| ||
| detail: element | attribute | value | ||
XML Example:<antiMalwareEvent> <antiMalwareConfigID>xsd:int</antiMalwareConfigID> <antiMalwareEventID>xsd:long</antiMalwareEventID> <errorCode>xsd:int</errorCode> <hostID>xsd:int</hostID> <hostName>xsd:string</hostName> <infectedFilePath>xsd:string</infectedFilePath> <infectionSource>xsd:string</infectionSource> <logTime>xsd:datetime</logTime> <malwareName>xsd:string</malwareName> <malwareType>GENERAL | SPYWARE</malwareType> <origin>UNKNOWN | AGENT | GUESTAGENT | APPLIANCEAGENT | MANAGER</origin> <protocol>xsd:int</protocol> <quarantineRecordID>xsd:int</quarantineRecordID> <scanAction1>xsd:int</scanAction1> <scanAction2>xsd:int</scanAction2> <scanResultAction1>xsd:int</scanResultAction1> <scanResultAction2>xsd:int</scanResultAction2> <scanType>REALTIME | MANUAL | SCHEDULED | QUICK</scanType> zero or N[<spywareItems>antiMalwareSpywareItem</spywareItems>] <summaryScanResult>xsd:string</summaryScanResult> <tags>xsd:string</tags> </antiMalwareEvent> | JSON Example:{"antiMalwareEvent":
{
"antiMalwareConfigID": Number,
"antiMalwareEventID": Number,
"errorCode": Number,
"hostID": Number,
"hostName": String,
"infectedFilePath": String,
"infectionSource": String,
"logTime": Date,
"malwareName": String,
"malwareType": 'GENERAL' | 'SPYWARE',
"origin": 'UNKNOWN' | 'AGENT' | 'GUESTAGENT' | 'APPLIANCEAGENT' | 'MANAGER',
"protocol": Number,
"quarantineRecordID": Number,
"scanAction1": Number,
"scanAction2": Number,
"scanResultAction1": Number,
"scanResultAction2": Number,
"scanType": 'REALTIME' | 'MANUAL' | 'SCHEDULED' | 'QUICK',
"spywareItems": [antiMalwareSpywareItem],
"summaryScanResult": String,
"tags": String,
}
}
|
| Name | Type | Required | Nillable | Default Value | Description |
|---|---|---|---|---|---|
| antiMalwareConfigID | xsd:int | false | false | The primary key of AntiMalwareID.
| |
| antiMalwareEventID | xsd:long | false | false | The primary key of the event entry.
| |
| errorCode | xsd:int | false | false | The VSAPI error code indicates the reason of the actions of failure.
| |
| hostID | xsd:int | false | false | The id of the host the event was recorded on
| |
| hostName | xsd:string | false | false | The host name of the event was recorded on
| |
| infectedFilePath | xsd:string | false | false | The infected file full path
| |
| infectionSource | xsd:string | false | false | The source computer of the infection
| |
| logTime | xsd:datetime | false | false | The time of the event as recorded by the agent.
| |
| malwareName | xsd:string | false | false | The name of the malware
| |
| malwareType | GENERAL | SPYWARE | false | false | The Malware Type of Event
| |
| origin | UNKNOWN | AGENT | GUESTAGENT | APPLIANCEAGENT | MANAGER | false | false | the location where the event originated
| |
| protocol | xsd:int | false | false | The protocols: Local Files(0), Network shared folder(1), etc. However, currently Agent only support local files.
| |
| quarantineRecordID | xsd:int | false | false | The Record ID referring to the record in QuarantineFile Table
| |
| scanAction1 | xsd:int | false | false | The actual first scan action being taken: e.g. Pass, Delete, Quarantined...etc
| |
| scanAction2 | xsd:int | false | false | The actual second scan action being taken: e.g. Pass, Delete, Quarantined...etc
| |
| scanResultAction1 | xsd:int | false | false | The result of the first scan action: represent whether the action is successful (0) or failed (Error Code)
| |
| scanResultAction2 | xsd:int | false | false | The result of the second scan action: represent whether the action is successful (0) or failed (Error Code)
| |
| scanType | REALTIME | MANUAL | SCHEDULED | QUICK | false | false | The scan types include Real time, Manual, Scheduled, Quick etc.
| |
| spywareItems | zero or N[antiMalwareSpywareItem] | false | false | Lists of spyware items if this is a spyware event.
| |
| summaryScanResult | xsd:string | false | false | Scan result description.
| |
| tags | xsd:string | false | false | the event's tags.
|
| ||
| detail: element | attribute | value | ||