Struct File 

#[non_exhaustive]
pub struct File {

    pub accessed_time: Option<i64>,
    pub accessed_time_dt: Option<String>,
    pub accessor: Option<Box<User>>,
    pub attributes: Option<i64>,
    pub company_name: Option<String>,
    pub confidentiality: Option<String>,
    pub confidentiality_id: Option<i64>,
    pub created_time: Option<i64>,
    pub created_time_dt: Option<String>,
    pub creator: Option<Box<User>>,
    pub data_classification: Option<Box<DataClassification>>,
    pub data_classifications: Option<Vec<DataClassification>>,
    pub desc: Option<String>,
    pub drive_type: Option<String>,
    pub drive_type_id: Option<i64>,
    pub encryption_details: Option<Box<EncryptionDetails>>,
    pub ext: Option<String>,
    pub hashes: Option<Vec<Fingerprint>>,
    pub internal_name: Option<String>,
    pub is_deleted: Option<bool>,
    pub is_encrypted: Option<bool>,
    pub is_public: Option<bool>,
    pub is_readonly: Option<bool>,
    pub is_system: Option<bool>,
    pub mime_type: Option<String>,
    pub modified_time: Option<i64>,
    pub modified_time_dt: Option<String>,
    pub modifier: Option<Box<User>>,
    pub name: Option<String>,
    pub owner: Option<Box<User>>,
    pub parent_folder: Option<String>,
    pub path: Option<String>,
    pub product: Option<Box<Product>>,
    pub security_descriptor: Option<String>,
    pub signature: Option<Box<DigitalSignature>>,
    pub signatures: Option<Vec<DigitalSignature>>,
    pub size: Option<i64>,
    pub storage_class: Option<String>,
    pub tags: Option<Vec<KeyValueObject>>,
    pub type: Option<String>,
    pub type_id: Option<i64>,
    pub uid: Option<String>,
    pub uri: Option<String>,
    pub url: Option<Box<Url>>,
    pub version: Option<String>,
    pub volume: Option<String>,
    pub xattributes: Option<Value>,
}

File

The File object represents the metadata associated with a file stored in a computer system. It encompasses information about the file itself, including its attributes, properties, and organizational details.

[] Category: | Name: file

Constraints:

• at_least_one: [name,uid]

Fields (Non-exhaustive)

Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.

accessed_time: Option<i64>

Accessed Time

The time when the file was last accessed.

optional

accessed_time_dt: Option<String>

Accessed Time

The time when the file was last accessed.

optional

accessor: Option<Box<User>>

Accessor

The name of the user who last accessed the object.

optional

attributes: Option<i64>

Attributes

The bitmask value that represents the file attributes.

optional

company_name: Option<String>

Company Name

The name of the company that published the file. For example: Microsoft Corporation.

optional

confidentiality: Option<String>

Confidentiality

The file content confidentiality, normalized to the confidentiality_id value. In the case of ‘Other’, it is defined by the event source.

optional

confidentiality_id: Option<i64>

Confidentiality ID

The normalized identifier of the file content confidentiality indicator.

optional

created_time: Option<i64>

Created Time

The time when the file was created.

optional

created_time_dt: Option<String>

Created Time

The time when the file was created.

optional

creator: Option<Box<User>>

Creator

The user that created the file.

optional

data_classification: Option<Box<DataClassification>>

Data Classification

The Data Classification object includes information about data classification levels and data category types.

recommended

data_classifications: Option<Vec<DataClassification>>

Data Classification

A list of Data Classification objects, that include information about data classification levels and data category types, identified by a classifier.

recommended

desc: Option<String>

Description

The description of the file, as returned by file system. For example: the description as returned by the Unix file command or the Windows file type.

optional

drive_type: Option<String>

Drive Type

The drive type, normalized to the caption of the drive_type_id value. In the case of Other, it is defined by the source.

optional

drive_type_id: Option<i64>

Drive Type ID

Identifies the type of a disk drive, i.e. fixed, removable, etc.

optional

encryption_details: Option<Box<EncryptionDetails>>

Encryption Details

The encryption details of the file. Should be populated if the file is encrypted.

