Aller au contenu

Result

Result Model

Field Type Description Required Default
archive_ts Date None
Optional
None
classification Classification Aggregate classification for the result
Yes
None
created Date Date at which the result object got created
Yes
NOW
expiry_ts Date Expiry timestamp
Optional
None
response ResponseBody The body of the response from the service
Yes
None
result ResultBody The result body
Yes
See ResultBody for more details.
sha256 SHA256 SHA256 of the file the result object relates to
Yes
None
type Keyword None
Optional
None
size Integer None
Optional
None
drop_file Boolean Use to not pass to other stages after this run
Yes
False
partial Boolean Invalidate the current result cache creation
Yes
False
from_archive Boolean Was loaded from the archive
Yes
False

ResponseBody

Response Body of Result

Field Type Description Required Default
milestones Milestone Milestone block
Yes
See Milestone for more details.
service_version Keyword Version of the service
Yes
None
service_name Keyword Name of the service that scanned the file
Yes
None
service_tool_version Keyword Tool version of the service
Optional
None
supplementary List [File] List of supplementary files
Yes
[]
extracted List [File] List of extracted files
Yes
[]
service_context Keyword Context about the service
Optional
None
service_debug_info Keyword Debug info about the service
Optional
None

File

File related to the Response

Field Type Description Required Default
name Keyword Name of the file
Yes
None
sha256 SHA256 SHA256 of the file
Yes
None
description Text Description of the file
Yes
None
classification Classification Classification of the file
Yes
None
is_section_image Boolean Is this an image used in an Image Result Section?
Yes
False
parent_relation Text File relation to parent, if any.
Values: "ROOT", "EXTRACTED", "INFORMATION", "DYNAMIC", "MEMDUMP", "DOWNLOADED"
Yes
EXTRACTED
allow_dynamic_recursion Boolean Allow file to be analysed during Dynamic Analysiseven if Dynamic Recursion Prevention is enabled.
Yes
False

Milestone

Service Milestones

Field Type Description Required Default
service_started Date Date the service started scanning
Yes
NOW
service_completed Date Date the service finished scanning
Yes
NOW

ResultBody

Result Body

Field Type Description Required Default
score Integer Aggregate of the score for all heuristics
Yes
0
sections List [Section] List of sections
Yes
[]

Section

Result Section

Field Type Description Required Default
auto_collapse Boolean Should the section be collapsed when displayed?
Yes
False
body Text Text body of the result section
Optional
None
classification Classification Classification of the section
Yes
None
body_format Enum Type of body in this section
Supported values are:
"GRAPH_DATA", "IMAGE", "JSON", "KEY_VALUE", "MEMORY_DUMP", "MULTI", "ORDERED_KEY_VALUE", "PROCESS_TREE", "TABLE", "TEXT", "TIMELINE", "URL"
Yes
None
body_config Mapping [String, Any] None
Optional
None
depth Integer Depth of the section
Yes
None
heuristic Heuristic Heuristic used to score result section
Optional
None
tags Tagging List of tags associated to this section
Yes
See Tagging for more details.
safelisted_tags FlattenedListObject List of safelisted tags
Yes
{}
title_text Text Title of the section
Yes
None
promote_to Enum None
Supported values are:
"ENTROPY", "SCREENSHOT", "URI_PARAMS"
Optional
None

Heuristic

Heuristic associated to the Section

Field Type Description Required Default
heur_id Keyword ID of the heuristic triggered
Yes
None
name Keyword Name of the heuristic
Yes
None
attack List [Attack] List of Att&ck IDs related to this heuristic
Yes
[]
signature List [Signature] List of signatures that triggered the heuristic
Yes
[]
score Integer Calculated Heuristic score
Yes
None
Attack

None

Field Type Description Required Default
attack_id Keyword ID
Yes
None
pattern Keyword Pattern Name
Yes
None
categories List [Keyword] Categories
Yes
None
Signature

Heuristic Signatures

Field Type Description Required Default
name Keyword Name of the signature that triggered the heuristic
Yes
None
frequency Integer Number of times this signature triggered the heuristic
Yes
1
safe Boolean Is the signature safelisted or not
Yes
False