Virus activity report data srvview attributes

RptViractSrvViewName srvview.

Caller must specify information presented below in the SrvView's optional parameters. The format is the following:

	(paramParams)
		+--"EDetectionTypeLoc"	Localized names of values from EDetectionType enumeration (paramParams)
			+--"Value" = "Localized value name"	(paramString)
			....
			+--"-1" = "Not a virus"	(paramString)
		+--"EDetectionEngineLoc"	Localized names of values from EDetectionEngine enumeration (paramParams)
			+--"Value" = "Localized value name"	(paramString)
			....
			+--"11" = "AMSI Protection Provider"	(paramString)
		+--"EDetectionMethodLoc"	Localized names of values from EDetectionMethod enumeration (paramParams)
			+--"Value" = "Localized value name"	(paramString)
			....
			+--"6" = "Sandbox"	(paramString)
		+--"EViractResultLoc"	Localized names of values from EViractResult enumeration (paramParams)
			+--"Value" = "Localized value name"	(paramString)
			....
			+--"5" = "Blocked"	(paramString)
	

List of attributes is presented below:

Name	Type	Description
sResultEvent	paramString	Name of the resulting event, event_type of nEventResult.
nEventVirus	paramLong	Virus found event ID, ev_event.nId of event 'GNRL_EV_VIRUS_FOUND'.
sDetectionType	paramString	Element from KLEVP::EDetectionType (par8 from nEventVirus).
nEventResult	paramLong	Resulting event. ev_event.nId of event 'GNRL_EV_*' is about an action with infected object. 0 means 'old unresolved'.
tmVirusFoundTime	paramDateTime	Virus detection time (event publication time of nEventVirus).
sObject	paramString	Infected object name.
binObjectHash	paramBinary	MD5 hash of the infected object.
sVirusName	paramString	Virus name from nEventVirus.
sAction	paramString	Description of the 'nEventResult' event.
sAccount	paramString	User name (par7 from nEventVirus).
sProductName	paramString	Publisher product name.
sProductVersion	paramString	Publisher product version.
sProductDisplVersion	paramString	Publisher product display version.
sSha256	paramString	SHA256 hash of the infected object.
bLocal	paramBool	The attribute accepts true if the object is local or from the UNC path.
bBlacklist	paramBool	"Client status" 'KPSN Blacklist'.
bHarm	paramBool	The attribute accepts true if the object is really harmful.
nEdrDataVersion	paramInt	EDR data version of killchain.
sHostDisplName	paramString	Host display name.
sWinHostName	paramString	Windows host name.
sHostId	paramString	Host ID in 'Hosts'.
sHostDnsName	paramString	Host DNS name.
sHostAddress	paramString	Host address.
nHostIpCon	paramLong	Host connection IP.
nHostIpAddress	paramLong	Host IP.
sHostComment	paramString	Host comment.
nGroupId	paramInt	Host group ID from 'AdmGroups'.
sGroupName	paramString	Host group name.
bEdrDataVersionNot0	paramBool	The attribute accepts true if EDR data version of killchain is greater than 0.
nVServer	paramInt	Virtual Administration Server ID. 0 is used for the main server.
sVServerName	paramString	Virtual Administration Server display name. Empty string for main server.
nEViractResult	paramInt	Viract result. See EViractResult enumeration.
nEDetectionType	paramInt	Detection type. See EDetectionType enumeration.
nDtctEngine	paramInt	Detect engine. Type of the software or hardware tools to detect a malicious action. See EDetectionEngine enumeration.
nDtctMethod	paramInt	Detection method of a malicious action (intelligence classes). See EDetectionMethod enumeration.
bDtctCloudSendbox	paramBool	The attribute accepts true if the object is detected by Cloud Sandbox
sEViractResultLoc	paramString	Localized nEViractResult.
sEDetectionTypeLoc	paramString	Localized nEDetectionType.
sDtctEngineLoc	paramString	Localized nDtctEngine.
sDtctMethodLoc	paramString	Localized nDtctMethod.
sTaskDisplayName	paramString	Task display name from which the viract event was published.