Pipeline: Release 4.4.0.stable87 documentation

CybercentreCanada · Dec 12, 2023 · 767f891 · 767f891
1 parent 100210e
commit 767f891
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/docs/odm/models/config.md b/docs/odm/models/config.md
@@ -164,6 +164,7 @@
 | uid_format | Keyword | Format of the user ID based on the captured parts from the regex | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
 | client_id | Keyword | ID of your application to authenticate to the OAuth provider | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
 | client_secret | Keyword | Password to your application to authenticate to the OAuth provider | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
+| redirect_uri | Keyword | URI to redirect to after authentication with OAuth provider | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
 | request_token_url | Keyword | URL to request token | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
 | request_token_params | Keyword | Parameters to request token | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
 | access_token_url | Keyword | URL to get access token | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |

diff --git a/docs/odm/models/ontology/results/malware_config.md b/docs/odm/models/ontology/results/malware_config.md
@@ -17,6 +17,7 @@
 | password | List [Text] | Passwords | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
 | mutex | List [Text] | Mutex | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
 | pipe | List [Text] | Pipe | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
+| ipc | List [[IPC](/assemblyline4_docs/odm/models/ontology/results/malware_config/#ipc)] | IPC (similar to 'pipe' field but more detailed) | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
 | sleep_delay | Integer | Sleep Delay | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
 | sleep_delay_jitter | Integer | Sleep Delay Jitter | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
 | inject_exe | List [Text] | Injected EXE | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
@@ -158,6 +159,24 @@
 | usage | Enum | Purpose of HTTP connection<br>Values:<br>`"c2", "decoy", "download", "other", "propagate", "ransom", "tunnel", "upload"` | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
 
 
+[comment]: # (AUTOGENERATED MARKDOWN CONTENT. UPDATES TO ODM DOCUMENTATION SHOULD BE DONE THROUGH ASSEMBLYLINE-BASE REPO!)
+## IPC
+> Inter-Process Communications
+
+| Field | Type | Description | Required | Default |
+| :--- | :--- | :--- | :--- | :--- |
+| file | List [Text] | A record stored on disk, or a record synthesized on demand by a file server, which can be accessed by multiple processes. | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
+| socket | List [Text] | Data sent over a network interface, either to a different process on the same computer or to another computer on the network. Stream oriented (TCP; data written through a socket requires formatting to preserve message boundaries) or more rarely message-oriented (UDP, SCTP). | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
+| unix_domain_socket | List [Text] | Similar to an internet socket, but all communication occurs within the kernel. Domain sockets use the file system as their address space. Processes reference a domain socket as an inode, and multiple processes can communicate with one socket. | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
+| memory_mapped_file | List [Text] | A file mapped to RAM and can be modified by changing memoryaddresses directly instead of outputting to a stream. This shares the same benefits as a standard file. | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
+| message_queue | List [Text] | A data stream similar to a socket, but which usually preserves message boundaries. Typically implemented by the operating system, they allow multiple processes to read and write to the message queue without being directly connected to each other. | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
+| anonymous_pipe | List [Text] | A unidirectional data channel using standard input and output. Data written to the write-end of the pipe is buffered by the operating system until it is read from the read-end of the pipe. Two-way communication between processes can be achieved by using two pipes in opposite "directions". | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
+| named_pipe | List [Text] | A pipe that is treated like a file. Instead of using standard input and output as with an anonymous pipe, processes write to and read from a named pipe, as if it were a regular file. | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
+| process_names | List [Text] | The process names involved in the IPC communication | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
+| shared_memory | Text | Multiple processes are given access to the same block of memory, which creates a shared buffer for the processes to communicate with each other. | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
+| usage | Enum | Purpose of connection<br>Values:<br>`"c2", "decoy", "download", "other", "propagate", "ransom", "tunnel", "upload"` | <div style="width:100px">:material-minus-box-outline: Optional</div> | `None` |
+
+
 [comment]: # (AUTOGENERATED MARKDOWN CONTENT. UPDATES TO ODM DOCUMENTATION SHOULD BE DONE THROUGH ASSEMBLYLINE-BASE REPO!)
 ## Path
 > File Paths