optional

ext: Option<String>

File Extension

The extension of the file, excluding the leading dot. For example: exe from svchost.exe, or gz from export.tar.gz.

recommended

hashes: Option<Vec<Fingerprint>>

Hashes

An array of hash attributes.

recommended

internal_name: Option<String>

Internal Name

The name of the file as identified within the file itself. This contrasts with the name by which the file is known on disk. Where available, the internal name is widely used by security practitioners and detection content because the on-disk file name is not reliable. On the Windows OS, most PE files contain a VERSIONINFO resource from which the internal name can be obtained. On macOS, binaries can optionally embed a copy of the application’s Info.plist file which in turn contains the name of the executable.

optional

is_deleted: Option<bool>

Deleted

Indicates if the file was deleted from the filesystem.

optional

is_encrypted: Option<bool>

Encrypted

Indicates if the file is encrypted.

optional

is_public: Option<bool>

Public

Indicates if the file is publicly accessible. For example in an object’s public access in AWS S3

optional

is_readonly: Option<bool>

Read-Only

Indicates that the file cannot be modified.

optional

is_system: Option<bool>

System

The indication of whether the object is part of the operating system.

optional

mime_type: Option<String>

MIME type

The Multipurpose Internet Mail Extensions (MIME) type of the file, if applicable.

optional

modified_time: Option<i64>

Modified Time

The time when the file was last modified.

optional

modified_time_dt: Option<String>

Modified Time

The time when the file was last modified.

optional

modifier: Option<Box<User>>

Modifier

The user that last modified the file.

optional

name: Option<String>

Name

The name of the file. For example: svchost.exe

required

owner: Option<Box<User>>

Owner

The user that owns the file/object.

optional

parent_folder: Option<String>

Parent Folder

The parent folder in which the file resides. For example: c:\windows\system32

optional

path: Option<String>

Path

The full path to the file. For example: c:\windows\system32\svchost.exe.

recommended

product: Option<Box<Product>>

Product

The product that created or installed the file.

optional

security_descriptor: Option<String>

Security Descriptor

The object security descriptor.

optional

signature: Option<Box<DigitalSignature>>

Digital Signature

The digital signature of the file.

optional

signatures: Option<Vec<DigitalSignature>>

Digital Signatures

A collection of Digital Signature objects.

optional

size: Option<i64>

Size

The size of data, in bytes.

optional

storage_class: Option<String>

Storage Class

The storage class of the file. For example in AWS S3: STANDARD, STANDARD_IA, GLACIER.

optional

tags: Option<Vec<KeyValueObject>>

Tags

The list of tags; {key:value} pairs associated to the file.

optional

type: Option<String>

Type

The file type.

optional

type_id: Option<i64>

Type ID

The file type ID. Note the distinction between a Regular File and an Executable File. If the distinction is not known, or not indicated by the log, use Regular File. In this case, it should not be assumed that a Regular File is not executable.

required

uid: Option<String>

Unique ID

The unique identifier of the file as defined by the storage system, such the file system file ID.

optional

uri: Option<String>

File URI

The file URI, such as those reporting by static analysis tools. E.g., file:///C:/dev/sarif/sarif-tutorials/samples/Introduction/simple-example.js

optional

url: Option<Box<Url>>

URL

The URL of the file, when applicable.

optional

version: Option<String>

Version

The file version. For example: 8.0.7601.17514.

optional

volume: Option<String>

Volume

The volume on the storage device where the file is located.

optional

xattributes: Option<Value>

Extended Attributes

An unordered collection of zero or more name/value pairs where each pair represents a file or folder extended attribute.

For example: Windows alternate data stream attributes (ADS stream name, ADS size, etc.), user-defined or application-defined attributes, ACL, owner, primary group, etc. Examples from DCS:

• ads_name
• ads_size
• dacl
• owner
• primary_group
• link_name - name of the link associated to the file.
• hard_link_count - the number of links that are associated to the file.

optional

Trait Implementations

impl Clone for File

fn clone(&self) -> File

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for File

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for File

fn default() -> File

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for File

where File: Default,

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl PartialEq for File

fn eq(&self, other: &File) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for File

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl StructuralPartialEq for File