Guides

Scan

Suggest Edits

The Scan object describes characteristics of a proactive scan.

Attributes

CaptionNameTypeDescription
Name name String The administrator-supplied or application-generated name of the scan. For example: "Home office weekly user database scan", "Scan folders for viruses", "Full system virus scan"
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Type type String The type of scan.
Type ID type_id Integer The type id of the scan.
  • 0: Unknown (UNKNOWN)
  • 1: Manual (MANUAL)
  • 2: Scheduled (SCHEDULED)
  • 3: Updated Content (UPDATED_CONTENT)
  • 4: Quarantined Items (QUARANTINED_ITEMS)
  • 5: Attached Media (ATTACHED_MEDIA)
  • 6: User Logon (USER_LOGON)
  • 7: ELAM (ELAM)
  • 99: Other (OTHER)
Scan UID uid String The application-defined unique identifier assigned to an instance of a scan.
Unmapped Data unmapped Unmapped[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.

Relationships

Scan shown in context

Inbound Relationships

These objects and events reference Scan in their attributes:

Outbound Relationships

Scan references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0

Updated about 17 hours ago