PyPI - assemblyline-v4-service - Versions diffs - 4.6.1.dev248__py3-none-any.whl → 4.7.0.dev31__py3-none-any.whl - Mend

assemblyline-v4-service 4.6.1.dev248py3-none-any.whl → 4.7.0.dev31py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

assemblyline_v4_service/common/result.py CHANGED Viewed

@@ -417,22 +417,22 @@ class SandboxMachineMetadata:
     def __init__(
         self,
-        # The IP of the machine used for analysis.
+        # The IP address of the analysis machine.
         ip: Optional[str] = None,
-        # The hypervisor of the machine used for analysis.
+        # The hypervisor used by the analysis machine (e.g., VMware, KVM).
         hypervisor: Optional[str] = None,
-        # The name of the machine used for analysis.
+        # The hostname of the machine used for analysis.
         hostname: Optional[str] = None,
-        # The platform of the machine used for analysis.
+        # The platform or operating system name (e.g., Windows, Linux, macOS).
         platform: Optional[str] = None,
-        # The version of the operating system of the machine used for analysis.
+        # The version of the operating system.
         version: Optional[str] = None,
-        # The architecture of the machine used for analysis.
+        # The architecture of the operating system (e.g., x86, x64, ARM).
         architecture: Optional[str] = None,
     ):
         self.ip = ip
@@ -453,96 +453,157 @@ class SandboxMachineMetadata:
             "architecture": self.architecture,
         }
+LookupType = Literal[
+    "A", "AAAA", "AFSDB", "APL", "CAA", "CDNSKEY", "CDS", "CERT", "CNAME", "CSYNC",
+    "DHCID", "DLV", "DNAME", "DNSKEY", "DS", "EUI48", "EUI64", "HINFO", "HIP",
+    "HTTPS", "IPSECKEY", "KEY", "KX", "LOC", "MX", "NAPTR", "NS", "NSEC", "NSEC3",
+    "NSEC3PARAM", "OPENPGPKEY", "PTR", "RRSIG", "RP", "SIG", "SMIMEA", "SOA",
+    "SRV", "SSHFP", "SVCB", "TA", "TKEY", "TLSA", "TSIG", "TXT", "URI", "ZONEMD"
+]
+RequestMethod = Literal[
+    "GET", "POST", "PUT", "DELETE", "HEAD", "CONNECT", "OPTIONS", "TRACE", "PATCH",
+    "BCOPY", "BDELETE", "BMOVE", "BPROPFIND", "BPROPPATCH", "COPY", "LOCK",
+    "MKCOL", "MOVE", "NOTIFY", "POLL", "PROPFIND", "PROPPATCH", "SEARCH",
+    "SUBSCRIBE", "UNLOCK", "UNSUBSCRIBE", "X-MS-ENUMATTS"
+]
+ConnectionType = Literal["http", "dns", "tls", "smtp"]
+ConnectionDirection = Literal["outbound", "inbound", "unknown"]
+SignatureType = Literal["CUCKOO", "YARA", "SIGMA", "SURICATA"]
+class SandboxMachineMetadata:
+    """Information about the sandbox machine used during analysis."""
+    def __init__(
+        self,
+        # The IP address of the machine used for analysis.
+        ip: Optional[str] = None,
+        # The hypervisor type of the machine used for analysis.
+        hypervisor: Optional[str] = None,
+        # The hostname of the machine used for analysis.
+        hostname: Optional[str] = None,
+        # The operating system platform of the machine (e.g., "Windows", "Linux").
+        platform: Optional[str] = None,
+        # The version of the operating system.
+        version: Optional[str] = None,
+        # The system architecture of the machine (e.g., "x64", "arm64").
+        architecture: Optional[str] = None,
+    ):
+        self.ip = ip
+        self.hypervisor = hypervisor
+        self.hostname = hostname
+        self.platform = platform
+        self.version = version
+        self.architecture = architecture
+    def as_primitives(self) -> Dict[str, Any]:
+        return {
+            "ip": self.ip,
+            "hypervisor": self.hypervisor,
+            "hostname": self.hostname,
+            "platform": self.platform,
+            "version": self.version,
+            "architecture": self.architecture,
+        }
 class SandboxAnalysisMetadata:
-    """Metadata regarding the sandbox analysis task."""
