class UpdateSource(odm.Model): name = odm.Keyword() password = odm.Optional(odm.Keyword(default="")) pattern = odm.Optional(odm.Keyword(default="")) private_key = odm.Optional(odm.Keyword(default="")) ca_cert = odm.Optional(odm.Keyword(default="")) ssl_ignore_errors = odm.Boolean(default=False) proxy = odm.Optional(odm.Keyword(default="")) uri = odm.Keyword() username = odm.Optional(odm.Keyword(default="")) headers = odm.List(odm.Compound(EnvironmentVariable), default=[]) default_classification = odm.Classification(default=Classification.UNRESTRICTED)
class FilePListDT(odm.Model): @odm.model(index=True, store=False) class FilePListDTPlatform(odm.Model): build = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) name = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) version = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) compiler = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) platform = odm.Optional(odm.Compound(FilePListDTPlatform))
class Alert(odm.Model): alert_id = odm.Keyword(copyto="__text__", description="ID of the alert") al = odm.Compound(ALResults, description="Assemblyline Result Block") archive_ts = odm.Date(store=False, description="Archiving timestamp") attack = odm.Compound(Attack, description="ATT&CK Block") classification = odm.Classification(description="Classification of the alert") expiry_ts = odm.Optional(odm.Date(store=False), description="Expiry timestamp") extended_scan = odm.Enum(values=EXTENDED_SCAN_VALUES, description="Status of the extended scan") file = odm.Compound(File, description="File Block") filtered = odm.Boolean(default=False, description="Are the alert results filtered?") heuristic = odm.Compound(Heuristic, description="Heuristic Block") label = odm.List(odm.Keyword(), copyto="__text__", default=[], description="List of labels applied to the alert") metadata = odm.FlattenedObject(default={}, store=False, description="Metadata submitted with the file") owner = odm.Optional(odm.Keyword(), description="Owner of the alert") priority = odm.Optional(odm.Enum(values=PRIORITIES), description="Priority applied to the alert") reporting_ts = odm.Date(description="Alert creation timestamp") sid = odm.UUID(description="Submission ID related to this alert") status = odm.Optional(odm.Enum(values=STATUSES), description="Status applied to the alert") ts = odm.Date(description="File submission timestamp") type = odm.Keyword(description="Type of alert") verdict = odm.Compound(Verdict, default={}, description="Verdict Block") workflows_completed = odm.Boolean(default=False, description="Have all workflows ran on this alert?")
class Heuristic(odm.Model): attack_id = odm.List(odm.Keyword(copyto="__text__"), default=[], description="List of all associated ATT&CK IDs") classification = odm.Classification(default=Classification.UNRESTRICTED, description="Classification of the heuristic") description = odm.Text(copyto="__text__", description="Description of the heuristic") filetype = odm.Keyword(copyto="__text__", description="What type of files does this heuristic target?") heur_id = odm.Keyword(copyto="__text__", description="ID of the Heuristic") name = odm.Keyword(copyto="__text__", description="Name of the heuristic") score = odm.Integer(description="Default score of the heuristic") signature_score_map = odm.Mapping(odm.Integer(), default={}, description="Score of signatures for this heuristic") stats = odm.Compound(Statistics, default={}, description="Statistics related to the Heuristic") max_score = odm.Optional(odm.Integer(), description="Maximum score for heuristic")
class Entry(odm.Model): @odm.model(index=True, store=False) class Forward_Information(odm.Model): function = odm.Optional( odm.EmptyableKeyword(copyto="__text__")) library = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) address = odm.Optional(odm.Integer()) forward_information = odm.Optional( odm.Compound(Forward_Information)) function_rva = odm.Optional(odm.Integer()) is_extern = odm.Optional(odm.Boolean()) name = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) ordinal = odm.Optional(odm.Integer())
