class IDSRuleResults(db.Model):
"""IDS Result database table."""
__tablename__ = 'ids_rule_results'
id = db.Column(db.Integer, primary_key=True)
ids_plugin_list_id = db.Column(db.Integer, db.ForeignKey('ids_rules.id'))
matches = db.Column(db.String(3072))
pcap_matches = db.Column(db.Integer,
db.ForeignKey('uploaded_file_table.id'))
pcap_classification = db.Column(db.String(3072))
run_time = db.Column(db.DateTime)
def __repr__(self):
return '<IDS Rule Results {}>'.format(self.ids_plugin_list_id)
def to_dict(self):
"""Return dictionary object type for API calls."""
data = {
'id': self.id,
'ids_plugin_list_id': self.ids_plugin_list_id,
'matches': self.matches,
'run_time': self.run_time.isoformat() + 'Z',
'file_matches': self.pcap_matches,
'file_classification': self.pcap_classification,
}
return data
class YaraRuleResults(db.Model):
"""Yara Result database table."""
__tablename__ = 'yara_rule_results'
id = db.Column(db.Integer, primary_key=True)
yara_list_id = db.Column(db.Integer, db.ForeignKey('yara_rules.id'))
matches = db.Column(db.String(3072))
file_string_matches = db.Column(db.String(4912000))
file_matches = db.Column(db.Integer,
db.ForeignKey('uploaded_file_table.id'))
file_classification = db.Column(db.String(3072))
run_time = db.Column(db.DateTime)
def __repr__(self):
return '<Yara Results {}>'.format(self.yara_name)
def to_dict(self):
"""Return dictionary object type for API calls."""
data = {
'id': self.id,
'yara_list_id': self.yara_list_id,
'matches': self.matches,
'run_time': self.run_time.isoformat() + 'Z',
'file_matches': self.file_matches,
'file_string_matches': self.file_string_matches,
'file_classification': self.file_classification
}
return data
class Message(SearchableMixin, db.Model):
"""Database table for User messages."""
__searchable__ = ['id', 'body', 'sender_id', 'recipient_id', 'timestamp']
__tablename__ = 'message'
id = db.Column(db.Integer, primary_key=True)
body = db.Column(db.String(4912000))
sender_id = db.Column(db.Integer, db.ForeignKey('user.id'))
recipient_id = db.Column(db.Integer, db.ForeignKey('user.id'))
timestamp = db.Column(db.DateTime, index=True, default=udatetime.utcnow)
def __repr__(self):
"""Return string representation of the Message Database Object Table."""
return '<Message {}>'.format(self.id)
class Chat(db.Model):
"""Chat Database Table."""
__searchable__ = ['id', 'author', 'message', 'room', 'timestamp']
__tablename__ = "chat"
id = db.Column(db.Integer, primary_key=True)
author = db.Column(db.String(64), db.ForeignKey('user.username'))
message = db.Column(db.String(512), index=True)
room_name = db.Column(db.String(64), db.ForeignKey('chat_rooms.room_name'))
timestamp = db.Column(db.DateTime, index=True, default=udatetime.utcnow)
def __repr__(self):
"""AUCR chat plugin return messages."""
return '<Chat {}>'.format(self.message)
class Cases(SearchableMixin, db.Model):
"""Case data default table for aucr."""
__searchable__ = [
'id', 'description', 'modify_time_stamp', 'detection_method',
'subject', 'case_notes', 'case_rules', 'created_by', 'assigned_to',
'group_access', 'attached_files', 'case_status'
]
__tablename__ = 'cases'
id = db.Column(db.Integer, primary_key=True)
description = db.Column(db.String(256), index=True)
created_time_stamp = db.Column(db.DateTime,
index=True,
default=datetime.utcnow)
modify_time_stamp = db.Column(db.DateTime,
index=True,
default=datetime.utcnow)
detection_method = db.Column(db.String(32), index=True)
subject = db.Column(db.String(256))
case_notes = db.Column(db.String(3072))
case_rules = db.Column(db.String(3072))
created_by = db.Column(db.Integer, db.ForeignKey('user.id'))
assigned_to = db.Column(db.Integer, db.ForeignKey('user.id'))
group_access = db.Column(db.Integer, db.ForeignKey('groups.id'))
md5_hash = db.Column(db.String(32),
db.ForeignKey('uploaded_file_table.md5_hash'))
case_status = db.Column(db.Integer, db.ForeignKey('task_states.id'))
def __repr__(self):
return '<Cases {}>'.format(self.id)
def to_dict(self):
"""Return dictionary object type for API calls."""
