Spaces:
Running
Running
File size: 1,509 Bytes
bb6d7b4 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
"""
Model for storing indicators of compromise (IOCs) and other threat indicators.
"""
from sqlalchemy import Column, String, Text, Integer, Float, DateTime, ForeignKey, Enum, Boolean
from sqlalchemy.orm import relationship
import enum
from datetime import datetime
from src.models.base import BaseModel
class IndicatorType(enum.Enum):
"""Type of indicator."""
IP_ADDRESS = "IP Address"
DOMAIN = "Domain"
URL = "URL"
HASH = "Hash"
EMAIL = "Email"
FILE = "File"
REGISTRY = "Registry"
USER_AGENT = "User Agent"
CVE = "CVE"
SOFTWARE = "Software"
KEYWORD = "Keyword"
OTHER = "Other"
class Indicator(BaseModel):
"""Model for indicators related to threats."""
__tablename__ = "indicators"
# Indicator details
value = Column(String(1024), nullable=False)
indicator_type = Column(Enum(IndicatorType), nullable=False)
description = Column(Text)
is_verified = Column(Boolean, default=False)
context = Column(Text)
source = Column(String(255))
# Relationship to threat
threat_id = Column(Integer, ForeignKey("threats.id"))
threat = relationship("Threat", back_populates="indicators")
# Confidence and metadata
confidence_score = Column(Float, default=0.0)
first_seen = Column(DateTime, default=datetime.utcnow)
last_seen = Column(DateTime, default=datetime.utcnow)
def __repr__(self):
return f"<Indicator(id={self.id}, value={self.value}, type={self.indicator_type})>" |