The malware scan information object describes characteristics, metadata of a malware scanning job.
- Extends:
scan
Attributes
Section titled “Attributes”type_id
- Type:
integer_t - Requirement: required
- Values:
0-Unknown: The type is unknown.1-Manual: The scan was manually initiated by the user or administrator.2-Scheduled: The scan was started based on scheduler.3-Updated Content: The scan was triggered by a content update.4-Quarantined Items: The scan was triggered by newly quarantined items.5-Attached Media: The scan was triggered by the attachment of removable media.6-User Logon: The scan was started due to a user logon.7-ELAM: The scan was triggered by an Early Launch Anti-Malware (ELAM) detection.99-Other: The scan type id is not mapped. See thetypeattribute, which contains a data source specific value.
The type id of the scan.
name
- Type:
string_t - Requirement: recommended
The administrator-supplied or application-generated name of the scan. For example: “Home office weekly user database scan”, “Scan folders for viruses”, “Full system virus scan”
uid
- Type:
string_t - Requirement: recommended
The application-defined unique identifier assigned to an instance of a scan.
end_time
- Type:
timestamp_t - Requirement: optional
The timestamp indicating when the scan job completed execution.
end_time_dt
- Type:
datetime_t - Requirement: optional
The timestamp indicating when the scan job completed execution.
num_files
- Type:
integer_t - Requirement: optional
The total number of files analyzed during the scan.
num_infected
- Type:
integer_t - Requirement: optional
The total number of files identified as infected with malware during the scan.
num_volumes
- Type:
integer_t - Requirement: optional
The total number of storage volumes examined during the malware scan.
size
- Type:
long_t - Requirement: optional
The total size in bytes of all files that were scanned.
start_time
- Type:
timestamp_t - Requirement: optional
The timestamp indicating when the scan job began execution.
start_time_dt
- Type:
datetime_t - Requirement: optional
The timestamp indicating when the scan job began execution.
type
- Type:
string_t - Requirement: optional
The type of scan.
unique_malware_count
- Type:
integer_t - Requirement: optional
The number of unique malware detected across all infected files.
Constraints
Section titled “Constraints”At least one of: name, uid
Used By
Section titled “Used By”account_changeadmin_group_queryairborne_broadcast_activityapi_activityapplication_errorapplication_lifecycleapplication_security_posture_findingauthenticationauthorize_sessionbase_eventcloud_resources_inventory_infocompliance_findingconfig_statedata_security_findingdatastore_activitydetection_findingdevice_config_state_changedhcp_activitydns_activitydrone_flights_activityemail_activityemail_file_activityemail_url_activityentity_managementevent_log_actvityevidence_infofile_activityfile_hostingfile_queryfile_remediation_activityfolder_queryftp_activitygroup_managementhttp_activityiam_analysis_findingincident_findinginventory_infojob_querykernel_activitykernel_extension_activitykernel_object_querymemory_activitymodule_activitymodule_querynetwork_activitynetwork_connection_querynetwork_file_activitynetwork_remediation_activitynetworks_queryntp_activityosint_inventory_infopatch_stateperipheral_device_queryprocess_activityprocess_queryprocess_remediation_activityrdp_activityremediation_activityscan_activityscheduled_job_activityscript_activitysecurity_findingservice_querysession_querysmb_activitysoftware_infossh_activitystartup_item_querytunnel_activityuser_accessuser_inventoryuser_queryvulnerability_findingweb_resource_access_activityweb_resources_activitywin/prefetch_querywin/registry_key_activitywin/registry_key_querywin/registry_value_activitywin/registry_value_querywin/windows_resource_activitywin/windows_service_activity