class UpdateSource(odm.Model):
name = odm.Keyword()
password = odm.Optional(odm.Keyword(default=""))
pattern = odm.Optional(odm.Keyword(default=""))
private_key = odm.Optional(odm.Keyword(default=""))
ca_cert = odm.Optional(odm.Keyword(default=""))
ssl_ignore_errors = odm.Boolean(default=False)
proxy = odm.Optional(odm.Keyword(default=""))
uri = odm.Keyword()
username = odm.Optional(odm.Keyword(default=""))
headers = odm.List(odm.Compound(EnvironmentVariable), default=[])
default_classification = odm.Classification(default=Classification.UNRESTRICTED)
class FilePListDT(odm.Model):
@odm.model(index=True, store=False)
class FilePListDTPlatform(odm.Model):
build = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
name = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
version = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
compiler = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
platform = odm.Optional(odm.Compound(FilePListDTPlatform))
class Alert(odm.Model):
alert_id = odm.Keyword(copyto="__text__", description="ID of the alert")
al = odm.Compound(ALResults, description="Assemblyline Result Block")
archive_ts = odm.Date(store=False, description="Archiving timestamp")
attack = odm.Compound(Attack, description="ATT&CK Block")
classification = odm.Classification(description="Classification of the alert")
expiry_ts = odm.Optional(odm.Date(store=False), description="Expiry timestamp")
extended_scan = odm.Enum(values=EXTENDED_SCAN_VALUES, description="Status of the extended scan")
file = odm.Compound(File, description="File Block")
filtered = odm.Boolean(default=False, description="Are the alert results filtered?")
heuristic = odm.Compound(Heuristic, description="Heuristic Block")
label = odm.List(odm.Keyword(), copyto="__text__", default=[], description="List of labels applied to the alert")
metadata = odm.FlattenedObject(default={}, store=False, description="Metadata submitted with the file")
owner = odm.Optional(odm.Keyword(), description="Owner of the alert")
priority = odm.Optional(odm.Enum(values=PRIORITIES), description="Priority applied to the alert")
reporting_ts = odm.Date(description="Alert creation timestamp")
sid = odm.UUID(description="Submission ID related to this alert")
status = odm.Optional(odm.Enum(values=STATUSES), description="Status applied to the alert")
ts = odm.Date(description="File submission timestamp")
type = odm.Keyword(description="Type of alert")
verdict = odm.Compound(Verdict, default={}, description="Verdict Block")
workflows_completed = odm.Boolean(default=False, description="Have all workflows ran on this alert?")
class Heuristic(odm.Model):
attack_id = odm.List(odm.Keyword(copyto="__text__"), default=[], description="List of all associated ATT&CK IDs")
classification = odm.Classification(default=Classification.UNRESTRICTED,
description="Classification of the heuristic")
description = odm.Text(copyto="__text__", description="Description of the heuristic")
filetype = odm.Keyword(copyto="__text__", description="What type of files does this heuristic target?")
