assemblyline_models/datastore/
workflow.rs

1// from assemblyline import odm
2// from assemblyline.common import forge
3
4// Classification = forge.get_classification()
5
6use chrono::{DateTime, Utc};
7use serde::{Deserialize, Serialize};
8use serde_with::{SerializeDisplay, DeserializeFromStr};
9use struct_metadata::Described;
10
11use crate::{Uuid, ElasticMeta, ExpandingClassification};
12
13
14#[derive(SerializeDisplay, DeserializeFromStr, strum::Display, strum::EnumString, Described)]
15#[metadata_type(ElasticMeta)]
16#[strum(serialize_all = "UPPERCASE")]
17pub enum Priorities {
18    Low,
19    Medium,
20    High,
21    Critical,
22}
23
24#[derive(SerializeDisplay, DeserializeFromStr, strum::Display, strum::EnumString, Described)]
25#[metadata_type(ElasticMeta)]
26#[strum(serialize_all = "SCREAMING-KEBAB-CASE")]
27pub enum Statuses {
28    Malicious,
29    NonMalicious,
30    Assess,
31    Triage,
32}
33
34/// Model of Workflow
35#[derive(Serialize, Deserialize, Described)]
36#[metadata_type(ElasticMeta)]
37#[metadata(index=true, store=true)]
38pub struct Workflow {
39    /// Classification of the workflow
40    #[metadata(copyto="__text__")]
41    #[serde(flatten)]
42    pub classification: ExpandingClassification,
43    /// Creation date of the workflow
44    pub creation_date: DateTime<Utc>,
45    /// UID of the creator of the workflow
46    pub creator: String,
47    /// UID of the last user to edit the workflow
48    pub edited_by: String,
49    /// Is this workflow enabled?
50    #[serde(default="default_enabled")]
51    pub enabled: bool,
52    /// Date of first hit on workflow
53    pub first_seen: Option<DateTime<Utc>>,
54    /// Number of times there was a workflow hit
55    #[serde(default)]
56    pub hit_count: i32,
57    /// Labels applied by the workflow
58    #[serde(default)]
59    #[metadata(copyto="__text__")]
60    pub labels: Vec<String>,
61    /// Date of last edit on workflow
62    pub last_edit: DateTime<Utc>,
63    /// Date of last hit on workflow
64    pub last_seen: Option<DateTime<Utc>>,
65    /// Name of the workflow
66    #[metadata(copyto="__text__")]
67    pub name: String,
68    /// Which did this originate from?
69    pub origin: Option<String>,
70    /// Priority applied by the workflow
71    #[metadata(copyto="__text__")]
72    pub priority: Option<Priorities>,
73    /// Query that the workflow runs
74    pub query: String,
75    /// Status applied by the workflow
76    #[metadata(copyto="__text__")]
77    pub status: Option<Statuses>,
78    /// ID of the workflow
79    pub workflow_id: Option<Uuid>,
80}
81
82fn default_enabled() -> bool { true }