class Event(DocType): ip = Ip() coords = GeoPoint() learning = Boolean() total_processed = Integer() total_blocked = Integer() blocked = Boolean() cscore0 = Keyword() score0 = Integer() zone = Keyword() id = Integer() var_name = Keyword() date = Date() whitelisted = Boolean() uri = Text(fields={'raw': Keyword(index='not_analyzed')}) server = Text(fields={'raw': Keyword(index='not_analyzed')}) comments = Text(fields={'raw': Keyword(index='not_analyzed')}) vers = Text(fields={'raw': Keyword(index='not_analyzed')}) class Meta: doc_type = 'events'
class _ForensicReportDoc(Document): class Index: name = "dmarc_forensic" feedback_type = Text() user_agent = Text() version = Text() original_mail_from = Text() arrival_date = Date() domain = Text() original_envelope_id = Text() authentication_results = Text() delivery_results = Text() source_ip_address = Ip() source_country = Text() source_reverse_dns = Text() source_authentication_mechanisms = Text() source_auth_failures = Text() dkim_domain = Text() original_rcpt_to = Text() sample = Object(_ForensicSampleDoc)
class Indicator(DocType): indicator = String(index="not_analyzed") indicator_ipv4 = Ip() group = String(multi=True, index="not_analyzed") itype = String(index="not_analyzed") tlp = String(index="not_analyzed") provider = String(index="not_analyzed") portlist = String() asn = Float() asn_desc = String() cc = String() protocol = String() reporttime = Date() lasttime = Date() firsttime = Date() confidence = Integer() timezone = String() city = String() description = String(index="not_analyzed") additional_data = String(multi=True) tags = String(multi=True) rdata = String(index="not_analyzed")
class CymruASInfoDoc(GenericDoc): class Meta: doc_type = "cymru_asinfo" allocation_date = Date() asnum = Integer() ip = Ip() asname = String() prefix = String() registry = String() country = String() # def __setattr__(self, key, value): # if key == "prefix": # value = convert_cidr(value) # super(CymruASNumInfoDoc, self).__setattr__(key, value) def __init__(self, jdata={}): GenericDoc.__init__(self) for k, v in jdata.items(): if v is None: v = {} setattr(self, k, v)