class DockerConfig(odm.Model):
allow_internet_access: bool = odm.Boolean(
default=False, description="Does the container have internet-access?")
command: Opt[list[str]] = odm.Optional(
odm.List(odm.Keyword()),
description="Command to run when container starts up.")
cpu_cores: float = odm.Float(default=1.0, description="CPU allocation")
environment: list[EnvironmentVariable] = odm.List(
odm.Compound(EnvironmentVariable),
default=[],
description="Additional environemnt variables for the container")
image: str = odm.Keyword(
description=
"Complete name of the Docker image with tag, may include registry")
registry_username: Opt[str] = odm.Optional(
odm.Keyword(),
description="The username to use when pulling the image")
registry_password: Opt[str] = odm.Optional(
odm.Keyword(),
description="The password or token to use when pulling the image")
registry_type: str = odm.Enum(values=["docker", "harbor"],
default='docker',
description="The type of container registry")
ports: list[str] = odm.List(
odm.Keyword(),
default=[],
description="What ports of container to expose?")
ram_mb: int = odm.Integer(default=512, description="Container RAM limit")
ram_mb_min: int = odm.Integer(default=128,
description="Container RAM request")
class FileShortcut(odm.Model):
command_line = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Command Line")
icon_location = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Icon Location")
machine_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Machine ID")
tracker_mac = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")), description="Possible MAC address from the Tracker block"
)
class Signature(odm.Model):
@odm.model(
description=
"The subject of the signature, aka something interesting that the signature was raised on that is worth reporting"
)
class Subject(odm.Model):
ip = odm.Optional(odm.IP(), description="Subject's IP")
domain = odm.Optional(odm.Domain(), description="Subject's domain")
uri = odm.Optional(odm.URI(), description="Subject's URI")
process = odm.Optional(odm.Compound(Process),
description="Subject's process")
file = odm.Optional(odm.Text(), description="Subject's file")
registry = odm.Optional(odm.Text(),
description="Subject's registry key")
name = odm.Keyword(description="The name of the signature")
process = odm.Optional(
odm.Compound(Process),
description="The process associated with the signature")
subjects = odm.Optional(
odm.List(odm.Compound(Subject)),
description=
"A list of subjects. A signature can have more than one subject.")
description = odm.Optional(
odm.Keyword(), description="The description of the signature")
attack = odm.Optional(
odm.List(odm.Compound(Attack)),
description=
"A list of Att&ck patterns and categories of the signature")
class Current(odm.Model):
"""The current assignment for a service worker"""
status: str = odm.Enum(values=STATUSES,
default='INITIALIZING') # Status of the client
task: Opt[Task] = odm.Optional(odm.Compound(Task))
task_timeout: Opt[datetime] = odm.Optional(
odm.Date()) # Time the task was assigned to the client
class Service(odm.Model):
# Regexes applied to assemblyline style file type string
accepts = odm.Keyword(store=True, default=DEFAULT_SERVICE_ACCEPTS)
rejects = odm.Optional(
odm.Keyword(store=True, default=DEFAULT_SERVICE_REJECTS))
category = odm.Keyword(store=True,
default="Static Analysis",
copyto="__text__")
config = odm.Mapping(odm.Any(), default={}, index=False, store=False)
description = odm.Text(store=True, default="NA", copyto="__text__")
