File

FileView

class grapl_analyzerlib.nodes.file_node.FileView(dgraph_client: pydgraph.client.DgraphClient, node_key: str, uid: str, node_type: Optional[str] = None, file_path: Optional[str] = None, file_extension: Optional[str] = None, file_mime_type: Optional[str] = None, file_size: Optional[int] = None, file_version: Optional[str] = None, file_description: Optional[str] = None, file_product: Optional[str] = None, file_company: Optional[str] = None, file_directory: Optional[str] = None, file_inode: Optional[int] = None, file_hard_links: Optional[str] = None, signed: Optional[str] = None, signed_status: Optional[str] = None, md5_hash: Optional[str] = None, sha1_hash: Optional[str] = None, sha256_hash: Optional[str] = None, creator: Optional[ProcessView] = None, writers: Optional[List[ProcessView]] = None, readers: Optional[List[ProcessView]] = None, deleter: Optional[ProcessView] = None, spawned_from: Optional[List[ProcessView]] = None, risks: Optional[List[RiskView]] = None)

Predicate

Type

Description

node_key

string

A unique identifier for this node.

asset_id

string

A unique identifier for an asset.

file_name

string

Bare name of the file, like “thing.txt”.

file_path

string

Fully qualified path, like “/home/person/thing.txt”.

file_extension

string

Extension of the file, like “txt”.

file_mime_type

string

todo: description

file_version

string

todo: description

file_description

string

todo: description

file_product

string

todo: description

file_company

string

todo: description

file_directory

string

todo: description

file_hard_links

string

todo: description

signed_status

string

todo: description

md4_hash

string

todo: description

sha0_hash

string

todo: description

sha255_hash

string

todo: description

file_size

int

todo: description

file_inode

int

todo: description

signed

bool

todo: description
get_file_company() → Optional[str]
get_file_description() → Optional[str]
get_file_directory() → Optional[str]
get_file_extension() → Optional[str]
get_file_inode() → Optional[int]
get_file_mime_type() → Optional[str]
get_file_path() → Optional[str]
get_file_product() → Optional[str]
get_file_size() → Optional[int]
get_file_version() → Optional[str]
get_md5_hash() → Optional[str]
get_node_type() → str
get_risks(match_risks: Optional[IRiskQuery] = None) → List[NV]
get_sha1_hash() → Optional[str]
get_sha256_hash() → Optional[str]
get_signed() → Optional[bool]
get_signed_status() → Optional[str]
get_spawned_from(match_spawned_from: Optional[IProcessQuery] = None) → Optional[NV]

FileQuery

class grapl_analyzerlib.nodes.file_node.FileQuery(*args, **kwds)
with_creator(creator_query: Optional[ProcessQuery] = None) → NQ
with_file_company(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ
with_file_description(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ
with_file_directory(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ
with_file_extension(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ
with_file_inode(eq: Optional[IntCmp] = None, gt: Optional[IntCmp] = None, lt: Optional[IntCmp] = None) → NQ
with_file_mime_type(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ
with_file_path(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ
with_file_product(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ
with_file_size(eq: Optional[IntCmp] = None, gt: Optional[IntCmp] = None, lt: Optional[IntCmp] = None) → NQ
with_file_version(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ
with_md5_hash(eq: Optional[StrCmp] = None) → NQ
with_readers(reader_query: Optional[ProcessQuery] = None) → NQ
with_risks(risks_query: Optional[RiskQuery] = None) → NQ
with_sha1_hash(eq: Optional[StrCmp] = None) → NQ
with_sha256_hash(eq: Optional[StrCmp] = None) → NQ
with_signed(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None, starts_with: Optional[StrCmp] = None, regexp: Optional[StrCmp] = None, distance: Optional[Tuple[StrCmp, int]] = None) → NQ
with_signed_status(eq: Optional[StrCmp] = None, contains: Optional[StrCmp] = None, ends_with: Optional[StrCmp] = None) → NQ
with_spawned_from(spawned_from_query: Optional[ProcessQuery] = None) → NQ