dorothy2 1.2.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/CHANGELOG +39 -14
- data/README.md +80 -62
- data/UPDATE +6 -14
- data/bin/dorothy2 +472 -0
- data/dorothy2.gemspec +22 -16
- data/etc/ddl/dorothive.ddl +619 -373
- data/etc/sources.yml.example +27 -2
- data/lib/doroGUI.rb +232 -0
- data/lib/doroParser.rb +34 -78
- data/lib/dorothy2.rb +288 -248
- data/lib/dorothy2/BFM.rb +114 -61
- data/lib/dorothy2/DEM.rb +3 -1
- data/lib/dorothy2/NAM.rb +2 -2
- data/lib/dorothy2/Settings.rb +2 -1
- data/lib/dorothy2/VSM.rb +2 -1
- data/lib/dorothy2/deep_symbolize.rb +2 -7
- data/lib/dorothy2/do-init.rb +286 -19
- data/lib/dorothy2/do-logger.rb +1 -1
- data/lib/dorothy2/do-utils.rb +382 -33
- data/lib/dorothy2/version.rb +1 -1
- data/lib/dorothy2/vtotal.rb +30 -20
- data/lib/mu/xtractr.rb +11 -11
- data/lib/mu/xtractr/stream.rb +1 -1
- data/lib/www/public/reset.css +153 -0
- data/lib/www/public/style.css +65 -0
- data/lib/www/views/analyses.erb +28 -0
- data/lib/www/views/email.erb +63 -0
- data/lib/www/views/flows.erb +30 -0
- data/lib/www/views/layout.erb +27 -0
- data/lib/www/views/profile.erb +49 -0
- data/lib/www/views/queue.erb +28 -0
- data/lib/www/views/resume.erb +135 -0
- data/lib/www/views/resume.erb~ +88 -0
- data/lib/www/views/samples.erb +20 -0
- data/lib/www/views/upload.erb +154 -0
- data/share/img/The_big_picture.pdf +0 -0
- data/test/tc_dorothy_full.rb +3 -0
- metadata +169 -70
- data/TODO +0 -27
- data/bin/dorothy_start +0 -225
- data/bin/dorothy_stop +0 -28
- data/bin/dparser_start +0 -94
- data/bin/dparser_stop +0 -31
- data/etc/dorothy copy.yml.example +0 -39
- data/etc/extensions.yml +0 -41
- data/share/update-dorothive.sql +0 -19
data/dorothy2.gemspec
CHANGED
@@ -16,22 +16,28 @@ Gem::Specification.new do |gem|
|
|
16
16
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
17
17
|
gem.extra_rdoc_files = ["README.md"]
|
18
18
|
gem.require_paths = ["lib"]
|
19
|
-
gem.required_ruby_version = '
|
20
|
-
gem.add_dependency(%q<net-scp>, ["
|
21
|
-
gem.add_dependency(%q<net-ssh>, ["
|
22
|
-
gem.add_dependency(%q<trollop>, ["
|
23
|
-
gem.add_dependency(%q<rest-client>, ["
|
24
|
-
gem.add_dependency(%q<
|
19
|
+
gem.required_ruby_version = '~> 1.9.3'
|
20
|
+
gem.add_dependency(%q<net-scp>, ["~> 1.1.2"])
|
21
|
+
gem.add_dependency(%q<net-ssh>, ["~> 2.7.0"])
|
22
|
+
gem.add_dependency(%q<trollop>, ["~> 2.0"])
|
23
|
+
gem.add_dependency(%q<rest-client>, ["~> 1.6.7"])
|
24
|
+
gem.add_dependency(%q<mail>, ["~> 2.5.4"])
|
25
25
|
gem.add_dependency(%q<colored>, [">= 1.2"])
|
26
|
-
gem.add_dependency(%q<
|
27
|
-
gem.add_dependency(%q<
|
28
|
-
gem.add_dependency(%q<
|
29
|
-
gem.add_dependency(%q<rbvmomi>, ["
|
30
|
-
gem.add_dependency(%q<ruby-filemagic>, ["
|
26
|
+
gem.add_dependency(%q<pg>, [">= 0.8.0"])
|
27
|
+
gem.add_dependency(%q<nokogiri>, ["~> 1.5.11"])
|
28
|
+
gem.add_dependency(%q<uirusu>, ["~> 0.0.6"])
|
29
|
+
gem.add_dependency(%q<rbvmomi>, ["~> 1.6.0"])
|
30
|
+
gem.add_dependency(%q<ruby-filemagic>, ["~> 0.5.0"])
|
31
|
+
gem.add_dependency(%q<activesupport>, ["~> 4.1.6"])
|
32
|
+
gem.add_dependency(%q<activemodel>, ["~> 4.1.6"])
|
33
|
+
gem.add_dependency(%q<activerecord>, ["~> 4.1.0.beta1"])
|
34
|
+
gem.add_dependency(%q<sinatra>, ["~> 1.4.4"])
|
35
|
+
gem.add_dependency(%q<sinatra-activerecord>, ["~> 1.3.0"])
|
36
|
+
gem.add_dependency(%q<sinatra-contrib>, ["~> 1.4.2"])
|
37
|
+
gem.add_dependency(%q<namespace>, ["~> 1.2"])
|
31
38
|
#for dparser
|
32
|
-
gem.add_dependency(%q<net-dns>, ["
|
33
|
-
gem.add_dependency(%q<geoip>, ["
|
34
|
-
gem.add_dependency(%q<
|
35
|
-
gem.post_install_message = '\n WARING: If you are upgrating from a previous version, read the UPDATE file
|
39
|
+
gem.add_dependency(%q<net-dns>, ["~> 0.8.0"])
|
40
|
+
gem.add_dependency(%q<geoip>, ["~> 1.3.5"])
|
41
|
+
gem.add_dependency(%q<whois>, ["~> 3.5.3"])
|
42
|
+
gem.post_install_message = '\n\n\n \t\t WARING: If you are upgrating from a previous version, read the UPDATE file! \t\t\n\n\n'
|
36
43
|
end
|
37
|
-
|
data/etc/ddl/dorothive.ddl
CHANGED
@@ -2,33 +2,12 @@
|
|
2
2
|
-- PostgreSQL database dump
|
3
3
|
--
|
4
4
|
|
5
|
-
DROP DATABASE dorothive;
|
6
|
-
|
7
|
-
|
8
5
|
SET statement_timeout = 0;
|
6
|
+
SET lock_timeout = 0;
|
9
7
|
SET client_encoding = 'UTF8';
|
10
|
-
SET standard_conforming_strings =
|
8
|
+
SET standard_conforming_strings = on;
|
11
9
|
SET check_function_bodies = false;
|
12
10
|
SET client_min_messages = warning;
|
13
|
-
SET escape_string_warning = off;
|
14
|
-
|
15
|
-
--
|
16
|
-
-- Name: dorothive; Type: DATABASE; Schema: -; Owner: postgres
|
17
|
-
--
|
18
|
-
|
19
|
-
CREATE DATABASE dorothive WITH TEMPLATE = template0 ENCODING = 'UTF8' LC_COLLATE = 'C' LC_CTYPE = 'C';
|
20
|
-
|
21
|
-
|
22
|
-
ALTER DATABASE dorothive OWNER TO postgres;
|
23
|
-
|
24
|
-
\connect dorothive
|
25
|
-
|
26
|
-
SET statement_timeout = 0;
|
27
|
-
SET client_encoding = 'UTF8';
|
28
|
-
SET standard_conforming_strings = off;
|
29
|
-
SET check_function_bodies = false;
|
30
|
-
SET client_min_messages = warning;
|
31
|
-
SET escape_string_warning = off;
|
32
11
|
|
33
12
|
--
|
34
13
|
-- Name: dorothy; Type: SCHEMA; Schema: -; Owner: postgres
|
@@ -47,13 +26,18 @@ COMMENT ON SCHEMA dorothy IS 'standard public schema';
|
|
47
26
|
|
48
27
|
|
49
28
|
--
|
50
|
-
-- Name: plpgsql; Type:
|
29
|
+
-- Name: plpgsql; Type: EXTENSION; Schema: -; Owner:
|
51
30
|
--
|
52
31
|
|
53
|
-
CREATE
|
32
|
+
CREATE EXTENSION IF NOT EXISTS plpgsql WITH SCHEMA pg_catalog;
|
54
33
|
|
55
34
|
|
56
|
-
|
35
|
+
--
|
36
|
+
-- Name: EXTENSION plpgsql; Type: COMMENT; Schema: -; Owner:
|
37
|
+
--
|
38
|
+
|
39
|
+
COMMENT ON EXTENSION plpgsql IS 'PL/pgSQL procedural language';
|
40
|
+
|
57
41
|
|
58
42
|
SET search_path = dorothy, pg_catalog;
|
59
43
|
|
@@ -128,6 +112,21 @@ CREATE TYPE layer7_protocols AS ENUM (
|
|
128
112
|
|
129
113
|
ALTER TYPE dorothy.layer7_protocols OWNER TO postgres;
|
130
114
|
|
115
|
+
--
|
116
|
+
-- Name: queue_status; Type: TYPE; Schema: dorothy; Owner: postgres
|
117
|
+
--
|
118
|
+
|
119
|
+
CREATE TYPE queue_status AS ENUM (
|
120
|
+
'cancelled',
|
121
|
+
'pending',
|
122
|
+
'analysed',
|
123
|
+
'processing',
|
124
|
+
'error'
|
125
|
+
);
|
126
|
+
|
127
|
+
|
128
|
+
ALTER TYPE dorothy.queue_status OWNER TO postgres;
|
129
|
+
|
131
130
|
--
|
132
131
|
