assemblyline_models/datastore/
workflow.rs

1use chrono::{DateTime, Utc};
2use serde::{Deserialize, Serialize};
3use serde_with::{SerializeDisplay, DeserializeFromStr};
4use struct_metadata::Described;
5
6use crate::types::{Uuid, ExpandingClassification};
7use crate::ElasticMeta;
8
9
10#[derive(SerializeDisplay, DeserializeFromStr, strum::Display, strum::EnumString, Described)]
11#[metadata_type(ElasticMeta)]
12#[strum(serialize_all = "UPPERCASE")]
13pub enum Priorities {
14    Low,
15    Medium,
16    High,
17    Critical,
18}
19
20#[derive(SerializeDisplay, DeserializeFromStr, strum::Display, strum::EnumString, Described)]
21#[metadata_type(ElasticMeta)]
22#[strum(serialize_all = "SCREAMING-KEBAB-CASE")]
23pub enum Statuses {
24    Malicious,
25    NonMalicious,
26    Assess,
27    Triage,
28}
29
30/// Model of Workflow
31#[derive(Serialize, Deserialize, Described)]
32#[metadata_type(ElasticMeta)]
33#[metadata(index=true, store=true)]
34pub struct Workflow {
35    /// Classification of the workflow
36    #[metadata(copyto="__text__")]
37    #[serde(flatten)]
38    pub classification: ExpandingClassification,
39    /// Creation date of the workflow
40    pub creation_date: DateTime<Utc>,
41    /// UID of the creator of the workflow
42    pub creator: String,
43    /// UID of the last user to edit the workflow
44    pub edited_by: String,
45    /// Is this workflow enabled?
46    #[serde(default="default_enabled")]
47    pub enabled: bool,
48    /// Date of first hit on workflow
49    pub first_seen: Option<DateTime<Utc>>,
50    /// Number of times there was a workflow hit
51    #[serde(default)]
52    pub hit_count: i32,
53    /// Labels applied by the workflow
54    #[serde(default)]
55    #[metadata(copyto="__text__")]
56    pub labels: Vec<String>,
57    /// Date of last edit on workflow
58    pub last_edit: DateTime<Utc>,
59    /// Date of last hit on workflow
60    pub last_seen: Option<DateTime<Utc>>,
61    /// Name of the workflow
62    #[metadata(copyto="__text__")]
63    pub name: String,
64    /// Which did this originate from?
65    pub origin: Option<String>,
66    /// Priority applied by the workflow
67    #[metadata(copyto="__text__")]
68    pub priority: Option<Priorities>,
69    /// Query that the workflow runs
70    pub query: String,
71    /// Status applied by the workflow
72    #[metadata(copyto="__text__")]
73    pub status: Option<Statuses>,
74    /// ID of the workflow
75    pub workflow_id: Option<Uuid>,
76}
77
78fn default_enabled() -> bool { true }