How to use the artifacts.definitions function in artifacts
To help you get started, we’ve selected a few artifacts examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
ForensicArtifacts / artifacts / artifacts / collector.py View on Github 
path_list: optional list of path strings. The default is None.
Raises:
FormatError: when path_list is not set.
"""
if not path_list:
raise errors.FormatError(u'Missing path_list value.')
super(WindowsRegistryValueCollectorDefinition, self).__init__(**kwargs)
self.path_list = path_list
class WMIQueryCollectorDefinition(CollectorDefinition):
"""Class that implements the WMI query collector definition."""
TYPE_INDICATOR = definitions.TYPE_INDICATOR_WMI_QUERY
def __init__(self, query=None, **kwargs):
"""Initializes the collector definition object.
Args:
query: optional string containing the WMI query. The default is None.
Raises:
FormatError: when query is not set.
"""
if not query:
raise errors.FormatError(u'Missing query value.')
super(WMIQueryCollectorDefinition, self).__init__(**kwargs)
self.query = query
# -*- coding: utf-8 -*-
"""The artifact definitions registry."""
from __future__ import unicode_literals
from artifacts import definitions
from artifacts import errors
from artifacts import source_type
class ArtifactDefinitionsRegistry(object):
"""Artifact definitions registry."""
_source_type_classes = {
definitions.TYPE_INDICATOR_ARTIFACT_GROUP:
source_type.ArtifactGroupSourceType,
definitions.TYPE_INDICATOR_COMMAND: source_type.CommandSourceType,
definitions.TYPE_INDICATOR_DIRECTORY: source_type.DirectorySourceType,
definitions.TYPE_INDICATOR_FILE: source_type.FileSourceType,
definitions.TYPE_INDICATOR_PATH: source_type.PathSourceType,
definitions.TYPE_INDICATOR_WINDOWS_REGISTRY_KEY:
source_type.WindowsRegistryKeySourceType,
definitions.TYPE_INDICATOR_WINDOWS_REGISTRY_VALUE:
source_type.WindowsRegistryValueSourceType,
definitions.TYPE_INDICATOR_WMI_QUERY: source_type.WMIQuerySourceType,
}
def __init__(self):
"""Initializes an artifact definitions registry."""
super(ArtifactDefinitionsRegistry, self).__init__()
self._artifact_definitions = {}self.supported_os = []
@property
def type_indicator(self):
"""The type indicator."""
type_indicator = getattr(self, 'TYPE_INDICATOR', None)
if type_indicator is None:
raise NotImplementedError(
u'Invalid path specification missing type indicator.')
return type_indicator
class ArtifactCollectorDefinition(CollectorDefinition):
"""Class that implements the artifact collector definition."""
TYPE_INDICATOR = definitions.TYPE_INDICATOR_ARTIFACT
def __init__(self, artifact_list=None, **kwargs):
"""Initializes the collector definition object.
Args:
artifact_list: optional list of artifact definition names.
The default is None.
Raises:
FormatError: when artifact_list is not set.
"""
if not artifact_list:
raise errors.FormatError(u'Missing artifact_list value.')
super(ArtifactCollectorDefinition, self).__init__(**kwargs)
self.artifact_list = artifact_listartifacts
ForensicArtifacts.com Artifact Repository.
Package Health Score
81 / 100Popular artifacts functions
- artifacts.collector.CollectorDefinition
- artifacts.definitions
- artifacts.definitions.SUPPORTED_OS
- artifacts.definitions.TYPE_INDICATOR_ARTIFACT_GROUP
- artifacts.definitions.TYPE_INDICATOR_FILE
- artifacts.definitions.TYPE_INDICATOR_PATH
- artifacts.definitions.TYPE_INDICATOR_WINDOWS_REGISTRY_KEY
- artifacts.definitions.TYPE_INDICATOR_WINDOWS_REGISTRY_VALUE
- artifacts.errors
- artifacts.errors.FormatError
- artifacts.reader
- artifacts.reader.YamlArtifactsReader
- artifacts.registry
- artifacts.source_type
- artifacts.source_type.FileSourceType
- artifacts.source_type.PathSourceType
- artifacts.source_type.SourceType
- artifacts.source_type.WindowsRegistryKeySourceType
- artifacts.win_artifacts.AbstractWMIArtifact