assemblyline_models/datastore/
workflow.rs

1// from assemblyline import odm
2// from assemblyline.common import forge
3
4// Classification = forge.get_classification()
5
6use chrono::{DateTime, Utc};
7use serde::{Deserialize, Serialize};
8use serde_with::{SerializeDisplay, DeserializeFromStr};
9use struct_metadata::Described;
10
11use crate::{Uuid, ElasticMeta, ExpandingClassification};
12
13
14#[derive(SerializeDisplay, DeserializeFromStr, strum::Display, strum::EnumString, Described)]
15#[metadata_type(ElasticMeta)]
16#[strum(serialize_all = "UPPERCASE")]
17pub enum Priorities {
18    Low,
19    Medium,
20    High,
21    Critical,
22}
23
24#[derive(SerializeDisplay, DeserializeFromStr, strum::Display, strum::EnumString, Described)]
25#[metadata_type(ElasticMeta)]
26#[strum(serialize_all = "SCREAMING-KEBAB-CASE")]
27pub enum Statuses {
28    Malicious,
29    NonMalicious,
30    Assess,
31    Triage,
32}
33
34/// Model of Workflow
35#[derive(Serialize, Deserialize, Described)]
36#[metadata_type(ElasticMeta)]
37#[metadata(index=true, store=true)]
38pub struct Workflow {
39    /// Classification of the workflow
40    #[metadata(copyto="__text__")]
41    #[serde(flatten)]
42    pub classification: ExpandingClassification,
43    /// Creation date of the workflow
44    pub creation_date: DateTime<Utc>,
45    /// UID of the creator of the workflow
46    pub creator: String,
47    /// UID of the last user to edit the workflow
48    pub edited_by: String,
49    /// Date of first hit on workflow
50    pub first_seen: Option<DateTime<Utc>>,
51    /// Number of times there was a workflow hit
52    #[serde(default)]
53    pub hit_count: i64,
54    /// Labels applied by the workflow
55    #[serde(default)]
56    #[metadata(copyto="__text__")]
57    pub labels: Vec<String>,
58    /// Date of last edit on workflow
59    pub last_edit: DateTime<Utc>,
60    /// Date of last hit on workflow
61    pub last_seen: Option<DateTime<Utc>>,
62    /// Name of the workflow
63    #[metadata(copyto="__text__")]
64    pub name: String,
65    /// Which did this originate from?
66    pub origin: Option<String>,
67    /// Priority applied by the workflow
68    #[metadata(copyto="__text__")]
69    pub priority: Option<Priorities>,
70    /// Query that the workflow runs
71    pub query: String,
72    /// Status applied by the workflow
73    #[metadata(copyto="__text__")]
74    pub status: Option<Statuses>,
75    /// ID of the workflow
76    pub workflow_id: Option<Uuid>,
77}