Additional attributes must be presented as string in JSON format, for example: {"engine":1,"method":3,"local":true,"harm":false,"blacklist":false}
Possible attributes:
- "engine" - (JSON number) instrument which used to detect malicious action, see EDetectionEngine
- "method" - (JSON number) method of detection (intelligence classes), see EDetectionMethod
- "local" - (JSON boolean) true if virus found on local storage
- "harm" - (JSON boolean) true if virus may destroy data
- "blacklist" - (JSON boolean) true if the object is blocked based on the client's decision
- "edr_ver" - (JSON number) version of JSON parameter of event that can be used to select a set of plugins that support killchain visualization
- "edr" - (JSON object) optional parameter, may include following product specific attributes: -- "id" - (JSON string) killchain network list item identifier (see KILLCHAIN_LIST_NAME)
- "cloud_sb" - (JSON boolean) true if detected by Cloud Sandbox