File¶
FileView¶
-
class
grapl_analyzerlib.nodes.file_node.
FileView
(dgraph_client: pydgraph.client.DgraphClient, node_key: str, uid: str, node_type: Optional[str] = None, file_path: Optional[str] = None, file_extension: Optional[str] = None, file_mime_type: Optional[str] = None, file_size: Optional[int] = None, file_version: Optional[str] = None, file_description: Optional[str] = None, file_product: Optional[str] = None, file_company: Optional[str] = None, file_directory: Optional[str] = None, file_inode: Optional[int] = None, file_hard_links: Optional[str] = None, signed: Optional[str] = None, signed_status: Optional[str] = None, md5_hash: Optional[str] = None, sha1_hash: Optional[str] = None, sha256_hash: Optional[str] = None, creator: Optional[ProcessView] = None, writers: Optional[List[ProcessView]] = None, readers: Optional[List[ProcessView]] = None, deleter: Optional[ProcessView] = None, spawned_from: Optional[List[ProcessView]] = None, risks: Optional[List[RiskView]] = None)¶ Predicate
Type
Description
node_key
string
A unique identifier for this node.
asset_id
string
A unique identifier for an asset.
file_name
string
Bare name of the file, like “thing.txt”.
file_path
string
Fully qualified path, like “/home/person/thing.txt”.
file_extension
string
Extension of the file, like “txt”.
file_mime_type
string
todo: description
file_version
string
todo: description
file_description
string
todo: description
file_product
string
todo: description
file_company
string
todo: description
file_directory
string
todo: description
file_hard_links
string
todo: description
signed_status
string
todo: description
md4_hash
string
todo: description
sha0_hash
string
todo: description
sha255_hash
string
todo: description
file_size
int
todo: description
file_inode
int
todo: description
signed
bool
todo: description
-
get_file_company
() → Optional[str]¶
-
get_file_description
() → Optional[str]¶
-
get_file_directory
() → Optional[str]¶
-
get_file_extension
() → Optional[str]¶
-
get_file_hard_links
() → Optional[str]¶
-
get_file_inode
() → Optional[int]¶
-
get_file_mime_type
() → Optional[str]¶
-
get_file_path
() → Optional[str]¶
-
get_file_product
() → Optional[str]¶
-
get_file_size
() → Optional[int]¶
-
get_file_version
() → Optional[str]¶
-
get_md5_hash
() → Optional[str]¶
-
get_node_type
() → str¶
-
get_risks
(match_risks: Optional[IRiskQuery] = None) → List[NV]¶
-
get_sha1_hash
() → Optional[str]¶
-
get_sha256_hash
() → Optional[str]¶
-
get_signed
() → Optional[bool]¶
-
get_signed_status
() → Optional[str]¶
-
get_spawned_from
(match_spawned_from: Optional[IProcessQuery] = None) → Optional[NV]¶
-
FileQuery¶
-
class
grapl_analyzerlib.nodes.file_node.
FileQuery
(*args, **kwds)¶ -
with_creator
(creator_query: Optional[ProcessQuery] = None) → NQ¶
-
with_file_company
(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ¶
-
with_file_description
(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ¶
-
with_file_directory
(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ¶
-
with_file_extension
(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ¶
-
with_file_hard_links
(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None) → NQ¶
-
with_file_inode
(eq: Optional[IntCmp] = None, gt: Optional[IntCmp] = None, lt: Optional[IntCmp] = None) → NQ¶
-
with_file_mime_type
(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ¶
-
with_file_path
(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ¶
-
with_file_product
(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ¶
-
with_file_size
(eq: Optional[IntCmp] = None, gt: Optional[IntCmp] = None, lt: Optional[IntCmp] = None) → NQ¶
-
with_file_version
(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ¶
-
with_md5_hash
(eq: Optional[StrCmp] = None) → NQ¶
-
with_readers
(reader_query: Optional[ProcessQuery] = None) → NQ¶
-
with_risks
(risks_query: Optional[RiskQuery] = None) → NQ¶
-
with_sha1_hash
(eq: Optional[StrCmp] = None) → NQ¶
-
with_sha256_hash
(eq: Optional[StrCmp] = None) → NQ¶
-
with_signed
(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ¶
-
with_signed_status
(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None) → NQ¶
-
with_spawned_from
(spawned_from_query: Optional[ProcessQuery] = None) → NQ¶
-