heur_id = odm.Keyword(copyto="__text__", description="ID of the Heuristic")
name = odm.Keyword(copyto="__text__", description="Name of the heuristic")
score = odm.Integer(description="Default score of the heuristic")
signature_score_map = odm.Mapping(odm.Integer(), default={},
description="Score of signatures for this heuristic")
stats = odm.Compound(Statistics, default={}, description="Statistics related to the Heuristic")
max_score = odm.Optional(odm.Integer(), description="Maximum score for heuristic")
class Entry(odm.Model):
@odm.model(index=True, store=False)
class Forward_Information(odm.Model):
function = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
library = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
address = odm.Optional(odm.Integer())
forward_information = odm.Optional(
odm.Compound(Forward_Information))
function_rva = odm.Optional(odm.Integer())
is_extern = odm.Optional(odm.Boolean())
name = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
ordinal = odm.Optional(odm.Integer())
class FileSWF(odm.Model):
@odm.model(index=True, store=False, description="SWF Header Model")
class FileSWFHeader(odm.Model):
@odm.model(index=True, store=False, description="SWF Header Frame")
class FileSWFHeaderFrame(odm.Model):
count = odm.Optional(odm.List(odm.Integer()), description="Number of Frames")
rate = odm.Optional(odm.List(odm.Keyword()), description="Speed of Animation")
size = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Size of Frame")
frame = odm.Optional(odm.Compound(FileSWFHeaderFrame), description="Header Frame Information")
version = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Version")
header = odm.Optional(odm.Compound(FileSWFHeader), description="Header Information")
tags_ssdeep = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Tags SSDeep")
class FileAPK(odm.Model):
@odm.model(index=True, store=False)
class FileAPKApp(odm.Model):
label = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
version = odm.Optional(odm.List(
odm.Keyword(copyto="__text__")))
@odm.model(index=True, store=False)
class FileAPKSDK(odm.Model):
min = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
target = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
activity = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
app = odm.Optional(odm.Compound(FileAPKApp))
feature = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
locale = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
permission = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
pkg_name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
provides_component = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
sdk = odm.Optional(odm.Compound(FileAPKSDK))
used_library = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
class Alert(odm.Model):
alert_id = odm.Keyword(copyto="__text__") # ID of the alert
al = odm.Compound(ALResults) # Assemblyline result block
archive_ts = odm.Date(store=False) # Archiving timestamp
classification = odm.Classification() # Classification of the alert
expiry_ts = odm.Optional(odm.Date(store=False)) # Expiry timestamp
extended_scan = odm.Enum(values=EXTENDED_SCAN_VALUES,
store=False) # Status of the extended scan
file = odm.Compound(File) # File block
label = odm.List(odm.Keyword(), copyto="__text__",
default=[]) # List of labels applied to the alert
metadata = odm.Mapping(odm.Keyword(),
store=False) # Metadata submitted with the file
owner = odm.Optional(odm.Keyword()) # Owner of the alert
priority = odm.Optional(
odm.Enum(values=PRIORITIES)) # Priority applied to the alert
reporting_ts = odm.Date() # Time at which the alert was created
sid = odm.UUID(store=False) # ID of the submission related to this alert
status = odm.Optional(
odm.Enum(values=STATUSES)) # Status applied to the alert
ts = odm.Date() # Timestamp at which the file was submitted
type = odm.Keyword() # Type of alert
verdict = odm.Compound(Verdict, default={}) # Verdict timing
class Heuristic(odm.Model):
attack_id = odm.List(odm.Keyword(copyto="__text__"),
default=[]) # List of all associated Att&ck IDs
classification = odm.Classification(
default=Classification.UNRESTRICTED) # Classification of the heuristic
description = odm.Text(copyto="__text__") # Description of the heuristic
filetype = odm.Keyword(copyto="__text__") # Type of file targeted
heur_id = odm.Keyword(copyto="__text__") # Heuristic ID
name = odm.Keyword(copyto="__text__") # Name of the heuristic
score = odm.Integer() # Default score of the heuristic
signature_score_map = odm.Mapping(
odm.Integer(), default={}) # Score of signatures for this heuristic
stats = odm.Compound(Statistics, default={})
max_score = odm.Optional(odm.Integer()) # Maximum score for heuristic
class NetworkHTTP(odm.Model):
connection_details = odm.Compound(
NetworkConnection,
description="The low-level details of the HTTP request")
request_uri = odm.URI(description="The URI requested")
request_headers = odm.Mapping(
odm.Json(), description="Headers included in the request")
request_body = odm.Optional(odm.Text(),