data = {
'id': self.id,
'description': self.description,
'created_time_stamp': self.created_time_stamp.isoformat() + 'Z',
'modify_time_stamp': self.modify_time_stamp.isoformat() + 'Z',
'detection_method': self.detection_method,
'subject': self.subject,
'case_notes': self.case_notes,
'case_rules': self.case_rules,
'created_by': self.created_by,
'assigned_to': self.assigned_to,
'group_access': self.group_access,
'md5_hash': self.md5_hash,
'case_status': self.case_status
}
return data
class FileUpload(db.Model):
"""File upload model default database format for analysis_plugin."""
__searchable__ = ['id', 'md5_hash', 'uploaded_by', 'file_type', 'time_stamp']
__tablename__ = 'uploaded_file_table'
id = db.Column(db.Integer, primary_key=True)
md5_hash = db.Column(db.String(32), unique=True)
uploaded_by = db.Column(db.Integer, db.ForeignKey('user.id'))
file_type = db.Column(db.String(512), index=True)
time_stamp = db.Column(db.DateTime, index=True, default=udatetime.utcnow)
def __repr__(self):
"""Official Analysis Plugins Table database name object representation."""
return '<FileUpload {}>'.format(self.md5_hash)
def to_dict(self):
"""Return dictionary object type for API File Upload call."""
data = {
'id': self.id,
'md5_hash': self.md5_hash,
'file_type': self.file_type,
'last_seen': self.time_stamp.isoformat() + 'Z',
}
return data
def from_dict(self, data):
"""Process from dictionary object type for API Posts."""
for field in ['file']:
if field in data:
setattr(self, field, data[field])
class Task(db.Model):
"""AUCR's database table for redis mq service."""
__tablename__ = 'task_mq'
id = db.Column(db.String(36), primary_key=True)
name = db.Column(db.String(128), index=True)
description = db.Column(db.String(128))
user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
complete = db.Column(db.Boolean, default=False)
class YaraRules(SearchableMixin, PaginatedAPIMixin, db.Model):
"""Yara data default table for aucr."""
__searchable__ = [
'id', 'yara_list_name', 'modify_time_stamp', 'created_by', 'yara_rules'
]
__tablename__ = 'yara_rules'
id = db.Column(db.Integer, primary_key=True)
yara_list_name = db.Column(db.String(32), index=True, unique=True)
created_time_stamp = db.Column(db.DateTime,
index=True,
default=datetime.utcnow)
modify_time_stamp = db.Column(db.DateTime,
index=True,
default=datetime.utcnow)
created_by = db.Column(db.Integer, db.ForeignKey('user.id'))
group_access = db.Column(db.Integer, db.ForeignKey('groups.id'))
last_updated_by = db.Column(db.Integer, db.ForeignKey('user.id'))
yara_rules = db.Column(db.String(4912000))
def __repr__(self):
return '<Yara {}>'.format(self.yara_list_name)
def to_dict(self):
"""Return dictionary object type for API calls."""
data = {
'id': self.id,
'yara_list_name': self.yara_list_name,
'last_seen': self.created_time_stamp.isoformat() + 'Z',
'modify_time_stamp': self.modify_time_stamp.isoformat() + 'Z',
'created_by': self.created_by,
'group_access': self.group_access,
'yara_rules': self.yara_rules,
'last_updated_by': self.last_updated_by
}
return data
def from_dict(self, data):
"""Process from dictionary object type for API Yara Rule Post."""
for field in ['yara_list_name', 'group_access', 'created_by']:
if field in data:
setattr(self, field, data[field])
class Rooms(db.Model):
"""Chat Database Table."""
