RetrohuntHit¶

A hit encountered during a retrohunt search.

Field	Type	Description	Required	Default
key	Keyword	Unique code indentifying this hit	Yes	`None`
classification	Classification	Classification string for the retrohunt job and results list	Yes	`None`
sha256	SHA256	None	Yes	`None`
expiry_ts	Date	Expiry for this entry.	Optional	`None`
search	Keyword	None	Yes	`None`

Retrohunt¶

A search run on stored files.

Field	Type	Description	Required	Default
indices	Enum	Defines the indices used for this retrohunt job Supported values are: `"archive", "hot", "hot_and_archive"`	Yes	`hot_and_archive`
classification	Classification	Classification for the retrohunt job	Yes	`None`
search_classification	ClassificationString	Maximum classification of results in the search	Yes	`None`
creator	Keyword	User who created this retrohunt job	Yes	`None`
description	Text	Human readable description of this retrohunt job	Yes	`None`
expiry_ts	Date	Expiry timestamp of this retrohunt job	Optional	`None`
start_group	Long	Earliest expiry group this search will include	Yes	`None`
end_group	Long	Latest expiry group this search will include	Yes	`None`
created_time	Date	Start time for the search.	Yes	`None`
started_time	Date	Start time for the search.	Yes	`None`
completed_time	Date	Time that the search ended	Optional	`None`
key	Keyword	Unique code identifying this retrohunt job	Yes	`None`
raw_query	Keyword	Text of filter query derived from yara signature	Yes	`None`
yara_signature	Keyword	Text of original yara signature run	Yes	`None`
errors	List [Keyword]	List of error messages that occured during the search	Yes	`None`
warnings	List [Keyword]	List of warning messages that occured during the search	Yes	`None`
finished	Boolean	Boolean that indicates if this retrohunt job is finished	Yes	`False`
truncated	Boolean	Indicates if the list of hits been truncated at some limit	Yes	`False`