class IDSRuleResults(db.Model): """IDS Result database table.""" __tablename__ = 'ids_rule_results' id = db.Column(db.Integer, primary_key=True) ids_plugin_list_id = db.Column(db.Integer, db.ForeignKey('ids_rules.id')) matches = db.Column(db.String(3072)) pcap_matches = db.Column(db.Integer, db.ForeignKey('uploaded_file_table.id')) pcap_classification = db.Column(db.String(3072)) run_time = db.Column(db.DateTime) def __repr__(self): return '<IDS Rule Results {}>'.format(self.ids_plugin_list_id) def to_dict(self): """Return dictionary object type for API calls.""" data = { 'id': self.id, 'ids_plugin_list_id': self.ids_plugin_list_id, 'matches': self.matches, 'run_time': self.run_time.isoformat() + 'Z', 'file_matches': self.pcap_matches, 'file_classification': self.pcap_classification, } return data
class YaraRuleResults(db.Model): """Yara Result database table.""" __tablename__ = 'yara_rule_results' id = db.Column(db.Integer, primary_key=True) yara_list_id = db.Column(db.Integer, db.ForeignKey('yara_rules.id')) matches = db.Column(db.String(3072)) file_string_matches = db.Column(db.String(4912000)) file_matches = db.Column(db.Integer, db.ForeignKey('uploaded_file_table.id')) file_classification = db.Column(db.String(3072)) run_time = db.Column(db.DateTime) def __repr__(self): return '<Yara Results {}>'.format(self.yara_name) def to_dict(self): """Return dictionary object type for API calls.""" data = { 'id': self.id, 'yara_list_id': self.yara_list_id, 'matches': self.matches, 'run_time': self.run_time.isoformat() + 'Z', 'file_matches': self.file_matches, 'file_string_matches': self.file_string_matches, 'file_classification': self.file_classification } return data
class Message(SearchableMixin, db.Model): """Database table for User messages.""" __searchable__ = ['id', 'body', 'sender_id', 'recipient_id', 'timestamp'] __tablename__ = 'message' id = db.Column(db.Integer, primary_key=True) body = db.Column(db.String(4912000)) sender_id = db.Column(db.Integer, db.ForeignKey('user.id')) recipient_id = db.Column(db.Integer, db.ForeignKey('user.id')) timestamp = db.Column(db.DateTime, index=True, default=udatetime.utcnow) def __repr__(self): """Return string representation of the Message Database Object Table.""" return '<Message {}>'.format(self.id)
class Chat(db.Model): """Chat Database Table.""" __searchable__ = ['id', 'author', 'message', 'room', 'timestamp'] __tablename__ = "chat" id = db.Column(db.Integer, primary_key=True) author = db.Column(db.String(64), db.ForeignKey('user.username')) message = db.Column(db.String(512), index=True) room_name = db.Column(db.String(64), db.ForeignKey('chat_rooms.room_name')) timestamp = db.Column(db.DateTime, index=True, default=udatetime.utcnow) def __repr__(self): """AUCR chat plugin return messages.""" return '<Chat {}>'.format(self.message)
class Cases(SearchableMixin, db.Model): """Case data default table for aucr.""" __searchable__ = [ 'id', 'description', 'modify_time_stamp', 'detection_method', 'subject', 'case_notes', 'case_rules', 'created_by', 'assigned_to', 'group_access', 'attached_files', 'case_status' ] __tablename__ = 'cases' id = db.Column(db.Integer, primary_key=True) description = db.Column(db.String(256), index=True) created_time_stamp = db.Column(db.DateTime, index=True, default=datetime.utcnow) modify_time_stamp = db.Column(db.DateTime, index=True, default=datetime.utcnow) detection_method = db.Column(db.String(32), index=True) subject = db.Column(db.String(256)) case_notes = db.Column(db.String(3072)) case_rules = db.Column(db.String(3072)) created_by = db.Column(db.Integer, db.ForeignKey('user.id')) assigned_to = db.Column(db.Integer, db.ForeignKey('user.id')) group_access = db.Column(db.Integer, db.ForeignKey('groups.id')) md5_hash = db.Column(db.String(32), db.ForeignKey('uploaded_file_table.md5_hash')) case_status = db.Column(db.Integer, db.ForeignKey('task_states.id')) def __repr__(self): return '<Cases {}>'.format(self.id) def to_dict(self): """Return dictionary object type for API calls.""" data = { 'id': self.id, 'description': self.description, 'created_time_stamp': self.created_time_stamp.isoformat() + 'Z', 'modify_time_stamp': self.modify_time_stamp.isoformat() + 'Z', 'detection_method': self.detection_method, 'subject': self.subject, 'case_notes': self.case_notes, 'case_rules': self.case_rules, 'created_by': self.created_by, 'assigned_to': self.assigned_to, 'group_access': self.group_access, 'md5_hash': self.md5_hash, 'case_status': self.case_status } return data
class FileUpload(db.Model): """File upload model default database format for analysis_plugin.""" __searchable__ = ['id', 'md5_hash', 'uploaded_by', 'file_type', 'time_stamp'] __tablename__ = 'uploaded_file_table' id = db.Column(db.Integer, primary_key=True) md5_hash = db.Column(db.String(32), unique=True) uploaded_by = db.Column(db.Integer, db.ForeignKey('user.id')) file_type = db.Column(db.String(512), index=True) time_stamp = db.Column(db.DateTime, index=True, default=udatetime.utcnow) def __repr__(self): """Official Analysis Plugins Table database name object representation.""" return '<FileUpload {}>'.format(self.md5_hash) def to_dict(self): """Return dictionary object type for API File Upload call.""" data = { 'id': self.id, 'md5_hash': self.md5_hash, 'file_type': self.file_type, 'last_seen': self.time_stamp.isoformat() + 'Z', } return data def from_dict(self, data): """Process from dictionary object type for API Posts.""" for field in ['file']: if field in data: setattr(self, field, data[field])
class Task(db.Model): """AUCR's database table for redis mq service.""" __tablename__ = 'task_mq' id = db.Column(db.String(36), primary_key=True) name = db.Column(db.String(128), index=True) description = db.Column(db.String(128)) user_id = db.Column(db.Integer, db.ForeignKey('user.id')) complete = db.Column(db.Boolean, default=False)
class YaraRules(SearchableMixin, PaginatedAPIMixin, db.Model): """Yara data default table for aucr.""" __searchable__ = [ 'id', 'yara_list_name', 'modify_time_stamp', 'created_by', 'yara_rules' ] __tablename__ = 'yara_rules' id = db.Column(db.Integer, primary_key=True) yara_list_name = db.Column(db.String(32), index=True, unique=True) created_time_stamp = db.Column(db.DateTime, index=True, default=datetime.utcnow) modify_time_stamp = db.Column(db.DateTime, index=True, default=datetime.utcnow) created_by = db.Column(db.Integer, db.ForeignKey('user.id')) group_access = db.Column(db.Integer, db.ForeignKey('groups.id')) last_updated_by = db.Column(db.Integer, db.ForeignKey('user.id')) yara_rules = db.Column(db.String(4912000)) def __repr__(self): return '<Yara {}>'.format(self.yara_list_name) def to_dict(self): """Return dictionary object type for API calls.""" data = { 'id': self.id, 'yara_list_name': self.yara_list_name, 'last_seen': self.created_time_stamp.isoformat() + 'Z', 'modify_time_stamp': self.modify_time_stamp.isoformat() + 'Z', 'created_by': self.created_by, 'group_access': self.group_access, 'yara_rules': self.yara_rules, 'last_updated_by': self.last_updated_by } return data def from_dict(self, data): """Process from dictionary object type for API Yara Rule Post.""" for field in ['yara_list_name', 'group_access', 'created_by']: if field in data: setattr(self, field, data[field])
