Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/nextronsystems/finding-store

THOR Finding Filesystem Layout
https://github.com/nextronsystems/finding-store

Last synced: 10 months ago
JSON representation

THOR Finding Filesystem Layout

Awesome Lists containing this project

README 

          
# THOR Finding Store



This package provides a simple on-disk store for findings generated by THOR scans.



Both findings and the content that was matched on (typically the file content) are stored, with both referencing each other.

A finding will have none or one content item, while a content item may be referenced by multiple findings.



## Layout



The store is a directory with the following structure:



```

├── findings

│   └── ab

│       ├── abcdef1234567890

│       └── abcdef1234567890.hash

└── samples

    └── 1e

        ├── 1edc8bf0596dcdc0ca93b6dd89e14b57d0b4faf5da534d5487f9ed7ad0eb7e06

        └── 1edc8bf0596dcdc0ca93b6dd89e14b57d0b4faf5da534d5487f9ed7ad0eb7e06.metadata

```



Where:



- `findings/` contains the findings, organized by their first two characters of the finding ID.



  Each finding is stored in a file named after the finding ID, with an additional `.hash` file containing the SHA256 hash of the finding.

- `samples/` contains the content matched on, organized by the first two characters of the content's SHA256 hash.

  

  Each content item is stored in a file named after its SHA256 hash, with an additional `.metadata` file containing the findings that reference this content item in newline delimited JSON format.



Optionally, by setting `Layout.Flat` to `true`, the store can be configured to not create subdirectories under `findings/` and `samples/`, but instead store all findings and samples in a single directory each.