Malware Scan Info

malware_scan_info

The malware scan information object describes characteristics, metadata of a malware scanning job.

Attributes

CaptionNameTypeDescription
End Timeend_timeTimestampThe timestamp indicating when the scan job completed execution.
NamenameStringThe administrator-supplied or application-generated name of the scan. For example: "Home office weekly user database scan", "Scan folders for viruses", "Full system virus scan"
Scanned Filesnum_filesIntegerThe total number of files analyzed during the scan.
Number of Infected Entitiesnum_infectedIntegerThe total number of files identified as infected with malware during the scan.
Number of Volumesnum_volumesIntegerThe total number of storage volumes examined during the malware scan.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
SizesizeLongThe total size in bytes of all files that were scanned.
Start Timestart_timeTimestampThe timestamp indicating when the scan job began execution.
TypetypeStringThe type of scan.
Type IDtype_idIntegerThe type id of the scan.
  • 0: Unknown (UNKNOWN)
  • 1: Manual (MANUAL)
  • 2: Scheduled (SCHEDULED)
  • 3: Updated Content (UPDATED_CONTENT)
  • 4: Quarantined Items (QUARANTINED_ITEMS)
  • 5: Attached Media (ATTACHED_MEDIA)
  • 6: User Logon (USER_LOGON)
  • 7: ELAM (ELAM)
  • 99: Other (OTHER)
Scan UIDuidStringThe application-defined unique identifier assigned to an instance of a scan.
Unique Malware Countunique_malware_countIntegerThe number of unique malware detected across all infected files.
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.

Relationships

Malware Scan Info shown in context

Inbound Relationships

These objects and events reference Malware Scan Info in their attributes:

Outbound Relationships

Malware Scan Info references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0