Workflow¶
Model of Workflow
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| classification | Classification | Classification of the workflow | Yes |
TLP:C |
| creation_date | Date | Creation date of the workflow | Yes |
NOW |
| creator | Keyword | UID of the creator of the workflow | Yes |
None |
| edited_by | Keyword | UID of the last user to edit the workflow | Yes |
None |
| enabled | Boolean | Is this workflow enabled? | Yes |
True |
| first_seen | Date | Date of first hit on workflow | Optional |
None |
| hit_count | Integer | Number of times there was a workflow hit | Yes |
0 |
| labels | List [Keyword] | Labels applied by the workflow | Yes |
[] |
| last_edit | Date | Date of last edit on workflow | Yes |
NOW |
| last_seen | Date | Date of last hit on workflow | Optional |
None |
| name | Keyword | Name of the workflow | Yes |
None |
| origin | Keyword | Which did this originate from? | Optional |
None |
| priority | Enum | Priority applied by the workflow Supported values are: "CRITICAL", "HIGH", "LOW", "MEDIUM", None |
Optional |
None |
| query | Keyword | Query that the workflow runs | Yes |
None |
| status | Enum | Status applied by the workflow Supported values are: "ASSESS", "MALICIOUS", "NON-MALICIOUS", "TRIAGE", None |
Optional |
None |
| workflow_id | UUID | ID of the workflow | Optional |
None |