class FileSWF(odm.Model): @odm.model(index=True, store=False, description="SWF Header Model") class FileSWFHeader(odm.Model): @odm.model(index=True, store=False, description="SWF Header Frame") class FileSWFHeaderFrame(odm.Model): count = odm.Optional(odm.List(odm.Integer()), description="Number of Frames") rate = odm.Optional(odm.List(odm.Keyword()), description="Speed of Animation") size = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Size of Frame") frame = odm.Optional(odm.Compound(FileSWFHeaderFrame), description="Header Frame Information") version = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Version") header = odm.Optional(odm.Compound(FileSWFHeader), description="Header Information") tags_ssdeep = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Tags SSDeep")
class FileAPK(odm.Model): @odm.model(index=True, store=False) class FileAPKApp(odm.Model): label = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) version = odm.Optional(odm.List( odm.Keyword(copyto="__text__"))) @odm.model(index=True, store=False) class FileAPKSDK(odm.Model): min = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) target = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) activity = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) app = odm.Optional(odm.Compound(FileAPKApp)) feature = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) locale = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) permission = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) pkg_name = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) provides_component = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) sdk = odm.Optional(odm.Compound(FileAPKSDK)) used_library = odm.Optional( odm.List(odm.Keyword(copyto="__text__")))
class Alert(odm.Model): alert_id = odm.Keyword(copyto="__text__") # ID of the alert al = odm.Compound(ALResults) # Assemblyline result block archive_ts = odm.Date(store=False) # Archiving timestamp classification = odm.Classification() # Classification of the alert expiry_ts = odm.Optional(odm.Date(store=False)) # Expiry timestamp extended_scan = odm.Enum(values=EXTENDED_SCAN_VALUES, store=False) # Status of the extended scan file = odm.Compound(File) # File block label = odm.List(odm.Keyword(), copyto="__text__", default=[]) # List of labels applied to the alert metadata = odm.Mapping(odm.Keyword(), store=False) # Metadata submitted with the file owner = odm.Optional(odm.Keyword()) # Owner of the alert priority = odm.Optional( odm.Enum(values=PRIORITIES)) # Priority applied to the alert reporting_ts = odm.Date() # Time at which the alert was created sid = odm.UUID(store=False) # ID of the submission related to this alert status = odm.Optional( odm.Enum(values=STATUSES)) # Status applied to the alert ts = odm.Date() # Timestamp at which the file was submitted type = odm.Keyword() # Type of alert verdict = odm.Compound(Verdict, default={}) # Verdict timing
class Heuristic(odm.Model): attack_id = odm.List(odm.Keyword(copyto="__text__"), default=[]) # List of all associated Att&ck IDs classification = odm.Classification( default=Classification.UNRESTRICTED) # Classification of the heuristic description = odm.Text(copyto="__text__") # Description of the heuristic filetype = odm.Keyword(copyto="__text__") # Type of file targeted heur_id = odm.Keyword(copyto="__text__") # Heuristic ID name = odm.Keyword(copyto="__text__") # Name of the heuristic score = odm.Integer() # Default score of the heuristic signature_score_map = odm.Mapping( odm.Integer(), default={}) # Score of signatures for this heuristic stats = odm.Compound(Statistics, default={}) max_score = odm.Optional(odm.Integer()) # Maximum score for heuristic
class NetworkHTTP(odm.Model): connection_details = odm.Compound( NetworkConnection, description="The low-level details of the HTTP request") request_uri = odm.URI(description="The URI requested") request_headers = odm.Mapping( odm.Json(), description="Headers included in the request") request_body = odm.Optional(odm.Text(), description="The body of the request") request_method = odm.Enum( [ # Standard HTTP methods "GET", "POST", "PUT", "DELETE", "HEAD", "CONNECT", "OPTIONS", "TRACE", "PATCH", # WebDAV HTTP methods "BCOPY", "BDELETE", "BMOVE", "BPROPFIND", "BPROPPATCH", "COPY", "DELETE", "LOCK", "MKCOL", "MOVE", "NOTIFY", "POLL", "PROPFIND", "PROPPATCH", "SEARCH", "SUBSCRIBE", "UNLOCK", "UNSUBSCRIBE", "X-MS-ENUMATTS" ], description="The method of the request") response_headers = odm.Mapping( odm.Json(), description="Headers included in the response") response_status_code = odm.Optional( odm.Integer(), description="The status code of the response") response_body = odm.Optional(odm.Text(), description="The body of the response")
