class DockerConfig(odm.Model):
allow_internet_access: bool = odm.Boolean(
default=False, description="Does the container have internet-access?")
command: Opt[list[str]] = odm.Optional(
odm.List(odm.Keyword()),
description="Command to run when container starts up.")
cpu_cores: float = odm.Float(default=1.0, description="CPU allocation")
environment: list[EnvironmentVariable] = odm.List(
odm.Compound(EnvironmentVariable),
default=[],
description="Additional environemnt variables for the container")
image: str = odm.Keyword(
description=
"Complete name of the Docker image with tag, may include registry")
registry_username: Opt[str] = odm.Optional(
odm.Keyword(),
description="The username to use when pulling the image")
registry_password: Opt[str] = odm.Optional(
odm.Keyword(),
description="The password or token to use when pulling the image")
registry_type: str = odm.Enum(values=["docker", "harbor"],
default='docker',
description="The type of container registry")
ports: list[str] = odm.List(
odm.Keyword(),
default=[],
description="What ports of container to expose?")
ram_mb: int = odm.Integer(default=512, description="Container RAM limit")
ram_mb_min: int = odm.Integer(default=128,
description="Container RAM request")
class Alerter(odm.Model):
alert_ttl: int = odm.Integer(
description="Time to live (days) for an alert in the system")
constant_alert_fields: List[str] = odm.List(
odm.Keyword(),
description=
"List of fields that should not change during an alert update")
default_group_field: str = odm.Keyword(
description="Default field used for alert grouping view")
delay: int = odm.Integer(
description=
"Time in seconds that we give extended scans and workflow to complete their work "
"before we start showing alerts in the alert viewer.")
filtering_group_fields: List[str] = odm.List(
odm.Keyword(),
description=
"List of group fields that when selected will ignore certain alerts where this field is missing."
)
non_filtering_group_fields: List[str] = odm.List(
odm.Keyword(),
description=
"List of group fields that are sure to be present in all alerts.")
process_alert_message: str = odm.Keyword(
description=
"Python path to the function that will process an alert message.")
threshold: int = odm.Integer(
description=
"Minimum score to reach for a submission to be considered an alert.")
class ALResults(odm.Model): # Assemblyline result block
attrib = odm.List(odm.Keyword(), default=[],
copyto="__text__") # List of attribution
av = odm.List(odm.Keyword(), default=[], store=True,
copyto="__text__") # List of AV hits
behavior = odm.List(odm.Keyword(), default=[],
copyto="__text__") # List of behaviors for the alert
domain = odm.List(odm.Domain(), default=[],
copyto="__text__") # List of all domains
domain_dynamic = odm.List(
odm.Domain(),
default=[]) # List of domains found during dynamic analysis
domain_static = odm.List(
odm.Domain(),
default=[]) # List of domains foudn during static analysis
ip = odm.List(odm.IP(), default=[], copyto="__text__") # List of all IPs
ip_dynamic = odm.List(
odm.IP(), default=[]) # List of IPs found during dynamic analysis
ip_static = odm.List(
odm.IP(), default=[]) # List of IPs found during static analysis
request_end_time = odm.Date(
index=False) # End time of the Assemblyline submission
score = odm.Integer(store=True) # Maximum score found in the submission
yara = odm.List(odm.Keyword(), default=[],
copyto="__text__") # List of yara hits
class Submission(odm.Model):
archive_ts = odm.Date(store=False) # Archiving timestamp
classification = odm.Classification() # Classification of the submission
error_count = odm.Integer() # Total number of errors in the submission
errors = odm.List(odm.Keyword(), store=False) # List of error keys
expiry_ts = odm.Optional(odm.Date(store=False)) # Expiry timestamp
file_count = odm.Integer() # Total number of files in the submission
files: List[File] = odm.List(
odm.Compound(File)) # List of files that were originally submitted
max_score = odm.Integer() # Maximum score of all the files in the scan
metadata = odm.FlattenedObject(
store=False) # Metadata associated to the submission
params: SubmissionParams = odm.Compound(
SubmissionParams) # Submission detail blocs
results: List[str] = odm.List(odm.Keyword(),
store=False) # List of result keys
sid = odm.UUID(copyto="__text__") # Submission ID
state = odm.Enum(values=SUBMISSION_STATES) # Status of the submission
times = odm.Compound(Times, default={}) # Timing bloc
verdict = odm.Compound(Verdict, default={}) # Verdict timing
def is_submit(self):
return self.state == 'submitted'
def is_complete(self):
return self.state == 'completed'
def is_initial(self):
return self.is_submit() and not self.params.psid
class FilePListDTPlatform(odm.Model):
build = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
name = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
version = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
