolean( default=False, index=False, store=False, description="Allowed to query on behalf of others?") classification = odm.Classification( is_user_classification=True, copyto="__text__", default=Classification.UNRESTRICTED, description="Maximum classification for the user") dn = odm.Optional(odm.Keyword(store=False, copyto="__text__"), description="User's LDAP DN") email = odm.Optional(odm.Email(copyto="__text__"), description="User's email address") groups = odm.List(odm.Keyword(), copyto="__text__", default=["USERS"], description="List of groups the user submits to") is_active = odm.Boolean(default=True, description="Is the user active?") name = odm.Keyword(copyto="__text__", description="Full name of the user") otp_sk = odm.Optional( odm.Keyword(index=False, store=False), description="Secret key to generate one time passwords") password = odm.Keyword(index=False, store=False, description="BCrypt hash of the user's password") submission_quota = odm.Integer( default=5, store=False, description="Maximum number of concurrent submissions") type = odm.List(odm.Enum(values=USER_TYPES), default=['user'], description="Type of user") security_tokens = odm.Mapping(odm.Keyword(), index=False, store=False, default={}, description="Map of security tokens") uname = odm.Keyword(copyto="__text__", description="Username")
class AlertingMeta(odm.Model): important: List[str] = odm.List( odm.Keyword(), description="Metadata keys that are considered important") subject: List[str] = odm.List( odm.Keyword(), description="Metadata keys that refer to an email's subject") url: List[str] = odm.List(odm.Keyword(), description="Metadata keys that refer to a URL")
class ResponseBody(odm.Model): milestones = odm.Compound(Milestone, default={}) # Milestone block service_version = odm.Keyword(store=False) # Version of the service service_name = odm.Keyword(copyto="__text__") # Name of the service that scan the file service_tool_version = odm.Optional(odm.Keyword(copyto="__text__")) # Tool version of the service supplementary = odm.List(odm.Compound(File), default=[]) # List of supplementary files extracted = odm.List(odm.Compound(File), default=[]) # List of extracted files service_context = odm.Optional(odm.Keyword(index=False, store=False)) # Context about the service service_debug_info = odm.Optional(odm.Keyword(index=False, store=False)) # Debug info about the service
class ServiceSelection(odm.Model): selected = odm.List(odm.Keyword(), default=DEFAULT_SRV_SEL ) # List of selected services for the submission excluded = odm.List( odm.Keyword(), default=[]) # List of excluded services for the submission resubmit = odm.List( odm.Keyword(), default=DEFAULT_RESUBMIT) # Add to service selection when resubmitting
class Header(odm.Model): characteristics_hash = odm.Optional(odm.Integer()) characteristics_list = odm.Optional( odm.List(odm.EmptyableKeyword(copyto="__text__"))) machine = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) numberof_sections = odm.Optional(odm.Integer()) numberof_symbols = odm.Optional(odm.Integer()) signature = odm.Optional(odm.List(odm.Integer())) timestamp = odm.Optional(odm.Integer()) hr_timestamp = odm.Optional(odm.Date())
class FilePEImports(odm.Model): fuzzy = odm.Optional( odm.List(odm.SSDeepHash(copyto="__text__"))) md5 = odm.Optional(odm.List(odm.MD5(copyto="__text__"))) sorted_fuzzy = odm.Optional( odm.List(odm.SSDeepHash(copyto="__text__"))) sorted_sha1 = odm.Optional( odm.List(odm.SHA1(copyto="__text__"))) suspicious = odm.Optional( odm.List(odm.Keyword(copyto="__text__")))
class Verdict(odm.Model): malicious = odm.List( odm.Keyword(), default=[], description="List of user that thinks this submission is malicious") non_malicious = odm.List( odm.Keyword(), default=[], description="List of user that thinks this submission is non-malicious" )