-- Name: sanbox_type; Type: TYPE; Schema: dorothy; Owner: postgres
|
133
132
|
--
|
@@ -143,34 +142,6 @@ CREATE TYPE sanbox_type AS ENUM (
|
|
143
142
|
|
144
143
|
ALTER TYPE dorothy.sanbox_type OWNER TO postgres;
|
145
144
|
|
146
|
-
--
|
147
|
-
-- Name: sensor_type; Type: TYPE; Schema: dorothy; Owner: postgres
|
148
|
-
--
|
149
|
-
|
150
|
-
CREATE TYPE sensor_type AS ENUM (
|
151
|
-
'low_honey',
|
152
|
-
'high_honey',
|
153
|
-
'mwcollect'
|
154
|
-
);
|
155
|
-
|
156
|
-
|
157
|
-
ALTER TYPE dorothy.sensor_type OWNER TO postgres;
|
158
|
-
|
159
|
-
--
|
160
|
-
-- Name: sensor_type2; Type: TYPE; Schema: dorothy; Owner: postgres
|
161
|
-
--
|
162
|
-
|
163
|
-
CREATE TYPE sensor_type2 AS ENUM (
|
164
|
-
'lowint-honeypot',
|
165
|
-
'highint-honeypot',
|
166
|
-
'unknow',
|
167
|
-
'client-honeypot',
|
168
|
-
'external-source'
|
169
|
-
);
|
170
|
-
|
171
|
-
|
172
|
-
ALTER TYPE dorothy.sensor_type2 OWNER TO postgres;
|
173
|
-
|
174
145
|
SET default_tablespace = '';
|
175
146
|
|
176
147
|
SET default_with_oids = false;
|
@@ -184,7 +155,8 @@ CREATE TABLE analyses (
|
|
184
155
|
sample character(64) NOT NULL,
|
185
156
|
sandbox integer NOT NULL,
|
186
157
|
traffic_dump character(64) NOT NULL,
|
187
|
-
date timestamp without time zone
|
158
|
+
date timestamp without time zone,
|
159
|
+
queue_id bigint NOT NULL
|
188
160
|
);
|
189
161
|
|
190
162
|
|
@@ -212,87 +184,38 @@ ALTER SEQUENCE analyses_id_seq OWNED BY analyses.id;
|
|
212
184
|
|
213
185
|
|
214
186
|
--
|
215
|
-
-- Name:
|
216
|
-
--
|
217
|
-
|
218
|
-
SELECT pg_catalog.setval('analyses_id_seq', 1, true);
|
219
|
-
|
220
|
-
|
221
|
-
--
|
222
|
-
-- Name: samples; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
187
|
+
-- Name: queue_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
223
188
|
--
|
224
189
|
|
225
|
-
CREATE
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
long_type character varying,
|
232
|
-
CONSTRAINT size_notneg CHECK ((size >= 0))
|
233
|
-
);
|
234
|
-
|
235
|
-
|
236
|
-
ALTER TABLE dorothy.samples OWNER TO postgres;
|
237
|
-
|
238
|
-
--
|
239
|
-
-- Name: TABLE samples; Type: COMMENT; Schema: dorothy; Owner: postgres
|
240
|
-
--
|
241
|
-
|
242
|
-
COMMENT ON TABLE samples IS 'Acquired samples';
|
243
|
-
|
244
|
-
|
245
|
-
--
|
246
|
-
-- Name: COLUMN samples.hash; Type: COMMENT; Schema: dorothy; Owner: postgres
|
247
|
-
--
|
248
|
-
|
249
|
-
COMMENT ON COLUMN samples.sha256 IS 'SHA256 checksum hash';
|
250
|
-
|
251
|
-
|
252
|
-
--
|
253
|
-
-- Name: COLUMN samples.size; Type: COMMENT; Schema: dorothy; Owner: postgres
|
254
|
-
--
|
255
|
-
|
256
|
-
COMMENT ON COLUMN samples.size IS 'Sample size';
|
257
|
-
|
258
|
-
--
|
259
|
-
-- Name: CONSTRAINT size_notneg ON samples; Type: COMMENT; Schema: dorothy; Owner: postgres
|
260
|
-
--
|
190
|
+
CREATE SEQUENCE queue_id_seq
|
191
|
+
START WITH 1
|
192
|
+
INCREMENT BY 1
|
193
|
+
NO MINVALUE
|
194
|
+
NO MAXVALUE
|
195
|
+
CACHE 1;
|
261
196
|
|
262
|
-
COMMENT ON CONSTRAINT size_notneg ON samples IS 'Sample size must not be negative';
|
263
197
|
|
198
|
+
ALTER TABLE dorothy.queue_id_seq OWNER TO postgres;
|
264
199
|
|
265
200
|
--
|
266
|
-
-- Name:
|
201
|
+
-- Name: analysis_queue; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
267
202
|
--
|
268
203
|
|
269
|
-
CREATE TABLE
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
274
|
-
|
204
|
+
CREATE TABLE analysis_queue (
|
205
|
+
id bigint DEFAULT nextval('queue_id_seq'::regclass) NOT NULL,
|
206
|
+
date timestamp without time zone NOT NULL,
|
207
|
+
"binary" character(64),
|
208
|
+
priority integer DEFAULT 0 NOT NULL,
|
209
|
+
profile character varying DEFAULT 'default'::character varying NOT NULL,
|
210
|
+
source character varying,
|
211
|
+
"user" character varying,
|
212
|
+
filename character varying NOT NULL,
|
213
|
+
status queue_status,
|
214
|
+
sighting bigint
|
275
215
|
);
|
276
216
|
|
277
217
|
|
278
|
-
ALTER TABLE dorothy.
|
279
|
-
|
280
|
-
--
|
281
|
-
-- Name: COLUMN traffic_dumps.hash; Type: COMMENT; Schema: dorothy; Owner: postgres
|
282
|
-
--
|
283
|
-
|
284
|
-
COMMENT ON COLUMN traffic_dumps.sha256 IS 'SHA256 checksum hash';
|
285
|
-
|
286
|
-
|
287
|
-
--
|
288
|
-
-- Name: analysis_resume_view; Type: VIEW; Schema: dorothy; Owner: postgres
|
289
|
-
--
|
290
|
-
|
291
|
-
CREATE VIEW analysis_resume_view AS
|
292
|
-
SELECT analyses.id, samples.filename, samples.md5, samples.long_type, analyses.date, traffic_dumps.parsed FROM traffic_dumps, samples, analyses WHERE ((analyses.sample = samples.sha256) AND (analyses.traffic_dump = traffic_dumps.sha256)) ORDER BY analyses.id DESC;
|
293
|
-
|
294
|
-
|
295
|
-
ALTER TABLE dorothy.analysis_resume_view OWNER TO postgres;
|
218
|
+
ALTER TABLE dorothy.analysis_queue OWNER TO postgres;
|
296
219
|
|
297
220
|
--
|
298
221
|
-- Name: appdata_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
@@ -308,13 +231,6 @@ CREATE SEQUENCE appdata_id_seq
|
|
308
231
|
|
309
232
|
ALTER TABLE dorothy.appdata_id_seq OWNER TO postgres;
|
310
233
|
|
311
|
-
--
|
312
|
-
-- Name: appdata_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
313
|
-
--
|
314
|
-
|
315
|
-
SELECT pg_catalog.setval('appdata_id_seq', 1, true);
|
316
|
-
|
317
|
-
|
318
234
|
--
|
319
235
|
-- Name: asns; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
320
236
|
--
|
@@ -359,17 +275,25 @@ ALTER SEQUENCE asns_id_seq OWNED BY asns.id;
|
|
359
275
|
|
360
276
|
|
361
277
|
--
|
362
|
-
-- Name:
|
278
|
+
-- Name: av_signs; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
363
279
|
--
|
364
280
|
|
365
|
-
|
281
|
+
CREATE TABLE av_signs (
|
282
|
+
id bigint NOT NULL,
|
283
|
+
av_name character varying NOT NULL,
|
284
|
+
signature character varying NOT NULL,
|
285
|
+
version character varying NOT NULL,
|
286
|
+
updated character varying
|
287
|
+
);
|
366
288
|
|
367
289
|
|
290
|
+
ALTER TABLE dorothy.av_signs OWNER TO postgres;
|
291
|
+
|
368
292
|
--
|
369
|
-
-- Name:
|
293
|
+
-- Name: cfg_chk_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
370
294
|
--
|
371
295
|
|
372
|
-
CREATE SEQUENCE
|
296
|
+
CREATE SEQUENCE cfg_chk_id_seq
|
373
297
|
START WITH 1
|
374
298
|
INCREMENT BY 1
|
375
299
|
NO MINVALUE
|
@@ -377,48 +301,22 @@ CREATE SEQUENCE dns_id_seq
|
|
377
301
|
CACHE 1;
|
378
302
|
|
379
303
|
|
380
|
-
ALTER TABLE dorothy.