class Ingester(odm.Model):
default_user: str = odm.Keyword()
default_services: List[str] = odm.List(odm.Keyword())
default_resubmit_services: List[str] = odm.List(odm.Keyword())
# When a description is automatically generated, it will be the
# hash prefixed by this string
description_prefix: str = odm.Keyword()
# Path to a callback function filtering ingestion tasks that should have their
# priority forcefully reset to low
is_low_priority: str = odm.Keyword()
get_whitelist_verdict: str = odm.Keyword()
whitelist: str = odm.Keyword()
# Default values for parameters that may be overridden on a per submission basis
# How many extracted files may be added to a Submission
default_max_extracted: int = odm.Integer()
# How many supplementary files may be added to a submission
default_max_supplementary: int = odm.Integer()
# Drop a task altogether after this many seconds
expire_after: int = odm.Integer()
stale_after_seconds: int = odm.Integer()
# How long should scores be cached in the ingester
incomplete_expire_after_seconds: int = odm.Integer()
incomplete_stale_after_seconds: int = odm.Integer()
# How long can a queue get before we start dropping files
sampling_at: Dict[str, int] = odm.Mapping(odm.Integer())
max_inflight = odm.Integer()
# How long are files results cached
cache_dtl: int = odm.Integer()
class Signature(odm.Model):
@odm.model(
description=
"The subject of the signature, aka something interesting that the signature was raised on that is worth reporting"
)
class Subject(odm.Model):
ip = odm.Optional(odm.IP(), description="Subject's IP")
domain = odm.Optional(odm.Domain(), description="Subject's domain")
uri = odm.Optional(odm.URI(), description="Subject's URI")
process = odm.Optional(odm.Compound(Process),
description="Subject's process")
file = odm.Optional(odm.Text(), description="Subject's file")
registry = odm.Optional(odm.Text(),
description="Subject's registry key")
name = odm.Keyword(description="The name of the signature")
process = odm.Optional(
odm.Compound(Process),
description="The process associated with the signature")
subjects = odm.Optional(
odm.List(odm.Compound(Subject)),
description=
"A list of subjects. A signature can have more than one subject.")
description = odm.Optional(
odm.Keyword(), description="The description of the signature")
attack = odm.Optional(
odm.List(odm.Compound(Attack)),
description=
"A list of Att&ck patterns and categories of the signature")
class Certificate(odm.Model):
@odm.model(index=True, store=False)
class RSA_Info(odm.Model):
d_param = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
e_param = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
n_param = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
p_param = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
q_param = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
version = odm.Optional(odm.Integer())
subject = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
issuer = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
serial_number = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
key_size = odm.Optional(odm.Integer())
key_type = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
key_usage = odm.Optional(odm.List(odm.EmptyableKeyword(copyto="__text__")))
certificate_policies = odm.Optional(
odm.List(odm.EmptyableKeyword(copyto="__text__")))
ext_key_usage = odm.Optional(
odm.List(odm.EmptyableKeyword(copyto="__text__")))
valid_from = odm.Optional(odm.Date())
valid_to = odm.Optional(odm.Date())
signature = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
signature_algorithm = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
is_trusted = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
raw_hex = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
rsa_info = odm.Optional(odm.Compound(RSA_Info))
class Signature(odm.Model):
@odm.model(index=True, store=False)
class Signer(odm.Model):
version = odm.Optional(odm.Integer())
issuer = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
serial_number = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
encryption_algorithm = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
digest_algorithm = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
encrypted_digest = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
cert = odm.Optional(odm.Compound(Certificate))
authenticated_attributes = odm.Optional(
odm.List(odm.EmptyableKeyword(copyto="__text__")))
unauthenticated_attributes = odm.Optional(
odm.List(odm.EmptyableKeyword(copyto="__text__")))
@odm.model(index=True, store=False)
class Content_Info(odm.Model):
algorithm = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
digest = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
content_type = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
version = odm.Optional(odm.Integer())
algorithm = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