class DockerConfig(odm.Model): allow_internet_access: bool = odm.Boolean(default=False) command: Opt[List[str]] = odm.Optional(odm.List(odm.Keyword())) cpu_cores: float = odm.Float(default=1.0) environment: List[EnvironmentVariable] = odm.List( odm.Compound(EnvironmentVariable), default=[]) image: str = odm.Keyword( ) # Complete name of the Docker image with tag, may include registry registry_username = odm.Optional( odm.Keyword()) # The username to use when pulling the image registry_password = odm.Optional( odm.Keyword()) # The password or token to use when pulling the image ports: List[str] = odm.List(odm.Keyword(), default=[]) ram_mb: int = odm.Integer(default=512) ram_mb_min: int = odm.Integer(default=128)
class Network(odm.Model): @odm.model(index=True, store=False, description="Network IOC Model") class NetworkIOCs(odm.Model): domain = odm.Optional(odm.List(odm.Domain(copyto="__text__")), description="Domain") ip = odm.Optional(odm.List(odm.IP(copyto="__text__")), description="IP") uri = odm.Optional(odm.List(odm.URI(copyto="__text__")), description="URI") uri_path = odm.Optional(odm.List(odm.URIPath(copyto="__text__")), description="URI Path") @odm.model(index=True, store=False, description="Network Email Model") class NetworkEmail(odm.Model): address = odm.Optional(odm.List(odm.Email(copyto="__text__")), description="Email Address") date = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Date") subject = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Subject") msg_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Message ID") @odm.model(index=True, store=False, description="Network Signature Model") class NetworkSignature(odm.Model): signature_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Signature ID") message = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Signature Message") @odm.model(index=True, store=False, description="Network TLS Model") class NetworkTLS(odm.Model): ja3_hash = odm.Optional(odm.List(odm.MD5(copyto="__text__")), description="JA3 Hash") ja3_string = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="JA3 String") sni = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="SNI") attack = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Attack") dynamic = odm.Optional(odm.Compound(NetworkIOCs), description="Dynamic IOCs") email = odm.Optional(odm.Compound(NetworkEmail), description="Email") mac_address = odm.Optional(odm.List(odm.MAC(copyto="__text__")), description="MAC Address") port = odm.Optional(odm.List(odm.Integer()), description="Port") protocol = odm.Optional(odm.List(odm.Keyword()), description="Protocol") signature = odm.Optional(odm.Compound(NetworkSignature), description="Signatures") static = odm.Optional(odm.Compound(NetworkIOCs), description="Static IOCs") tls = odm.Optional(odm.Compound(NetworkTLS), description="TLS") user_agent = odm.Optional(odm.List(odm.Keyword()), description="User Agent")
class Signature(odm.Model): classification = odm.Classification(store=True, default=Classification.UNRESTRICTED) data = odm.Text(index=False, store=False) last_modified = odm.Date(default="NOW") name = odm.Keyword(copyto="__text__") order = odm.Integer(default=1, store=False) revision = odm.Keyword(default="1") signature_id = odm.Optional(odm.Keyword()) source = odm.Keyword() state_change_date = odm.Optional(odm.Date(store=False)) state_change_user = odm.Optional(odm.Keyword(store=False)) stats = odm.Compound(Statistics, default={}) status = odm.Enum(values=RULE_STATUSES, copyto="__text__") type = odm.Keyword(copyto="__text__")
class DockerConfigDelta(odm.Model): allow_internet_access = odm.Optional(odm.Boolean()) command = odm.Optional(odm.List(odm.Keyword())) cpu_cores = odm.Optional(odm.Float()) environment = odm.Optional(odm.List(odm.Compound(EnvironmentVariable))) image = odm.Optional( odm.Keyword() ) # The docker image and tag, optionally including registry in the normal way registry_username = odm.Optional( odm.Keyword()) # The username to use when pulling the image registry_password = odm.Optional( odm.Keyword()) # The password or token to use when pulling the image ports = odm.Optional(odm.List(odm.Keyword())) ram_mb = odm.Optional(odm.Integer()) ram_mb_min = odm.Optional(odm.Integer())
