File¶
Model of File
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| archive_ts | Date | None | Optional |
None |
| ascii | Keyword | Dotted ASCII representation of the first 64 bytes of the file | Yes |
None |
| classification | Classification | Classification of the file | Yes |
None |
| comments | List [Comment] | List of comments made on a file | Yes |
[] |
| entropy | Float | Entropy of the file | Yes |
None |
| expiry_ts | Date | Expiry timestamp | Optional |
None |
| is_section_image | Boolean | Is this an image from an Image Result Section? | Yes |
False |
| is_supplementary | Boolean | Is this a file generated by a service? | Yes |
False |
| hex | Keyword | Hex dump of the first 64 bytes of the file | Yes |
None |
| labels | List [Keyword] | List of labels of the file | Yes |
[] |
| label_categories | LabelCategories | Categories of label | Yes |
See LabelCategories for more details. |
| md5 | MD5 | MD5 of the file | Yes |
None |
| magic | Keyword | Output from libmagic related to the file | Yes |
None |
| mime | Keyword | MIME type of the file as identified by libmagic | Optional |
None |
| seen | Seen | Details about when the file was seen | Yes |
See Seen for more details. |
| sha1 | SHA1 | SHA1 hash of the file | Yes |
None |
| sha256 | SHA256 | SHA256 hash of the file | Yes |
None |
| size | Integer | Size of the file in bytes | Yes |
None |
| ssdeep | SSDeepHash | SSDEEP hash of the file | Yes |
None |
| type | Keyword | Type of file as identified by Assemblyline | Yes |
None |
| tlsh | Keyword | None | Optional |
None |
| from_archive | Boolean | Was loaded from the archive | Yes |
False |
| uri_info | URIInfo | URI structure to speed up specialty file searching | Optional |
None |
Comment¶
Comment Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| cid | UUID | Comment ID | Yes |
None |
| uname | Keyword | Username of the user who made the comment | Yes |
None |
| date | Date | Datetime the comment was made on | Yes |
NOW |
| text | Text | Text of the comment written by the author | Yes |
None |
| reactions | List [Reaction] | List of reactions made on a comment | Yes |
[] |
Reaction¶
Reaction Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| icon | Enum | Icon of the user who made the reaction Values: "love", "party", "smile", "surprised", "thumbs_down", "thumbs_up" |
Yes |
None |
| uname | Keyword | Username of the user who made the reaction | Yes |
None |
LabelCategories¶
Label Categories Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| info | List [Keyword] | List of extra informational labels about the file | Yes |
[] |
| technique | List [Keyword] | List of labels related to the technique used by the file and the signatures that hits on it. | Yes |
[] |
| attribution | List [Keyword] | List of labels related to attribution of this file (implant name, actor, campain...) | Yes |
[] |
Seen¶
File Seen Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| count | Integer | How many times have we seen this file? | Yes |
1 |
| first | Date | First seen timestamp | Yes |
NOW |
| last | Date | Last seen timestamp | Yes |
NOW |
URIInfo¶
URI Information Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| uri | Keyword | full URI | Yes |
None |
| scheme | Keyword | Yes |
None |
|
| netloc | Keyword | Yes |
None |
|
| path | Keyword | None | Optional |
None |
| params | Keyword | None | Optional |
None |
| query | Keyword | None | Optional |
None |
| fragment | Keyword | None | Optional |
None |
| username | Keyword | None | Optional |
None |
| password | Keyword | None | Optional |
None |
| hostname | Keyword | Yes |
None |
|
| port | Integer | None | Optional |
None |