default_result_classification = odm.ClassificationString(
default=Classification.UNRESTRICTED)
enabled = odm.Boolean(store=True, default=False)
is_external = odm.Boolean(default=False)
licence_count = odm.Integer(default=0)
name = odm.Keyword(store=True, copyto="__text__")
version = odm.Keyword(store=True)
# Should the result cache be disabled for this service
disable_cache = odm.Boolean(default=False)
stage = odm.Keyword(store=True, default="CORE", copyto="__text__")
submission_params: SubmissionParams = odm.List(
odm.Compound(SubmissionParams), index=False, default=[])
timeout = odm.Integer(default=60)
docker_config: DockerConfig = odm.Compound(DockerConfig)
dependencies = odm.Mapping(odm.Compound(DependencyConfig), default={})
update_channel: str = odm.Enum(values=["stable", "rc", "beta", "dev"],
default='stable')
update_config: UpdateConfig = odm.Optional(odm.Compound(UpdateConfig))
class Alert(odm.Model):
alert_id = odm.Keyword(copyto="__text__") # ID of the alert
al = odm.Compound(ALResults) # Assemblyline result block
archive_ts = odm.Date(store=False) # Archiving timestamp
attack = odm.Compound(Attack) # Attack result block
classification = odm.Classification() # Classification of the alert
expiry_ts = odm.Optional(odm.Date(store=False)) # Expiry timestamp
extended_scan = odm.Enum(values=EXTENDED_SCAN_VALUES,
store=False) # Status of the extended scan
file = odm.Compound(File) # File block
filtered = odm.Boolean(default=False) # Are the alert result filtered
heuristic = odm.Compound(Heuristic) # Heuristic result block
label = odm.List(odm.Keyword(), copyto="__text__",
default=[]) # List of labels applied to the alert
metadata = odm.FlattenedObject(
default={}, store=False) # Metadata submitted with the file
owner = odm.Optional(odm.Keyword()) # Owner of the alert
priority = odm.Optional(
odm.Enum(values=PRIORITIES)) # Priority applied to the alert
reporting_ts = odm.Date() # Time at which the alert was created
sid = odm.UUID(store=False) # ID of the submission related to this alert
status = odm.Optional(
odm.Enum(values=STATUSES)) # Status applied to the alert
ts = odm.Date() # Timestamp at which the file was submitted
type = odm.Keyword() # Type of alert
verdict = odm.Compound(Verdict, default={}) # Verdict timing
class FilePListDTPlatform(odm.Model):
build = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
name = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
version = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
class AppProvider(odm.Model):
access_token_url: str = odm.Keyword()
user_get: str = odm.Optional(odm.Keyword())
group_get: str = odm.Optional(odm.Keyword())
scope: str = odm.Keyword()
client_id: str = odm.Optional(odm.Keyword())
client_secret: str = odm.Optional(odm.Keyword())
class IngestTask(odm.Model):
# Submission Parameters
submission: Submission = odm.Compound(Submission)
# Shortcut for properties of the submission
@property
def file_size(self) -> int:
return sum(file.size for file in self.submission.files)
@property
def params(self) -> SubmissionParams:
return self.submission.params
@property
def sha256(self) -> str:
return self.submission.files[0].sha256
# Information about the ingestion itself, parameters irrelevant
scan_key = odm.Optional(odm.Keyword()) # the filescore key
retries = odm.Integer(default=0)
# Fields added after a submission is complete for notification/bookkeeping processes
failure = odm.Text(
default='') # If the ingestion has failed for some reason, what is it?