+    """Metadata describing the context and configuration of a sandbox analysis."""
     def __init__(
         self,
-        # The ID used for identifying the analysis task.
-        task_id: Optional[str] = None,
+        # The unique identifier of the analysis task.
+        task_id: Optional[int] = None,
-        # The start time of the analysis (ISO format).
+        # The timestamp when the analysis started (ISO 8601 format).
         start_time: str = "",
-        # The end time of the analysis (ISO format).
+        # The timestamp when the analysis ended (ISO 8601 format).
         end_time: Optional[str] = None,
-        # The routing used in the sandbox setup. (e.g., Spoofed, Internet, Tor, VPN)
+        # The network routing used during analysis (e.g., "Spoofed", "Internet", "Tor", "VPN").
         routing: Optional[str] = None,
-        # The resolution used for the analysis.
+        # The screen resolution or window size used for the sandbox environment.
         window_size: Optional[str] = None,
+        # Metadata describing the machine on which the analysis ran.
+        machine_metadata: Optional[SandboxMachineMetadata] = None,
     ):
         self.task_id = task_id
         self.start_time = start_time
         self.end_time = end_time
         self.routing = routing
         self.window_size = window_size
+        self.machine_metadata = machine_metadata
-    def as_primitives(self) -> Dict:
-        """Return a JSON-serializable representation."""
+    def as_primitives(self) -> Dict[str, Any]:
         return {
             "task_id": self.task_id,
             "start_time": self.start_time,
             "end_time": self.end_time,
             "routing": self.routing,
             "window_size": self.window_size,
+            "machine_metadata": (
+                self.machine_metadata.as_primitives() if self.machine_metadata else None
+            ),
         }
 class SandboxProcessItem:
-    """Represents a process observed during sandbox execution."""
+    """Information about a process observed during sandbox execution."""
     def __init__(
         self,
-        # The image of the process. Default: "<unknown_image>".
+        # The executable image name of the process. Default: "<unknown_image>".
         image: str,
-        # The time of creation for the process. (ISO date format)
+        # The timestamp when the process started (ISO 8601 format).
         start_time: str,
-        # The process ID of the parent process.
+        # Name of the sources who identified this information
+        sources: Optional[List[str]],
+        # The parent process ID (PPID).
         ppid: Optional[int] = None,
-        # The process ID.
+        # The process ID (PID).
         pid: Optional[int] = None,
-        # The command line that the process ran.
+        # The full command line used to start the process.
         command_line: Optional[str] = None,
-        # The time of termination for the process. (ISO date format)
+        # The timestamp when the process terminated (ISO 8601 format).
         end_time: Optional[str] = None,
-        # The integrity level of the process.
+        # The integrity level of the process (e.g., "High", "Medium", "Low").
         integrity_level: Optional[str] = None,
-        # The hash of the file run.
+        # The hash of the executable file for the process (e.g., SHA256).
         image_hash: Optional[str] = None,
-        # The original name of the file.
+        # The original file name as embedded in the binary metadata.
         original_file_name: Optional[str] = None,
-        # Whether this process was safelisted.
+        # Indicates whether this process was safelisted (whitelisted).
         safelisted: Optional[bool] = False,
-        # Number of files this process interacted with
-        file_count: int = 0,
+        # The number of file I/O events associated with this process.
+        file_count: Optional[int] = 0,
-        # Number of registries this process interacted with
-        registry_count: int = 0,
+        # The number of registry modification events associated with this process.
+        registry_count: Optional[int] = 0,
     ):
-        # ----------------------------
-        # Core process information
-        # ----------------------------
         self.image = image or "<unknown_image>"
         self.start_time = start_time
-        # Parent process information
+        self.sources = sources or []
         self.ppid = ppid
-        # Current process information
         self.pid = pid
         self.command_line = command_line
         self.end_time = end_time
@@ -550,18 +611,14 @@ class SandboxProcessItem:
         self.image_hash = image_hash
         self.original_file_name = original_file_name
         self.safelisted = safelisted
-        # ----------------------------
-        # Relationships & statistics
-        # ----------------------------
         self.file_count = file_count
         self.registry_count = registry_count
-    def as_primitives(self) -> Dict:
-        """Return a JSON-serializable dictionary representation of this process."""