description="The body of the request")
request_method = odm.Enum(
[
# Standard HTTP methods
"GET",
"POST",
"PUT",
"DELETE",
"HEAD",
"CONNECT",
"OPTIONS",
"TRACE",
"PATCH",
# WebDAV HTTP methods
"BCOPY",
"BDELETE",
"BMOVE",
"BPROPFIND",
"BPROPPATCH",
"COPY",
"DELETE",
"LOCK",
"MKCOL",
"MOVE",
"NOTIFY",
"POLL",
"PROPFIND",
"PROPPATCH",
"SEARCH",
"SUBSCRIBE",
"UNLOCK",
"UNSUBSCRIBE",
"X-MS-ENUMATTS"
],
description="The method of the request")
response_headers = odm.Mapping(
odm.Json(), description="Headers included in the response")
response_status_code = odm.Optional(
odm.Integer(), description="The status code of the response")
response_body = odm.Optional(odm.Text(),
description="The body of the response")
class DockerConfig(odm.Model):
allow_internet_access: bool = odm.Boolean(default=False)
command: Opt[List[str]] = odm.Optional(odm.List(odm.Keyword()))
cpu_cores: float = odm.Float(default=1.0)
environment: List[EnvironmentVariable] = odm.List(
odm.Compound(EnvironmentVariable), default=[])
image: str = odm.Keyword(
) # Complete name of the Docker image with tag, may include registry
registry_username = odm.Optional(
odm.Keyword()) # The username to use when pulling the image
registry_password = odm.Optional(
odm.Keyword()) # The password or token to use when pulling the image
ports: List[str] = odm.List(odm.Keyword(), default=[])
ram_mb: int = odm.Integer(default=512)
ram_mb_min: int = odm.Integer(default=128)
class Network(odm.Model):
@odm.model(index=True, store=False, description="Network IOC Model")
class NetworkIOCs(odm.Model):
domain = odm.Optional(odm.List(odm.Domain(copyto="__text__")), description="Domain")
ip = odm.Optional(odm.List(odm.IP(copyto="__text__")), description="IP")
uri = odm.Optional(odm.List(odm.URI(copyto="__text__")), description="URI")
uri_path = odm.Optional(odm.List(odm.URIPath(copyto="__text__")), description="URI Path")
@odm.model(index=True, store=False, description="Network Email Model")
class NetworkEmail(odm.Model):
address = odm.Optional(odm.List(odm.Email(copyto="__text__")), description="Email Address")
date = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Date")
subject = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Subject")
msg_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Message ID")
@odm.model(index=True, store=False, description="Network Signature Model")
class NetworkSignature(odm.Model):
signature_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Signature ID")
message = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Signature Message")
@odm.model(index=True, store=False, description="Network TLS Model")
class NetworkTLS(odm.Model):
ja3_hash = odm.Optional(odm.List(odm.MD5(copyto="__text__")), description="JA3 Hash")
ja3_string = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="JA3 String")
sni = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="SNI")
attack = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Attack")
dynamic = odm.Optional(odm.Compound(NetworkIOCs), description="Dynamic IOCs")
email = odm.Optional(odm.Compound(NetworkEmail), description="Email")
mac_address = odm.Optional(odm.List(odm.MAC(copyto="__text__")), description="MAC Address")
port = odm.Optional(odm.List(odm.Integer()), description="Port")
protocol = odm.Optional(odm.List(odm.Keyword()), description="Protocol")
signature = odm.Optional(odm.Compound(NetworkSignature), description="Signatures")
static = odm.Optional(odm.Compound(NetworkIOCs), description="Static IOCs")
tls = odm.Optional(odm.Compound(NetworkTLS), description="TLS")
user_agent = odm.Optional(odm.List(odm.Keyword()), description="User Agent")
class Signature(odm.Model):
classification = odm.Classification(store=True,
default=Classification.UNRESTRICTED)
data = odm.Text(index=False, store=False)
last_modified = odm.Date(default="NOW")
name = odm.Keyword(copyto="__text__")
order = odm.Integer(default=1, store=False)
revision = odm.Keyword(default="1")
signature_id = odm.Optional(odm.Keyword())
source = odm.Keyword()
state_change_date = odm.Optional(odm.Date(store=False))
state_change_user = odm.Optional(odm.Keyword(store=False))
stats = odm.Compound(Statistics, default={})
status = odm.Enum(values=RULE_STATUSES, copyto="__text__")
type = odm.Keyword(copyto="__text__")
class DockerConfigDelta(odm.Model):
allow_internet_access = odm.Optional(odm.Boolean())
command = odm.Optional(odm.List(odm.Keyword()))
cpu_cores = odm.Optional(odm.Float())
environment = odm.Optional(odm.List(odm.Compound(EnvironmentVariable)))
image = odm.Optional(
odm.Keyword()
) # The docker image and tag, optionally including registry in the normal way
registry_username = odm.Optional(
odm.Keyword()) # The username to use when pulling the image
registry_password = odm.Optional(
odm.Keyword()) # The password or token to use when pulling the image
ports = odm.Optional(odm.List(odm.Keyword()))
ram_mb = odm.Optional(odm.Integer())
ram_mb_min = odm.Optional(odm.Integer())
class Network(odm.Model):
@odm.model(index=True, store=False)