|
304
|
+
ALTER TABLE dorothy.cfg_chk_id_seq OWNER TO postgres;
|
381
305
|
|
382
306
|
--
|
383
|
-
-- Name:
|
307
|
+
-- Name: cfg_chk; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
384
308
|
--
|
385
309
|
|
386
|
-
|
387
|
-
|
388
|
-
|
389
|
-
|
390
|
-
|
391
|
-
|
392
|
-
|
393
|
-
CREATE TABLE dns_data (
|
394
|
-
id integer DEFAULT nextval('dns_id_seq'::regclass) NOT NULL,
|
395
|
-
name character varying(255),
|
396
|
-
class integer,
|
397
|
-
qry boolean NOT NULL,
|
398
|
-
ttl integer,
|
399
|
-
flow integer NOT NULL,
|
400
|
-
address inet,
|
401
|
-
data character varying(255),
|
402
|
-
type integer,
|
403
|
-
is_sinkholed boolean
|
310
|
+
CREATE TABLE cfg_chk (
|
311
|
+
id bigint DEFAULT nextval('cfg_chk_id_seq'::regclass) NOT NULL,
|
312
|
+
conf_file character varying,
|
313
|
+
md5_chksum character(32) NOT NULL,
|
314
|
+
added timestamp without time zone,
|
315
|
+
last_modified timestamp without time zone
|
404
316
|
);
|
405
317
|
|
406
318
|
|
407
|
-
ALTER TABLE dorothy.
|
408
|
-
|
409
|
-
--
|
410
|
-
-- Name: COLUMN dns_data.address; Type: COMMENT; Schema: dorothy; Owner: postgres
|
411
|
-
--
|
412
|
-
|
413
|
-
COMMENT ON COLUMN dns_data.address IS 'type A answer data ';
|
414
|
-
|
415
|
-
|
416
|
-
--
|
417
|
-
-- Name: COLUMN dns_data.data; Type: COMMENT; Schema: dorothy; Owner: postgres
|
418
|
-
--
|
419
|
-
|
420
|
-
COMMENT ON COLUMN dns_data.data IS 'in the case it is an answer different from TYPE A ';
|
421
|
-
|
319
|
+
ALTER TABLE dorothy.cfg_chk OWNER TO postgres;
|
422
320
|
|
423
321
|
--
|
424
322
|
-- Name: flows; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
@@ -481,101 +379,72 @@ COMMENT ON COLUMN flows."time" IS 'Relative time (from the beginning) of the flo
|
|
481
379
|
|
482
380
|
|
483
381
|
--
|
484
|
-
-- Name:
|
382
|
+
-- Name: connections_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
485
383
|
--
|
486
384
|
|
487
|
-
CREATE
|
488
|
-
|
489
|
-
|
490
|
-
|
491
|
-
|
492
|
-
|
493
|
-
whois integer,
|
494
|
-
zone text,
|
495
|
-
last_update timestamp without time zone,
|
496
|
-
id integer NOT NULL,
|
497
|
-
dns_name integer,
|
498
|
-
migrated_from integer
|
499
|
-
);
|
385
|
+
CREATE SEQUENCE connections_id_seq
|
386
|
+
START WITH 1
|
387
|
+
INCREMENT BY 1
|
388
|
+
NO MINVALUE
|
389
|
+
NO MAXVALUE
|
390
|
+
CACHE 1;
|
500
391
|
|
501
392
|
|
502
|
-
ALTER TABLE dorothy.
|
393
|
+
ALTER TABLE dorothy.connections_id_seq OWNER TO postgres;
|
503
394
|
|
504
395
|
--
|
505
|
-
-- Name:
|
396
|
+
-- Name: connections_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
|
506
397
|
--
|
507
398
|
|
508
|
-
|
509
|
-
role integer NOT NULL,
|
510
|
-
host_ip inet NOT NULL
|
511
|
-
);
|
512
|
-
|
399
|
+
ALTER SEQUENCE connections_id_seq OWNED BY flows.id;
|
513
400
|
|
514
|
-
ALTER TABLE dorothy.host_roles OWNER TO postgres;
|
515
401
|
|
516
402
|
--
|
517
|
-
-- Name:
|
403
|
+
-- Name: dns_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
518
404
|
--
|
519
405
|
|
520
|
-
CREATE
|
521
|
-
|
522
|
-
|
523
|
-
|
524
|
-
|
525
|
-
|
406
|
+
CREATE SEQUENCE dns_id_seq
|
407
|
+
START WITH 1
|
408
|
+
INCREMENT BY 1
|
409
|
+
NO MINVALUE
|
410
|
+
NO MAXVALUE
|
411
|
+
CACHE 1;
|
526
412
|
|
527
413
|
|
528
|
-
ALTER TABLE dorothy.
|
414
|
+
ALTER TABLE dorothy.dns_id_seq OWNER TO postgres;
|
529
415
|
|
530
416
|
--
|
531
|
-
-- Name:
|
417
|
+
-- Name: dns_data; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
532
418
|
--
|
533
419
|
|
534
|
-
CREATE TABLE
|
535
|
-
id integer NOT NULL,
|
536
|
-
|
537
|
-
|
420
|
+
CREATE TABLE dns_data (
|
421
|
+
id integer DEFAULT nextval('dns_id_seq'::regclass) NOT NULL,
|
422
|
+
name character varying(255),
|
423
|
+
class integer,
|
424
|
+
qry boolean NOT NULL,
|
425
|
+
ttl integer,
|
426
|
+
flow integer NOT NULL,
|
427
|
+
address inet,
|
428
|
+
data character varying(255),
|
429
|
+
type integer,
|
430
|
+
is_sinkholed boolean
|
538
431
|
);
|
539
432
|
|
540
433
|
|
541
|
-
ALTER TABLE dorothy.
|
542
|
-
|
543
|
-
--
|
544
|
-
-- Name: ccprofile_view3; Type: VIEW; Schema: dorothy; Owner: postgres
|
545
|
-
--
|
546
|
-
|
547
|
-
CREATE VIEW ccprofile_view3 AS
|
548
|
-
SELECT DISTINCT host_ips.id AS hostid, host_ips.ip, flows.dstport, traffic_dumps.sha256, irc_data.id, roles.type, dns_data.name, irc_data.data FROM roles, host_roles, host_ips, dns_data, flows, irc_data, traffic_dumps WHERE (((((((((roles.id = host_roles.role) AND (host_roles.host_ip = host_ips.ip)) AND (dns_data.id = host_ips.dns_name)) AND (flows.dest = host_ips.ip)) AND (flows.traffic_dump = traffic_dumps.sha256)) AND (irc_data.flow = flows.id)) AND (irc_data.incoming = false)) AND (host_ips.is_online = true)) AND ((roles.type)::text = 'cc-irc'::text)) ORDER BY irc_data.id, host_ips.id, host_ips.ip, flows.dstport, traffic_dumps.sha256, roles.type, dns_data.name, irc_data.data;
|
549
|
-
|
550
|
-
|
551
|
-
ALTER TABLE dorothy.ccprofile_view3 OWNER TO postgres;
|
552
|
-
|
553
|
-
--
|
554
|
-
-- Name: connections_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
555
|
-
--
|
556
|
-
|
557
|
-
CREATE SEQUENCE connections_id_seq
|
558
|
-
START WITH 1
|
559
|
-
INCREMENT BY 1
|
560
|
-
NO MINVALUE
|
561
|
-
NO MAXVALUE
|
562
|
-
CACHE 1;
|
563
|
-
|
564
|
-
|
565
|
-
ALTER TABLE dorothy.connections_id_seq OWNER TO postgres;
|
434
|
+
ALTER TABLE dorothy.dns_data OWNER TO postgres;
|
566
435
|
|
567
436
|
--
|
568
|
-
-- Name:
|
437
|
+
-- Name: COLUMN dns_data.address; Type: COMMENT; Schema: dorothy; Owner: postgres
|
569
438
|
--
|
570
439
|
|
571
|
-
|
440
|
+
COMMENT ON COLUMN dns_data.address IS 'type A answer data ';
|
572
441
|
|
573
442
|
|
574
443
|
--
|
575
|
-
-- Name:
|
444
|
+
-- Name: COLUMN dns_data.data; Type: COMMENT; Schema: dorothy; Owner: postgres
|
576
445
|
--
|
577
446
|
|
578
|
-
|
447
|
+
COMMENT ON COLUMN dns_data.data IS 'in the case it is an answer different from TYPE A ';
|
579
448
|
|
580
449
|
|
581
450
|
--
|
@@ -599,21 +468,39 @@ ALTER TABLE dorothy.downloads OWNER TO postgres;
|
|
599
468
|
COMMENT ON TABLE downloads IS 'Downloaded sample sighting';
|
600
469
|
|
601
470
|
|
471
|
+
--
|
472
|
+
-- Name: email_receivers; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
473
|
+
--
|
474
|
+
|
475
|
+
CREATE TABLE email_receivers (
|
476
|
+
address character varying NOT NULL,
|
477
|
+
email_id bigint NOT NULL,
|
478
|
+
mail_field character(5) NOT NULL
|
479
|
+
);
|
480
|
+
|
481
|
+
|
482
|
+
ALTER TABLE dorothy.email_receivers OWNER TO postgres;
|
483
|
+
|
602
484
|
--
|
603
485
|
-- Name: emails; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
604
486
|
--
|
605
487
|
|
606
488
|
CREATE TABLE emails (
|
607
|
-
"from" character(64),
|
608
|
-
|
609
|
-
subject character(128),
|
489
|
+
"from" character varying(64),
|
490
|
+
subject character varying(128),
|
610
491
|
data bytea,
|
611
492
|
id integer NOT NULL,
|
612
|
-
flow bigint
|
493
|
+
flow bigint,
|
613
494
|
hcmd character varying,
|
614
495
|
hcont character varying,
|
615
496
|
rcode interval,
|
616
|
-
rcont character varying
|
497
|
+
rcont character varying,
|
498
|
+
date timestamp without time zone,
|
499
|
+
message_id character varying,
|
500
|
+
has_attachment boolean,
|
501
|
+
charset character varying,
|
502
|
+
body_sha256 character(64),
|
503
|
+
forwarded_by bigint