+    def as_primitives(self) -> Dict[str, Any]:
         return {
             "image": self.image,
             "start_time": self.start_time,
+            "sources": self.sources,
             "ppid": self.ppid,
             "pid": self.pid,
             "command_line": self.command_line,
@@ -575,100 +632,82 @@ class SandboxProcessItem:
         }
-LookupType = Literal[
-    "A", "AAAA", "AFSDB", "APL", "CAA", "CDNSKEY", "CDS", "CERT", "CNAME", "CSYNC",
-    "DHCID", "DLV", "DNAME", "DNSKEY", "DS", "EUI48", "EUI64", "HINFO", "HIP",
-    "HTTPS", "IPSECKEY", "KEY", "KX", "LOC", "MX", "NAPTR", "NS", "NSEC", "NSEC3",
-    "NSEC3PARAM", "OPENPGPKEY", "PTR", "RRSIG", "RP", "SIG", "SMIMEA", "SOA",
-    "SRV", "SSHFP", "SVCB", "TA", "TKEY", "TLSA", "TSIG", "TXT", "URI", "ZONEMD"
-]
-RequestMethod = Literal[
-    "GET", "POST", "PUT", "DELETE", "HEAD", "CONNECT", "OPTIONS", "TRACE", "PATCH",
-    "BCOPY", "BDELETE", "BMOVE", "BPROPFIND", "BPROPPATCH", "COPY", "LOCK",
-    "MKCOL", "MOVE", "NOTIFY", "POLL", "PROPFIND", "PROPPATCH", "SEARCH",
-    "SUBSCRIBE", "UNLOCK", "UNSUBSCRIBE", "X-MS-ENUMATTS"
-]
-ConnectionType = Literal["http", "dns", "tls", "smtp"]
-ConnectionDirection = Literal["outbound", "inbound", "unknown"]
 class SandboxNetworkDNS:
-    """Details for a DNS request."""
+    """Details of a DNS query observed during sandbox execution."""
     def __init__(
         self,
+        # The domain name requested (queried).
         domain: str,
+        # The DNS lookup type (e.g., "A", "AAAA", "MX").
         lookup_type: LookupType,
+        # A list of IP addresses returned in the DNS response.
         resolved_ips: Optional[List[str]] = None,
+        # A list of domain names returned in the DNS response (for CNAMEs, etc.).
         resolved_domains: Optional[List[str]] = None,
     ):
-        # The domain requested.
         self.domain = domain
-        # A list of IPs that were resolved.
+        self.lookup_type = lookup_type
         self.resolved_ips = resolved_ips or []
-        # A list of domains that were resolved.
         self.resolved_domains = resolved_domains or []
-        # The type of DNS request.
-        self.lookup_type = lookup_type
-    def as_primitives(self) -> Dict:
+    def as_primitives(self) -> Dict[str, Any]:
         return {
             "domain": self.domain,
+            "lookup_type": self.lookup_type,
             "resolved_ips": self.resolved_ips,
             "resolved_domains": self.resolved_domains,
-            "lookup_type": self.lookup_type,
         }
 class SandboxNetworkHTTP:
-    """Details for an HTTP request."""
+    """Details of an HTTP request/response observed during sandbox execution."""
     def __init__(
         self,
+        # The URI requested by the process.
         request_uri: str,
-        request_headers: Optional[Dict[str, object]] = None,
+        # Headers included in the HTTP request.
+        request_headers: Optional[Dict[str, Any]] = None,
+        # The HTTP request method (e.g., "GET", "POST").
         request_method: Optional[RequestMethod] = None,
-        response_headers: Optional[Dict[str, object]] = None,
+        # Headers included in the HTTP response.
+        response_headers: Optional[Dict[str, Any]] = None,
+        # The raw body content of the HTTP request.
         request_body: Optional[str] = None,
+        # The HTTP status code of the response (e.g., 200, 404).
         response_status_code: Optional[int] = None,
+        # The raw body content of the HTTP response.
         response_body: Optional[str] = None,
-        response_content_fileinfo: Optional[Dict] = None,
+        # Metadata about any file contained in the HTTP response body.
