class FilePEImports(odm.Model): fuzzy = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Fuzzy") md5 = odm.Optional(odm.List(odm.MD5(copyto="__text__")), description="MD5") imphash = odm.Optional(odm.List(odm.MD5(copyto="__text__")), description="Imphash") sorted_fuzzy = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Sorted Fuzzy") sorted_sha1 = odm.Optional(odm.List(odm.SHA1(copyto="__text__")), description="Sorted SHA1") suspicious = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Suspicious")
class FilePEImports(odm.Model): fuzzy = odm.Optional( odm.List(odm.SSDeepHash(copyto="__text__"))) md5 = odm.Optional(odm.List(odm.MD5(copyto="__text__"))) sorted_fuzzy = odm.Optional( odm.List(odm.SSDeepHash(copyto="__text__"))) sorted_sha1 = odm.Optional( odm.List(odm.SHA1(copyto="__text__"))) suspicious = odm.Optional( odm.List(odm.Keyword(copyto="__text__")))
class FileSWF(odm.Model): @odm.model(index=True, store=False, description="SWF Header Model") class FileSWFHeader(odm.Model): @odm.model(index=True, store=False, description="SWF Header Frame") class FileSWFHeaderFrame(odm.Model): count = odm.Optional(odm.List(odm.Integer()), description="Number of Frames") rate = odm.Optional(odm.List(odm.Keyword()), description="Speed of Animation") size = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Size of Frame") frame = odm.Optional(odm.Compound(FileSWFHeaderFrame), description="Header Frame Information") version = odm.Optional(odm.List(odm.Keyword(copyto="__text__")), description="Version") header = odm.Optional(odm.Compound(FileSWFHeader), description="Header Information") tags_ssdeep = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Tags SSDeep")
class FileSWF(odm.Model): @odm.model(index=True, store=False) class FileSWFHeader(odm.Model): @odm.model(index=True, store=False) class FileSWFHeaderFrame(odm.Model): count = odm.Optional(odm.List(odm.Integer())) rate = odm.Optional(odm.List(odm.Keyword())) size = odm.Optional( odm.List(odm.Keyword(copyto="__text__"))) frame = odm.Optional(odm.Compound(FileSWFHeaderFrame)) version = odm.Optional(odm.List( odm.Keyword(copyto="__text__"))) header = odm.Optional(odm.Compound(FileSWFHeader)) tags_ssdeep = odm.Optional( odm.List(odm.SSDeepHash(copyto="__text__")))
class File(odm.Model): archive_ts = odm.Date(store=False, description="Archiving timestamp") ascii = odm.Keyword(index=False, store=False, description="Dotted ASCII representation of the first 64 bytes of the file") classification = odm.Classification(description="Classification of the file") entropy = odm.Float(description="Entropy of the file") expiry_ts = odm.Optional(odm.Date(store=False), description="Expiry timestamp") is_section_image = odm.Boolean(default=False, description="Is this an image from an Image Result Section?") hex = odm.Keyword(index=False, store=False, description="Hex dump of the first 64 bytes of the file") md5 = odm.MD5(copyto="__text__", description="MD5 of the file") magic = odm.Keyword(store=False, description="Output from libmagic related to the file") mime = odm.Optional(odm.Keyword(store=False), description="MIME type of the file as identified by libmagic") seen = odm.Compound(Seen, default={}, description="Details about when the file was seen") sha1 = odm.SHA1(copyto="__text__", description="SHA1 hash of the file") sha256 = odm.SHA256(copyto="__text__", description="SHA256 hash of the file") size = odm.Integer(description="Size of the file in bytes") ssdeep = odm.SSDeepHash(store=False, description="SSDEEP hash of the file") type = odm.Keyword(copyto="__text__", description="Type of file as identified by Assemblyline")
class File(odm.Model): archive_ts = odm.Date(store=False) # Archiving timestamp ascii = odm.Keyword( index=False, store=False ) # Dotted ascii representation of the first 64 bytes of the file classification = odm.Classification() # Classification of the file entropy = odm.Float() # Entropy of the file expiry_ts = odm.Optional(odm.Date(store=False)) # Expiry timestamp hex = odm.Keyword( index=False, store=False) # Hex dump of the first 64 bytes of the file md5 = odm.MD5(copyto="__text__") # MD5 of the top level file magic = odm.Keyword( store=False) # Output from libmagic related to that file mime = odm.Optional(odm.Keyword( store=False)) # Mime type of the file as identified by libmagic seen = odm.Compound(Seen, default={}) # Attributes about when the file was seen sha1 = odm.SHA1(copyto="__text__") # SHA1 hash of the file sha256 = odm.SHA256(copyto="__text__") # SHA256 hash of the file size = odm.Integer() # Size of the file ssdeep = odm.SSDeepHash(store=False) # SSDEEP hash of the file type = odm.Keyword( copyto="__text__") # Type of file as identified by Assemblyline
class DynamicSSDeep(odm.Model): cls_ids = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__"))) dynamic_classes = odm.Optional( odm.List(odm.SSDeepHash(copyto="__text__"))) regkeys = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")))
class DynamicSSDeep(odm.Model): cls_ids = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="CLSIDs") dynamic_classes = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Dynamic Classes") regkeys = odm.Optional(odm.List(odm.SSDeepHash(copyto="__text__")), description="Registry Keys")