Result¶
Result Model
Field | Type | Description | Required | Default |
---|---|---|---|---|
archive_ts | Date | None | Optional |
None |
classification | Classification | Aggregate classification for the result | Yes |
None |
created | Date | Date at which the result object got created | Yes |
NOW |
expiry_ts | Date | Expiry timestamp | Optional |
None |
response | ResponseBody | The body of the response from the service | Yes |
None |
result | ResultBody | The result body | Yes |
See ResultBody for more details. |
sha256 | SHA256 | SHA256 of the file the result object relates to | Yes |
None |
type | Keyword | None | Optional |
None |
size | Integer | None | Optional |
None |
drop_file | Boolean | Use to not pass to other stages after this run | Yes |
False |
partial | Boolean | Invalidate the current result cache creation | Yes |
False |
from_archive | Boolean | Was loaded from the archive | Yes |
False |
ResponseBody¶
Response Body of Result
Field | Type | Description | Required | Default |
---|---|---|---|---|
milestones | Milestone | Milestone block | Yes |
See Milestone for more details. |
service_version | Keyword | Version of the service | Yes |
None |
service_name | Keyword | Name of the service that scanned the file | Yes |
None |
service_tool_version | Keyword | Tool version of the service | Optional |
None |
supplementary | List [File] | List of supplementary files | Yes |
[] |
extracted | List [File] | List of extracted files | Yes |
[] |
service_context | Keyword | Context about the service | Optional |
None |
service_debug_info | Keyword | Debug info about the service | Optional |
None |
File¶
File related to the Response
Field | Type | Description | Required | Default |
---|---|---|---|---|
name | Keyword | Name of the file | Yes |
None |
sha256 | SHA256 | SHA256 of the file | Yes |
None |
description | Text | Description of the file | Yes |
None |
classification | Classification | Classification of the file | Yes |
None |
is_section_image | Boolean | Is this an image used in an Image Result Section? | Yes |
False |
parent_relation | Text | File relation to parent, if any. Values: "ROOT", "EXTRACTED", "INFORMATION", "DYNAMIC", "MEMDUMP", "DOWNLOADED" |
Yes |
EXTRACTED |
allow_dynamic_recursion | Boolean | Allow file to be analysed during Dynamic Analysiseven if Dynamic Recursion Prevention is enabled. | Yes |
False |
Milestone¶
Service Milestones
Field | Type | Description | Required | Default |
---|---|---|---|---|
service_started | Date | Date the service started scanning | Yes |
NOW |
service_completed | Date | Date the service finished scanning | Yes |
NOW |
ResultBody¶
Result Body
Field | Type | Description | Required | Default |
---|---|---|---|---|
score | Integer | Aggregate of the score for all heuristics | Yes |
0 |
sections | List [Section] | List of sections | Yes |
[] |
Section¶
Result Section
Field | Type | Description | Required | Default |
---|---|---|---|---|
auto_collapse | Boolean | Should the section be collapsed when displayed? | Yes |
False |
body | Text | Text body of the result section | Optional |
None |
classification | Classification | Classification of the section | Yes |
None |
body_format | Enum | Type of body in this section Supported values are: "GRAPH_DATA", "IMAGE", "JSON", "KEY_VALUE", "MEMORY_DUMP", "MULTI", "ORDERED_KEY_VALUE", "PROCESS_TREE", "TABLE", "TEXT", "TIMELINE", "URL" |
Yes |
None |
body_config | Mapping [String, Any] | None | Optional |
None |
depth | Integer | Depth of the section | Yes |
None |
heuristic | Heuristic | Heuristic used to score result section | Optional |
None |
tags | Tagging | List of tags associated to this section | Yes |
See Tagging for more details. |
safelisted_tags | FlattenedListObject | List of safelisted tags | Yes |
{} |
title_text | Text | Title of the section | Yes |
None |
promote_to | Enum | None Supported values are: "ENTROPY", "SCREENSHOT", "URI_PARAMS" |
Optional |
None |
Heuristic¶
Heuristic associated to the Section
Field | Type | Description | Required | Default |
---|---|---|---|---|
heur_id | Keyword | ID of the heuristic triggered | Yes |
None |
name | Keyword | Name of the heuristic | Yes |
None |
attack | List [Attack] | List of Att&ck IDs related to this heuristic | Yes |
[] |
signature | List [Signature] | List of signatures that triggered the heuristic | Yes |
[] |
score | Integer | Calculated Heuristic score | Yes |
None |
Attack¶
None
Field | Type | Description | Required | Default |
---|---|---|---|---|
attack_id | Keyword | ID | Yes |
None |
pattern | Keyword | Pattern Name | Yes |
None |
categories | List [Keyword] | Categories | Yes |
None |
Signature¶
Heuristic Signatures
Field | Type | Description | Required | Default |
---|---|---|---|---|
name | Keyword | Name of the signature that triggered the heuristic | Yes |
None |
frequency | Integer | Number of times this signature triggered the heuristic | Yes |
1 |
safe | Boolean | Is the signature safelisted or not | Yes |
False |