|
617
504
|
);
|
618
505
|
|
619
506
|
|
@@ -640,13 +527,6 @@ ALTER TABLE dorothy.emails_id_seq OWNER TO postgres;
|
|
640
527
|
ALTER SEQUENCE emails_id_seq OWNED BY emails.id;
|
641
528
|
|
642
529
|
|
643
|
-
--
|
644
|
-
-- Name: emails_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
645
|
-
--
|
646
|
-
|
647
|
-
SELECT pg_catalog.setval('emails_id_seq', 1, true);
|
648
|
-
|
649
|
-
|
650
530
|
--
|
651
531
|
-- Name: ftp_data; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
652
532
|
--
|
@@ -710,11 +590,25 @@ ALTER SEQUENCE geoinfo_id_seq OWNED BY geoinfo.id;
|
|
710
590
|
|
711
591
|
|
712
592
|
--
|
713
|
-
-- Name:
|
593
|
+
-- Name: host_ips; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
714
594
|
--
|
715
595
|
|
716
|
-
|
596
|
+
CREATE TABLE host_ips (
|
597
|
+
ip inet NOT NULL,
|
598
|
+
geoinfo integer,
|
599
|
+
sbl integer,
|
600
|
+
uptime time without time zone,
|
601
|
+
is_online boolean,
|
602
|
+
whois integer,
|
603
|
+
zone text,
|
604
|
+
last_update timestamp without time zone,
|
605
|
+
id integer NOT NULL,
|
606
|
+
dns_name integer,
|
607
|
+
migrated_from integer
|
608
|
+
);
|
609
|
+
|
717
610
|
|
611
|
+
ALTER TABLE dorothy.host_ips OWNER TO postgres;
|
718
612
|
|
719
613
|
--
|
720
614
|
-- Name: host_ips_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
@@ -738,12 +632,17 @@ ALTER SEQUENCE host_ips_id_seq OWNED BY host_ips.id;
|
|
738
632
|
|
739
633
|
|
740
634
|
--
|
741
|
-
-- Name:
|
635
|
+
-- Name: host_roles; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
742
636
|
--
|
743
637
|
|
744
|
-
|
638
|
+
CREATE TABLE host_roles (
|
639
|
+
role integer NOT NULL,
|
640
|
+
host_ip inet NOT NULL
|
641
|
+
);
|
745
642
|
|
746
643
|
|
644
|
+
ALTER TABLE dorothy.host_roles OWNER TO postgres;
|
645
|
+
|
747
646
|
--
|
748
647
|
-- Name: http_data; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
749
648
|
--
|
@@ -774,6 +673,20 @@ CREATE TABLE http_headers (
|
|
774
673
|
|
775
674
|
ALTER TABLE dorothy.http_headers OWNER TO postgres;
|
776
675
|
|
676
|
+
--
|
677
|
+
-- Name: irc_data; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
678
|
+
--
|
679
|
+
|
680
|
+
CREATE TABLE irc_data (
|
681
|
+
id integer NOT NULL,
|
682
|
+
flow integer NOT NULL,
|
683
|
+
data bytea,
|
684
|
+
incoming boolean NOT NULL
|
685
|
+
);
|
686
|
+
|
687
|
+
|
688
|
+
ALTER TABLE dorothy.irc_data OWNER TO postgres;
|
689
|
+
|
777
690
|
--
|
778
691
|
-- Name: irc_data_connection_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
779
692
|
--
|
@@ -796,11 +709,18 @@ ALTER SEQUENCE irc_data_connection_seq OWNED BY irc_data.flow;
|
|
796
709
|
|
797
710
|
|
798
711
|
--
|
799
|
-
-- Name:
|
712
|
+
-- Name: malwares_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
800
713
|
--
|
801
714
|
|
802
|
-
|
715
|
+
CREATE SEQUENCE malwares_id_seq
|
716
|
+
START WITH 0
|
717
|
+
INCREMENT BY 1
|
718
|
+
MINVALUE 0
|
719
|
+
NO MAXVALUE
|
720
|
+
CACHE 1;
|
721
|
+
|
803
722
|
|
723
|
+
ALTER TABLE dorothy.malwares_id_seq OWNER TO postgres;
|
804
724
|
|
805
725
|
--
|
806
726
|
-- Name: malwares; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
@@ -808,12 +728,11 @@ SELECT pg_catalog.setval('irc_data_connection_seq', 1, true);
|
|
808
728
|
|
809
729
|
CREATE TABLE malwares (
|
810
730
|
bin character(64) NOT NULL,
|
811
|
-
family character(64) NOT NULL,
|
812
|
-
vendor character(64),
|
813
|
-
version character(16),
|
814
731
|
rate character(8),
|
815
|
-
|
816
|
-
|
732
|
+
detected boolean NOT NULL,
|
733
|
+
date timestamp without time zone,
|
734
|
+
link character varying,
|
735
|
+
id bigint DEFAULT nextval('malwares_id_seq'::regclass) NOT NULL
|
817
736
|
);
|
818
737
|
|
819
738
|
|
@@ -855,12 +774,18 @@ ALTER SEQUENCE reports_id_seq OWNED BY reports.id;
|
|
855
774
|
|
856
775
|
|
857
776
|
--
|
858
|
-
-- Name:
|
777
|
+
-- Name: roles; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
859
778
|
--
|
860
779
|
|
861
|
-
|
780
|
+
CREATE TABLE roles (
|
781
|
+
id integer NOT NULL,
|
782
|
+
type character varying(10),
|
783
|
+
comment character varying
|
784
|
+
);
|
862
785
|
|
863
786
|
|
787
|
+
ALTER TABLE dorothy.roles OWNER TO postgres;
|
788
|
+
|
864
789
|
--
|
865
790
|
-- Name: roles_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
866
791
|
--
|
@@ -883,10 +808,48 @@ ALTER SEQUENCE roles_id_seq OWNED BY roles.id;
|
|
883
808
|
|
884
809
|
|
885
810
|
--
|
886
|
-
-- Name:
|
811
|
+
-- Name: samples; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
887
812
|
--
|
888
813
|
|
889
|
-
|
814
|
+
CREATE TABLE samples (
|
815
|
+
sha256 character(64) NOT NULL,
|
816
|
+
size integer NOT NULL,
|
817
|
+
path character varying(256),
|
818
|
+
filename character varying(256),
|
819
|
+
md5 character(32),
|
820
|
+
long_type character varying,
|
821
|
+
CONSTRAINT size_notneg CHECK ((size >= 0))
|
822
|
+
);
|
823
|
+
|
824
|
+
|
825
|
+
ALTER TABLE dorothy.samples OWNER TO postgres;
|
826
|
+
|
827
|
+
--
|
828
|
+
-- Name: TABLE samples; Type: COMMENT; Schema: dorothy; Owner: postgres
|
829
|
+
--
|
830
|
+
|
831
|
+
COMMENT ON TABLE samples IS 'Acquired samples';
|
832
|
+
|
833
|
+
|
834
|
+
--
|
835
|
+
-- Name: COLUMN samples.sha256; Type: COMMENT; Schema: dorothy; Owner: postgres
|
836
|
+
--
|
837
|
+
|
838
|
+
COMMENT ON COLUMN samples.sha256 IS 'SHA256 checksum hash';
|
839
|
+
|
840
|
+
|
841
|
+
--
|
842
|
+
-- Name: COLUMN samples.size; Type: COMMENT; Schema: dorothy; Owner: postgres
|
843
|
+
--
|
844
|
+
|
845
|
+
COMMENT ON COLUMN samples.size IS 'Sample size';
|
846
|
+
|
847
|
+
|
848
|
+
--
|
849
|
+
-- Name: CONSTRAINT size_notneg ON samples; Type: COMMENT; Schema: dorothy; Owner: postgres
|
850
|
+
--
|
851
|
+
|
852
|
+
COMMENT ON CONSTRAINT size_notneg ON samples IS 'Sample size must not be negative';
|
890
853
|
|
891
854
|
|
892
855
|
--
|
@@ -896,8 +859,8 @@ SELECT pg_catalog.setval('roles_id_seq', 1, false);
|
|
896
859
|
CREATE TABLE sandboxes (
|
897
860
|
id integer NOT NULL,
|
898
861
|
hostname character varying(30) NOT NULL,
|
899
|
-
|
900
|
-
|
862
|
+
sandbox_type sanbox_type NOT NULL,
|
863
|
+
os character varying NOT NULL,
|
901
864
|
version character varying,
|
902
865
|
os_lang character(4),
|
903
866
|
ipaddress inet,
|
@@ -931,95 +894,127 @@ ALTER SEQUENCE sandboxes_id_seq OWNED BY sandboxes.id;
|
|
931
894
|
|
932
895
|
|
933
896
|
--
|
934
|
-
-- Name:
|
897
|
+
-- Name: sightings_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
935
898
|
--
|
936
899
|
|
937
|
-
|
900
|
+
CREATE SEQUENCE sightings_id_seq
|
901
|
+
START WITH 1
|
902
|
+
INCREMENT BY 1
|
903
|
+
NO MINVALUE
|
904
|
+
NO MAXVALUE
|
905
|
+
CACHE 1;
|
906
|
+
|
938
907
|
|
908
|
+
ALTER TABLE dorothy.sightings_id_seq OWNER TO postgres;
|
939
909
|
|
940
910
|
--
|
941
|
-
-- Name:
|
911
|
+
-- Name: sightings; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
942
912
|
--
|
943
913
|
|
944
|
-
CREATE TABLE
|
945
|
-
|
946
|
-
|
947
|
-
|
948
|
-
|
914
|
+
CREATE TABLE sightings (
|
915
|
+
sample character(64) NOT NULL,
|
916
|
+
sensor integer NOT NULL,
|
917
|
+
date timestamp without time zone NOT NULL,
|
918
|
+
id bigint DEFAULT nextval('sightings_id_seq'::regclass) NOT NULL,
|
919
|
+
src_email bigint
|
949
920
|
);
|
950
921
|
|
951
922
|
|
952
|
-
ALTER TABLE dorothy.