class Network(odm.Model): @odm.model(index=True, store=False) class NetworkIOCs(odm.Model): domain = odm.Optional(odm.List(odm.Domain(copyto="__text__"))) ip = odm.Optional(odm.List(odm.IP(copyto="__text__"))) uri = odm.Optional(odm.List(odm.URI(copyto="__text__"))) uri_path = odm.Optional(odm.List(odm.URIPath(copyto="__text__"))) @odm.model(index=True, store=False) class NetworkEmail(odm.Model): address = odm.Optional(odm.List(odm.Email(copyto="__text__"))) date = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) subject = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) msg_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) @odm.model(index=True, store=False) class NetworkSignature(odm.Model): signature_id = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) message = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) @odm.model(index=True, store=False) class NetworkTLS(odm.Model): ja3_hash = odm.Optional(odm.List(odm.MD5(copyto="__text__"))) ja3_string = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) sni = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) attack = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) dynamic = odm.Optional(odm.Compound(NetworkIOCs)) email = odm.Optional(odm.Compound(NetworkEmail)) mac_address = odm.Optional(odm.List(odm.MAC(copyto="__text__"))) port = odm.Optional(odm.List(odm.Integer())) protocol = odm.Optional(odm.List(odm.Keyword())) signature = odm.Optional(odm.Compound(NetworkSignature)) static = odm.Optional(odm.Compound(NetworkIOCs)) tls = odm.Optional(odm.Compound(NetworkTLS))
class ScalerServiceDefaults(odm.Model): growth: int = odm.Integer( description= "Period, in seconds, to wait before scaling up a service deployment") shrink: int = odm.Integer( description= "Period, in seconds, to wait before scaling down a service deployment") backlog: int = odm.Integer( description="Backlog threshold that dictates scaling adjustments") min_instances: int = odm.Integer( description="The minimum number of service instances to be running") environment: List[EnvironmentVariable] = odm.List( odm.Compound(EnvironmentVariable), default=[], description="Environment variables to pass onto services")
class Config(odm.Model): # Authentication module configuration auth: Auth = odm.Compound(Auth, default=DEFAULT_AUTH) # Core component configuration core: Core = odm.Compound(Core, default=DEFAULT_CORE) # Datastore configuration datastore: Datastore = odm.Compound(Datastore, default=DEFAULT_DATASTORE) # Datasources configuration datasources: Dict[str, Datasource] = odm.Mapping(odm.Compound(Datasource), default=DEFAULT_DATASOURCES) # Filestore configuration filestore: Filestore = odm.Compound(Filestore, default=DEFAULT_FILESTORE) # Logging configuration logging: Logging = odm.Compound(Logging, default=DEFAULT_LOGGING) # Service configuration services: Services = odm.Compound(Services, default=DEFAULT_SERVICES) # System configuration system: System = odm.Compound(System, default=DEFAULT_SYSTEM) # UI configuration parameters ui: UI = odm.Compound(UI, default=DEFAULT_UI) # Options for how submissions will be processed submission: Submission = odm.Compound(Submission, default=DEFAULT_SUBMISSION)
class Dynamic(odm.Model): @odm.model(index=True, store=False) class DynamicProcess(odm.Model): command_line = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) file_name = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) @odm.model(index=True, store=False) class DynamicSignature(odm.Model): category = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) family = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) name = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) @odm.model(index=True, store=False) class DynamicSSDeep(odm.Model): cls_ids = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__"))) dynamic_classes = odm.Optional( odm.List(odm.SSDeepHash(copyto="__text__"))) regkeys = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__"))) @odm.model(index=True, store=False) class DynamicWindow(odm.Model): cls_ids = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) dynamic_classes = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) regkeys = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) autorun_location = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) dos_device = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) mutex = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) registry_key = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) process = odm.Optional(odm.Compound(DynamicProcess)) signature = odm.Optional(odm.Compound(DynamicSignature)) ssdeep = odm.Optional(odm.Compound(DynamicSSDeep)) window = odm.Optional(odm.Compound(DynamicWindow))
