Endpoint
Allows you to trigger a rule based on events from client-side antivirus.
Property |
Type |
Description |
Example |
|---|---|---|---|
DetectionType |
String |
Detection type |
Possible values are: •UnknownAlarm •RuleActivated •MalwareFoundOnDisk •MalwareFoundInMemory •ExploitDetected •FirewallDetection •HipsDetection •BlockedAddress •CryptoBlockerDetection |
Scanner |
String |
Name of the scanner that triggered the event |
|
Severity |
String |
Severity of the detection |
Possible values are: •Information •Warning •Threat |
ThreatHandled |
Bool |
Information if the threat has been handled |
true/false |
ThreatName |
String |
Name of the threat |
|
ThreatType |
String |
Type of the threat |
Possible values are: •Malware •Nearmiss •PUA •DangerousApp •BlockedFile •UnsafeApp |
Supported Operations and their components:
|
Endpoint |
|---|---|
Detection |
X |