Scan

scan

The Scan object describes characteristics of a proactive scan.

Attributes

CaptionNameTypeDescription
NamenameStringThe administrator-supplied or application-generated name of the scan. For example: "Home office weekly user database scan", "Scan folders for viruses", "Full system virus scan"
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
TypetypeStringThe type of scan.
Type IDtype_idIntegerThe type id of the scan.
  • 0: Unknown (UNKNOWN)
  • 1: Manual (MANUAL)
  • 2: Scheduled (SCHEDULED)
  • 3: Updated Content (UPDATED_CONTENT)
  • 4: Quarantined Items (QUARANTINED_ITEMS)
  • 5: Attached Media (ATTACHED_MEDIA)
  • 6: User Logon (USER_LOGON)
  • 7: ELAM (ELAM)
  • 99: Other (OTHER)
Scan UIDuidStringThe application-defined unique identifier assigned to an instance of a scan.
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.

Relationships

Scan shown in context

Inbound Relationships

These objects and events reference Scan in their attributes:

Outbound Relationships

Scan references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0