class FileRule(model.Model):
ROUTE = 'fileRule'
id = model.Int64Property('id')
file_catalog_id = model.Int32Property('fileCatalogId',
allow_update=True,
expands_to='FileCatalog')
name = model.StringProperty('name', allow_update=True)
description = model.StringProperty('description', allow_update=True)
file_state = model.Int32Property('fileState', allow_update=True)
source_type = model.Int32Property('sourceType')
source_id = model.Int32Property('sourceId')
report_only = model.BooleanProperty('reportOnly', allow_update=True)
reputation_approvals_enabled = model.BooleanProperty(
'reputationApprovalsEnabled', allow_update=True)
force_installer = model.BooleanProperty('forceInstaller',
allow_update=True)
force_not_installer = model.BooleanProperty('forceNotInstaller',
allow_update=True)
policy_ids = model.StringProperty('policyIds', allow_update=True)
hash = model.StringProperty('hash', allow_update=True)
platform_flags = model.Int32Property('platformFlags', allow_update=True)
date_created = model.DateTimeProperty('dateCreated')
created_by = model.StringProperty('createdBy')
created_by_user_id = model.Int32Property('createdByUserId')
date_modified = model.DateTimeProperty('dateModified')
modified_by = model.StringProperty('modifiedBy')
modified_by_user_id = model.Int32Property('modifiedByUserId')
cl_version = model.Int64Property('clVersion')
class Certificate(model.Model):
ROUTE = 'certificate'
id = model.Int32Property('id')
parent_certificate_id = model.Int32Property('parentCertificateId',
expands_to='Certificate')
publisher_id = model.Int32Property('publisherId', expands_to='Publisher')
thumbprint = model.StringProperty('thumbprint')
thumbprint_algorithm = model.StringProperty('thumbprintAlgorithm')
subject_name = model.StringProperty('subjectName')
signature_algorithm = model.StringProperty('signatureAlgorithm')
serial_number = model.StringProperty('serialNumber')
valid_from = model.DateTimeProperty('validFrom')
valid_to = model.DateTimeProperty('validTo')
public_key_algorithm = model.StringProperty('publicKeyAlgorithm')
public_key_size = model.Int32Property('publicKeySize')
first_seen_computer_id = model.Int32Property('firstSeenComputerId',
expands_to='Computer')
description = model.StringProperty('description', allow_update=True)
source_type = model.Int32Property('sourceType')
date_created = model.DateTimeProperty('dateCreated')
date_modified = model.DateTimeProperty('dateModified')
modified_by_user = model.StringProperty('modifiedByUser')
modified_by_user_id = model.Int32Property('modifiedByUserId')
intermediary = model.BooleanProperty('intermediary')
valid = model.BooleanProperty('valid')
embedded = model.BooleanProperty('embedded')
detached = model.BooleanProperty('detached')
signer = model.BooleanProperty('signer')
cosigner = model.BooleanProperty('cosigner')
certificate_state = model.Int32Property('certificateState',
allow_update=True)
certificate_effective_state = model.Int32Property(
'certificateEffectiveState')
cl_version = model.Int64Property('clVersion')
class FileInstance(model.Model):
ROUTE = 'fileInstance'
id = model.Int64Property('id')
file_catalog_id = model.Int32Property('fileCatalogId',
expands_to='FileCatalog')
file_instance_group_id = model.Int64Property('fileInstanceGroupId')
computer_id = model.Int32Property('computerId', expands_to='Computer')
date_created = model.DateTimeProperty('dateCreated')
file_name = model.StringProperty('fileName')
path_name = model.StringProperty('pathName')
executed = model.BooleanProperty('executed')
local_state = model.Int32Property('localState', allow_update=True)
detailed_local_state = model.Int32Property('detailedLocalState')
detached_publisher_id = model.Int32Property('detachedPublisherId',
expands_to='Publisher')
detached_certificate_id = model.Int32Property('detachedCertificateId',
expands_to='Certificate')
class Event(model.Model):
ROUTE = 'event'
id = model.Int64Property('id')
timestamp = model.DateTimeProperty('timestamp')
received_timestamp = model.DateTimeProperty('receivedTimestamp')
description = model.StringProperty('description')
type = model.Int32Property('type')
subtype = model.Int32Property('subtype')
subtype_name = model.StringProperty('subtypeName')
ip_address = model.StringProperty('ipAddress')
