class Alert(odm.Model): alert_id = odm.Keyword(copyto="__text__") # ID of the alert al = odm.Compound(ALResults) # Assemblyline result block archive_ts = odm.Date(store=False) # Archiving timestamp attack = odm.Compound(Attack) # Attack result block classification = odm.Classification() # Classification of the alert expiry_ts = odm.Optional(odm.Date(store=False)) # Expiry timestamp extended_scan = odm.Enum(values=EXTENDED_SCAN_VALUES, store=False) # Status of the extended scan file = odm.Compound(File) # File block filtered = odm.Boolean(default=False) # Are the alert result filtered heuristic = odm.Compound(Heuristic) # Heuristic result block label = odm.List(odm.Keyword(), copyto="__text__", default=[]) # List of labels applied to the alert metadata = odm.FlattenedObject( default={}, store=False) # Metadata submitted with the file owner = odm.Optional(odm.Keyword()) # Owner of the alert priority = odm.Optional( odm.Enum(values=PRIORITIES)) # Priority applied to the alert reporting_ts = odm.Date() # Time at which the alert was created sid = odm.UUID(store=False) # ID of the submission related to this alert status = odm.Optional( odm.Enum(values=STATUSES)) # Status applied to the alert ts = odm.Date() # Timestamp at which the file was submitted type = odm.Keyword() # Type of alert verdict = odm.Compound(Verdict, default={}) # Verdict timing
class Submission(odm.Model): archive_ts = odm.Date(store=False) # Archiving timestamp classification = odm.Classification() # Classification of the submission error_count = odm.Integer() # Total number of errors in the submission errors = odm.List(odm.Keyword(), store=False) # List of error keys expiry_ts = odm.Optional(odm.Date(store=False)) # Expiry timestamp file_count = odm.Integer() # Total number of files in the submission files: List[File] = odm.List( odm.Compound(File)) # List of files that were originally submitted max_score = odm.Integer() # Maximum score of all the files in the scan metadata = odm.FlattenedObject( store=False) # Metadata associated to the submission params: SubmissionParams = odm.Compound( SubmissionParams) # Submission detail blocs results: List[str] = odm.List(odm.Keyword(), store=False) # List of result keys sid = odm.UUID(copyto="__text__") # Submission ID state = odm.Enum(values=SUBMISSION_STATES) # Status of the submission times = odm.Compound(Times, default={}) # Timing bloc verdict = odm.Compound(Verdict, default={}) # Verdict timing def is_submit(self): return self.state == 'submitted' def is_complete(self): return self.state == 'completed' def is_initial(self): return self.is_submit() and not self.params.psid
class Task(odm.Model): sid = odm.UUID() metadata = odm.FlattenedObject() # Metadata associated to the submission min_classification = odm.Classification( ) # Minimum classification of the file being scanned fileinfo: FileInfo = odm.Compound(FileInfo) # File info block filename = odm.Keyword() service_name = odm.Keyword() service_config = odm.Mapping(odm.Any(), default={}) # Service specific parameters depth = odm.Integer(default=0) max_files = odm.Integer() ttl = odm.Integer(default=0) tags = odm.List(odm.Compound(TagItem), default=[]) temporary_submission_data = odm.List(odm.Compound(DataItem), default=[]) deep_scan = odm.Boolean(default=False) # Whether the service cache should be ignored during the processing of this task ignore_cache = odm.Boolean(default=False) # Whether the service should ignore the dynamic recursion prevention or not ignore_dynamic_recursion_prevention = odm.Boolean(default=False) # Priority for processing order priority = odm.Integer(default=0) @staticmethod def make_key(sid, service_name, sha): return f"{sid}_{service_name}_{sha}" def key(self): return Task.make_key(self.sid, self.service_name, self.fileinfo.sha256)
class Submission(odm.Model): sid = odm.UUID() # Submission ID to use time = odm.Date(default="NOW") files: List[File] = odm.List(odm.Compound(File), default=[]) # File block metadata: Dict[str, str] = odm.FlattenedObject(default={}) # Metadata submitted with the file notification: Notification = odm.Compound(Notification, default={}) # Notification queue parameters params: SubmissionParams = odm.Compound(SubmissionParams) # Parameters of the submission
class Task(odm.Model): sid = odm.UUID(description="Submission ID") metadata = odm.FlattenedObject( description="Metadata associated to the submission") min_classification = odm.Classification( description="Minimum classification of the file being scanned") fileinfo: FileInfo = odm.Compound(FileInfo, description="File info block") filename = odm.Keyword(description="File name") service_name = odm.Keyword(description="Service name") service_config = odm.Mapping(odm.Any(), default={}, description="Service specific parameters") depth = odm.Integer( default=0, description="File depth relative to initital submitted file") max_files = odm.Integer( description="Maximum number of files that submission can have") ttl = odm.Integer(default=0, description="Task TTL") tags = odm.List(odm.Compound(TagItem), default=[], description="List of tags") temporary_submission_data = odm.List( odm.Compound(DataItem), default=[], description="Temporary submission data") deep_scan = odm.Boolean(default=False, description="Perform deep scanning") ignore_cache = odm.Boolean( default=False, description= "Whether the service cache should be ignored during the processing of this task" ) ignore_dynamic_recursion_prevention = odm.Boolean( default=False, description= "Whether the service should ignore the dynamic recursion prevention or not" ) ignore_filtering = odm.Boolean( default=False, description="Should the service filter it's output?") priority = odm.Integer(default=0, description="Priority for processing order") safelist_config = odm.Compound( ServiceSafelist, description= "Safelisting configuration (as defined in global configuration)", default={'enabled': False}) @staticmethod def make_key(sid, service_name, sha): return f"{sid}_{service_name}_{sha}" def key(self): return Task.make_key(self.sid, self.service_name, self.fileinfo.sha256)
class Submission(odm.Model): sid = odm.UUID(description="Submission ID to use") time = odm.Date(default="NOW", description="Message time") files: List[File] = odm.List(odm.Compound(File), default=[], description="File block") metadata: Dict[str, str] = odm.FlattenedObject( default={}, description="Metadata submitted with the file") notification: Notification = odm.Compound( Notification, default={}, description="Notification queue parameters") params: SubmissionParams = odm.Compound( SubmissionParams, description="Parameters of the submission") scan_key: Opt[str] = odm.Optional(odm.Keyword())
class Submission(odm.Model): archive_ts = odm.Date(store=False, description="Archiving timestamp") classification = odm.Classification( description="Classification of the submission") error_count = odm.Integer( description="Total number of errors in the submission") errors: list[str] = odm.List(odm.Keyword(), store=False, description="List of error keys") expiry_ts = odm.Optional(odm.Date(store=False), description="Expiry timestamp") file_count = odm.Integer( description="Total number of files in the submission") files: list[File] = odm.List( odm.Compound(File), description="List of files that were originally submitted") max_score = odm.Integer( description="Maximum score of all the files in the scan") metadata = odm.FlattenedObject( store=False, description="Metadata associated to the submission") params: SubmissionParams = odm.Compound( SubmissionParams, description="Submission parameter details") results: list[str] = odm.List(odm.Keyword(), store=False, description="List of result keys") sid = odm.UUID(copyto="__text__", description="Submission ID") state = odm.Enum(values=SUBMISSION_STATES, description="Status of the submission") times = odm.Compound(Times, default={}, description="Submission-specific times") verdict = odm.Compound(Verdict, default={}, description="Malicious verdict details") # the filescore key, used in deduplication. This is a non-unique key, that is # shared by submissions that may be processed as duplicates. scan_key = odm.Optional(odm.Keyword(store=False, index=False)) def is_submit(self): return self.state == 'submitted' def is_complete(self): return self.state == 'completed' def is_initial(self): return self.is_submit() and not self.params.psid
class Alert(odm.Model): alert_id = odm.Keyword(copyto="__text__", description="ID of the alert") al = odm.Compound(ALResults, description="Assemblyline Result Block") archive_ts = odm.Date(store=False, description="Archiving timestamp") attack = odm.Compound(Attack, description="ATT&CK Block") classification = odm.Classification(description="Classification of the alert") expiry_ts = odm.Optional(odm.Date(store=False), description="Expiry timestamp") extended_scan = odm.Enum(values=EXTENDED_SCAN_VALUES, description="Status of the extended scan") file = odm.Compound(File, description="File Block") filtered = odm.Boolean(default=False, description="Are the alert results filtered?") heuristic = odm.Compound(Heuristic, description="Heuristic Block") label = odm.List(odm.Keyword(), copyto="__text__", default=[], description="List of labels applied to the alert") metadata = odm.FlattenedObject(default={}, store=False, description="Metadata submitted with the file") owner = odm.Optional(odm.Keyword(), description="Owner of the alert") priority = odm.Optional(odm.Enum(values=PRIORITIES), description="Priority applied to the alert") reporting_ts = odm.Date(description="Alert creation timestamp") sid = odm.UUID(description="Submission ID related to this alert") status = odm.Optional(odm.Enum(values=STATUSES), description="Status applied to the alert") ts = odm.Date(description="File submission timestamp") type = odm.Keyword(description="Type of alert") verdict = odm.Compound(Verdict, default={}, description="Verdict Block") workflows_completed = odm.Boolean(default=False, description="Have all workflows ran on this alert?")