__tablename__ = "chat_rooms"
id = db.Column(db.Integer, primary_key=True)
room_name = db.Column(db.String(64), unique=True)
author_id = db.Column(db.Integer, db.ForeignKey('user.id'))
timestamp = db.Column(db.DateTime, index=True, default=udatetime.utcnow)
def __repr__(self):
"""AUCR chat plugin return messages."""
return '<ChatRooms {}>'.format(self.room_name)
class UNUM(SearchableMixin, PaginatedAPIMixin, db.Model):
"""Upload File data default table for aucr."""
__searchable__ = [
'id', 'description', 'classification', 'created_by', 'md5_hash',
'file_name', 'created_time_stamp'
]
__tablename__ = 'unum'
id = db.Column(db.Integer, primary_key=True)
description = db.Column(db.String(256), index=True)
created_time_stamp = db.Column(db.DateTime,
index=True,
default=datetime.utcnow)
modify_time_stamp = db.Column(db.DateTime,
index=True,
default=datetime.utcnow)
classification = db.Column(db.Integer, db.ForeignKey('classification.id'))
file_name = db.Column(db.String(512))
created_by = db.Column(db.Integer, db.ForeignKey('user.id'))
group_access = db.Column(db.Integer, db.ForeignKey('groups.id'))
md5_hash = db.Column(db.String(128),
db.ForeignKey('uploaded_file_table.md5_hash'))
def __repr__(self):
return '<unum {}>'.format(self.md5_hash)
def to_dict(self):
"""Return dictionary object type for API calls."""
data = {
'id': self.id,
'md5_hash': self.md5_hash,
'file_name': self.file_name,
'description': self.description,
'classification': self.classification,
'last_seen': self.created_time_stamp.isoformat() + 'Z',
'modify_time_stamp': self.modify_time_stamp.isoformat() + 'Z',
'created_by': self.created_by,
'group_access': self.group_access
}
return data
class Notification(db.Model):
"""AUCR auth plugin Database table for User Notification."""
__tablename__ = 'notification'
id = db.Column(db.Integer, primary_key=True)
name = db.Column(db.String(128), index=True)
user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
timestamp = db.Column(db.Float, index=True, default=time)
payload_json = db.Column(db.Text)
def get_data(self):
"""Return string representation of the Notification Database Object Table."""
return json.loads(str(self.payload_json))
class Group(PaginatedAPIMixin, db.Model):
"""AUCR Group Table Database Module."""
__tablename__ = 'group'
id = db.Column(db.Integer, primary_key=True)
groups_id = db.Column(db.Integer, db.ForeignKey('groups.id'), index=True)
username_id = db.Column(db.Integer, db.ForeignKey('user.id'))
timestamp = db.Column(db.DateTime, index=True, default=udatetime.utcnow)
def __repr__(self):
"""Return string representation of Group Database Object Table."""
return '<Group {}>'.format(self.group_id)
def to_dict(self):
"""Return dictionary object type for Group database Table API calls."""
group_object = Groups.query.filter_by(id=self.id).first()
data = {
'id': self.id,
'groups_id': group_object.id,
'username_id': self.username_id,
'time_stamp': self.timestamp.isoformat() + 'Z',
}
return data
class Task(db.Model):
"""AUCR's database table for redis mq service."""
__tablename__ = 'task_mq'
id = db.Column(db.String(36), primary_key=True)
name = db.Column(db.String(128), index=True)
description = db.Column(db.String(128))
user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
complete = db.Column(db.Boolean, default=False)
def get_rq_job(self):
"""Return redis mq job."""
try:
rq_job = rq.job.Job.fetch(self.id, connection=current_app.redis)
except (redis.exceptions.RedisError, rq.exceptions.NoSuchJobError):
return None
return rq_job
def get_progress(self):
"""Return message progress from redis mq."""
job = self.get_rq_job()
return job.meta.get('progress', 0) if job is not None else 100