+        response_content_fileinfo: Optional[Dict[str, Any]] = None,
+        # The MIME type of the HTTP response content.
         response_content_mimetype: Optional[str] = None,
     ):
-        # The URI requested.
         self.request_uri = request_uri
-        # Headers included in the request.
         self.request_headers = request_headers or {}
-        # The method of the request.
         self.request_method = request_method
-        # Headers included in the response.
         self.response_headers = response_headers or {}
-        # The body of the request.
         self.request_body = request_body
-        # The status code of the response.
         self.response_status_code = response_status_code
-        # The body of the response.
         self.response_body = response_body
-        # File information of the response content.
         self.response_content_fileinfo = response_content_fileinfo
-        # MIME type returned by the server.
         self.response_content_mimetype = response_content_mimetype
-    def as_primitives(self) -> Dict:
+    def as_primitives(self) -> Dict[str, Any]:
         return {
             "request_uri": self.request_uri,
             "request_headers": self.request_headers,
@@ -683,24 +722,24 @@ class SandboxNetworkHTTP:
 class SandboxNetworkSMTP:
-    """Details for an SMTP request."""
+    """Details of an SMTP email transaction observed during sandbox execution."""
     def __init__(
         self,
+        # The sender email address in the SMTP transaction.
         mail_from: str,
+        # A list of recipient email addresses in the SMTP transaction.
         mail_to: List[str],
-        attachments: Optional[List[Dict]] = None,
+        # Information about any attachments transmitted via SMTP.
+        attachments: Optional[List[Dict[str, Any]]] = None,
     ):
-        # Sender of the email.
         self.mail_from = mail_from
-        # Recipients of the email.
         self.mail_to = mail_to
-        # File information about the attachments.
         self.attachments = attachments or []
-    def as_primitives(self) -> Dict:
+    def as_primitives(self) -> Dict[str, Any]:
         return {
             "mail_from": self.mail_from,
             "mail_to": self.mail_to,
@@ -709,51 +748,55 @@ class SandboxNetworkSMTP:
 class SandboxNetflowItem:
-    """Details about a low-level network connection by IP."""
+    """Details of a network flow (connection) observed during sandbox execution."""
     def __init__(
         self,
-        # The destination IP of the connection.
+        # The destination IP address of the network connection.
         destination_ip: Optional[str] = None,
-        # The destination port of the connection.
+        # The destination port number of the connection.
         destination_port: Optional[int] = None,
-        # The transport layer protocol (e.g., tcp, udp).
+        # The transport layer protocol used (e.g., "tcp", "udp").
         transport_layer_protocol: Optional[Literal["tcp", "udp"]] = None,
-        # The direction of the network connection.
-        direction: Optional[ConnectionDirection] = None,
+        # The direction of the network connection (e.g., "inbound", "outbound").
+        direction: Optional["ConnectionDirection"] = None,
-        # PID of the process that spawned the network connection.
-        pid: Optional[int] = None,
+        # The process ID that initiated or owned the network connection.
+        process: Optional[int] = None,
+        # Name of the sources who identified this information
+        sources: Optional[List[str]] = [],
-        # The source IP of the connection.
+        # The source IP address of the connection.
         source_ip: Optional[str] = None,
-        # The source port of the connection.
+        # The source port number of the connection.
         source_port: Optional[int] = None,
-        time_observed: str = None,
+        # The timestamp when the network event was observed (ISO 8601 format).
+        time_observed: Optional[str] = None,
-        # HTTP-specific details of the request.
-        http_details: Optional[SandboxNetworkHTTP] = None,
+        # Detailed HTTP request/response data, if the flow is HTTP-related.
+        http_details: Optional["SandboxNetworkHTTP"] = None,
-        # DNS-specific details of the request.
-        dns_details: Optional[SandboxNetworkDNS] = None,
+        # Detailed DNS query/response data, if the flow is DNS-related.
+        dns_details: Optional["SandboxNetworkDNS"] = None,
-        # SMTP-specific details of the request.
+        # Detailed SMTP email data, if the flow is SMTP-related.
         smtp_details: Optional[SandboxNetworkSMTP] = None,
-        # Type of connection being made.
-        connection_type: Optional[ConnectionType] = None,
+        # The type or category of the connection (e.g., "download", "upload").