|
923
|
+
ALTER TABLE dorothy.sightings OWNER TO postgres;
|
953
924
|
|
954
925
|
--
|
955
|
-
-- Name: TABLE
|
926
|
+
-- Name: TABLE sightings; Type: COMMENT; Schema: dorothy; Owner: postgres
|
956
927
|
--
|
957
928
|
|
958
|
-
COMMENT ON TABLE
|
929
|
+
COMMENT ON TABLE sightings IS 'Malware sample sightings on sources';
|
959
930
|
|
960
931
|
|
961
932
|
--
|
962
|
-
-- Name:
|
933
|
+
-- Name: COLUMN sightings.sample; Type: COMMENT; Schema: dorothy; Owner: postgres
|
963
934
|
--
|
964
935
|
|
965
|
-
|
966
|
-
START WITH 1
|
967
|
-
INCREMENT BY 1
|
968
|
-
NO MINVALUE
|
969
|
-
NO MAXVALUE
|
970
|
-
CACHE 1;
|
971
|
-
|
936
|
+
COMMENT ON COLUMN sightings.sample IS 'Sample hash';
|
972
937
|
|
973
|
-
ALTER TABLE dorothy.sensors_id_seq OWNER TO postgres;
|
974
938
|
|
975
939
|
--
|
976
|
-
-- Name:
|
940
|
+
-- Name: COLUMN sightings.sensor; Type: COMMENT; Schema: dorothy; Owner: postgres
|
977
941
|
--
|
978
942
|
|
979
|
-
|
943
|
+
COMMENT ON COLUMN sightings.sensor IS '
|
944
|
+
';
|
980
945
|
|
981
946
|
|
982
947
|
--
|
983
|
-
-- Name:
|
948
|
+
-- Name: sources_id_seq; Type: SEQUENCE; Schema: dorothy; Owner: postgres
|
984
949
|
--
|
985
950
|
|
986
|
-
|
951
|
+
CREATE SEQUENCE sources_id_seq
|
952
|
+
START WITH 1
|
953
|
+
INCREMENT BY 1
|
954
|
+
NO MINVALUE
|
955
|
+
NO MAXVALUE
|
956
|
+
CACHE 1;
|
957
|
+
|
987
958
|
|
959
|
+
ALTER TABLE dorothy.sources_id_seq OWNER TO postgres;
|
988
960
|
|
989
961
|
--
|
990
|
-
-- Name:
|
962
|
+
-- Name: sources; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
991
963
|
--
|
992
964
|
|
993
|
-
CREATE TABLE
|
994
|
-
|
995
|
-
|
996
|
-
|
997
|
-
|
965
|
+
CREATE TABLE sources (
|
966
|
+
id integer DEFAULT nextval('sources_id_seq'::regclass) NOT NULL,
|
967
|
+
sname character varying NOT NULL,
|
968
|
+
stype character varying NOT NULL,
|
969
|
+
disabled boolean DEFAULT false,
|
970
|
+
host character varying,
|
971
|
+
geo integer,
|
972
|
+
added timestamp without time zone,
|
973
|
+
last_modified timestamp without time zone,
|
974
|
+
localdir character varying
|
998
975
|
);
|
999
976
|
|
1000
977
|
|
1001
|
-
ALTER TABLE dorothy.
|
978
|
+
ALTER TABLE dorothy.sources OWNER TO postgres;
|
1002
979
|
|
1003
980
|
--
|
1004
|
-
-- Name:
|
981
|
+
-- Name: sys_procs; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
1005
982
|
--
|
1006
983
|
|
1007
|
-
|
984
|
+
CREATE TABLE sys_procs (
|
985
|
+
analysis_id integer NOT NULL,
|
986
|
+
pid integer NOT NULL,
|
987
|
+
name character varying,
|
988
|
+
owner character varying,
|
989
|
+
"cmdLine" character varying,
|
990
|
+
"startTime" timestamp without time zone,
|
991
|
+
"endTime" timestamp without time zone,
|
992
|
+
"exitCode" integer
|
993
|
+
);
|
1008
994
|
|
1009
995
|
|
996
|
+
ALTER TABLE dorothy.sys_procs OWNER TO postgres;
|
997
|
+
|
1010
998
|
--
|
1011
|
-
-- Name:
|
999
|
+
-- Name: traffic_dumps; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
1012
1000
|
--
|
1013
1001
|
|
1014
|
-
|
1002
|
+
CREATE TABLE traffic_dumps (
|
1003
|
+
sha256 character(64) NOT NULL,
|
1004
|
+
size integer NOT NULL,
|
1005
|
+
pcapr_id character(32),
|
1006
|
+
"binary" character varying,
|
1007
|
+
parsed boolean
|
1008
|
+
);
|
1015
1009
|
|
1016
1010
|
|
1011
|
+
ALTER TABLE dorothy.traffic_dumps OWNER TO postgres;
|
1012
|
+
|
1017
1013
|
--
|
1018
|
-
-- Name: COLUMN
|
1014
|
+
-- Name: COLUMN traffic_dumps.sha256; Type: COMMENT; Schema: dorothy; Owner: postgres
|
1019
1015
|
--
|
1020
1016
|
|
1021
|
-
COMMENT ON COLUMN
|
1022
|
-
';
|
1017
|
+
COMMENT ON COLUMN traffic_dumps.sha256 IS 'SHA256 checksum hash';
|
1023
1018
|
|
1024
1019
|
|
1025
1020
|
--
|
@@ -1056,42 +1051,14 @@ CREATE SEQUENCE whois_id_seq
|
|
1056
1051
|
CACHE 1;
|
1057
1052
|
|
1058
1053
|
|
1059
|
-
ALTER TABLE dorothy.whois_id_seq OWNER TO postgres;
|
1060
|
-
|
1061
|
-
--
|
1062
|
-
-- Name: whois_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
|
1063
|
-
--
|
1064
|
-
|
1065
|
-
ALTER SEQUENCE whois_id_seq OWNED BY whois.id;
|
1066
|
-
|
1067
|
-
|
1068
|
-
--
|
1069
|
-
-- Name: whois_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1070
|
-
--
|
1071
|
-
|
1072
|
-
SELECT pg_catalog.setval('whois_id_seq', 1, false);
|
1073
|
-
|
1074
|
-
|
1075
|
-
|
1076
|
-
|
1077
|
-
|
1078
|
-
--
|
1079
|
-
-- Name: sys_procs; Type: TABLE; Schema: dorothy; Owner: postgres; Tablespace:
|
1080
|
-
--
|
1081
|
-
|
1082
|
-
CREATE TABLE sys_procs (
|
1083
|
-
analysis_id integer NOT NULL,
|
1084
|
-
pid integer NOT NULL,
|
1085
|
-
name character varying,
|
1086
|
-
owner character varying,
|
1087
|
-
"cmdLine" character varying,
|
1088
|
-
"startTime" timestamp without time zone,
|
1089
|
-
"endTime" timestamp without time zone,
|
1090
|
-
"exitCode" integer
|
1091
|
-
);
|
1092
|
-
|
1093
|
-
|
1094
|
-
ALTER TABLE dorothy.sys_procs OWNER TO postgres;
|
1054
|
+
ALTER TABLE dorothy.whois_id_seq OWNER TO postgres;
|
1055
|
+
|
1056
|
+
--
|
1057
|
+
-- Name: whois_id_seq; Type: SEQUENCE OWNED BY; Schema: dorothy; Owner: postgres
|
1058
|
+
--
|
1059
|
+
|
1060
|
+
ALTER SEQUENCE whois_id_seq OWNED BY whois.id;
|
1061
|
+
|
1095
1062
|
|
1096
1063
|
--
|
1097
1064
|
-- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
|
@@ -1167,24 +1134,39 @@ ALTER TABLE ONLY sandboxes ALTER COLUMN id SET DEFAULT nextval('sandboxes_id_seq
|
|
1167
1134
|
-- Name: id; Type: DEFAULT; Schema: dorothy; Owner: postgres
|
1168
1135
|
--
|
1169
1136
|
|
1170
|
-
ALTER TABLE ONLY
|
1137
|
+
ALTER TABLE ONLY whois ALTER COLUMN id SET DEFAULT nextval('whois_id_seq'::regclass);
|
1171
1138
|
|
1172
1139
|
|
1173
1140
|
--
|
1174
|
-
-- Name:
|
1141
|
+
-- Data for Name: analyses; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1175
1142
|
--
|
1176
1143
|
|
1177
|
-
|
1144
|
+
COPY analyses (id, sample, sandbox, traffic_dump, date, queue_id) FROM stdin;
|
1145
|
+
\.