class Rooms(db.Model): """Chat Database Table.""" __tablename__ = "chat_rooms" id = db.Column(db.Integer, primary_key=True) room_name = db.Column(db.String(64), unique=True) author_id = db.Column(db.Integer, db.ForeignKey('user.id')) timestamp = db.Column(db.DateTime, index=True, default=udatetime.utcnow) def __repr__(self): """AUCR chat plugin return messages.""" return '<ChatRooms {}>'.format(self.room_name)
class UNUM(SearchableMixin, PaginatedAPIMixin, db.Model): """Upload File data default table for aucr.""" __searchable__ = [ 'id', 'description', 'classification', 'created_by', 'md5_hash', 'file_name', 'created_time_stamp' ] __tablename__ = 'unum' id = db.Column(db.Integer, primary_key=True) description = db.Column(db.String(256), index=True) created_time_stamp = db.Column(db.DateTime, index=True, default=datetime.utcnow) modify_time_stamp = db.Column(db.DateTime, index=True, default=datetime.utcnow) classification = db.Column(db.Integer, db.ForeignKey('classification.id')) file_name = db.Column(db.String(512)) created_by = db.Column(db.Integer, db.ForeignKey('user.id')) group_access = db.Column(db.Integer, db.ForeignKey('groups.id')) md5_hash = db.Column(db.String(128), db.ForeignKey('uploaded_file_table.md5_hash')) def __repr__(self): return '<unum {}>'.format(self.md5_hash) def to_dict(self): """Return dictionary object type for API calls.""" data = { 'id': self.id, 'md5_hash': self.md5_hash, 'file_name': self.file_name, 'description': self.description, 'classification': self.classification, 'last_seen': self.created_time_stamp.isoformat() + 'Z', 'modify_time_stamp': self.modify_time_stamp.isoformat() + 'Z', 'created_by': self.created_by, 'group_access': self.group_access } return data
class Notification(db.Model): """AUCR auth plugin Database table for User Notification.""" __tablename__ = 'notification' id = db.Column(db.Integer, primary_key=True) name = db.Column(db.String(128), index=True) user_id = db.Column(db.Integer, db.ForeignKey('user.id')) timestamp = db.Column(db.Float, index=True, default=time) payload_json = db.Column(db.Text) def get_data(self): """Return string representation of the Notification Database Object Table.""" return json.loads(str(self.payload_json))
class Group(PaginatedAPIMixin, db.Model): """AUCR Group Table Database Module.""" __tablename__ = 'group' id = db.Column(db.Integer, primary_key=True) groups_id = db.Column(db.Integer, db.ForeignKey('groups.id'), index=True) username_id = db.Column(db.Integer, db.ForeignKey('user.id')) timestamp = db.Column(db.DateTime, index=True, default=udatetime.utcnow) def __repr__(self): """Return string representation of Group Database Object Table.""" return '<Group {}>'.format(self.group_id) def to_dict(self): """Return dictionary object type for Group database Table API calls.""" group_object = Groups.query.filter_by(id=self.id).first() data = { 'id': self.id, 'groups_id': group_object.id, 'username_id': self.username_id, 'time_stamp': self.timestamp.isoformat() + 'Z', } return data
class Task(db.Model): """AUCR's database table for redis mq service.""" __tablename__ = 'task_mq' id = db.Column(db.String(36), primary_key=True) name = db.Column(db.String(128), index=True) description = db.Column(db.String(128)) user_id = db.Column(db.Integer, db.ForeignKey('user.id')) complete = db.Column(db.Boolean, default=False) def get_rq_job(self): """Return redis mq job.""" try: rq_job = rq.job.Job.fetch(self.id, connection=current_app.redis) except (redis.exceptions.RedisError, rq.exceptions.NoSuchJobError): return None return rq_job def get_progress(self): """Return message progress from redis mq.""" job = self.get_rq_job() return job.meta.get('progress', 0) if job is not None else 100