+        connection_type: Optional["ConnectionType"] = None,
     ):
         self.destination_ip = destination_ip
         self.destination_port = destination_port
         self.transport_layer_protocol = transport_layer_protocol
         self.direction = direction
-        self.pid = pid
+        self.process = process
+        self.sources = sources or []
         self.source_ip = source_ip
         self.source_port = source_port
         self.time_observed = time_observed
@@ -762,14 +805,14 @@ class SandboxNetflowItem:
         self.smtp_details = smtp_details
         self.connection_type = connection_type
-    def as_primitives(self) -> Dict:
-        """Return a JSON-serializable representation."""
+    def as_primitives(self) -> Dict[str, Any]:
         data: Dict[str, Any] = {
             "destination_ip": self.destination_ip,
             "destination_port": self.destination_port,
             "transport_layer_protocol": self.transport_layer_protocol,
             "direction": self.direction,
-            "pid": self.pid,
+            "process": self.process,
+            "sources": self.sources,
             "source_ip": self.source_ip,
             "source_port": self.source_port,
             "time_observed": self.time_observed,
@@ -778,10 +821,8 @@ class SandboxNetflowItem:
         if self.http_details is not None:
             data["http_details"] = self.http_details.as_primitives()
         if self.dns_details is not None:
             data["dns_details"] = self.dns_details.as_primitives()
         if self.smtp_details is not None:
             data["smtp_details"] = self.smtp_details.as_primitives()
@@ -789,12 +830,17 @@ class SandboxNetflowItem:
 class SandboxAttackItem:
-    """Represents a MITRE ATT&CK technique or pattern."""
+    """Describes an ATT&CK technique or tactic detected during sandbox execution."""
     def __init__(
         self,
+        # The MITRE ATT&CK technique ID (e.g., "T1059.001").
         attack_id: str,
-        pattern: str = None,
+        # The name or pattern describing the attack behavior.
+        pattern: str,
+        # The list of categories or tactics associated with this attack.
         categories: List[str] = [],
     ):
         self.attack_id = attack_id
@@ -810,63 +856,62 @@ class SandboxAttackItem:
 class SandboxSignatureItem:
-    """A signature that was raised during the analysis of the task."""
+    """Represents a detection signature triggered during analysis."""
     def __init__(
         self,
-        # The name of the signature.
+        # The name of the detection signature.
         name: str,
-        # Type of signature. One of: "CUCKOO", "YARA", "SIGMA", "SURICATA".
-        type: Literal["CUCKOO", "YARA", "SIGMA", "SURICATA"],
+        # The source type of the signature (e.g., "CAPE", "CUCKOO").
+        type: Literal["CAPE", "CUCKOO"],
-        # Classification of signature (e.g., "malicious", "benign").
-        classification: str,
+        # Name of the sources who identified this information
+        sources: Optional[List[str]],
-        # A list of ATT&CK patterns and categories of the signature.
-        attacks: Optional[List[SandboxAttackItem]] = [],
+        # The classification of the signature (e.g., "malicious", "benign").
+        classification: str,
-        # List of actors of the signature.
-        actors: Optional[List[str]] = [],
+        # The list of ATT&CK patterns or related attack metadata linked to this signature.
+        attacks: Optional[List[SandboxAttackItem]] = None,
-        # List of malware families of the signature.
-        malware_families: Optional[List[str]] = [],
+        # The list of threat actors associated with this signature.
+        actors: Optional[List[str]] = None,
-        # ID of the signature.
-        signature_id: Optional[str] = None,
+        # The list of malware families linked to this signature.
+        malware_families: Optional[List[str]] = None,
-        # Optional human-readable message.
-        message: Optional[str] = None,
+        # A human-readable description of what the signature represents.
+        description: Optional[str] = None,
-        # PIDs of the processes that generated the signature.
-        pids: Optional[List[int]] = [],
+        # The list of process IDs (PIDs) that triggered the signature.
+        pid: Optional[List[int]] = None,
-        # Score of the heuristic this signature belongs to
-        score: int = None,
+        # The score or weight associated with the heuristic signature.