signers = odm.Optional(odm.List(odm.Compound(Signer)))
certificates = odm.Optional(odm.List(odm.Compound(Certificate)))
content_info = odm.Optional(odm.Compound(Content_Info))
check = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
class FileShortcut(odm.Model):
command_line = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Command Line")
icon_location = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Icon Location")
machine_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Machine ID")
tracker_mac = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")), description="Possible MAC address from the Tracker block"
)
class Queues(odm.Model):
ingest = odm.Integer(description="Number of submissions in ingest queue")
start = odm.List(odm.Integer(),
description="Number of submissions that started")
result = odm.List(odm.Integer(), description="Number of results in queue")
command = odm.List(odm.Integer(),
description="Number of commands in queue")
class Task(odm.Model):
sid = odm.UUID()
fileinfo: FileInfo = odm.Compound(FileInfo) # File info block
filename = odm.Keyword()
service_name = odm.Keyword()
service_config = odm.Mapping(odm.Any(), default={}) # Service specific parameters
depth = odm.Integer(default=0)
max_files = odm.Integer()
ttl = odm.Integer(default=0)
tags = odm.List(odm.Compound(TagItem), default=[])
temporary_submission_data = odm.List(odm.Compound(DataItem), default=[])
deep_scan = odm.Boolean(default=False)
# Whether the service cache should be ignored during the processing of this task
ignore_cache = odm.Boolean(default=False)
# Priority for processing order
priority = odm.Integer(default=0)
@staticmethod
def make_key(sid, service_name, sha):
return f"{sid}_{service_name}_{sha}"
def key(self):
return Task.make_key(self.sid, self.service_name, self.fileinfo.sha256)
class FileOLE(odm.Model):
@odm.model(index=True, store=False, description="OLE Macro Model")
class FileOLEMacro(odm.Model):
sha256 = odm.Optional(odm.List(odm.SHA256(copyto="__text__")), description="SHA256 of Macro")
suspicious_string = odm.Optional(odm.List(odm.Keyword(copyto="__text__")),
description="Suspicious Strings")
@odm.model(index=True, store=False, description="OLE Summary Model")
class FileOLESummary(odm.Model):
author = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Author")
codepage = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Code Page")
comment = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Comment")
company = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Company")
create_time = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Creation Time")
last_printed = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Date Last Printed")
last_saved_by = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="User Last Saved By")
last_saved_time = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Date Last Saved")
manager = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Manager")
subject = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Subject")
title = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Title")
macro = odm.Optional(odm.Compound(FileOLEMacro), description="OLE Macro")
summary = odm.Optional(odm.Compound(FileOLESummary), description="OLE Summary")
clsid = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="CLSID")
dde_link = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="DDE Link")
fib_timestamp = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="FIB Timestamp")
class FileIMGExiftool(odm.Model):
creator_tool = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Image Creation Tool")
derived_document_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")),
description="Derived Document ID")
document_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Document ID")
instance_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Instance ID")
toolkit = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Toolkit")
class Task(odm.Model):
sid = odm.UUID()
metadata = odm.FlattenedObject() # Metadata associated to the submission
min_classification = odm.Classification(
) # Minimum classification of the file being scanned
fileinfo: FileInfo = odm.Compound(FileInfo) # File info block
filename = odm.Keyword()
service_name = odm.Keyword()
service_config = odm.Mapping(odm.Any(),
default={}) # Service specific parameters
depth = odm.Integer(default=0)
max_files = odm.Integer()
ttl = odm.Integer(default=0)
tags = odm.List(odm.Compound(TagItem), default=[])
temporary_submission_data = odm.List(odm.Compound(DataItem), default=[])
deep_scan = odm.Boolean(default=False)
# Whether the service cache should be ignored during the processing of this task
ignore_cache = odm.Boolean(default=False)
# Whether the service should ignore the dynamic recursion prevention or not
ignore_dynamic_recursion_prevention = odm.Boolean(default=False)
