ResultOntology¶

Assemblyline Result Ontology

Field	Type	Description	Required	Default
odm_type	Text	Type of ODM Model	Yes	`Assemblyline Result Ontology`
odm_version	Text	Version of ODM Model	Yes	`1.10`
classification	ClassificationString	Classification of Ontological Record	Yes	`None`
file	File	Descriptors about file being analyzed	Yes	`None`
service	Service	Information about Service	Yes	`None`
submission	Submission	Information about Submission	Optional	`None`
results	Results	Ontological Results	Optional	`None`

Results¶

Ontological Results

Field	Type	Description	Required	Default
antivirus	List [Antivirus]	List of Antivirus Ontologies	Optional	`None`
http	List [HTTP]	List of HTTP Ontologies	Optional	`None`
malwareconfig	List [MalwareConfig]	List of MalwareConfig Ontologies	Optional	`None`
netflow	List [NetworkConnection]	List of Network Ontologies	Optional	`None`
process	List [Process]	List of Process Ontologies	Optional	`None`
sandbox	List [Sandbox]	List of Sandbox Ontologies	Optional	`None`
signature	List [Signature]	List of Signature Ontologies	Optional	`None`
tags	Mapping [String, List [Any]]	Tags raised during analysis. Refer to Tagging	Optional	`None`
heuristics	List [Heuristics]	Heuristics raised during analysis	Optional	`None`
score	Integer	None	Optional	`None`
other	Mapping [String, Text]	Miscellaneous unstructured data recorded during analysis	Optional	`None`

Heuristics raised

Field	Type	Description	Required	Default
heur_id	Keyword	Heuristic ID	Yes	`None`
score	Integer	Score associated to heurstic	Yes	`None`
times_raised	Integer	The number of times the heuristic was raised	Yes	`None`
name	Text	Name of the heuristic raised	Yes	`None`
tags	Mapping [String, List [Any]]	Tags associated to heuristic. Refer to Tagging	Yes	`None`

Service Details

Field	Type	Description	Required	Default
name	Keyword	Service Name	Yes	`None`
version	Keyword	Service Version	Yes	`None`
tool_version	Keyword	Service Tool Version	Optional	``

Submission Details

Field	Type	Description	Required	Default
date	Date	Date of analysis	Optional	`None`
metadata	Mapping [String, Text]	Metadata associated to submission	Yes	`None`
sid	Keyword	Submission ID associated to file	Optional	`None`
source_system	Text	Which Assemblyline instance does the result originate from?	Optional	`None`
original_source	Text	Source as specified by submitter (from metadata)	Optional	`None`
classification	ClassificationString	Submitted classification	Yes	`TLP:C`
submitter	Keyword	Submitter	Optional	`None`
retention_id	Keyword	Reference to knowledge base for long-term data retention.	Optional	`None`
max_score	Integer	None	Optional	`None`