score = odm.Optional(
odm.Integer()) # Score from previous processing of this file
extended_scan = odm.Enum(EXTENDED_SCAN_VALUES, default="skipped")
ingest_id = odm.UUID()
ingest_time = odm.Date(default="NOW")
class FileOLE(odm.Model):
@odm.model(index=True, store=False, description="OLE Macro Model")
class FileOLEMacro(odm.Model):
sha256 = odm.Optional(odm.List(odm.SHA256(copyto="__text__")), description="SHA256 of Macro")
suspicious_string = odm.Optional(odm.List(odm.Keyword(copyto="__text__")),
description="Suspicious Strings")
@odm.model(index=True, store=False, description="OLE Summary Model")
class FileOLESummary(odm.Model):
author = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Author")
codepage = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Code Page")
comment = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Comment")
company = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Company")
create_time = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Creation Time")
last_printed = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Date Last Printed")
last_saved_by = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="User Last Saved By")
last_saved_time = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Date Last Saved")
manager = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Manager")
subject = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Subject")
title = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Title")
macro = odm.Optional(odm.Compound(FileOLEMacro), description="OLE Macro")
summary = odm.Optional(odm.Compound(FileOLESummary), description="OLE Summary")
clsid = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="CLSID")
dde_link = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="DDE Link")
fib_timestamp = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="FIB Timestamp")
class FileIMGExiftool(odm.Model):
creator_tool = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Image Creation Tool")
derived_document_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")),
description="Derived Document ID")
document_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Document ID")
instance_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Instance ID")
toolkit = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Toolkit")
class SMTP(odm.Model):
from_adr: str = odm.Optional(odm.Keyword())
host: str = odm.Optional(odm.Keyword())
password: str = odm.Optional(odm.Keyword())
port: int = odm.Integer()
tls: bool = odm.Boolean()
user: str = odm.Optional(odm.Keyword())
class ESMetrics(odm.Model):
hosts: str = odm.Optional(odm.List(odm.Keyword()))
host_certificates: str = odm.Optional(odm.Keyword())
warm: int = odm.Integer()
cold: int = odm.Integer()
delete: int = odm.Integer()
unit = odm.Enum(['d', 'h', 'm'])
class Statistics(odm.Model):
count = odm.Integer(default=0)
min = odm.Integer(default=0)
max = odm.Integer(default=0)
avg = odm.Integer(default=0)
sum = odm.Integer(default=0)
first_hit = odm.Optional(odm.Date())
last_hit = odm.Optional(odm.Date())
class Section(odm.Model):
body = odm.Optional(odm.Text(copyto="__text__")) # Text body of the result section
classification = odm.Classification() # Classification of the section
body_format = odm.Enum(values=BODY_FORMAT, index=False) # Type of body in this section
depth = odm.Integer(index=False) # Depth of the section
heuristic = odm.Optional(odm.Compound(Heuristic)) # Heuristic used to score result section
tags = odm.Compound(Tagging, default={}) # List of tags associated to this section
title_text = odm.Text(copyto="__text__") # Title of the section
class Statistics(odm.Model):
count = odm.Integer(default=0, description="Count of statistical hits")
min = odm.Integer(default=0, description="Minimum value of all stastical hits")
max = odm.Integer(default=0, description="Maximum value of all stastical hits")
avg = odm.Integer(default=0, description="Anerage of all stastical hits")
sum = odm.Integer(default=0, description="Sum of all stastical hits")
first_hit = odm.Optional(odm.Date(), description="Date of first hit of statistic")
last_hit = odm.Optional(odm.Date(), description="Date of last hit of statistic")
class Heuristic(odm.Model):
heur_id = odm.Keyword(copyto="__text__") # Triggered heuristic
name = odm.Keyword(copyto="__text__") # Name of the heuristics
attack_id = odm.Optional(odm.Enum(values=PATTERNS, copyto="__text__")) # Attack matrix ID
attack_pattern = odm.Optional(odm.Keyword(copyto="__text__")) # Attack matrix Pattern Name
attack_categories = odm.Optional(odm.List(odm.Keyword())) # Attack matrix Categories
signature = odm.Optional(odm.Keyword()) # Signature that triggered the heuristic
score = odm.Integer() # Heuristic's score
class ScalerProfile(odm.Model):
"""Minimal description for an assemblyline core component controlled by the scaler."""
