def __init__(self, content, api=None): super(Metadata, self).__init__(content=content, api=api) self.created = core.parse_isoformat(self.artifact.get('created')) self.id = self._get('artifact.id') self.sha1 = self._get('artifact.sha1') self.sha256 = self._get('artifact.sha256') self.md5 = self._get('artifact.md5') self.ssdeep = self._get('hash.ssdeep') self.tlsh = self._get('hash.tlsh') self.first_seen = core.parse_isoformat( self._get('scan.first_scan.created')) self.last_scanned = core.parse_isoformat( self._get('scan.latest_scan.created')) self.mimetype = self._get('scan.mimetype.mime') self.extended_mimetype = self._get('scan.mimetype.extended') self.malicious = self._get('scan.detections.malicious') self.benign = self._get('scan.detections.benign') self.total_detections = self._get('scan.detections.total') self.filenames = self._get('scan.filename') self.domains = self._get('strings.domains') self.ipv4 = self._get('strings.ipv4') self.ipv6 = self._get('strings.ipv6') self.urls = self._get('strings.urls')
def __init__(self, content, api=None): super(MalwareFamily, self).__init__(content, api=api) self.id = content.get('id') self.created = core.parse_isoformat(content.get('created')) self.updated = core.parse_isoformat(content.get('updated')) self.name = content.get('name') self.emerging = core.parse_isoformat(content.get('emerging'))
def __init__(self, content, api=None): super(TagLink, self).__init__(content, api=api) self.id = content.get('id') self.sha256 = content.get('sha256') self.created = core.parse_isoformat(content.get('created')) self.updated = core.parse_isoformat(content.get('updated')) self.first_seen = core.parse_isoformat(content.get('first_seen')) self.tags = content.get('tags') self.families = content.get('families') self.emerging = core.parse_isoformat(content.get('emerging'))
def __init__(self, content, api=None): super(YaraRuleset, self).__init__(content, api=api) self.yara = content['yara'] self.name = content.get('name') self.id = content.get('id') self.description = content.get('description') self.created = core.parse_isoformat(content.get('created')) self.modified = core.parse_isoformat(content.get('modified')) self.deleted = content.get('deleted') if not self.yara: raise exceptions.InvalidValueException( "Must provide yara ruleset content")
def __init__(self, content, api=None): super(ArtifactInstance, self).__init__(content=content, api=api, hash_value=content['sha256'], hash_type='sha256') # Artifact fields self.sha256 = content['sha256'] self.artifact_id = content.get('artifact_id') self.md5 = content['md5'] self.sha1 = content['sha1'] self.mimetype = content['mimetype'] self.size = content['size'] self.extended_type = content['extended_type'] self.first_seen = core.parse_isoformat(content['first_seen']) self.upload_url = content['upload_url'] # Deprecated self.last_seen = core.parse_isoformat(content.get('last_seen')) self.last_scanned = core.parse_isoformat(content.get('last_scanned')) metadata_json = content.get('metadata') or [] metadata = { metadata['tool']: metadata['tool_metadata'] for metadata in metadata_json } self.metadata = Metadata(metadata, api) # ArtifactInstance fields self.id = content.get('id') self.assertions = [ Assertion(a, api=api, scanfile=self) for a in content.get('assertions', []) ] self.country = content.get('country') self.community = content.get('community') self.created = core.parse_isoformat(content.get('created')) self.failed = content.get('failed') self.filename = content.get('filename') self.result = content.get('result') self.type = content.get('type') self.votes = [ Vote(v, api=api, scanfile=self) for v in content.get('votes', []) ] self.window_closed = content.get('window_closed') self.polyscore = float(content['polyscore']) if content.get( 'polyscore') is not None else None self.permalink = settings.DEFAULT_PERMALINK_BASE + '/' + str(self.hash) self._malicious_assertions = None self._benign_assertions = None self._valid_assertions = None
def __init__(self, content, api=None): super(VotesJob, self).__init__(content=content, api=api) self.id = content['id'] self.engine_id = content['engine_id'] self.created = core.parse_isoformat(content['created']) self.date_start = core.parse_isoformat(content['date_start']) self.date_end = core.parse_isoformat(content['date_end']) self.storage_path = content['storage_path'] self.true_positive = content['true_positive'] self.true_negative = content['true_negative'] self.false_positive = content['false_positive'] self.false_negative = content['false_negative'] self.suspicious = content['suspicious'] self.unknown = content['unknown'] self.total = content['total']
def __init__(self, content, api=None): super(Hunt, self).__init__(content=content, api=api) # active only present for live hunts self.id = content['id'] self.created = core.parse_isoformat(content['created']) self.status = content['status'] self.active = content.get('active') self.ruleset_name = content.get('ruleset_name')
def __init__(self, content, api=None): super(HuntResult, self).__init__(content=content, api=api) self.id = content['id'] self.rule_name = content['rule_name'] self.tags = content['tags'] self.created = core.parse_isoformat(content['created']) self.sha256 = content['sha256'] self.historicalscan_id = content['historicalscan_id'] self.livescan_id = content['livescan_id'] self.artifact = ArtifactInstance(content['artifact'], api)
def __init__(self, content, api=None): super(Tag, self).__init__(content, api=api) self.id = content.get('id') self.created = core.parse_isoformat(content.get('created')) self.updated = core.parse_isoformat(content.get('updated')) self.name = content.get('name')
def __init__(self, content, api=None): super(ArtifactArchive, self).__init__(content=content, api=api) self.id = content['id'] self.community = content['community'] self.created = core.parse_isoformat(content['created']) self.uri = content['uri']