1# Copyright (c) 2017, The MITRE Corporation. All rights reserved.
2# See LICENSE.txt for complete terms.
3
4from mixbox import entities
5from mixbox import fields
6
7import cybox.bindings.win_event_log_object as win_event_log_binding
8from cybox.common import ObjectProperties, String, Base64Binary, DateTime, Long
9
10
11class UnformattedMessageList(entities.EntityList):
12    _binding = win_event_log_binding
13    _binding_class = win_event_log_binding.UnformattedMessageListType
14    _namespace = "http://cybox.mitre.org/objects#WinEventLogObject-2"
15
16    unformatted_message = fields.TypedField("Unformatted_Message", String, multiple=True)
17
18
19class WinEventLog(ObjectProperties):
20    _binding = win_event_log_binding
21    _binding_class = win_event_log_binding.WindowsEventLogObjectType
22    _namespace = "http://cybox.mitre.org/objects#WinEventLogObject-2"
23    _XSI_NS = "WinEventLogObj"
24    _XSI_TYPE = "WindowsEventLogObjectType"
25
26    eid = fields.TypedField("EID", Long)
27    type_ = fields.TypedField("Type", String)
28    log = fields.TypedField("Log", String)
29    message = fields.TypedField("Message", String)
30    category_num = fields.TypedField("Category_Num", Long)
31    category = fields.TypedField("Category", String)
32    generation_time = fields.TypedField("Generation_Time", DateTime)
33    source = fields.TypedField("Source", String)
34    machine = fields.TypedField("Machine", String)
35    user = fields.TypedField("User", String)
36    blob = fields.TypedField("Blob", Base64Binary)
37    correlation_activity_id = fields.TypedField("Correlation_Activity_ID", String)
38    correlation_related_activity_id = fields.TypedField("Correlation_Related_Activity_ID", String)
39    execution_process_id = fields.TypedField("Execution_Process_ID", String)
40    execution_thread_id = fields.TypedField("Execution_Thread_ID", String)
41    index = fields.TypedField("Index", Long)
42    reserved = fields.TypedField("Reserved", Long)
43    unformatted_message_list = fields.TypedField("Unformatted_Message_List", UnformattedMessageList)
44    write_time = fields.TypedField("Write_Time", DateTime)
45