class FileOLE(odm.Model): @odm.model(index=True, store=False) class FileOLEMacro(odm.Model): sha256 = odm.Optional(odm.List(odm.SHA256(copyto="__text__"))) suspicious_string = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) @odm.model(index=True, store=False) class FileOLESummary(odm.Model): author = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) codepage = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) comment = odm.Optional(odm.List( odm.Keyword(copyto="__text__"))) company = odm.Optional(odm.List( odm.Keyword(copyto="__text__"))) create_time = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) last_printed = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) last_saved_by = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) last_saved_time = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) manager = odm.Optional(odm.List( odm.Keyword(copyto="__text__"))) subject = odm.Optional(odm.List( odm.Keyword(copyto="__text__"))) title = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) macro = odm.Optional(odm.Compound(FileOLEMacro)) summary = odm.Optional(odm.Compound(FileOLESummary)) clsid = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) dde_link = odm.Optional(odm.List(odm.Keyword(copyto="__text__"))) fib_timestamp = odm.Optional( odm.List(odm.Keyword(copyto="__text__")))
class UI(odm.Model): # Allow to user to download raw files allow_raw_downloads: bool = odm.Boolean() # Allow file submissions via url allow_url_submissions: bool = odm.Boolean() # Should API calls be audited and saved to a separate log file? audit: bool = odm.Boolean() # Turn on debugging debug: bool = odm.Boolean() # Which encoding will be used download_encoding = odm.Enum(values=["raw", "cart"]) # Assemblyline admins email address email: str = odm.Optional(odm.Email()) # Enforce the user's quotas enforce_quota: bool = odm.Boolean() # Fully qualified domain name to use for the 2-factor authentication validation fqdn: str = odm.Text() # Maximum priority for ingest API ingest_max_priority: int = odm.Integer() # Turn on read only mode in the UI read_only: bool = odm.Boolean() # Offset of the read only mode for all paging and searches read_only_offset: str = odm.Keyword(default="") # Flask secret key to store cookies and stuff secret_key: str = odm.Keyword() # Duration of the user session before the user has to login again session_duration: int = odm.Integer() # Statistics configuration statistics: Statistics = odm.Compound(Statistics, default=DEFAULT_STATISTICS) # Terms of service tos: str = odm.Optional(odm.Text()) # Lock out user after accepting the terms of service tos_lockout: bool = odm.Boolean() # List of admins to notify when a user gets locked out tos_lockout_notify: bool = odm.Optional(odm.List(odm.Keyword())) # UI 4 path ui4_path: str = odm.Optional(odm.Keyword()) # Headers that will be used by the url_download method url_submission_headers: Dict[str, str] = odm.Optional( odm.Mapping(odm.Keyword())) # Proxy that will be used by the url_download method url_submission_proxies: Dict[str, str] = odm.Optional( odm.Mapping(odm.Keyword())) # Validate if the session ip matches the ip the session was created from validate_session_ip: bool = odm.Boolean() # Validate if the session useragent matches the useragent the session was created with validate_session_useragent: bool = odm.Boolean()
class FileIMG(odm.Model): @odm.model(index=True, store=False, description="Exiftool Information Model") class FileIMGExiftool(odm.Model): creator_tool = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Image Creation Tool") derived_document_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Derived Document ID") document_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Document ID") instance_id = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Instance ID") toolkit = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Toolkit") exif_tool = odm.Optional(odm.Compound(FileIMGExiftool), description="Exiftool Information") mega_pixels = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Megapixels") mode = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Image Mode") size = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Image Size") sorted_metadata_hash = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Sorted Metadata Hash")