|
1178
1146
|
|
1179
1147
|
|
1180
1148
|
--
|
1181
|
-
--
|
1149
|
+
-- Name: analyses_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1182
1150
|
--
|
1183
1151
|
|
1184
|
-
|
1152
|
+
SELECT pg_catalog.setval('analyses_id_seq', 1, false);
|
1153
|
+
|
1154
|
+
|
1155
|
+
--
|
1156
|
+
-- Data for Name: analysis_queue; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1157
|
+
--
|
1158
|
+
|
1159
|
+
COPY analysis_queue (id, date, "binary", priority, profile, source, "user", filename, status, sighting) FROM stdin;
|
1185
1160
|
\.
|
1186
1161
|
|
1187
1162
|
|
1163
|
+
--
|
1164
|
+
-- Name: appdata_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1165
|
+
--
|
1166
|
+
|
1167
|
+
SELECT pg_catalog.setval('appdata_id_seq', 1, false);
|
1168
|
+
|
1169
|
+
|
1188
1170
|
--
|
1189
1171
|
-- Data for Name: asns; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1190
1172
|
--
|
@@ -1193,6 +1175,43 @@ COPY asns (handle, owner, country, confidence, id) FROM stdin;
|
|
1193
1175
|
\.
|
1194
1176
|
|
1195
1177
|
|
1178
|
+
--
|
1179
|
+
-- Name: asns_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1180
|
+
--
|
1181
|
+
|
1182
|
+
SELECT pg_catalog.setval('asns_id_seq', 1, false);
|
1183
|
+
|
1184
|
+
|
1185
|
+
--
|
1186
|
+
-- Data for Name: av_signs; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1187
|
+
--
|
1188
|
+
|
1189
|
+
COPY av_signs (id, av_name, signature, version, updated) FROM stdin;
|
1190
|
+
\.
|
1191
|
+
|
1192
|
+
|
1193
|
+
--
|
1194
|
+
-- Data for Name: cfg_chk; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1195
|
+
--
|
1196
|
+
|
1197
|
+
COPY cfg_chk (id, conf_file, md5_chksum, added, last_modified) FROM stdin;
|
1198
|
+
\.
|
1199
|
+
|
1200
|
+
|
1201
|
+
--
|
1202
|
+
-- Name: cfg_chk_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1203
|
+
--
|
1204
|
+
|
1205
|
+
SELECT pg_catalog.setval('cfg_chk_id_seq', 1, false);
|
1206
|
+
|
1207
|
+
|
1208
|
+
--
|
1209
|
+
-- Name: connections_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1210
|
+
--
|
1211
|
+
|
1212
|
+
SELECT pg_catalog.setval('connections_id_seq', 1, false);
|
1213
|
+
|
1214
|
+
|
1196
1215
|
--
|
1197
1216
|
-- Data for Name: dns_data; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1198
1217
|
--
|
@@ -1201,6 +1220,13 @@ COPY dns_data (id, name, class, qry, ttl, flow, address, data, type, is_sinkhole
|
|
1201
1220
|
\.
|
1202
1221
|
|
1203
1222
|
|
1223
|
+
--
|
1224
|
+
-- Name: dns_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1225
|
+
--
|
1226
|
+
|
1227
|
+
SELECT pg_catalog.setval('dns_id_seq', 1, false);
|
1228
|
+
|
1229
|
+
|
1204
1230
|
--
|
1205
1231
|
-- Data for Name: downloads; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1206
1232
|
--
|
@@ -1209,14 +1235,29 @@ COPY downloads (sample, flow, path, filename) FROM stdin;
|
|
1209
1235
|
\.
|
1210
1236
|
|
1211
1237
|
|
1238
|
+
--
|
1239
|
+
-- Data for Name: email_receivers; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1240
|
+
--
|
1241
|
+
|
1242
|
+
COPY email_receivers (address, email_id, mail_field) FROM stdin;
|
1243
|
+
\.
|
1244
|
+
|
1245
|
+
|
1212
1246
|
--
|
1213
1247
|
-- Data for Name: emails; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1214
1248
|
--
|
1215
1249
|
|
1216
|
-
COPY emails ("from",
|
1250
|
+
COPY emails ("from", subject, data, id, flow, hcmd, hcont, rcode, rcont, date, message_id, has_attachment, charset, body_sha256, forwarded_by) FROM stdin;
|
1217
1251
|
\.
|
1218
1252
|
|
1219
1253
|
|
1254
|
+
--
|
1255
|
+
-- Name: emails_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1256
|
+
--
|
1257
|
+
|
1258
|
+
SELECT pg_catalog.setval('emails_id_seq', 1, false);
|
1259
|
+
|
1260
|
+
|
1220
1261
|
--
|
1221
1262
|
-- Data for Name: flows; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1222
1263
|
--
|
@@ -1241,6 +1282,13 @@ COPY geoinfo (id, longlat, country, city, "last-update", asn) FROM stdin;
|
|
1241
1282
|
\.
|
1242
1283
|
|
1243
1284
|
|
1285
|
+
--
|
1286
|
+
-- Name: geoinfo_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1287
|
+
--
|
1288
|
+
|
1289
|
+
SELECT pg_catalog.setval('geoinfo_id_seq', 1, false);
|
1290
|
+
|
1291
|
+
|
1244
1292
|
--
|
1245
1293
|
-- Data for Name: host_ips; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1246
1294
|
--
|
@@ -1249,6 +1297,13 @@ COPY host_ips (ip, geoinfo, sbl, uptime, is_online, whois, zone, last_update, id
|
|
1249
1297
|
\.
|
1250
1298
|
|
1251
1299
|
|
1300
|
+
--
|
1301
|
+
-- Name: host_ips_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1302
|
+
--
|
1303
|
+
|
1304
|
+
SELECT pg_catalog.setval('host_ips_id_seq', 1, false);
|
1305
|
+
|
1306
|
+
|
1252
1307
|
--
|
1253
1308
|
-- Data for Name: host_roles; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1254
1309
|
--
|
@@ -1281,14 +1336,35 @@ COPY irc_data (id, flow, data, incoming) FROM stdin;
|
|
1281
1336
|
\.
|
1282
1337
|
|
1283
1338
|
|
1339
|
+
--
|
1340
|
+
-- Name: irc_data_connection_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1341
|
+
--
|
1342
|
+
|
1343
|
+
SELECT pg_catalog.setval('irc_data_connection_seq', 1, false);
|
1344
|
+
|
1345
|
+
|
1284
1346
|
--
|
1285
1347
|
-- Data for Name: malwares; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1286
1348
|
--
|
1287
1349
|
|
1288
|
-
COPY malwares (bin,
|
1350
|
+
COPY malwares (bin, rate, detected, date, link, id) FROM stdin;
|
1289
1351
|
\.
|
1290
1352
|
|
1291
1353
|
|
1354
|
+
--
|
1355
|
+
-- Name: malwares_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1356
|
+
--
|
1357
|
+
|
1358
|
+
SELECT pg_catalog.setval('malwares_id_seq', 0, false);
|
1359
|
+
|
1360
|
+
|
1361
|
+
--
|
1362
|
+
-- Name: queue_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1363
|
+
--
|
1364
|
+
|
1365
|
+
SELECT pg_catalog.setval('queue_id_seq', 1, false);
|
1366
|
+
|
1367
|
+
|
1292
1368
|
--
|
1293
1369
|
-- Data for Name: reports; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1294
1370
|
--
|
@@ -1297,6 +1373,13 @@ COPY reports (id, sandbox, sample, data) FROM stdin;
|
|
1297
1373
|
\.
|
1298
1374
|
|
1299
1375
|
|
1376
|
+
--
|
1377
|
+
-- Name: reports_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1378
|
+
--
|
1379
|
+
|
1380
|
+
SELECT pg_catalog.setval('reports_id_seq', 1, false);
|
1381
|
+
|
1382
|
+
|
1300
1383
|
--
|
1301
1384
|
-- Data for Name: roles; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1302
1385
|
--
|
@@ -1306,11 +1389,19 @@ COPY roles (id, type, comment) FROM stdin;
|
|
1306
1389
|
1 cc-irc \N
|
1307
1390
|
2 SPAM \N
|
1308
1391
|
3 cc-drop \N
|
1309
|
-
5 cc-support \N
|
1310
1392
|
4 unknown \N
|
1393
|
+
5 cc-support \N
|
1394
|
+
6 phishing \N
|
1311
1395
|
\.
