Onyphe-Data-Model.xml
|
<Objs Version="1.1.0.1" xmlns="http://schemas.microsoft.com/powershell/2004/04">
<Obj RefId="0"> <TN RefId="0"> <T>Selected.System.Management.Automation.PSCustomObject</T> <T>System.Management.Automation.PSCustomObject</T> <T>System.Object</T> </TN> <MS> <Obj N="apis" RefId="1"> <TN RefId="1"> <T>System.Object[]</T> <T>System.Array</T> <T>System.Object</T> </TN> <LST> <S>user</S> <S>simple/ctl</S> <S>simple/datascan</S> <S>simple/datascan/datamd5</S> <S>simple/geoloc</S> <S>simple/geoloc/best</S> <S>simple/inetnum</S> <S>simple/inetnum/best</S> <S>simple/pastries</S> <S>simple/resolver</S> <S>simple/resolver/forward</S> <S>simple/resolver/reverse</S> <S>simple/sniffer</S> <S>simple/synscan</S> <S>simple/threatlist</S> <S>simple/threatlist/best</S> <S>simple/datashot</S> <S>simple/onionscan</S> <S>simple/onionshot</S> <S>simple/topsite</S> <S>simple/whois</S> <S>simple/whois/best</S> <S>search</S> <S>search/ctl</S> <S>search/datascan</S> <S>search/geoloc</S> <S>search/inetnum</S> <S>search/pastries</S> <S>search/resolver</S> <S>search/sniffer</S> <S>search/synscan</S> <S>search/threatlist</S> <S>search/datashot</S> <S>search/onionscan</S> <S>search/onionshot</S> <S>search/topsite</S> <S>alert/list</S> <S>alert/add</S> <S>alert/del</S> <S>search/vulnscan</S> <S>summary/ip</S> <S>summary/domain</S> <S>summary/hostname</S> <S>export</S> <S>simple/vulnscan</S> <S>bulk/simple/ctl/ip</S> <S>bulk/simple/datascan/ip</S> <S>bulk/simple/datashot/ip</S> <S>bulk/simple/geoloc/best/ip</S> <S>bulk/simple/geoloc/ip</S> <S>bulk/simple/inetnum/best/ip</S> <S>bulk/simple/inetnum/ip</S> <S>bulk/simple/pastries/ip</S> <S>bulk/simple/resolver/ip</S> <S>bulk/simple/sniffer/ip</S> <S>bulk/simple/synscan/ip</S> <S>bulk/simple/threatlist/best/ip</S> <S>bulk/simple/threatlist/ip</S> <S>bulk/simple/topsite/ip</S> <S>bulk/simple/vulnscan/ip</S> <S>bulk/simple/whois/best/ip</S> <S>bulk/simple/whois/ip</S> <S>bulk/summary/domain</S> <S>bulk/summary/hostname</S> <S>bulk/summary/ip</S> </LST> </Obj> <Obj N="filters" RefId="2"> <TNRef RefId="1" /> <LST> <S>abuse</S> <S>alternativeip</S> <S>app.browse.file</S> <S>app.browse.name</S> <S>app.browse.type</S> <S>app.database.count</S> <S>app.database.name</S> <S>app.database.size</S> <S>app.dns.versionbind</S> <S>app.elasticsearch.clustername</S> <S>app.elasticsearch.luceneversion</S> <S>app.extract.domain</S> <S>app.extract.file</S> <S>app.extract.hostname</S> <S>app.extract.ip</S> <S>app.extract.url</S> <S>app.ftp.anonymous</S> <S>app.http.bodymd5</S> <S>app.http.bodymmh3</S> <S>app.http.component.product</S> <S>app.http.component.productvendor</S> <S>app.http.component.productversion</S> <S>app.http.component.productversionpatch</S> <S>app.http.copyright</S> <S>app.http.copyright.keyword</S> <S>app.http.description</S> <S>app.http.description.keyword</S> <S>app.http.headermd5</S> <S>app.http.headermmh3</S> <S>app.http.header.name</S> <S>app.http.header.value</S> <S>app.http.keywords</S> <S>app.http.keywords.keyword</S> <S>app.http.realm</S> <S>app.http.title</S> <S>app.http.title.keyword</S> <S>app.length</S> <S>app.modbus.code</S> <S>app.modbus.function</S> <S>app.modbus.information</S> <S>app.modbus.product</S> <S>app.modbus.productvendor</S> <S>app.modbus.productversion</S> <S>app.modbus.productversionpatch</S> <S>app.mongodb.