growth: int = odm.Optional(odm.Integer())
shrink: int = odm.Optional(odm.Integer())
backlog: int = odm.Optional(odm.Integer())
min_instances: int = odm.Optional(odm.Integer())
max_instances: int = odm.Optional(odm.Integer())
queue: str = odm.Keyword()
container_config: DockerConfig = odm.Compound(DockerConfig)
class FilePListDT(odm.Model):
@odm.model(index=True, store=False, description="PList DT Platform Model")
class FilePListDTPlatform(odm.Model):
build = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Build")
name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Name")
version = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Version")
compiler = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Compiler")
platform = odm.Optional(odm.Compound(FilePListDTPlatform), description="Platform Information")
class ResponseBody(odm.Model):
milestones = odm.Compound(Milestone, default={}) # Milestone block
service_version = odm.Keyword(store=False) # Version of the service
service_name = odm.Keyword(copyto="__text__") # Name of the service that scan the file
service_tool_version = odm.Optional(odm.Keyword(copyto="__text__")) # Tool version of the service
supplementary = odm.List(odm.Compound(File), default=[]) # List of supplementary files
extracted = odm.List(odm.Compound(File), default=[]) # List of extracted files
service_context = odm.Optional(odm.Keyword(index=False, store=False)) # Context about the service
service_debug_info = odm.Optional(odm.Keyword(index=False, store=False)) # Debug info about the service
class FileSWFHeader(odm.Model):
@odm.model(index=True, store=False, description="SWF Header Frame")
class FileSWFHeaderFrame(odm.Model):
count = odm.Optional(odm.List(odm.Integer()), description="Number of Frames")
rate = odm.Optional(odm.List(odm.Keyword()), description="Speed of Animation")
size = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Size of Frame")
frame = odm.Optional(odm.Compound(FileSWFHeaderFrame), description="Header Frame Information")
version = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Version")
class User(odm.Model):
agrees_with_tos = odm.Optional(
odm.Date(index=False, store=False),
description="Date the user agree with terms of service")
api_quota = odm.Integer(
default=10,
store=False,
description="Maximum number of concurrent API requests")
apikeys = odm.Mapping(odm.Compound(ApiKey),
default={},
index=False,
store=False,
description="Mapping of API keys")
apps = odm.Mapping(odm.Compound(Apps),
default={},
index=False,
store=False,
description="Applications with access to the account")
can_impersonate = odm.Boolean(
default=False,
index=False,
store=False,
description="Allowed to query on behalf of others?")
classification = odm.Classification(
is_user_classification=True,
copyto="__text__",
default=Classification.UNRESTRICTED,
description="Maximum classification for the user")
dn = odm.Optional(odm.Keyword(store=False, copyto="__text__"),
description="User's LDAP DN")
email = odm.Optional(odm.Email(copyto="__text__"),
description="User's email address")
groups = odm.List(odm.Keyword(),
copyto="__text__",
default=["USERS"],
description="List of groups the user submits to")
is_active = odm.Boolean(default=True, description="Is the user active?")
name = odm.Keyword(copyto="__text__", description="Full name of the user")
otp_sk = odm.Optional(
odm.Keyword(index=False, store=False),
description="Secret key to generate one time passwords")
password = odm.Keyword(index=False,
store=False,
description="BCrypt hash of the user's password")
submission_quota = odm.Integer(
default=5,
store=False,
description="Maximum number of concurrent submissions")
type = odm.List(odm.Enum(values=USER_TYPES),
default=['user'],
description="Type of user")
security_tokens = odm.Mapping(odm.Keyword(),
index=False,
store=False,
default={},
description="Map of security tokens")
uname = odm.Keyword(copyto="__text__", description="Username")
class UpdateSource(odm.Model):
name = odm.Keyword()
password = odm.Optional(odm.Keyword())
pattern = odm.Optional(odm.Keyword())
private_key = odm.Optional(odm.Keyword())
uri = odm.Keyword()
username = odm.Optional(odm.Keyword())
headers = odm.List(odm.Compound(EnvironmentVariable), default=[])
default_classification = odm.Classification(default=Classification.UNRESTRICTED)
class POGO(odm.Model):
