Skip to content

Submission

Model of Submission

Field Type Description Required Default
archive_ts Date None
Optional
None
archived Boolean Document is present in the malware archive
Yes
False
classification Classification Classification of the submission
Yes
None
error_count Integer Total number of errors in the submission
Yes
None
errors List [Keyword] List of error keys
Yes
None
expiry_ts Date Expiry timestamp
Optional
None
file_count Integer Total number of files in the submission
Yes
None
files List [File] List of files that were originally submitted
Yes
None
max_score Integer Maximum score of all the files in the scan
Yes
None
metadata FlattenedObject Metadata associated to the submission
Yes
None
params SubmissionParams Submission parameter details
Yes
None
results List [Keyword] List of result keys
Yes
None
sid UUID Submission ID
Yes
None
state Enum Status of the submission
Supported values are:
"completed", "failed", "submitted"
Yes
None
to_be_deleted Boolean This document is going to be deleted as soon as it finishes
Yes
False
times Times Submission-specific times
Yes
See Times for more details.
verdict Verdict Malicious verdict details
Yes
See Verdict for more details.
from_archive Boolean Was loaded from the archive
Yes
False
scan_key Keyword None
Optional
None

File

File Model of Submission

Field Type Description Required Default
name Keyword Name of the file
Yes
None
size Integer Size of the file in bytes
Optional
None
sha256 SHA256 SHA256 hash of the file
Yes
None

SubmissionParams

Submission Parameters

Field Type Description Required Default
classification Classification Original classification of the submission
Yes
TLP:C
deep_scan Boolean Should a deep scan be performed?
Yes
False
description Text Description of the submission
Yes
None
generate_alert Boolean Should this submission generate an alert?
Yes
False
groups List [Keyword] List of groups related to this scan
Yes
[]
ignore_cache Boolean Ignore the cached service results?
Yes
False
ignore_recursion_prevention Boolean Should we ignore recursion prevention?
Yes
False
ignore_dynamic_recursion_prevention Boolean Should we ignore dynamic recursion prevention?
Yes
False
ignore_filtering Boolean Should we ignore filtering services?
Yes
False
ignore_size Boolean Ignore the file size limits?
Yes
False
never_drop Boolean Exempt from being dropped by ingester?
Yes
False
malicious Boolean Is the file submitted already known to be malicious?
Yes
False
max_extracted Integer Max number of extracted files
Yes
500
max_supplementary Integer Max number of supplementary files
Yes
500
priority Integer Priority of the scan
Yes
1000
profile Boolean Should the submission do extra profiling?
Yes
False
psid UUID Parent submission ID
Optional
None
quota_item Boolean Does this submission count against quota?
Yes
False
services ServiceSelection Service selection
Yes
See ServiceSelection for more details.
service_spec Mapping [String, Mapping [String, Any]] Service-specific parameters
Yes
{}
submitter Keyword User who submitted the file
Yes
None
ttl Integer Time, in days, to live for this submission
Yes
0
type Keyword Type of submission
Yes
USER
initial_data Text Initialization for temporary submission data
Optional
None
auto_archive Boolean Does the submission automatically goes into the archive when completed?
Yes
False
delete_after_archive Boolean When the submission is archived, should we delete it from hot storage right away?
Yes
False
use_archive_alternate_dtl Boolean Should we use the alternate dtl while archiving?
Yes
False

ServiceSelection

Service Selection Scheme

Field Type Description Required Default
selected List [Keyword] List of selected services
Yes
['Filtering', 'Antivirus', 'Static Analysis', 'Extraction', 'Networking']
excluded List [Keyword] List of excluded services
Yes
[]
rescan List [Keyword] List of services to rescan when initial run scores as malicious
Yes
[]
resubmit List [Keyword] Add to service selection when resubmitting
Yes
[]
runtime_excluded List [Keyword] List of runtime excluded services
Yes
[]

Times

Submission-Relevant Times

Field Type Description Required Default
completed Date Date at which the submission finished scanning
Optional
None
submitted Date Date at which the submission started scanning
Yes
NOW

Verdict

Submission Verdict

Field Type Description Required Default
malicious List [Keyword] List of user that thinks this submission is malicious
Yes
[]
non_malicious List [Keyword] List of user that thinks this submission is non-malicious
Yes
[]