assemblyline_models/datastore/
heuristic.rs

1
2use std::collections::HashMap;
3
4use serde::{Deserialize, Serialize};
5use struct_metadata::Described;
6
7use crate::{ElasticMeta, Readable, types::{ExpandingClassification, Text}};
8
9
10/// Model of Service Heuristics
11#[derive(Debug, Serialize, Deserialize, Described, Clone)]
12#[metadata_type(ElasticMeta)]
13#[metadata(index=true, store=true)]
14pub struct Heuristic {
15    /// List of all associated ATT&CK IDs
16    #[metadata(copyto="__text__")]
17    #[serde(default)]
18    pub attack_id: Vec<String>,
19    /// Classification of the heuristic
20    #[serde(flatten)]
21    pub classification: ExpandingClassification,
22    /// Description of the heuristic
23    #[metadata(copyto="__text__")]
24    pub description: Text,
25    /// What type of files does this heuristic target?
26    #[metadata(copyto="__text__")]
27    pub filetype: String,
28    /// ID of the Heuristic
29    #[metadata(copyto="__text__")]
30    pub heur_id: String,
31    /// Name of the heuristic
32    #[metadata(copyto="__text__")]
33    pub name: String,
34    /// Default score of the heuristic
35    pub score: i32,
36    /// Score of signatures for this heuristic
37    #[serde(default)]
38    pub signature_score_map: HashMap<String, i32>,
39    /// Statistics related to the Heuristic
40    #[serde(default)]
41    pub stats: Statistics,
42    /// Maximum score for heuristic
43    pub max_score: Option<i32>,
44}
45
46impl Readable for Heuristic {
47    fn set_from_archive(&mut self, _from_archive: bool) {}
48}
49
50
51/// Statistics Model
52#[derive(Debug, Serialize, Deserialize, Described, Default, Clone)]
53#[serde(default)]
54#[metadata_type(ElasticMeta)]
55#[metadata(index=true, store=true)]
56pub struct Statistics {
57    /// Count of statistical hits
58    pub count: i32,
59    /// Minimum value of all stastical hits
60    pub min: i32,
61    /// Maximum value of all stastical hits
62    pub max: i32,
63    /// Average of all stastical hits
64    pub avg: i32,
65    /// Sum of all stastical hits
66    pub sum: i32,
67    /// Date of first hit of statistic
68    pub first_hit: Option<chrono::DateTime<chrono::Utc>>,
69    /// Date of last hit of statistic
70    pub last_hit: Option<chrono::DateTime<chrono::Utc>>,
71}