# Priority for processing order
priority = odm.Integer(default=0)
@staticmethod
def make_key(sid, service_name, sha):
return f"{sid}_{service_name}_{sha}"
def key(self):
return Task.make_key(self.sid, self.service_name, self.fileinfo.sha256)
class FilePE(odm.Model):
@odm.model(index=True, store=False)
class FilePEExports(odm.Model):
function_name = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
module_name = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
@odm.model(index=True, store=False)
class FilePEImports(odm.Model):
fuzzy = odm.Optional(
odm.List(odm.SSDeepHash(copyto="__text__")))
md5 = odm.Optional(odm.List(odm.MD5(copyto="__text__")))
sorted_fuzzy = odm.Optional(
odm.List(odm.SSDeepHash(copyto="__text__")))
sorted_sha1 = odm.Optional(
odm.List(odm.SHA1(copyto="__text__")))
suspicious = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
@odm.model(index=True, store=False)
class FilePELinker(odm.Model):
timestamp = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
@odm.model(index=True, store=False)
class FilePEOEP(odm.Model):
bytes = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
hexdump = odm.Optional(odm.List(
odm.Keyword(copyto="__text__")))
@odm.model(index=True, store=False)
class FilePEResources(odm.Model):
language = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
@odm.model(index=True, store=False)
class FilePESections(odm.Model):
hash = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
@odm.model(index=True, store=False)
class FilePEVersions(odm.Model):
description = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
filename = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
api_vector = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
exports = odm.Optional(odm.Compound(FilePEExports))
imports = odm.Optional(odm.Compound(FilePEImports))
linker = odm.Optional(odm.Compound(FilePELinker))
oep = odm.Optional(odm.Compound(FilePEOEP))
pdb_filename = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
resources = odm.Optional(odm.Compound(FilePEResources))
sections = odm.Optional(odm.Compound(FilePESections))
versions = odm.Optional(odm.Compound(FilePEVersions))
class DockerConfig(odm.Model):
allow_internet_access: bool = odm.Boolean(default=False)
command: Opt[List[str]] = odm.Optional(odm.List(odm.Keyword()))
cpu_cores: float = odm.Float(default=1.0)
environment: List[EnvironmentVariable] = odm.List(odm.Compound(EnvironmentVariable), default=[])
image: str = odm.Keyword() # Complete name of the Docker image with tag
ports: List[str] = odm.List(odm.Keyword(), default=[])
ram_mb: int = odm.Integer(default=1024)
class DockerConfigDelta(odm.Model):
allow_internet_access = odm.Optional(odm.Boolean())
command = odm.Optional(odm.List(odm.Keyword()))
cpu_cores = odm.Optional(odm.Float())
environment = odm.Optional(odm.List(odm.Compound(EnvironmentVariable)))
image = odm.Optional(odm.Keyword())
ports = odm.Optional(odm.List(odm.Keyword()))
ram_mb = odm.Optional(odm.Integer())
class Alerter(odm.Model):
alert_ttl: int = odm.Integer()
constant_alert_fields: List[str] = odm.List(odm.Keyword())
default_group_field: str = odm.Keyword()
delay: int = odm.Integer()
filtering_group_fields: List[str] = odm.List(odm.Keyword())
non_filtering_group_fields: List[str] = odm.List(odm.Keyword())
process_alert_message: str = odm.Keyword()
class Statistics(odm.Model):
alert: List[str] = odm.List(
odm.Keyword(),
description="Fields used to generate statistics in the Alerts page")
submission: List[str] = odm.List(
odm.Keyword(),
description="Fields used to generate statistics in the Submissions page"
)
class FilePE(odm.Model):
@odm.model(index=True, store=False, description="PE Debug Model")
class FilePEDebug(odm.Model):
guid = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="GUID")
@odm.model(index=True, store=False, description="PE Exports Model")
class FilePEExports(odm.Model):
function_name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Function Name")
module_name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Module Name")
@odm.model(index=True, store=False, description="PE Imports Model")
class FilePEImports(odm.Model):
fuzzy = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Fuzzy")
md5 = odm.Optional(odm.List(odm.MD5(copyto="__text__")), description="MD5")
imphash = odm.Optional(odm.List(odm.MD5(copyto="__text__")), description="Imphash")
sorted_fuzzy = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Sorted Fuzzy")
sorted_sha1 = odm.Optional(odm.List(odm.SHA1(copyto="__text__")), description="Sorted SHA1")
suspicious = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Suspicious")
@odm.model(index=True, store=False, description="PE Linker Model")
class FilePELinker(odm.Model):
timestamp = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Timestamp")
@odm.model(index=True, store=False, description="PE OEP Model")
class FilePEOEP(odm.Model):
