def default_network_connection_properties():
return {
"src_ip_address": PropType(PropPrimitive.Str, False),
"src_port": PropType(PropPrimitive.Int, False),
"dst_ip_address": PropType(PropPrimitive.Str, False),
"dst_port": PropType(PropPrimitive.Int, False),
"created_timestamp": PropType(PropPrimitive.Int, False),
"terminated_timestamp": PropType(PropPrimitive.Int, False),
"last_seen_timestamp": PropType(PropPrimitive.Int, False),
}
def meta_into_property(predicate_meta):
is_set = predicate_meta.get("list")
type_name = predicate_meta["type"]
primitive = None
if type_name == "string":
primitive = PropPrimitive.Str
if type_name == "int":
primitive = PropPrimitive.Int
if type_name == "bool":
primitive = PropPrimitive.Bool
return PropType(primitive, is_set, index=predicate_meta.get("index", []))
def default_process_properties() -> Dict[str, PropType]:
return {
"process_name": PropType(PropPrimitive.Str, False),
"image_name": PropType(PropPrimitive.Str, False),
"process_id": PropType(PropPrimitive.Int, False),
"created_timestamp": PropType(PropPrimitive.Int, False),
"terminate_time": PropType(PropPrimitive.Int, False),
"arguments": PropType(PropPrimitive.Str, False),
}
def default_process_outbound_connection_properties():
return {
"created_timestamp": PropType(PropPrimitive.Int, False),
"terminated_timestamp": PropType(PropPrimitive.Int, False),
"last_seen_timestamp": PropType(PropPrimitive.Int, False),
"port": PropType(PropPrimitive.Int, False),
"ip_address": PropType(PropPrimitive.Str, False),
"protocol": PropType(PropPrimitive.Str, False),
}
def default_lens_properties() -> Dict[str, PropType]:
return {
"lens_name": PropType(PropPrimitive.Str, False),
"score": PropType(PropPrimitive.Int, False),
}
def default_risk_properties() -> Dict[str, PropType]:
return {
"analyzer_name": PropType(PropPrimitive.Str, False),
"risk_score": PropType(PropPrimitive.Int, False),
}
def default_properties() -> Dict[str, "PropType"]:
return {
"uid": PropType(PropPrimitive.Str, False),
"dgraph.type": PropType(PropPrimitive.Str, True),
}
def default_ip_address_properties() -> Dict[str, "PropType"]:
return {
"first_seen_timestamp": PropType(PropPrimitive.Int, False),
"last_seen_timestamp": PropType(PropPrimitive.Int, False),
"ip_address": PropType(PropPrimitive.Str, False),
}
def default_file_properties() -> Dict[str, PropType]:
return {
"file_path": PropType(PropPrimitive.Str, False),
"file_extension": PropType(PropPrimitive.Str, False),
"file_mime_type": PropType(PropPrimitive.Str, False),
"file_version": PropType(PropPrimitive.Str, False),
"file_description": PropType(PropPrimitive.Str, False),
"file_product": PropType(PropPrimitive.Str, False),
"file_company": PropType(PropPrimitive.Str, False),
"file_directory": PropType(PropPrimitive.Str, False),
"file_hard_links": PropType(PropPrimitive.Str, False),
"signed": PropType(PropPrimitive.Str, False),
"signed_status": PropType(PropPrimitive.Str, False),
"md5_hash": PropType(PropPrimitive.Str, False),
"sha1_hash": PropType(PropPrimitive.Str, False),
"sha256_hash": PropType(PropPrimitive.Str, False),
"file_inode": PropType(PropPrimitive.Int, False),
"file_size": PropType(PropPrimitive.Int, False),
}
