saferwall/saferwall

[Services] Various File entity schema updates

Opened this issue a year ago · 0 comments

LordNoteworthy commented a year ago

tags": { "eset": "VMDetect", "packer": null, "pe": ["exe"] } --> tags": { "module_name": ["tag1", "tag2"]}
packer returns null in some cases.
strings: attach tags ["gibberish", "ascii", "domain", "ip", "path", "email"] and limit the number of strings to extract

[
  ["string value", "ascii", ["x1","x2"]],
  ["string value", "ascii", ["x1","x2"]],
  ["string value", "ascii", ["x1"], "other"]
]

PE fields names: snake case.
Documents missing the first_seen field.

DB Sync

re-scan all files if possible :
- AVs will be updated, need to fix first_scan vs last_scan
- strings get new format, pe get updated
- and new fields like first_seen/file_format/file_extension also get added.