class NetworkIOCs(odm.Model):
domain = odm.Optional(odm.List(odm.Domain(copyto="__text__")))
ip = odm.Optional(odm.List(odm.IP(copyto="__text__")))
uri = odm.Optional(odm.List(odm.URI(copyto="__text__")))
uri_path = odm.Optional(odm.List(odm.URIPath(copyto="__text__")))
@odm.model(index=True, store=False)
class NetworkEmail(odm.Model):
address = odm.Optional(odm.List(odm.Email(copyto="__text__")))
date = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
subject = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
msg_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
@odm.model(index=True, store=False)
class NetworkSignature(odm.Model):
signature_id = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
message = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
@odm.model(index=True, store=False)
class NetworkTLS(odm.Model):
ja3_hash = odm.Optional(odm.List(odm.MD5(copyto="__text__")))
ja3_string = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
sni = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
attack = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
dynamic = odm.Optional(odm.Compound(NetworkIOCs))
email = odm.Optional(odm.Compound(NetworkEmail))
mac_address = odm.Optional(odm.List(odm.MAC(copyto="__text__")))
port = odm.Optional(odm.List(odm.Integer()))
protocol = odm.Optional(odm.List(odm.Keyword()))
signature = odm.Optional(odm.Compound(NetworkSignature))
static = odm.Optional(odm.Compound(NetworkIOCs))
tls = odm.Optional(odm.Compound(NetworkTLS))
class ScalerServiceDefaults(odm.Model):
growth: int = odm.Integer(
description=
"Period, in seconds, to wait before scaling up a service deployment")
shrink: int = odm.Integer(
description=
"Period, in seconds, to wait before scaling down a service deployment")
backlog: int = odm.Integer(
description="Backlog threshold that dictates scaling adjustments")
min_instances: int = odm.Integer(
description="The minimum number of service instances to be running")
environment: List[EnvironmentVariable] = odm.List(
odm.Compound(EnvironmentVariable),
default=[],
description="Environment variables to pass onto services")
class Config(odm.Model):
# Authentication module configuration
auth: Auth = odm.Compound(Auth, default=DEFAULT_AUTH)
# Core component configuration
core: Core = odm.Compound(Core, default=DEFAULT_CORE)
# Datastore configuration
datastore: Datastore = odm.Compound(Datastore, default=DEFAULT_DATASTORE)
# Datasources configuration
datasources: Dict[str,
Datasource] = odm.Mapping(odm.Compound(Datasource),
default=DEFAULT_DATASOURCES)
# Filestore configuration
filestore: Filestore = odm.Compound(Filestore, default=DEFAULT_FILESTORE)
# Logging configuration
logging: Logging = odm.Compound(Logging, default=DEFAULT_LOGGING)
# Service configuration
services: Services = odm.Compound(Services, default=DEFAULT_SERVICES)
# System configuration
system: System = odm.Compound(System, default=DEFAULT_SYSTEM)
# UI configuration parameters
ui: UI = odm.Compound(UI, default=DEFAULT_UI)
# Options for how submissions will be processed
submission: Submission = odm.Compound(Submission,
default=DEFAULT_SUBMISSION)
class Dynamic(odm.Model):
@odm.model(index=True, store=False)
class DynamicProcess(odm.Model):
command_line = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
file_name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
@odm.model(index=True, store=False)
class DynamicSignature(odm.Model):
category = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
family = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
@odm.model(index=True, store=False)
class DynamicSSDeep(odm.Model):
cls_ids = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")))
dynamic_classes = odm.Optional(
odm.List(odm.SSDeepHash(copyto="__text__")))
regkeys = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")))
@odm.model(index=True, store=False)
class DynamicWindow(odm.Model):
cls_ids = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
dynamic_classes = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
regkeys = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
autorun_location = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
dos_device = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
mutex = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
registry_key = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
process = odm.Optional(odm.Compound(DynamicProcess))
signature = odm.Optional(odm.Compound(DynamicSignature))
ssdeep = odm.Optional(odm.Compound(DynamicSSDeep))
window = odm.Optional(odm.Compound(DynamicWindow))
class FileOLE(odm.Model):
@odm.model(index=True, store=False)
class FileOLEMacro(odm.Model):
sha256 = odm.Optional(odm.List(odm.SHA256(copyto="__text__")))
suspicious_string = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
@odm.model(index=True, store=False)
class FileOLESummary(odm.Model):
author = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
codepage = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
comment = odm.Optional(odm.List(
odm.Keyword(copyto="__text__")))