|
1312
1396
|
|
1313
1397
|
|
1398
|
+
--
|
1399
|
+
-- Name: roles_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1400
|
+
--
|
1401
|
+
|
1402
|
+
SELECT pg_catalog.setval('roles_id_seq', 1, false);
|
1403
|
+
|
1404
|
+
|
1314
1405
|
--
|
1315
1406
|
-- Data for Name: samples; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1316
1407
|
--
|
@@ -1323,26 +1414,52 @@ COPY samples (sha256, size, path, filename, md5, long_type) FROM stdin;
|
|
1323
1414
|
-- Data for Name: sandboxes; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1324
1415
|
--
|
1325
1416
|
|
1326
|
-
COPY sandboxes (id, hostname,
|
1417
|
+
COPY sandboxes (id, hostname, sandbox_type, os, version, os_lang, ipaddress, username, password, is_available) FROM stdin;
|
1327
1418
|
\.
|
1328
1419
|
|
1329
1420
|
|
1330
1421
|
--
|
1331
|
-
--
|
1422
|
+
-- Name: sandboxes_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1423
|
+
--
|
1424
|
+
|
1425
|
+
SELECT pg_catalog.setval('sandboxes_id_seq', 1, false);
|
1426
|
+
|
1427
|
+
|
1428
|
+
--
|
1429
|
+
-- Data for Name: sightings; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1332
1430
|
--
|
1333
1431
|
|
1334
|
-
COPY
|
1335
|
-
0 hp1-dionaea 0 lowint-honeypot
|
1336
|
-
2 userinput 0 unknow
|
1337
|
-
1 ztracker 0 external-source
|
1432
|
+
COPY sightings (sample, sensor, date, id, src_email) FROM stdin;
|
1338
1433
|
\.
|
1339
1434
|
|
1340
1435
|
|
1341
1436
|
--
|
1342
|
-
--
|
1437
|
+
-- Name: sightings_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1438
|
+
--
|
1439
|
+
|
1440
|
+
SELECT pg_catalog.setval('sightings_id_seq', 1, false);
|
1441
|
+
|
1442
|
+
|
1443
|
+
--
|
1444
|
+
-- Data for Name: sources; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1445
|
+
--
|
1446
|
+
|
1447
|
+
COPY sources (id, sname, stype, disabled, host, geo, added, last_modified, localdir) FROM stdin;
|
1448
|
+
\.
|
1449
|
+
|
1450
|
+
|
1451
|
+
--
|
1452
|
+
-- Name: sources_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1453
|
+
--
|
1454
|
+
|
1455
|
+
SELECT pg_catalog.setval('sources_id_seq', 1, false);
|
1456
|
+
|
1457
|
+
|
1458
|
+
--
|
1459
|
+
-- Data for Name: sys_procs; Type: TABLE DATA; Schema: dorothy; Owner: postgres
|
1343
1460
|
--
|
1344
1461
|
|
1345
|
-
COPY
|
1462
|
+
COPY sys_procs (analysis_id, pid, name, owner, "cmdLine", "startTime", "endTime", "exitCode") FROM stdin;
|
1346
1463
|
\.
|
1347
1464
|
|
1348
1465
|
|
@@ -1351,7 +1468,7 @@ COPY sightings (sample, sensor, date, traffic_dump) FROM stdin;
|
|
1351
1468
|
--
|
1352
1469
|
|
1353
1470
|
COPY traffic_dumps (sha256, size, pcapr_id, "binary", parsed) FROM stdin;
|
1354
|
-
EMPTYPCAP
|
1471
|
+
EMPTYPCAP 0 fffffff ffff t
|
1355
1472
|
\.
|
1356
1473
|
|
1357
1474
|
|
@@ -1363,6 +1480,13 @@ COPY whois (id, query, data, abuse, "last-update") FROM stdin;
|
|
1363
1480
|
\.
|
1364
1481
|
|
1365
1482
|
|
1483
|
+
--
|
1484
|
+
-- Name: whois_id_seq; Type: SEQUENCE SET; Schema: dorothy; Owner: postgres
|
1485
|
+
--
|
1486
|
+
|
1487
|
+
SELECT pg_catalog.setval('whois_id_seq', 1, false);
|
1488
|
+
|
1489
|
+
|
1366
1490
|
--
|
1367
1491
|
-- Name: asns_handle_uq; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1368
1492
|
--
|
@@ -1386,6 +1510,22 @@ ALTER TABLE ONLY asns
|
|
1386
1510
|
ADD CONSTRAINT asns_pk PRIMARY KEY (id);
|
1387
1511
|
|
1388
1512
|
|
1513
|
+
--
|
1514
|
+
-- Name: av_signs_pk; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1515
|
+
--
|
1516
|
+
|
1517
|
+
ALTER TABLE ONLY av_signs
|
1518
|
+
ADD CONSTRAINT av_signs_pk PRIMARY KEY (id, av_name);
|
1519
|
+
|
1520
|
+
|
1521
|
+
--
|
1522
|
+
-- Name: cfg_chk_pk_id; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1523
|
+
--
|
1524
|
+
|
1525
|
+
ALTER TABLE ONLY cfg_chk
|
1526
|
+
ADD CONSTRAINT cfg_chk_pk_id PRIMARY KEY (id);
|
1527
|
+
|
1528
|
+
|
1389
1529
|
--
|
1390
1530
|
-- Name: dns_data_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1391
1531
|
--
|
@@ -1394,6 +1534,14 @@ ALTER TABLE ONLY dns_data
|
|
1394
1534
|
ADD CONSTRAINT dns_data_pkey PRIMARY KEY (id);
|
1395
1535
|
|
1396
1536
|
|
1537
|
+
--
|
1538
|
+
-- Name: email_rcv_pk; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1539
|
+
--
|
1540
|
+
|
1541
|
+
ALTER TABLE ONLY email_receivers
|
1542
|
+
ADD CONSTRAINT email_rcv_pk PRIMARY KEY (address, email_id, mail_field);
|
1543
|
+
|
1544
|
+
|
1397
1545
|
--
|
1398
1546
|
-- Name: ftp_data_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1399
1547
|
--
|
@@ -1410,14 +1558,6 @@ ALTER TABLE ONLY geoinfo
|
|
1410
1558
|
ADD CONSTRAINT geoinfo_pkey PRIMARY KEY (id);
|
1411
1559
|
|
1412
1560
|
|
1413
|
-
--
|
1414
|
-
-- Name: hash; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1415
|
-
--
|
1416
|
-
|
1417
|
-
ALTER TABLE ONLY samples
|
1418
|
-
ADD CONSTRAINT sha256 PRIMARY KEY (sha256);
|
1419
|
-
|
1420
|
-
|
1421
1561
|
--
|
1422
1562
|
-- Name: http_data_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1423
1563
|
--
|
@@ -1458,6 +1598,14 @@ ALTER TABLE ONLY host_ips
|
|
1458
1598
|
ADD CONSTRAINT ip_uniq UNIQUE (ip);
|
1459
1599
|
|
1460
1600
|
|
1601
|
+
--
|
1602
|
+
-- Name: malwares_pk; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1603
|
+
--
|
1604
|
+
|
1605
|
+
ALTER TABLE ONLY malwares
|
1606
|
+
ADD CONSTRAINT malwares_pk PRIMARY KEY (id);
|
1607
|
+
|
1608
|
+
|
1461
1609
|
--
|
1462
1610
|
-- Name: pk_connection; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1463
1611
|
--
|
@@ -1481,13 +1629,23 @@ ALTER TABLE ONLY host_ips
|
|
1481
1629
|
ALTER TABLE ONLY irc_data
|
1482
1630
|
ADD CONSTRAINT pk_irc PRIMARY KEY (id);
|
1483
1631
|
|
1632
|
+
|
1484
1633
|
--
|
1485
|
-
-- Name: procs-pk; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1634
|
+
-- Name: procs-pk; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1486
1635
|
--
|
1487
1636
|
|
1488
1637
|
ALTER TABLE ONLY sys_procs
|
1489
1638
|
ADD CONSTRAINT "procs-pk" PRIMARY KEY (analysis_id, pid);
|
1490
1639
|
|
1640
|
+
|
1641
|
+
--
|
1642
|
+
-- Name: queue_id_pk; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1643
|
+
--
|
1644
|
+
|
1645
|
+
ALTER TABLE ONLY analysis_queue
|
1646
|
+
ADD CONSTRAINT queue_id_pk PRIMARY KEY (id);
|
1647
|
+
|
1648
|
+
|
1491
1649
|
--
|
1492
1650
|
-- Name: reports_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1493
1651
|
--
|
@@ -1513,11 +1671,28 @@ ALTER TABLE ONLY sandboxes
|
|
1513
1671
|
|
1514
1672
|
|
1515
1673
|
--
|
1516
|
-
-- Name:
|
1674
|
+
-- Name: sha256; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1675
|
+
--
|
1676
|
+
|
1677
|
+
ALTER TABLE ONLY samples
|
1678
|
+
ADD CONSTRAINT sha256 PRIMARY KEY (sha256);