+        score: Optional[int] = None,
     ):
         self.name = name
         self.type = type
+        self.sources = sources or []
         self.classification = classification
-        self.attacks = attacks
-        self.actors = actors
-        self.malware_families = malware_families
-        self.signature_id = signature_id
-        self.message = message
-        self.pids = pids
+        self.attacks = attacks or []
+        self.actors = actors or []
+        self.malware_families = malware_families or []
+        self.description = description
+        self.pid = pid or []
         self.score = score
     def as_primitives(self) -> Dict[str, Any]:
         return {
             "name": self.name,
             "type": self.type,
+            "sources": self.sources,
             "classification": self.classification,
-            "attacks": [a.as_primitives() for a in self.attacks] if self.attacks else None,
+            "attacks": [a.as_primitives() for a in self.attacks] if self.attacks else [],
             "actors": self.actors,
             "malware_families": self.malware_families,
-            "signature_id": self.signature_id,
-            "message": self.message,
-            "pids": self.pids,
+            "description": self.description,
+            "pid": self.pid,
             "score": self.score,
         }
@@ -874,32 +919,33 @@ class SandboxSignatureItem:
 class SandboxSectionBody(SectionBody):
-    """
-    Represents the structured body of a sandbox analysis section.
-    Collects all sandbox-relevant entities: sandbox metadata, processes, network flows, and signatures.
-    """
+    """The main sandbox analysis body containing all observed data and metadata."""
     def __init__(self) -> None:
         super().__init__(BODY_FORMAT.SANDBOX, body={
-            "sandbox_name": None,
-            "sandbox_version": None,
-            "machine_metadata": None,
-            "analysis_metadata": None,
+            "analysis_information": None,
             "processes": [],
-            "netflows": [],
+            "network_connections": [],
             "signatures": [],
         })
-    def set_sandbox(self, name: str, version: Optional[str], machine_metadata: SandboxMachineMetadata, analysis_metadata: SandboxAnalysisMetadata) -> None:
-        """Set the sandbox metadata (name, version, machine info, and analysis info)."""
-        self._data["sandbox_name"] = name
-        self._data["sandbox_version"] = version
-        self._data["machine_metadata"] = (
-            machine_metadata.as_primitives() if machine_metadata else None
-        )
-        self._data["analysis_metadata"] = (
-            analysis_metadata.as_primitives() if analysis_metadata else None
-        )
+    def set_analysis_information(
+        self,
+        # The name of the sandbox used to perform the analysis.
+        sandbox_name: str,
+        # The version of the sandbox software.
+        sandbox_version: str,
+        # Metadata about when and how the analysis was executed.
+        analysis_metadata: SandboxAnalysisMetadata,
+    ) -> None:
+        """Set the general analysis information for the sandbox execution."""
+        self._data["analysis_information"] = {
+            "sandbox_name": sandbox_name,
+            "sandbox_version": sandbox_version,
+            "analysis_metadata": analysis_metadata.as_primitives(),
+        }
     def add_process(self, process: SandboxProcessItem) -> None:
         """Add a single process to the sandbox result."""
@@ -908,42 +954,38 @@ class SandboxSectionBody(SectionBody):
         self._data["processes"].append(process.as_primitives())
     def add_processes(self, processes: List[SandboxProcessItem]) -> None:
-        """Add multiple processes at once."""
+        """Add multiple processes to the sandbox result."""
         for proc in processes:
             self.add_process(proc)
-    def add_netflow(self, netflow: SandboxNetflowItem) -> None:
-        """Add a network flow to the sandbox result."""
-        if not isinstance(netflow, SandboxNetflowItem):
+    def add_network_connection(self, connection: SandboxNetflowItem) -> None:
+        """Add a single network connection to the sandbox result."""
+        if not isinstance(connection, SandboxNetflowItem):
             raise TypeError("Expected SandboxNetflowItem")
-        self._data["netflows"].append(netflow.as_primitives())
+        self._data["network_connections"].append(connection.as_primitives())
-    def add_netflows(self, netflows: List[SandboxNetflowItem]) -> None:
-        """Add multiple network flows at once."""
-        for nf in netflows:
-            self.add_netflow(nf)
+    def add_network_connections(self, connections: List[SandboxNetflowItem]) -> None:
+        """Add multiple network connections to the sandbox result."""
+        for conn in connections:
+            self.add_network_connection(conn)
     def add_signature(self, signature: SandboxSignatureItem) -> None:
-        """Add a detection signature to the sandbox result."""
