Sandbox¶
Sandbox Ontology Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| objectid | ObjectID | The object ID of the sandbox object | Yes |
None |
| analysis_metadata | AnalysisMetadata | Metadata for the analysis | Yes |
None |
| sandbox_name | Keyword | The name of the sandbox | Yes |
None |
| sandbox_version | Keyword | The version of the sandbox | Optional |
None |
AnalysisMetadata¶
The metadata of the analysis, per analysis
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| task_id | Keyword | The ID used for identifying the analysis task | Optional |
None |
| start_time | Date | The start time of the analysis | Yes |
None |
| end_time | Date | The end time of the analysis | Optional |
None |
| routing | Keyword | The routing used in the sandbox setup (Spoofed, Internet, Tor, VPN) | Optional |
None |
| machine_metadata | MachineMetadata | The metadata of the analysis | Optional |
None |
| window_size | Keyword | The resolution used for the analysis | Optional |
None |
MachineMetadata¶
The metadata regarding the machine where the analysis took place
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| ip | IP | The IP of the machine used for analysis | Optional |
None |
| hypervisor | Keyword | The hypervisor of the machine used for analysis | Optional |
None |
| hostname | Keyword | The name of the machine used for analysis | Optional |
None |
| platform | Platform | The platform of the machine used for analysis | Optional |
None |
| version | Keyword | The version of the operating system of the machine used for analysis | Optional |
None |
| architecture | Processor | The architecture of the machine used for analysis | Optional |
None |