class FilePListCFBundle(odm.Model): @odm.model(index=True, store=False, description="PList CF Bundle Version Model") class FilePListCFBundleVersion(odm.Model): long = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Long Version") short = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Short Version") development_region = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Development Region") display_name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Display Name") executable = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Executable Name") identifier = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Identifier Name") name = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Bundle Name") pkg_type = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Package Type") signature = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Signature") url_scheme = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="URL Scheme") version = odm.Optional(odm.Compound(FilePListCFBundleVersion), description="Bundle Version Information")
class FileTask(odm.Model): """Dispatcher internal model for tracking each file in a submission.""" sid = odm.Keyword() min_classification = odm.Classification() # Minimum classification of the file being scanned parent_hash = odm.Optional(odm.Keyword()) file_info: FileInfo = odm.Compound(FileInfo) depth = odm.Integer() max_files = odm.Integer() def get_tag_set_name(self) -> str: """Get the name of a redis set where the task tags are collected.""" return get_tag_set_name(self.sid, self.file_info.sha256) def get_temporary_submission_data_name(self) -> str: """Get the name of a redis hash where tags for a submission are collected.""" return get_temporary_submission_data_name(self.sid, self.file_info.sha256)
class Signer(odm.Model): version = odm.Optional(odm.Integer()) issuer = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) serial_number = odm.Optional( odm.EmptyableKeyword(copyto="__text__")) encryption_algorithm = odm.Optional( odm.EmptyableKeyword(copyto="__text__")) digest_algorithm = odm.Optional( odm.EmptyableKeyword(copyto="__text__")) encrypted_digest = odm.Optional( odm.EmptyableKeyword(copyto="__text__")) cert = odm.Optional(odm.Compound(Certificate)) authenticated_attributes = odm.Optional( odm.List(odm.EmptyableKeyword(copyto="__text__"))) unauthenticated_attributes = odm.Optional( odm.List(odm.EmptyableKeyword(copyto="__text__")))
class UserSettings(odm.Model): # User's default settings classification = odm.Classification( default=Classification.UNRESTRICTED) # Default submission classification deep_scan = odm.Boolean(default=False) # Should a deep scan be performed description = odm.Keyword(default="") # Default description download_encoding = odm.Enum(values=ENCODINGS, default="cart") # Default download encoding when downloading files expand_min_score = odm.Integer(default=500) # Auto-expand section when score bigger then this ignore_cache = odm.Boolean(default=False) # Ignore service caching ignore_dynamic_recursion_prevention = odm.Boolean(default=False) # Ignore dynamic recursion prevention ignore_filtering = odm.Boolean(default=False) # Ignore filtering services malicious = odm.Boolean(default=False) # Is the file submitted known to be malicious priority = odm.Integer(default=1000) # Default priority for the submissions profile = odm.Boolean(default=False) # Should the submission do extra profiling service_spec = odm.Mapping(odm.Keyword(), default={}) # Default service specific settings services = odm.Compound(ServiceSelection, default={}) # Default service selection submission_view = odm.Enum(values=VIEWS, default="report") # Default view for completed submissions ttl = odm.Integer(default=30) # Default submission Time to Live (days)
class OAuthProvider(odm.Model): auto_create: str = odm.Boolean(default=True) auto_sync: str = odm.Boolean(default=False) auto_properties: List[OAuthAutoProperty] = odm.List(odm.Compound(OAuthAutoProperty), default=[]) uid_regex: str = odm.Optional(odm.Keyword()) uid_format: str = odm.Optional(odm.Keyword()) client_id: str = odm.Optional(odm.Keyword()) client_secret: str = odm.Optional(odm.Keyword()) request_token_url: str = odm.Optional(odm.Keyword()) request_token_params: str = odm.Optional(odm.Keyword()) access_token_url: str = odm.Optional(odm.Keyword()) access_token_params: str = odm.Optional(odm.Keyword()) authorize_url: str = odm.Optional(odm.Keyword()) authorize_params: str = odm.Optional(odm.Keyword()) api_base_url: str = odm.Optional(odm.Keyword()) client_kwargs: Dict[str, str] = odm.Optional(odm.Mapping(odm.Keyword())) user_get: str = odm.Keyword()