@odm.model(index=True, store=False)
class Entry(odm.Model):
name = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
size = odm.Optional(odm.Integer())
start_rva = odm.Optional(odm.Integer())
entries = odm.Optional(odm.List(odm.Compound(Entry)))
signature = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
class ResultOntology(odm.Model):
header = odm.Compound(ResultOntologyHeader,
description="Result Ontology Header")
antivirus = odm.Optional(odm.List(odm.Compound(Antivirus)),
description="List of Antivirus Ontologies")
pe = odm.Optional(odm.List(odm.Compound(PE)),
description="List of PE Ontologies")
sandbox = odm.Optional(odm.List(odm.Compound(Sandbox)),
description="List of Sandbox Ontologies")
class ObjectID(odm.Model):
guid = odm.Text(description="The GUID associated with the object")
tag = odm.Optional(odm.Text(),
description="The normalized tag of the object")
treeid = odm.Optional(odm.Text(), description="The hash of the tree ID")
processtree = odm.Optional(
odm.Keyword(),
description="Human-readable tree ID (concatenation of tags)")
time_observed = odm.Optional(
odm.Date(), description="The time at which the object was observed")
class Rich_Header(odm.Model):
@odm.model(index=True, store=False)
class Entry(odm.Model):
build_id = odm.Optional(odm.Integer())
count = odm.Optional(odm.Integer())
entry_id = odm.Optional(odm.Integer())
key = odm.Optional(odm.Integer())
hash = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
entries = odm.Optional(odm.List(odm.Compound(Entry)))
class Response(odm.Model):
message = odm.Text(copyto="__text__") # Error message
service_debug_info = odm.Optional(
odm.Keyword()) # Info about where the service was processed
service_name = odm.Keyword(
copyto="__text__") # Name of the service that had an error
service_tool_version = odm.Optional(
odm.Keyword(copyto="__text__")) # Tool version of the service
service_version = odm.Keyword() # Version of the service
status = odm.Enum(values=STATUSES) # Status of the error
class FilePEImports(odm.Model):
fuzzy = odm.Optional(
odm.List(odm.SSDeepHash(copyto="__text__")))
md5 = odm.Optional(odm.List(odm.MD5(copyto="__text__")))
sorted_fuzzy = odm.Optional(
odm.List(odm.SSDeepHash(copyto="__text__")))
sorted_sha1 = odm.Optional(
odm.List(odm.SHA1(copyto="__text__")))
suspicious = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
class Version(odm.Model):
@odm.model(index=True, store=False)
class Fixed_File_Info(odm.Model):
file_date_ls = odm.Optional(odm.Integer())
file_date_ms = odm.Optional(odm.Integer())
file_flags = odm.Optional(odm.Integer())
file_flags_mask = odm.Optional(odm.Integer())
file_os = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
file_subtype = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
file_type = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
file_version_ls = odm.Optional(odm.Integer())
file_version_ms = odm.Optional(odm.Integer())
product_version_ls = odm.Optional(odm.Integer())
product_version_ms = odm.Optional(odm.Integer())
signature = odm.Optional(odm.Integer())
struct_version = odm.Optional(odm.Integer())
@odm.model(index=True, store=False)
class String_File_Info(odm.Model):
@odm.model(index=True, store=False)
class LangCode_Item(odm.Model):
@odm.model(index=True, store=False)
class Item(odm.Model):
key = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
value = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
key = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
type = odm.Optional(odm.Integer())
lang = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
sublang = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
code_page = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
items = odm.Optional(odm.List(odm.Compound(Item)))
key = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
type = odm.Optional(odm.Integer())
langcode_items = odm.Optional(
odm.List(odm.Compound(LangCode_Item)))
@odm.model(index=True, store=False)
class Var_File_Info(odm.Model):
key = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
type = odm.Optional(odm.Integer())
translations = odm.Optional(odm.List(odm.Integer()))
type = odm.Optional(odm.Integer())
fixed_file_info = odm.Optional(odm.Compound(Fixed_File_Info))
string_file_info = odm.Optional(odm.Compound(String_File_Info))
var_file_info = odm.Optional(odm.Compound(Var_File_Info))