computer_id = model.Int32Property('computerId', expands_to='Computer')
computer_name = model.StringProperty('computerName')
policy_id = model.Int32Property('policyId', expands_to='Policy')
policy_name = model.StringProperty('policyName')
file_catalog_id = model.Int32Property('fileCatalogId',
expands_to='FileCatalog')
installer_file_catalog_id = model.Int32Property('installerFileCatalogId',
expands_to='FileCatalog')
process_file_catalog_id = model.Int32Property('processFileCatalogId',
expands_to='FileCatalog')
file_name = model.StringProperty('fileName')
path_name = model.StringProperty('pathName')
command_line = model.StringProperty('commandLine')
process_path_name = model.StringProperty('processPathName')
process_file_name = model.StringProperty('processFileName')
installer_file_name = model.StringProperty('installerFileName')
process_key = model.StringProperty('processKey')
severity = model.Int32Property('severity')
user_name = model.StringProperty('userName')
rule_name = model.StringProperty('ruleName')
ban_name = model.StringProperty('banName')
updater_name = model.StringProperty('updaterName')
indicator_name = model.StringProperty('indicatorName')
param1 = model.StringProperty('param1')
param2 = model.StringProperty('param2')
param3 = model.StringProperty('param3')
string_id = model.Int32Property('stringId')
class Publisher(model.Model):
ROUTE = 'publisher'
id = model.Int32Property('id')
name = model.StringProperty('name')
description = model.StringProperty('description', allow_update=True)
date_created = model.DateTimeProperty('dateCreated')
modified_by = model.StringProperty('modifiedBy')
modified_by_user_id = model.Int32Property('modifiedByUserId')
date_modified = model.DateTimeProperty('dateModified')
publisher_reputation = model.Int32Property('publisherReputation')
publisher_state = model.Int32Property('publisherState', allow_update=True)
policy_ids = model.StringProperty('policyIds', allow_update=True)
reputation_approvals_enabled = model.BooleanProperty(
'reputationApprovalsEnabled', allow_update=True)
source_type = model.Int32Property('sourceType')
first_seen_computer_id = model.Int32Property('firstSeenComputerId',
expands_to='Computer')
platform_flags = model.Int32Property('platformFlags')
signed_files_count = model.Int32Property('signedFilesCount')
signed_certificate_count = model.Int32Property('signedCertificateCount')
hidden = model.BooleanProperty('hidden')
cl_version = model.Int64Property('clVersion')
class FileCatalog(model.Model):
ROUTE = 'fileCatalog'
id = model.Int32Property('id')
date_created = model.DateTimeProperty('dateCreated')
path_name = model.StringProperty('pathName')
file_name = model.StringProperty('fileName')
file_extension = model.StringProperty('fileExtension')
computer_id = model.Int32Property('computerId', expands_to='Computer')
md5 = model.StringProperty('md5')
sha1 = model.StringProperty('sha1')
sha256 = model.StringProperty('sha256')
sha256_hash_type = model.Int32Property('sha256HashType')
file_type = model.StringProperty('fileType')
file_size = model.Int64Property('fileSize')
product_name = model.StringProperty('productName')
publisher = model.StringProperty('publisher')
company = model.StringProperty('company')
publisher_or_company = model.StringProperty('publisherOrCompany')
product_version = model.StringProperty('productVersion')
installed_program_name = model.StringProperty('installedProgramName')
reputation_available = model.BooleanProperty('reputationAvailable')
trust = model.Int32Property('trust')
trust_messages = model.StringProperty('trustMessages')
threat = model.Int16Property('threat')
category = model.StringProperty('category')
file_state = model.Int32Property('fileState')
publisher_state = model.Int32Property('publisherState')
certificate_state = model.Int32Property('certificateState')
effective_state = model.StringProperty('effectiveState')
approved_by_reputation = model.BooleanProperty('approvedByReputation')
reputation_enabled = model.BooleanProperty('reputationEnabled')
prevalence = model.Int32Property('prevalence')
file_flags = model.Int32Property('fileFlags')
publisher_id = model.Int32Property('publisherId', expands_to='Publisher')
certificate_id = model.Int32Property('certificateId',
expands_to='Certificate')