bytes = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Bytes")
hexdump = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Hex Dump")
@odm.model(index=True, store=False, description="PE Resources Model")
class FilePEResources(odm.Model):
language = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Language")
name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Name")
@odm.model(index=True, store=False, description="PE Rich Header Model")
class FilePERichHeader(odm.Model):
hash = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Hash")
@odm.model(index=True, store=False, description="PE Sections Model")
class FilePESections(odm.Model):
hash = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Hash")
name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Name")
@odm.model(index=True, store=False, description="PE Versions Model")
class FilePEVersions(odm.Model):
description = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Description")
filename = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Filename")
api_vector = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="API Vector")
debug = odm.Optional(odm.Compound(FilePEDebug), description="PE Debug Information")
exports = odm.Optional(odm.Compound(FilePEExports), description="PE Exports Information")
imports = odm.Optional(odm.Compound(FilePEImports), description="PE Imports Information")
linker = odm.Optional(odm.Compound(FilePELinker), description="PE Linker Information")
oep = odm.Optional(odm.Compound(FilePEOEP), description="PE OEP Information")
pdb_filename = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="PDB Filename")
resources = odm.Optional(odm.Compound(FilePEResources), description="PE Resources Information")
rich_header = odm.Optional(odm.Compound(FilePERichHeader), description="PE Rich Header Information")
sections = odm.Optional(odm.Compound(FilePESections), description="PE Sections Information")
versions = odm.Optional(odm.Compound(FilePEVersions), description="PE Versions Information")
class Task(odm.Model):
sid = odm.UUID(description="Submission ID")
metadata = odm.FlattenedObject(
description="Metadata associated to the submission")
min_classification = odm.Classification(
description="Minimum classification of the file being scanned")
fileinfo: FileInfo = odm.Compound(FileInfo, description="File info block")
filename = odm.Keyword(description="File name")
service_name = odm.Keyword(description="Service name")
service_config = odm.Mapping(odm.Any(),
default={},
description="Service specific parameters")
depth = odm.Integer(
default=0,
description="File depth relative to initital submitted file")
max_files = odm.Integer(
description="Maximum number of files that submission can have")
ttl = odm.Integer(default=0, description="Task TTL")
tags = odm.List(odm.Compound(TagItem),
default=[],
description="List of tags")
temporary_submission_data = odm.List(
odm.Compound(DataItem),
default=[],
description="Temporary submission data")
deep_scan = odm.Boolean(default=False, description="Perform deep scanning")
ignore_cache = odm.Boolean(
default=False,
description=
"Whether the service cache should be ignored during the processing of this task"
)
ignore_dynamic_recursion_prevention = odm.Boolean(
default=False,
description=
"Whether the service should ignore the dynamic recursion prevention or not"
)
ignore_filtering = odm.Boolean(
default=False, description="Should the service filter it's output?")
priority = odm.Integer(default=0,
description="Priority for processing order")
safelist_config = odm.Compound(
ServiceSafelist,
description=
"Safelisting configuration (as defined in global configuration)",
default={'enabled': False})
@staticmethod
def make_key(sid, service_name, sha):
return f"{sid}_{service_name}_{sha}"
def key(self):
return Task.make_key(self.sid, self.service_name, self.fileinfo.sha256)
class ResultOntology(odm.Model):
header = odm.Compound(ResultOntologyHeader,
description="Result Ontology Header")
antivirus = odm.Optional(odm.List(odm.Compound(Antivirus)),
description="List of Antivirus Ontologies")
pe = odm.Optional(odm.List(odm.Compound(PE)),
description="List of PE Ontologies")
sandbox = odm.Optional(odm.List(odm.Compound(Sandbox)),
description="List of Sandbox Ontologies")
class User(odm.Model):
agrees_with_tos = odm.Optional(
odm.Date(index=False, store=False),
description="Date the user agree with terms of service")
api_quota = odm.Integer(
default=10,
store=False,
description="Maximum number of concurrent API requests")
apikeys = odm.Mapping(odm.Compound(ApiKey),
default={},
index=False,
store=False,
description="Mapping of API keys")
apps = odm.Mapping(odm.Compound(Apps),
default={},
index=False,
store=False,
description="Applications with access to the account")
can_impersonate = odm.Boolean(
default=False,
index=False,
store=False,
description="Allowed to query on behalf of others?")
