Auto-Generated Documentation
This set of documentation is automatically generated from source, and will help ensure any change to functionality will always be documented and available on release.
File¶
A file is defined as a set of information that has been created on, or has existed on a filesystem.
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| accessed | Date | Last time the file was accessed. | Optional | None |
| attributes | List [Keyword] | Array of file attributes. | Optional | None |
| created | Date | File creation time. | Optional | None |
| ctime | Date | Last time the file attributes or metadata changed. | Optional | None |
| device | Keyword | Device that is the source of the file. | Optional | None |
| directory | Keyword | Directory where the file is located. It should include the drive letter, when appropriate. | Optional | None |
| drive_letter | Keyword | Drive letter where the file is located. This field is only relevant on Windows. | Optional | None |
| extension | Keyword | File extension, excluding the leading dot. | Optional | None |
| fork_name | Keyword | A fork is additional data associated with a filesystem object. | Optional | None |
| gid | Keyword | Primary group ID (GID) of the file. | Optional | None |
| group | Keyword | Primary group name of the file. | Optional | None |
| inode | Keyword | Inode representing the file in the filesystem. | Optional | None |
| mime_type | Keyword | MIME type should identify the format of the file or stream of bytes using IANA official types, where possible. | Optional | None |
| mode | Keyword | Mode of the file in octal representation. | Optional | None |
| mtime | Date | Last time the file content was modified. | Optional | None |
| name | Keyword | Name of the file including the extension, without the directory. | Optional | None |
| owner | Keyword | File owner’s username. | Optional | None |
| path | Keyword | Full path to the file, including the file name. It should include the drive letter, when appropriate. | Optional | None |
| size | Integer | File size in bytes. | Optional | None |
| target_path | Keyword | Target path for symlinks. | Optional | None |
| type | Enum | File type (file, dir, or symlink). Values: "dir", "file", "symlink" |
Optional | None |
| uid | Keyword | The user ID (UID) or security identifier (SID) of the file owner. | Optional | None |
| code_signature | CodeSignature | These fields contain information about binary code signatures. | Optional | None |
| elf | ELF | These fields contain Linux Executable Linkable Format (ELF) metadata. | Optional | None |
| hash | Hashes | These fields contain Windows Portable Executable (PE) metadata. | Optional | None |
| pe | PE | Hashes, usually file hashes. | Optional | None |