company = odm.Optional(odm.List(
odm.Keyword(copyto="__text__")))
create_time = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
last_printed = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
last_saved_by = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
last_saved_time = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
manager = odm.Optional(odm.List(
odm.Keyword(copyto="__text__")))
subject = odm.Optional(odm.List(
odm.Keyword(copyto="__text__")))
title = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
macro = odm.Optional(odm.Compound(FileOLEMacro))
summary = odm.Optional(odm.Compound(FileOLESummary))
clsid = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
dde_link = odm.Optional(odm.List(odm.Keyword(copyto="__text__")))
fib_timestamp = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
class UI(odm.Model):
# Allow to user to download raw files
allow_raw_downloads: bool = odm.Boolean()
# Allow file submissions via url
allow_url_submissions: bool = odm.Boolean()
# Should API calls be audited and saved to a separate log file?
audit: bool = odm.Boolean()
# Turn on debugging
debug: bool = odm.Boolean()
# Which encoding will be used
download_encoding = odm.Enum(values=["raw", "cart"])
# Assemblyline admins email address
email: str = odm.Optional(odm.Email())
# Enforce the user's quotas
enforce_quota: bool = odm.Boolean()
# Fully qualified domain name to use for the 2-factor authentication validation
fqdn: str = odm.Text()
# Maximum priority for ingest API
ingest_max_priority: int = odm.Integer()
# Turn on read only mode in the UI
read_only: bool = odm.Boolean()
# Offset of the read only mode for all paging and searches
read_only_offset: str = odm.Keyword(default="")
# Flask secret key to store cookies and stuff
secret_key: str = odm.Keyword()
# Duration of the user session before the user has to login again
session_duration: int = odm.Integer()
# Statistics configuration
statistics: Statistics = odm.Compound(Statistics,
default=DEFAULT_STATISTICS)
# Terms of service
tos: str = odm.Optional(odm.Text())
# Lock out user after accepting the terms of service
tos_lockout: bool = odm.Boolean()
# List of admins to notify when a user gets locked out
tos_lockout_notify: bool = odm.Optional(odm.List(odm.Keyword()))
# UI 4 path
ui4_path: str = odm.Optional(odm.Keyword())
# Headers that will be used by the url_download method
url_submission_headers: Dict[str, str] = odm.Optional(
odm.Mapping(odm.Keyword()))
# Proxy that will be used by the url_download method
url_submission_proxies: Dict[str, str] = odm.Optional(
odm.Mapping(odm.Keyword()))
# Validate if the session ip matches the ip the session was created from
validate_session_ip: bool = odm.Boolean()
# Validate if the session useragent matches the useragent the session was created with
validate_session_useragent: bool = odm.Boolean()
class FileIMG(odm.Model):
@odm.model(index=True, store=False, description="Exiftool Information Model")
class FileIMGExiftool(odm.Model):
creator_tool = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Image Creation Tool")
derived_document_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")),
description="Derived Document ID")
document_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Document ID")
instance_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Instance ID")
toolkit = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Toolkit")
exif_tool = odm.Optional(odm.Compound(FileIMGExiftool), description="Exiftool Information")
mega_pixels = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Megapixels")
mode = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Image Mode")
size = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Image Size")
sorted_metadata_hash = odm.Optional(odm.List(odm.Keyword(copyto="__text__")),
description="Sorted Metadata Hash")
class FilePListCFBundle(odm.Model):
@odm.model(index=True, store=False, description="PList CF Bundle Version Model")
class FilePListCFBundleVersion(odm.Model):
long = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Long Version")
short = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Short Version")
development_region = odm.Optional(odm.List(odm.Keyword(copyto="__text__")),
description="Development Region")
display_name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Display Name")
executable = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Executable Name")
identifier = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Identifier Name")
name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Bundle Name")
pkg_type = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Package Type")
signature = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Signature")
url_scheme = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="URL Scheme")
version = odm.Optional(odm.Compound(FilePListCFBundleVersion), description="Bundle Version Information")
class FileTask(odm.Model):
"""Dispatcher internal model for tracking each file in a submission."""