classification = odm.Classification(
is_user_classification=True,
copyto="__text__",
default=Classification.UNRESTRICTED,
description="Maximum classification for the user")
dn = odm.Optional(odm.Keyword(store=False, copyto="__text__"),
description="User's LDAP DN")
email = odm.Optional(odm.Email(copyto="__text__"),
description="User's email address")
groups = odm.List(odm.Keyword(),
copyto="__text__",
default=["USERS"],
description="List of groups the user submits to")
is_active = odm.Boolean(default=True, description="Is the user active?")
name = odm.Keyword(copyto="__text__", description="Full name of the user")
otp_sk = odm.Optional(
odm.Keyword(index=False, store=False),
description="Secret key to generate one time passwords")
password = odm.Keyword(index=False,
store=False,
description="BCrypt hash of the user's password")
submission_quota = odm.Integer(
default=5,
store=False,
description="Maximum number of concurrent submissions")
type = odm.List(odm.Enum(values=USER_TYPES),
default=['user'],
description="Type of user")
security_tokens = odm.Mapping(odm.Keyword(),
index=False,
store=False,
default={},
description="Map of security tokens")
uname = odm.Keyword(copyto="__text__", description="Username")
class AlertingMeta(odm.Model):
important: List[str] = odm.List(
odm.Keyword(),
description="Metadata keys that are considered important")
subject: List[str] = odm.List(
odm.Keyword(),
description="Metadata keys that refer to an email's subject")
url: List[str] = odm.List(odm.Keyword(),
description="Metadata keys that refer to a URL")
class ResponseBody(odm.Model):
milestones = odm.Compound(Milestone, default={}) # Milestone block
service_version = odm.Keyword(store=False) # Version of the service
service_name = odm.Keyword(copyto="__text__") # Name of the service that scan the file
service_tool_version = odm.Optional(odm.Keyword(copyto="__text__")) # Tool version of the service
supplementary = odm.List(odm.Compound(File), default=[]) # List of supplementary files
extracted = odm.List(odm.Compound(File), default=[]) # List of extracted files
service_context = odm.Optional(odm.Keyword(index=False, store=False)) # Context about the service
service_debug_info = odm.Optional(odm.Keyword(index=False, store=False)) # Debug info about the service
class ServiceSelection(odm.Model):
selected = odm.List(odm.Keyword(), default=DEFAULT_SRV_SEL
) # List of selected services for the submission
excluded = odm.List(
odm.Keyword(),
default=[]) # List of excluded services for the submission
resubmit = odm.List(
odm.Keyword(),
default=DEFAULT_RESUBMIT) # Add to service selection when resubmitting
class Header(odm.Model):
characteristics_hash = odm.Optional(odm.Integer())
characteristics_list = odm.Optional(
odm.List(odm.EmptyableKeyword(copyto="__text__")))
machine = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
numberof_sections = odm.Optional(odm.Integer())
numberof_symbols = odm.Optional(odm.Integer())
signature = odm.Optional(odm.List(odm.Integer()))
timestamp = odm.Optional(odm.Integer())
hr_timestamp = odm.Optional(odm.Date())
class FilePEImports(odm.Model):
fuzzy = odm.Optional(
odm.List(odm.SSDeepHash(copyto="__text__")))
md5 = odm.Optional(odm.List(odm.MD5(copyto="__text__")))
sorted_fuzzy = odm.Optional(
odm.List(odm.SSDeepHash(copyto="__text__")))
sorted_sha1 = odm.Optional(
odm.List(odm.SHA1(copyto="__text__")))
suspicious = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
class Verdict(odm.Model):
malicious = odm.List(
odm.Keyword(),
default=[],
description="List of user that thinks this submission is malicious")
non_malicious = odm.List(
odm.Keyword(),
default=[],
description="List of user that thinks this submission is non-malicious"
)