|
1679
|
+
|
1680
|
+
|
1681
|
+
--
|
1682
|
+
-- Name: sightings_pk_id; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1517
1683
|
--
|
1518
1684
|
|
1519
|
-
ALTER TABLE ONLY
|
1520
|
-
ADD CONSTRAINT
|
1685
|
+
ALTER TABLE ONLY sightings
|
1686
|
+
ADD CONSTRAINT sightings_pk_id PRIMARY KEY (id);
|
1687
|
+
|
1688
|
+
|
1689
|
+
--
|
1690
|
+
-- Name: sources_id_pk; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
1691
|
+
--
|
1692
|
+
|
1693
|
+
ALTER TABLE ONLY sources
|
1694
|
+
ADD CONSTRAINT sources_id_pk PRIMARY KEY (id);
|
1695
|
+
|
1521
1696
|
|
1522
1697
|
--
|
1523
1698
|
-- Name: traffic_dumps_pkey; Type: CONSTRAINT; Schema: dorothy; Owner: postgres; Tablespace:
|
@@ -1543,6 +1718,13 @@ ALTER TABLE ONLY whois
|
|
1543
1718
|
ADD CONSTRAINT whois_pkey PRIMARY KEY (id);
|
1544
1719
|
|
1545
1720
|
|
1721
|
+
--
|
1722
|
+
-- Name: fki_analysis_queue_fk_sighting_id; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1723
|
+
--
|
1724
|
+
|
1725
|
+
CREATE INDEX fki_analysis_queue_fk_sighting_id ON analysis_queue USING btree (sighting);
|
1726
|
+
|
1727
|
+
|
1546
1728
|
--
|
1547
1729
|
-- Name: fki_bin; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1548
1730
|
--
|
@@ -1585,6 +1767,13 @@ CREATE INDEX fki_dumps ON flows USING btree (traffic_dump);
|
|
1585
1767
|
CREATE INDEX fki_email ON emails USING btree (flow);
|
1586
1768
|
|
1587
1769
|
|
1770
|
+
--
|
1771
|
+
-- Name: fki_email_rcv_fk_emails_id; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1772
|
+
--
|
1773
|
+
|
1774
|
+
CREATE INDEX fki_email_rcv_fk_emails_id ON email_receivers USING btree (email_id);
|
1775
|
+
|
1776
|
+
|
1588
1777
|
--
|
1589
1778
|
-- Name: fki_flow; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1590
1779
|
--
|
@@ -1613,6 +1802,13 @@ CREATE INDEX fki_host ON host_roles USING btree (host_ip);
|
|
1613
1802
|
CREATE INDEX fki_irc ON irc_data USING btree (flow);
|
1614
1803
|
|
1615
1804
|
|
1805
|
+
--
|
1806
|
+
-- Name: fki_queue_id_fk; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1807
|
+
--
|
1808
|
+
|
1809
|
+
CREATE INDEX fki_queue_id_fk ON analyses USING btree (queue_id);
|
1810
|
+
|
1811
|
+
|
1616
1812
|
--
|
1617
1813
|
-- Name: fki_sample; Type: INDEX; Schema: dorothy; Owner: postgres; Tablespace:
|
1618
1814
|
--
|
@@ -1640,6 +1836,7 @@ CREATE INDEX fki_shash ON reports USING btree (sample);
|
|
1640
1836
|
|
1641
1837
|
CREATE INDEX fki_tdumps ON analyses USING btree (traffic_dump);
|
1642
1838
|
|
1839
|
+
|
1643
1840
|
--
|
1644
1841
|
-- Name: anal_id-fk; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1645
1842
|
--
|
@@ -1647,6 +1844,23 @@ CREATE INDEX fki_tdumps ON analyses USING btree (traffic_dump);
|
|
1647
1844
|
ALTER TABLE ONLY sys_procs
|
1648
1845
|
ADD CONSTRAINT "anal_id-fk" FOREIGN KEY (analysis_id) REFERENCES analyses(id);
|
1649
1846
|
|
1847
|
+
|
1848
|
+
--
|
1849
|
+
-- Name: analysis_queue_fk_sighting_id; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1850
|
+
--
|
1851
|
+
|
1852
|
+
ALTER TABLE ONLY analysis_queue
|
1853
|
+
ADD CONSTRAINT analysis_queue_fk_sighting_id FOREIGN KEY (sighting) REFERENCES sightings(id);
|
1854
|
+
|
1855
|
+
|
1856
|
+
--
|
1857
|
+
-- Name: av_signs_fk; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1858
|
+
--
|
1859
|
+
|
1860
|
+
ALTER TABLE ONLY av_signs
|
1861
|
+
ADD CONSTRAINT av_signs_fk FOREIGN KEY (id) REFERENCES malwares(id);
|
1862
|
+
|
1863
|
+
|
1650
1864
|
--
|
1651
1865
|
-- Name: dest_ip; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1652
1866
|
--
|
@@ -1671,6 +1885,14 @@ ALTER TABLE ONLY flows
|
|
1671
1885
|
ADD CONSTRAINT dumps FOREIGN KEY (traffic_dump) REFERENCES traffic_dumps(sha256);
|
1672
1886
|
|
1673
1887
|
|
1888
|
+
--
|
1889
|
+
-- Name: email_rcv_fk_emails_id; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1890
|
+
--
|
1891
|
+
|
1892
|
+
ALTER TABLE ONLY email_receivers
|
1893
|
+
ADD CONSTRAINT email_rcv_fk_emails_id FOREIGN KEY (email_id) REFERENCES emails(id);
|
1894
|
+
|
1895
|
+
|
1674
1896
|
--
|
1675
1897
|
-- Name: fk_bin; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1676
1898
|
--
|
@@ -1735,6 +1957,14 @@ ALTER TABLE ONLY host_roles
|
|
1735
1957
|
ADD CONSTRAINT host FOREIGN KEY (host_ip) REFERENCES host_ips(ip);
|
1736
1958
|
|
1737
1959
|
|
1960
|
+
--
|
1961
|
+
-- Name: queue_id_fk; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1962
|
+
--
|
1963
|
+
|
1964
|
+
ALTER TABLE ONLY analyses
|
1965
|
+
ADD CONSTRAINT queue_id_fk FOREIGN KEY (queue_id) REFERENCES analysis_queue(id);
|
1966
|
+
|
1967
|
+
|
1738
1968
|
--
|
1739
1969
|
-- Name: role_fkey; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1740
1970
|
--
|
@@ -1743,6 +1973,14 @@ ALTER TABLE ONLY host_roles
|
|
1743
1973
|
ADD CONSTRAINT role_fkey FOREIGN KEY (role) REFERENCES roles(id);
|
1744
1974
|
|
1745
1975
|
|
1976
|
+
--
|
1977
|
+
-- Name: sample_fk; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1978
|
+
--
|
1979
|
+
|
1980
|
+
ALTER TABLE ONLY analysis_queue
|
1981
|
+
ADD CONSTRAINT sample_fk FOREIGN KEY ("binary") REFERENCES samples(sha256);
|
1982
|
+
|
1983
|
+
|
1746
1984
|
--
|
1747
1985
|
-- Name: samples; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1748
1986
|
--
|
@@ -1760,19 +1998,27 @@ ALTER TABLE ONLY sightings
|
|
1760
1998
|
|
1761
1999
|
|
1762
2000
|
--
|
1763
|
-
-- Name:
|
2001
|
+
-- Name: shash; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
2002
|
+
--
|
2003
|
+
|
2004
|
+
ALTER TABLE ONLY reports
|
2005
|
+
ADD CONSTRAINT shash FOREIGN KEY (sample) REFERENCES samples(sha256);
|
2006
|
+
|
2007
|
+
|
2008
|
+
--
|
2009
|
+
-- Name: sightings_fk_emails; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1764
2010
|
--
|
1765
2011
|
|
1766
2012
|
ALTER TABLE ONLY sightings
|
1767
|
-
ADD CONSTRAINT
|
2013
|
+
ADD CONSTRAINT sightings_fk_emails FOREIGN KEY (src_email) REFERENCES emails(id);
|
1768
2014
|
|
1769
2015
|
|
1770
2016
|
--
|
1771
|
-
-- Name:
|
2017
|
+
-- Name: sightings_fk_sources_id; Type: FK CONSTRAINT; Schema: dorothy; Owner: postgres
|
1772
2018
|
--
|
1773
2019
|
|
1774
|
-
ALTER TABLE ONLY
|
1775
|
-
ADD CONSTRAINT
|
2020
|
+
ALTER TABLE ONLY sightings
|
2021
|
+
ADD CONSTRAINT sightings_fk_sources_id FOREIGN KEY (sensor) REFERENCES sources(id);
|
1776
2022
|
|
1777
2023
|
|
1778
2024
|
--
|
@@ -1800,7 +2046,7 @@ REVOKE ALL ON SCHEMA dorothy FROM postgres;
|
|
1800
2046
|
GRANT ALL ON SCHEMA dorothy TO postgres;
|
1801
2047
|
GRANT ALL ON SCHEMA dorothy TO PUBLIC;
|
1802
2048
|
|
1803
|
-
|
1804
2049
|
--
|
1805
2050
|
-- PostgreSQL database dump complete
|
1806
2051
|
--
|
2052
|
+
|