sid = odm.Keyword()
min_classification = odm.Classification() # Minimum classification of the file being scanned
parent_hash = odm.Optional(odm.Keyword())
file_info: FileInfo = odm.Compound(FileInfo)
depth = odm.Integer()
max_files = odm.Integer()
def get_tag_set_name(self) -> str:
"""Get the name of a redis set where the task tags are collected."""
return get_tag_set_name(self.sid, self.file_info.sha256)
def get_temporary_submission_data_name(self) -> str:
"""Get the name of a redis hash where tags for a submission are collected."""
return get_temporary_submission_data_name(self.sid, self.file_info.sha256)
class Signer(odm.Model):
version = odm.Optional(odm.Integer())
issuer = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
serial_number = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
encryption_algorithm = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
digest_algorithm = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
encrypted_digest = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
cert = odm.Optional(odm.Compound(Certificate))
authenticated_attributes = odm.Optional(
odm.List(odm.EmptyableKeyword(copyto="__text__")))
unauthenticated_attributes = odm.Optional(
odm.List(odm.EmptyableKeyword(copyto="__text__")))
class UserSettings(odm.Model): # User's default settings
classification = odm.Classification(
default=Classification.UNRESTRICTED) # Default submission classification
deep_scan = odm.Boolean(default=False) # Should a deep scan be performed
description = odm.Keyword(default="") # Default description
download_encoding = odm.Enum(values=ENCODINGS, default="cart") # Default download encoding when downloading files
expand_min_score = odm.Integer(default=500) # Auto-expand section when score bigger then this
ignore_cache = odm.Boolean(default=False) # Ignore service caching
ignore_dynamic_recursion_prevention = odm.Boolean(default=False) # Ignore dynamic recursion prevention
ignore_filtering = odm.Boolean(default=False) # Ignore filtering services
malicious = odm.Boolean(default=False) # Is the file submitted known to be malicious
priority = odm.Integer(default=1000) # Default priority for the submissions
profile = odm.Boolean(default=False) # Should the submission do extra profiling
service_spec = odm.Mapping(odm.Keyword(), default={}) # Default service specific settings
services = odm.Compound(ServiceSelection, default={}) # Default service selection
submission_view = odm.Enum(values=VIEWS, default="report") # Default view for completed submissions
ttl = odm.Integer(default=30) # Default submission Time to Live (days)
class OAuthProvider(odm.Model):
auto_create: str = odm.Boolean(default=True)
auto_sync: str = odm.Boolean(default=False)
auto_properties: List[OAuthAutoProperty] = odm.List(odm.Compound(OAuthAutoProperty), default=[])
uid_regex: str = odm.Optional(odm.Keyword())
uid_format: str = odm.Optional(odm.Keyword())
client_id: str = odm.Optional(odm.Keyword())
client_secret: str = odm.Optional(odm.Keyword())
request_token_url: str = odm.Optional(odm.Keyword())
request_token_params: str = odm.Optional(odm.Keyword())
access_token_url: str = odm.Optional(odm.Keyword())
access_token_params: str = odm.Optional(odm.Keyword())
authorize_url: str = odm.Optional(odm.Keyword())
authorize_params: str = odm.Optional(odm.Keyword())
api_base_url: str = odm.Optional(odm.Keyword())
client_kwargs: Dict[str, str] = odm.Optional(odm.Mapping(odm.Keyword()))
user_get: str = odm.Keyword()
class ALResults(odm.Model):
attrib = odm.List(odm.Keyword(), default=[], store=True, copyto="__text__", description="List of attribution")
av = odm.List(odm.Keyword(), default=[], store=True, copyto="__text__", description="List of AV hits")
behavior = odm.List(odm.Keyword(), default=[], copyto="__text__", description="List of behaviors for the alert")
