Skip to content

ResultOntology

Assemblyline Result Ontology

Field Type Description Required Default
odm_type Text Type of ODM Model
Yes
 Assemblyline Result Ontology
odm_version Text Version of ODM Model
Yes
 1.8
classification ClassificationString Classification of Ontological Record
Yes
 None
file File Descriptors about file being analyzed
Yes
 None
service Service Information about Service
Yes
 None
submission Submission Information about Submission
Optional
 None
results Results Ontological Results
Optional
 None

File

File Characteristics

Field Type Description Required Default
md5 MD5 MD5 of file
Yes
 None
sha1 SHA1 SHA1 of file
Yes
 None
sha256 SHA256 SHA256 of file
Yes
 None
type Keyword Type of file as identified by Assemblyline
Yes
 None
size Integer Size of the file in bytes
Yes
 None
names List [Text] Known filenames associated to file
Optional
 None
parent SHA256 Absolute parent of file relative to submission
Optional
 None
pe PE Properties related to PE
Optional
 None

Results

Ontological Results

Field Type Description Required Default
antivirus List [Antivirus] List of Antivirus Ontologies
Optional
 None
malwareconfig List [MalwareConfig] List of MalwareConfig Ontologies
Optional
 None
netflow List [NetworkConnection] List of Network Ontologies
Optional
 None
process List [Process] List of Process Ontologies
Optional
 None
sandbox List [Sandbox] List of Sandbox Ontologies
Optional
 None
signature List [Signature] List of Signature Ontologies
Optional
 None
tags Mapping [String, List [Any]] Tags raised during analysis. Refer to Tagging
Optional
 None
heuristics List [Heuristics] Heuristics raised during analysis
Optional
 None
score Integer None
Optional
 None

Heuristics

Heuristics raised

Field Type Description Required Default
heur_id Keyword Heuristic ID
Yes
 None
score Integer Score associated to heurstic
Yes
 None
times_raised Integer The number of times the heuristic was raised
Yes
 None
name Text Name of the heuristic raised
Yes
 None
tags Mapping [String, List [Any]] Tags associated to heuristic. Refer to Tagging
Yes
 None

Service

Service Details

Field Type Description Required Default
name Keyword Service Name
Yes
 None
version Keyword Service Version
Yes
 None
tool_version Keyword Service Tool Version
Optional
 ``

Submission

Submission Details

Field Type Description Required Default
date Date Date of analysis
Optional
 None
metadata Mapping [String, Text] Metadata associated to submission
Yes
 None
sid Keyword Submission ID associated to file
Optional
 None
source_system Text Which Assemblyline instance does the result originate from?
Optional
 None
original_source Text Source as specified by submitter (from metadata)
Optional
 None
classification ClassificationString Submitted classification
Yes
 TLP:C
submitter Keyword Submitter
Optional
 None
retention_id Keyword Reference to knowledge base for long-term data retention.
Optional
 None
max_score Integer None
Optional
 None