Data on detected threats

The scope of transmitted data on detected threats depending on the technology that was used to generate the alert is listed in the table below.

Data on detected threats

Technology

Parameter

Description

Data type

Example

One of the following technologies:

  • Anti-Malware Engine.
  • YARA.
  • Intrusion Detection System.

detect

List of detected threats.

Array

HEUR:Trojan.Win32.Generic, Trojan-DDoS.Win32.Macri.avy, UDS:DangerousObject.Multi.Generic

dataBaseVersion

Version of databases used to scan the file.

Integer

201811190706

Sandbox

detect

List of detected threats.

Array

HEUR:Trojan.Win32.Generic, Trojan-DDoS.Win32.Macri.avy, UDS:DangerousObject.Multi.Generic

image

Name of the virtual machine image where the file was scanned.

String

Win7

dataBaseVersion

Database version in the following format: <version of the program databases which were used to scan the file> / <version of the IDS module databases>.

Integer

201902031107/ 201811190706

URL Reputation

detect

List of URL Reputation categories for the detected object (for objects of type URL or host).

Array

Phishing host, Malicious host, Botnet C&C(Backdoor.Win32.Mokes)

Targeted Attack Analyzer

detect

Name of the TAA module alert.

The only possible value is Suspicious remote host activity

Suspicious remote host activity

See also

Data on detected objects

Data on the environment of detected objects

Page top