-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Pipeline: Release 4.4.0.stable79 documentation
- Loading branch information
Azure Pipeline
committed
Nov 17, 2023
1 parent
49b158c
commit 51eff7f
Showing
3 changed files
with
82 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
[comment]: # (AUTOGENERATED MARKDOWN CONTENT. UPDATES TO ODM DOCUMENTATION SHOULD BE DONE THROUGH ASSEMBLYLINE-BASE REPO!) | ||
# Badlist | ||
> Badlist Model | ||
| Field | Type | Description | Required | Default | | ||
| :--- | :--- | :--- | :--- | :--- | | ||
| added | Date | Date when the badlisted hash was added | <div style="width:100px">:material-checkbox-marked-outline: Yes</div> | `NOW` | | ||
| attribution | [Attribution](/assemblyline4_docs/odm/models/badlist/#attribution) | Attribution related to the bad hash | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
| classification | Classification | Computed max classification for the bad hash | <div style="width:100px">:material-checkbox-marked-outline: Yes</div> | `None` | | ||
| enabled | Boolean | Is bad hash enabled or not? | <div style="width:100px">:material-checkbox-marked-outline: Yes</div> | `True` | | ||
| hashes | [Hashes](/assemblyline4_docs/odm/models/badlist/#hashes) | List of hashes related to the bad hash | <div style="width:100px">:material-checkbox-marked-outline: Yes</div> | See [Hashes](/assemblyline4_docs/odm/models/badlist/#hashes) for more details. | | ||
| file | [File](/assemblyline4_docs/odm/models/badlist/#file) | Information about the file | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
| sources | List [[Source](/assemblyline4_docs/odm/models/badlist/#source)] | List of reasons why hash is badlisted | <div style="width:100px">:material-checkbox-marked-outline: Yes</div> | `None` | | ||
| tag | [Tag](/assemblyline4_docs/odm/models/badlist/#tag) | Information about the tag | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
| type | Enum | Type of bad hash<br>Values:<br>`"file", "tag"` | <div style="width:100px">:material-checkbox-marked-outline: Yes</div> | `None` | | ||
| updated | Date | Last date when sources were added to the bad hash | <div style="width:100px">:material-checkbox-marked-outline: Yes</div> | `NOW` | | ||
|
||
|
||
[comment]: # (AUTOGENERATED MARKDOWN CONTENT. UPDATES TO ODM DOCUMENTATION SHOULD BE DONE THROUGH ASSEMBLYLINE-BASE REPO!) | ||
## Attribution | ||
> Attribution Tag Model | ||
| Field | Type | Description | Required | Default | | ||
| :--- | :--- | :--- | :--- | :--- | | ||
| actor | List [UpperKeyword] | Attribution Actor | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
| campaign | List [UpperKeyword] | Attribution Campaign | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
| category | List [UpperKeyword] | Attribution Category | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
| exploit | List [UpperKeyword] | Attribution Exploit | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
| implant | List [UpperKeyword] | Attribution Implant | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
| family | List [UpperKeyword] | Attribution Family | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
| network | List [UpperKeyword] | Attribution Network | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
|
||
|
||
[comment]: # (AUTOGENERATED MARKDOWN CONTENT. UPDATES TO ODM DOCUMENTATION SHOULD BE DONE THROUGH ASSEMBLYLINE-BASE REPO!) | ||
## File | ||
> File Details | ||
| Field | Type | Description | Required | Default | | ||
| :--- | :--- | :--- | :--- | :--- | | ||
| name | List [Keyword] | List of names seen for that file | <div style="width:100px">:material-checkbox-marked-outline: Yes</div> | `[]` | | ||
| size | Integer | Size of the file in bytes | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
| type | Keyword | Type of file as identified by Assemblyline | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
|
||
|
||
[comment]: # (AUTOGENERATED MARKDOWN CONTENT. UPDATES TO ODM DOCUMENTATION SHOULD BE DONE THROUGH ASSEMBLYLINE-BASE REPO!) | ||
## Hashes | ||
> Hashes of a badlisted file | ||
| Field | Type | Description | Required | Default | | ||
| :--- | :--- | :--- | :--- | :--- | | ||
| md5 | MD5 | MD5 | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
| sha1 | SHA1 | SHA1 | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
| sha256 | SHA256 | SHA256 | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
| ssdeep | SSDeepHash | SSDEEP | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
| tlsh | Keyword | None | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` | | ||
|
||
|
||
[comment]: # (AUTOGENERATED MARKDOWN CONTENT. UPDATES TO ODM DOCUMENTATION SHOULD BE DONE THROUGH ASSEMBLYLINE-BASE REPO!) | ||
## Source | ||
> Badlist source | ||
| Field | Type | Description | Required | Default | | ||
| :--- | :--- | :--- | :--- | :--- | | ||
| classification | Classification | Classification of the source | <div style="width:100px">:material-checkbox-marked-outline: Yes</div> | `TLP:C` | | ||
| name | Keyword | Name of the source | <div style="width:100px">:material-checkbox-marked-outline: Yes</div> | `None` | | ||
| reason | List [Keyword] | Reason for why file was badlisted | <div style="width:100px">:material-checkbox-marked-outline: Yes</div> | `None` | | ||
| type | Enum | Type of badlisting source<br>Values:<br>`"external", "user"` | <div style="width:100px">:material-checkbox-marked-outline: Yes</div> | `None` | | ||
|
||
|
||
[comment]: # (AUTOGENERATED MARKDOWN CONTENT. UPDATES TO ODM DOCUMENTATION SHOULD BE DONE THROUGH ASSEMBLYLINE-BASE REPO!) | ||
## Tag | ||
> Tag associated to file | ||
| Field | Type | Description | Required | Default | | ||
| :--- | :--- | :--- | :--- | :--- | | ||
| type | Keyword | Tag type | <div style="width:100px">:material-checkbox-marked-outline: Yes</div> | `None` | | ||
| value | Keyword | Tag value | <div style="width:100px">:material-checkbox-marked-outline: Yes</div> | `None` | | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters