def __init__(self, content, api=None):
super(Metadata, self).__init__(content=content, api=api)
self.created = core.parse_isoformat(self.artifact.get('created'))
self.id = self._get('artifact.id')
self.sha1 = self._get('artifact.sha1')
self.sha256 = self._get('artifact.sha256')
self.md5 = self._get('artifact.md5')
self.ssdeep = self._get('hash.ssdeep')
self.tlsh = self._get('hash.tlsh')
self.first_seen = core.parse_isoformat(
self._get('scan.first_scan.created'))
self.last_scanned = core.parse_isoformat(
self._get('scan.latest_scan.created'))
self.mimetype = self._get('scan.mimetype.mime')
self.extended_mimetype = self._get('scan.mimetype.extended')
self.malicious = self._get('scan.detections.malicious')
self.benign = self._get('scan.detections.benign')
self.total_detections = self._get('scan.detections.total')
self.filenames = self._get('scan.filename')
self.domains = self._get('strings.domains')
self.ipv4 = self._get('strings.ipv4')
self.ipv6 = self._get('strings.ipv6')
self.urls = self._get('strings.urls')
def __init__(self, content, api=None):
super(MalwareFamily, self).__init__(content, api=api)
self.id = content.get('id')
self.created = core.parse_isoformat(content.get('created'))
self.updated = core.parse_isoformat(content.get('updated'))
self.name = content.get('name')
self.emerging = core.parse_isoformat(content.get('emerging'))
def __init__(self, content, api=None):
super(TagLink, self).__init__(content, api=api)
self.id = content.get('id')
self.sha256 = content.get('sha256')
self.created = core.parse_isoformat(content.get('created'))
self.updated = core.parse_isoformat(content.get('updated'))
self.first_seen = core.parse_isoformat(content.get('first_seen'))
self.tags = content.get('tags')
self.families = content.get('families')
self.emerging = core.parse_isoformat(content.get('emerging'))
def __init__(self, content, api=None):
super(YaraRuleset, self).__init__(content, api=api)
self.yara = content['yara']
self.name = content.get('name')
self.id = content.get('id')
self.description = content.get('description')
self.created = core.parse_isoformat(content.get('created'))
self.modified = core.parse_isoformat(content.get('modified'))
self.deleted = content.get('deleted')
if not self.yara:
raise exceptions.InvalidValueException(
"Must provide yara ruleset content")
def __init__(self, content, api=None):
super(ArtifactInstance, self).__init__(content=content,
api=api,
hash_value=content['sha256'],
hash_type='sha256')
# Artifact fields
self.sha256 = content['sha256']
self.artifact_id = content.get('artifact_id')
self.md5 = content['md5']
self.sha1 = content['sha1']
self.mimetype = content['mimetype']
self.size = content['size']
self.extended_type = content['extended_type']
self.first_seen = core.parse_isoformat(content['first_seen'])
self.upload_url = content['upload_url']
# Deprecated
self.last_seen = core.parse_isoformat(content.get('last_seen'))
self.last_scanned = core.parse_isoformat(content.get('last_scanned'))
metadata_json = content.get('metadata') or []
metadata = {
metadata['tool']: metadata['tool_metadata']
for metadata in metadata_json
}
self.metadata = Metadata(metadata, api)
# ArtifactInstance fields
self.id = content.get('id')
self.assertions = [
Assertion(a, api=api, scanfile=self)
for a in content.get('assertions', [])
]
self.country = content.get('country')
self.community = content.get('community')
self.created = core.parse_isoformat(content.get('created'))
self.failed = content.get('failed')
self.filename = content.get('filename')
self.result = content.get('result')
self.type = content.get('type')
self.votes = [
Vote(v, api=api, scanfile=self) for v in content.get('votes', [])
]
self.window_closed = content.get('window_closed')
self.polyscore = float(content['polyscore']) if content.get(
'polyscore') is not None else None
self.permalink = settings.DEFAULT_PERMALINK_BASE + '/' + str(self.hash)
self._malicious_assertions = None
self._benign_assertions = None
self._valid_assertions = None
def __init__(self, content, api=None):
super(VotesJob, self).__init__(content=content, api=api)
self.id = content['id']
self.engine_id = content['engine_id']
self.created = core.parse_isoformat(content['created'])
self.date_start = core.parse_isoformat(content['date_start'])
self.date_end = core.parse_isoformat(content['date_end'])
self.storage_path = content['storage_path']
self.true_positive = content['true_positive']
self.true_negative = content['true_negative']
self.false_positive = content['false_positive']
self.false_negative = content['false_negative']
self.suspicious = content['suspicious']
self.unknown = content['unknown']
self.total = content['total']
def __init__(self, content, api=None):
super(Hunt, self).__init__(content=content, api=api)
# active only present for live hunts
self.id = content['id']
self.created = core.parse_isoformat(content['created'])
self.status = content['status']
self.active = content.get('active')
self.ruleset_name = content.get('ruleset_name')
def __init__(self, content, api=None):
super(HuntResult, self).__init__(content=content, api=api)
self.id = content['id']
self.rule_name = content['rule_name']
self.tags = content['tags']
self.created = core.parse_isoformat(content['created'])
self.sha256 = content['sha256']
self.historicalscan_id = content['historicalscan_id']
self.livescan_id = content['livescan_id']
self.artifact = ArtifactInstance(content['artifact'], api)
def __init__(self, content, api=None):
super(Tag, self).__init__(content, api=api)
self.id = content.get('id')
self.created = core.parse_isoformat(content.get('created'))
self.updated = core.parse_isoformat(content.get('updated'))
self.name = content.get('name')
def __init__(self, content, api=None):
super(ArtifactArchive, self).__init__(content=content, api=api)
self.id = content['id']
self.community = content['community']
self.created = core.parse_isoformat(content['created'])
self.uri = content['uri']