+        """Add a single detection signature to the sandbox result."""
         if not isinstance(signature, SandboxSignatureItem):
             raise TypeError("Expected SandboxSignatureItem")
         self._data["signatures"].append(signature.as_primitives())
     def add_signatures(self, signatures: List[SandboxSignatureItem]) -> None:
-        """Add multiple detection signatures at once."""
+        """Add multiple detection signatures to the sandbox result."""
         for sig in signatures:
             self.add_signature(sig)
     def as_primitives(self) -> Dict[str, Any]:
         """Return a fully JSON-serializable structure."""
         return {
-            "sandbox_name": self._data["sandbox_name"],
-            "sandbox_version": self._data["sandbox_version"],
-            "machine_metadata": self._data["machine_metadata"],
-            "analysis_metadata": self._data["analysis_metadata"],
+            "analysis_information": self._data["analysis_information"],
             "processes": self._data["processes"],
-            "netflows": self._data["netflows"],
+            "network_connections": self._data["network_connections"],
             "signatures": self._data["signatures"],
         }
@@ -1343,48 +1385,43 @@ class ResultSandboxSection(TypeSpecificResultSection):
         self.section_body: SandboxSectionBody
         super().__init__(title_text, SandboxSectionBody(), **kwargs)
-    def set_sandbox(
+    def set_analysis_information(
         self,
-        name: str,
-        version: Optional[str],
-        machine_metadata: Optional[SandboxMachineMetadata],
+        sandbox_name: Optional[str],
+        sandbox_version: Optional[str],
         analysis_metadata: Optional[SandboxAnalysisMetadata],
     ) -> None:
-        """Set the sandbox metadata (name, version, machine info, and analysis info)."""
-        self.section_body.set_sandbox(name, version, machine_metadata, analysis_metadata)
+        """Set the general analysis information for the sandbox execution."""
+        self.section_body.set_analysis_information(
+            sandbox_name,
+            sandbox_version,
+            analysis_metadata,
+        )
     def add_process(self, process: SandboxProcessItem) -> None:
         """Add a single process to the sandbox result."""
         self.section_body.add_process(process)
     def add_processes(self, processes: List[SandboxProcessItem]) -> None:
-        """Add multiple processes at once."""
+        """Add multiple processes to the sandbox result."""
         self.section_body.add_processes(processes)
-    def add_netflow(self, netflow: SandboxNetflowItem) -> None:
-        """Add a single network flow to the sandbox result."""
-        self.section_body.add_netflow(netflow)
+    def add_network_connection(self, connection: SandboxNetflowItem) -> None:
+        """Add a single network connection to the sandbox result."""
+        self.section_body.add_network_connection(connection)
-    def add_netflows(self, netflows: List[SandboxNetflowItem]) -> None:
-        """Add multiple network flows at once."""
-        self.section_body.add_netflows(netflows)
+    def add_network_connections(self, connections: List[SandboxNetflowItem]) -> None:
+        """Add multiple network connections to the sandbox result."""
+        self.section_body.add_network_connections(connections)
     def add_signature(self, signature: SandboxSignatureItem) -> None:
-        """Add a detection signature to the sandbox result."""
+        """Add a single detection signature to the sandbox result."""
         self.section_body.add_signature(signature)
     def add_signatures(self, signatures: List[SandboxSignatureItem]) -> None:
-        """Add multiple detection signatures at once."""
+        """Add multiple detection signatures to the sandbox result."""
         self.section_body.add_signatures(signatures)
-    def add_heuristic(self, heuristic: SandboxHeuristicItem) -> None:
-        """Add a heuristic to the sandbox result."""
-        self.section_body.add_heuristic(heuristic)
-    def add_heuristics(self, heuristics: List[SandboxHeuristicItem]) -> None:
-        """Add multiple heuristics at once."""
-        self.section_body.add_heuristics(heuristics)
 class ResultTableSection(TypeSpecificResultSection):
     def __init__(self, title_text: Union[str, List], **kwargs):

assemblyline-v4-service 4.6.1.dev248__py3-none-any.whl → 4.7.0.dev31__py3-none-any.whl

assemblyline-v4-service 4.6.1.dev248py3-none-any.whl → 4.7.0.dev31py3-none-any.whl