Aller au contenu

Safelist

Safelist Model

Field Type Description Required Default
added Date Date when the safelisted hash was added
Yes
 NOW
classification Classification Computed max classification for the safe hash
Yes
 None
enabled Boolean Is safe hash enabled or not?
Yes
 True
expiry_ts Date When does this item expire from the list?
Optional
 None
hashes Hashes List of hashes related to the safe hash
Yes
 See Hashes for more details.
file File Information about the file
Optional
 None
sources List [Source] List of reasons why hash is safelisted
Yes
 None
tag Tag Information about the tag
Optional
 None
signature Signature Information about the signature
Optional
 None
type Enum Type of safe hash
Supported values are:
"file", "signature", "tag"
Yes
 None
updated Date Last date when sources were added to the safe hash
Yes
 NOW

File

File Details

Field Type Description Required Default
name List [Keyword] List of names seen for that file
Yes
 []
size Long Size of the file in bytes
Optional
 None
type Keyword Type of file as identified by Assemblyline
Optional
 None

Hashes

Hashes of a safelisted file

Field Type Description Required Default
md5 MD5 MD5
Optional
 None
sha1 SHA1 SHA1
Optional
 None
sha256 SHA256 SHA256
Optional
 None

Signature

Signature

Field Type Description Required Default
name Keyword Name of the signature
Yes
 None

Source

Safelist source

Field Type Description Required Default
classification Classification Classification of the source
Yes
 TLP:C
name Keyword Name of the source
Yes
 None
reason List [Keyword] Reason for why file was safelisted
Yes
 None
type Enum Type of safelisting source
Supported values are:
"external", "user"
Yes
 None

Tag

Tag associated to file

Field Type Description Required Default
type Keyword Tag type
Yes
 None
value Keyword Tag value
Yes
 None