Guides

Scan

Suggest Edits

scan

The Scan object describes characteristics of a proactive scan.

Attributes

CaptionNameTypeDescription
Name name String The administrator-supplied or application-generated name of the scan. For example: "Home office weekly user database scan", "Scan folders for viruses", "Full system virus scan"
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Type type String The type of scan.
Type ID type_id Integer The type id of the scan.
  • 0: Unknown (UNKNOWN)
  • 1: Manual (MANUAL)
  • 2: Scheduled (SCHEDULED)
  • 3: Updated Content (UPDATED_CONTENT)
  • 4: Quarantined Items (QUARANTINED_ITEMS)
  • 5: Attached Media (ATTACHED_MEDIA)
  • 6: User Logon (USER_LOGON)
  • 7: ELAM (ELAM)
  • 99: Other (OTHER)
Scan UID uid String The application-defined unique identifier assigned to an instance of a scan.
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.

Relationships

Scan shown in context

Inbound Relationships

These objects and events reference Scan in their attributes:

Outbound Relationships

Scan references the following objects and events in its attributes:

This page describes ocsf-1.4.0

Updated 3 days ago