class FilePEImports(odm.Model):
fuzzy = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Fuzzy")
md5 = odm.Optional(odm.List(odm.MD5(copyto="__text__")), description="MD5")
imphash = odm.Optional(odm.List(odm.MD5(copyto="__text__")), description="Imphash")
sorted_fuzzy = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Sorted Fuzzy")
sorted_sha1 = odm.Optional(odm.List(odm.SHA1(copyto="__text__")), description="Sorted SHA1")
suspicious = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Suspicious")
class FilePEImports(odm.Model):
fuzzy = odm.Optional(
odm.List(odm.SSDeepHash(copyto="__text__")))
md5 = odm.Optional(odm.List(odm.MD5(copyto="__text__")))
sorted_fuzzy = odm.Optional(
odm.List(odm.SSDeepHash(copyto="__text__")))
sorted_sha1 = odm.Optional(
odm.List(odm.SHA1(copyto="__text__")))
suspicious = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
class FileSWF(odm.Model):
@odm.model(index=True, store=False, description="SWF Header Model")
class FileSWFHeader(odm.Model):
@odm.model(index=True, store=False, description="SWF Header Frame")
class FileSWFHeaderFrame(odm.Model):
count = odm.Optional(odm.List(odm.Integer()), description="Number of Frames")
rate = odm.Optional(odm.List(odm.Keyword()), description="Speed of Animation")
size = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Size of Frame")
frame = odm.Optional(odm.Compound(FileSWFHeaderFrame), description="Header Frame Information")
version = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Version")
header = odm.Optional(odm.Compound(FileSWFHeader), description="Header Information")
tags_ssdeep = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Tags SSDeep")
class FileSWF(odm.Model):
@odm.model(index=True, store=False)
class FileSWFHeader(odm.Model):
@odm.model(index=True, store=False)
class FileSWFHeaderFrame(odm.Model):
count = odm.Optional(odm.List(odm.Integer()))
rate = odm.Optional(odm.List(odm.Keyword()))
size = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
frame = odm.Optional(odm.Compound(FileSWFHeaderFrame))
version = odm.Optional(odm.List(
odm.Keyword(copyto="__text__")))
header = odm.Optional(odm.Compound(FileSWFHeader))
tags_ssdeep = odm.Optional(
odm.List(odm.SSDeepHash(copyto="__text__")))
class File(odm.Model):
archive_ts = odm.Date(store=False, description="Archiving timestamp")
ascii = odm.Keyword(index=False, store=False,
description="Dotted ASCII representation of the first 64 bytes of the file")
classification = odm.Classification(description="Classification of the file")
entropy = odm.Float(description="Entropy of the file")
expiry_ts = odm.Optional(odm.Date(store=False), description="Expiry timestamp")
is_section_image = odm.Boolean(default=False, description="Is this an image from an Image Result Section?")
hex = odm.Keyword(index=False, store=False, description="Hex dump of the first 64 bytes of the file")
md5 = odm.MD5(copyto="__text__", description="MD5 of the file")
magic = odm.Keyword(store=False, description="Output from libmagic related to the file")
mime = odm.Optional(odm.Keyword(store=False), description="MIME type of the file as identified by libmagic")
seen = odm.Compound(Seen, default={}, description="Details about when the file was seen")
sha1 = odm.SHA1(copyto="__text__", description="SHA1 hash of the file")
sha256 = odm.SHA256(copyto="__text__", description="SHA256 hash of the file")
size = odm.Integer(description="Size of the file in bytes")
ssdeep = odm.SSDeepHash(store=False, description="SSDEEP hash of the file")
type = odm.Keyword(copyto="__text__", description="Type of file as identified by Assemblyline")
class File(odm.Model):
archive_ts = odm.Date(store=False) # Archiving timestamp
ascii = odm.Keyword(
index=False, store=False
) # Dotted ascii representation of the first 64 bytes of the file
classification = odm.Classification() # Classification of the file
entropy = odm.Float() # Entropy of the file
expiry_ts = odm.Optional(odm.Date(store=False)) # Expiry timestamp
hex = odm.Keyword(
index=False, store=False) # Hex dump of the first 64 bytes of the file
md5 = odm.MD5(copyto="__text__") # MD5 of the top level file
magic = odm.Keyword(
store=False) # Output from libmagic related to that file
mime = odm.Optional(odm.Keyword(
store=False)) # Mime type of the file as identified by libmagic
seen = odm.Compound(Seen,
default={}) # Attributes about when the file was seen
sha1 = odm.SHA1(copyto="__text__") # SHA1 hash of the file
sha256 = odm.SHA256(copyto="__text__") # SHA256 hash of the file
size = odm.Integer() # Size of the file
ssdeep = odm.SSDeepHash(store=False) # SSDEEP hash of the file
type = odm.Keyword(
copyto="__text__") # Type of file as identified by Assemblyline
class DynamicSSDeep(odm.Model):
cls_ids = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")))
dynamic_classes = odm.Optional(
odm.List(odm.SSDeepHash(copyto="__text__")))
regkeys = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")))
class DynamicSSDeep(odm.Model):
cls_ids = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="CLSIDs")
dynamic_classes = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Dynamic Classes")
regkeys = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Registry Keys")