Some field names are shortened from the actual name in the database so the image (hopefully) looks better. Ex: fid becomes fileid, sid becomes sourceid, etc.
erDiagram
FILE ||--|{ FILE-SOURCE : from
FILE {
int id PK
string sha1
string sha256
string sha384
string sha512
string md5
string lzjd
string ssdeep
string sdhash
string tlsh
int size
float entropy
timestamp added
}
FILE |{--|| FILETYPE : is
FILETYPE {
int id PK
string magic
string name
string description
bool isExecutable
}
FILE |{--|| POLYGLOT : is
FILETYPE ||--|{ POLYGLOT : has
POLYGLOT {
int fid PK
int tid PK
string explanation
}
FILE |o--|| EXECUTABLE : is
EXECUTABLE {
int fid PK
string pehash
string importhash
string importhashfuzzy
boolean packed
int sections
string sectionnames
float sectionentropies
string sectionsexecutable
}
FILE |o--|| PDF : is
PDF {
int fid PK
string author
string title
int pages
boolean forms
boolean javascript
}
SOURCE ||--|{ FILE-SOURCE : contains
SOURCE }|--|| GROUP-SOURCE : permission
SOURCE ||--|| SOURCE : hierarchy
SOURCE {
int id PK
string name
string description
string url
timestamp firstacquisition
parent int
}
FILE-SOURCE {
int fileid PK
int sourceid PK
int userid PK
string filename
timestamp firstseen
}
PERSON ||--|| FILE-SOURCE : uploader
PERSON |{--|| USER-GROUP : member
PERSON {
int id PK
string email
string fname
string lname
string password
string apikey
timestamp created
}
GROUP |{--|| USER-GROUP : membership
GROUP |{--|| GROUP-SOURCE : permission
GROUP ||--|| GROUP : hierarchy
GROUP {
int id pk
string name
string description
int parent
}
USER-GROUP {
int uid PK
int gid PK
timestamp added
}
GROUP-SOURCE {
int gid PK
int sid PK
timestamp added
}
LABEL ||--|| LABEL : hierarchy
LABEL |{--|| FILE-LABEL : has
LABEL |{--|| SOURCE-LABEL : has
LABEL {
int id PK
string name
int parent
}
FILE-LABEL ||--}| FILE : has
FILE-LABEL {
int fid PK
int lid PK
timestamp added
}
SOURCE-LABEL ||--}| SOURCE : has
SOURCE-LABEL {
int sid PK
int lid PK
timestamp added
}