database</S> <S>app.mongodb.name</S> <S>app.ntp.leap</S> <S>app.ntp.mode</S> <S>app.ntp.stratum</S> <S>app.ntp.version</S> <S>app.rtsp.realm</S> <S>app.screenshot.format</S> <S>app.screenshot.image</S> <S>app.screenshot.imagemd5</S> <S>app.screenshot.imagemmh3</S> <S>app.smb.nullsession</S> <S>app.smb.servername</S> <S>app.smb.share</S> <S>app.smb.version</S> <S>app.smb.workgroup</S> <S>app.snmp.community</S> <S>app.snmp.sysdescr</S> <S>app.telnet.fingerprint</S> <S>app.vnc.authentication</S> <S>app.vnc.desktopname</S> <S>app.vnc.screensize</S> <S>app.vnc.version</S> <S>asn</S> <S>basicconstraints</S> <S>bgproute</S> <S>botnet</S> <S>ca</S> <S>city</S> <S>continent</S> <S>continentname</S> <S>count</S> <S>country</S> <S>countryname</S> <S>data</S> <S>datamd5</S> <S>datammh3</S> <S>destport</S> <S>distinct</S> <S>domain</S> <S>extkeyusage</S> <S>file</S> <S>fingerprint.md5</S> <S>fingerprint.sha1</S> <S>fingerprint.sha256</S> <S>forward</S> <S>host</S> <S>hostname</S> <S>information</S> <S>ip</S> <S>ipv6</S> <S>isineu</S> <S>issuer.city</S> <S>issuer.commonname</S> <S>issuer.country</S> <S>issuer.email</S> <S>issuer.organization</S> <S>issuer.organizationalunit</S> <S>issuer.serial</S> <S>key</S> <S>keyusage</S> <S>location</S> <S>netname</S> <S>organization</S> <S>os</S> <S>osbits</S> <S>osdistribution</S> <S>osdistributionversion</S> <S>osvendor</S> <S>osversion</S> <S>osversionpatch</S> <S>port</S> <S>product</S> <S>productvendor</S> <S>productversion</S> <S>productversionpatch</S> <S>protocol</S> <S>protocolversion</S> <S>publickey.algorithm</S> <S>publickey.exponent</S> <S>publickey.length</S> <S>rank</S> <S>reason</S> <S>reverse</S> <S>route</S> <S>scheme</S> <S>serial</S> <S>signature.algorithm</S> <S>since</S> <S>size</S> <S>source</S> <S>srcport</S> <S>status</S> <S>subdomains</S> <S>subject.altname</S> <S>subject.city</S> <S>subject.commonname</S> <S>subject.country</S> <S>subject.email</S> <S>subject.organization</S> <S>subject.organizationalunit</S> <S>subject.serial</S> <S>subnet</S> <S>summary</S> <S>summarymd5</S> <S>summarymmh3</S> <S>syntax</S> <S>threatlist</S> <S>title</S> <S>tld</S> <S>tls</S> <S>total</S> <S>transport</S> <S>type</S> <S>url</S> <S>user</S> <S>validity.notafter</S> <S>validity.notbefore</S> <S>version</S> <S>wildcard</S> <S>geolocus.asn</S> <S>geolocus.continentname</S> <S>geolocus.continent</S> <S>geolocus.countryname</S> <S>geolocus.country</S> <S>geolocus.isineu</S> <S>geolocus.latitude</S> <S>geolocus.location</S> <S>geolocus.longitude</S> <S>geolocus.netname</S> <S>geolocus.organization</S> <S>geolocus.source</S> <S>geolocus.subnet</S> <S>geolocus.timezone</S> <S>classification</S> <S>company.country</S> <S>company.fortunerank</S> <S>company.globalrank</S> <S>company.industry</S> <S>company.name</S> <S>company.sector</S> <S>content</S> <S>cpe</S> <S>cpecount</S> <S>cve</S> <S>cvecount</S> <S>device.class</S> <S>device.product</S> <S>device.productvendor</S> <S>device.productversion</S> <S>device.productversionpatch</S> <S>onion</S> <S>tag</S> </LST> </Obj> <Obj N="functions" RefId="3"> <TNRef RefId="1" /> <LST> <S>dayago</S> <S>exists</S> <S>fields</S> <S>hourago</S> <S>monthago</S> <S>notexists</S> <S>notwildcard</S> <S>sort</S> <S>weekago</S> <S>wildcard</S> <S>orwildcard</S> <S>since</S> </LST> </Obj> </MS> </Obj> </Objs> |