detailed = odm.Compound(DetailedResults, description="Assemblyline Detailed result block")
domain = odm.List(odm.Domain(), default=[], copyto="__text__", description="List of all domains")
domain_dynamic = odm.List(odm.Domain(), default=[], description="List of domains found during Dynamic Analysis")
domain_static = odm.List(odm.Domain(), default=[], description="List of domains found during Static Analysis")
ip = odm.List(odm.IP(), default=[], copyto="__text__", description="List of all IPs")
ip_dynamic = odm.List(odm.IP(), default=[], description="List of IPs found during Dynamic Analysis")
ip_static = odm.List(odm.IP(), default=[], description="List of IPs found during Static Analysis")
request_end_time = odm.Date(index=False, description="Finish time of the Assemblyline submission")
score = odm.Integer(store=True, description="Maximum score found in the submission")
uri = odm.List(odm.URI(), default=[], copyto="__text__", description="List of all URIs")
uri_dynamic = odm.List(odm.URI(), default=[], description="List of URIs found during Dynamic Analysis")
uri_static = odm.List(odm.URI(), default=[], description="List of URIs found during Static Analysis")
yara = odm.List(odm.Keyword(), default=[], copyto="__text__", description="List of YARA rule hits")
class FileSWF(odm.Model):
@odm.model(index=True, store=False)
class FileSWFHeader(odm.Model):
@odm.model(index=True, store=False)
class FileSWFHeaderFrame(odm.Model):
count = odm.Optional(odm.List(odm.Integer()))
rate = odm.Optional(odm.List(odm.Keyword()))
size = odm.Optional(
odm.List(odm.Keyword(copyto="__text__")))
frame = odm.Optional(odm.Compound(FileSWFHeaderFrame))
version = odm.Optional(odm.List(
odm.Keyword(copyto="__text__")))
header = odm.Optional(odm.Compound(FileSWFHeader))
tags_ssdeep = odm.Optional(
odm.List(odm.SSDeepHash(copyto="__text__")))
class LangCode_Item(odm.Model):
@odm.model(index=True, store=False)
class Item(odm.Model):
key = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
value = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
key = odm.Optional(odm.EmptyableKeyword(copyto="__text__"))
type = odm.Optional(odm.Integer())
lang = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
sublang = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
code_page = odm.Optional(
odm.EmptyableKeyword(copyto="__text__"))
items = odm.Optional(odm.List(odm.Compound(Item)))
class UpdateSourceDelta(odm.Model):
name = odm.Optional(
odm.Keyword(),
description=
"Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
password = odm.Optional(
odm.Keyword(default=""),
description=
"Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
pattern = odm.Optional(
odm.Keyword(default=""),
description=
"Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
private_key = odm.Optional(
odm.Keyword(default=""),
description=
"Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
ca_cert = odm.Optional(
odm.Keyword(default=""),
description=
"Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
ssl_ignore_errors = odm.Boolean(
default=False,
description=
"Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
proxy = odm.Optional(
odm.Keyword(default=""),
description=
"Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
uri = odm.Optional(
odm.Keyword(),
description=
"Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
username = odm.Optional(
odm.Keyword(default=""),
description=
"Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
headers = odm.Optional(
odm.List(odm.Compound(EnvironmentVariable)),
description=
"Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
default_classification = odm.Optional(
odm.Classification(),
description=
"Refer to:<br>[Service - UpdateSource](../service/#updatesource)")