class ALResults(odm.Model): attrib = odm.List(odm.Keyword(), default=[], store=True, copyto="__text__", description="List of attribution") av = odm.List(odm.Keyword(), default=[], store=True, copyto="__text__", description="List of AV hits") behavior = odm.List(odm.Keyword(), default=[], copyto="__text__", description="List of behaviors for the alert") detailed = odm.Compound(DetailedResults, description="Assemblyline Detailed result block") domain = odm.List(odm.Domain(), default=[], copyto="__text__", description="List of all domains") domain_dynamic = odm.List(odm.Domain(), default=[], description="List of domains found during Dynamic Analysis") domain_static = odm.List(odm.Domain(), default=[], description="List of domains found during Static Analysis") ip = odm.List(odm.IP(), default=[], copyto="__text__", description="List of all IPs") ip_dynamic = odm.List(odm.IP(), default=[], description="List of IPs found during Dynamic Analysis") ip_static = odm.List(odm.IP(), default=[], description="List of IPs found during Static Analysis") request_end_time = odm.Date(index=False, description="Finish time of the Assemblyline submission") score = odm.Integer(store=True, description="Maximum score found in the submission") uri = odm.List(odm.URI(), default=[], copyto="__text__", description="List of all URIs") uri_dynamic = odm.List(odm.URI(), default=[], description="List of URIs found during Dynamic Analysis") uri_static = odm.List(odm.URI(), default=[], description="List of URIs found during Static Analysis") yara = odm.List(odm.Keyword(), default=[], copyto="__text__", description="List of YARA rule hits")
class FileSWF(odm.Model): @odm.model(index=True, store=False) class FileSWFHeader(odm.Model): @odm.model(index=True, store=False) class FileSWFHeaderFrame(odm.Model): count = odm.Optional(odm.List(odm.Integer())) rate = odm.Optional(odm.List(odm.Keyword())) size = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) frame = odm.Optional(odm.Compound(FileSWFHeaderFrame)) version = odm.Optional(odm.List( odm.Keyword(copyto="__text__"))) header = odm.Optional(odm.Compound(FileSWFHeader)) tags_ssdeep = odm.Optional( odm.List(odm.SSDeepHash(copyto="__text__")))
class LangCode_Item(odm.Model): @odm.model(index=True, store=False) class Item(odm.Model): key = odm.Optional( odm.EmptyableKeyword(copyto="__text__")) value = odm.Optional( odm.EmptyableKeyword(copyto="__text__")) key = odm.Optional(odm.EmptyableKeyword(copyto="__text__")) type = odm.Optional(odm.Integer()) lang = odm.Optional( odm.EmptyableKeyword(copyto="__text__")) sublang = odm.Optional( odm.EmptyableKeyword(copyto="__text__")) code_page = odm.Optional( odm.EmptyableKeyword(copyto="__text__")) items = odm.Optional(odm.List(odm.Compound(Item)))
class UpdateSourceDelta(odm.Model): name = odm.Optional( odm.Keyword(), description= "Refer to:<br>[Service - UpdateSource](../service/#updatesource)") password = odm.Optional( odm.Keyword(default=""), description= "Refer to:<br>[Service - UpdateSource](../service/#updatesource)") pattern = odm.Optional( odm.Keyword(default=""), description= "Refer to:<br>[Service - UpdateSource](../service/#updatesource)") private_key = odm.Optional( odm.Keyword(default=""), description= "Refer to:<br>[Service - UpdateSource](../service/#updatesource)") ca_cert = odm.Optional( odm.Keyword(default=""), description= "Refer to:<br>[Service - UpdateSource](../service/#updatesource)") ssl_ignore_errors = odm.Boolean( default=False, description= "Refer to:<br>[Service - UpdateSource](../service/#updatesource)") proxy = odm.Optional( odm.Keyword(default=""), description= "Refer to:<br>[Service - UpdateSource](../service/#updatesource)") uri = odm.Optional( odm.Keyword(), description= "Refer to:<br>[Service - UpdateSource](../service/#updatesource)") username = odm.Optional( odm.Keyword(default=""), description= "Refer to:<br>[Service - UpdateSource](../service/#updatesource)") headers = odm.Optional( odm.List(odm.Compound(EnvironmentVariable)), description= "Refer to:<br>[Service - UpdateSource](../service/#updatesource)") default_classification = odm.Optional( odm.Classification(), description= "Refer to:<br>[Service - UpdateSource](../service/#updatesource)")