Endpoint
Allows you to trigger a rule based on events from client-side antivirus.
Property |
Type |
Description |
Example |
|---|---|---|---|
DetectionType |
Detection type |
Possible values are: •0—UnknownAlarm •1—RuleActivated •2—MalwareFoundOnDisk •3—MalwareFoundInMemory •4—ExploitDetected •5—FirewallDetection •6—HipsDetection •7—BlockedAddress •8—CryptoBlockerDetection |
|
Scanner |
Name of the scanner that triggered the event |
AMSI |
|
ScannerObjectType |
Type of the object that scanner has processed |
Possible values are: •None •Packed •SFX •Script •URL |
|
Severity |
Severity of the detection |
Possible values are: •1—Information •2—Warning •3—Threat |
|
ThreatHandled |
Bool |
Information if the threat has been handled |
true/false |
ThreatName |
String |
Name of the threat |
|
ThreatType |
Int/Symbols |
Type of the threat |
Possible values are: •1—Malware •2—Nearmiss •3—PUA •4—DangerousApp •BlockedFile o5—BannedByEI o6—BannedByECMPS •7—UnsafeApp |
For property Scanner there is a pre-defined scope of values that can be used:
ESETInspect |
EsetLiveGuard |
OnDemandScannerWindows |
RealtimeFileSystemProtection |
StartupScanner |
ECLS |
DocumentProtection |
IdleScanner |
FirstScanScanner |
RansomwareScanner |
ESCRIPT |
JavaScriptScanner |
EmailFilterOutlook |
EmailFilterOutlookExpress |
EmailFilterThunderbird |
EmailFilterWindowsMail |
EmailFilterWindowsLiveMail |
|
AdvancedMemoryScanner |
RegistryScanner |
AmsiScanner |
CommandLineScanner |
BEHMON |
OFFICE365_ONDEMAND |
MailServerFilter |
MailDatabaseOnDemandScanner |
MailDatabaseScanner |
EMAILSERVER_OFFICE365 |
FileServerFilter |
FileDatabaseScanner |
GatewayServerFilter |
HyperVScanner |
GatewayHttpFilter |
GatewayFtpFilter |
GatewaySmtpFilter |
GatewayPop3Filter |
GatewayImapFilter |
HttpFilterWindows |
FtpFilterWindows |
Pop3FilterWindows |
ImapFilterWindows |
EPFW_FIRST_CONN |
HttpNetworkProtection |
CHROME_PROTECTOR |
ENTERPRISE_INSPECTOR |
EDTD |
ESCAN |
EAMON |
ESTARTUP |
ECLS |
EDMON |
IDLE |
FIRST_SCAN |
CRYPTO_BLOCKER |
ESCRIPT |
JSCRIPT |
EEMON |
EEMON_OE |
EEMON_TB |
EEMON_WM |
EEMON_WLM |
MEMSCAN |
|
REGSCAN |
AMSI |
CMDLINE |
BEHMON |
OFFICE365_ONDEMAND |
EMAILSERVER |
EMAILSERVER_ONDEMAND |
EMAILSERVER_ONACCESS |
EMAILSERVER_OFFICE365 |
EFILESERVER |
EFILESERVER_ONDEMAND |
GATEWAYSERVER |
VM_SERVER_HYPERV |
GATEWAY_HTTP |
GATEWAY_FTP |
GATEWAY_SMTP |
GATEWAY_POP3 |
GATEWAY_IMAP |
EPFW_HTTP |
EPFW_FTP |
EPFW_POP3 |
EPFW_IMAP |
EPFW_FIRST_CONN |
NETPROT_HTTP |
CHROME_PROTECTOR |
EsetDaemon |
MailServerFilterUnix |
ImapFilterUnix |
MdaWrapper |
PipeFilter |
Pop3FilterUnix |
SendmailFilter |
SmtpFilter |
ZMailerFilter |
CommuniGateProFilter |
ProxyPop3FilterUnix |
ProxyImapFilterUnix |
HttpFilterUnix |
HttpProxyFilterUnix |
ProxyFtpFilterUnix |
OnDemandScannerUnix |
DazukoAccessProtection |
FtpFilterUnix |
PreloadAccessProtection |
SafeSquidFilter |
CliInterface |
IcapServer |
GraphicalUserInterface |
KernelAccessControl |
RealTimeFileSystemProtectionUnix |
USTARTUP |
UDAEMON |
UMAIL_SERVER |
UIMAP |
UMDA |
UPIPE |
UPOP3 |
USMFI |
USMTP |
UZMFI |
UCGP |
UPROXY_POP3 |
UPROXY_IMAP |
UHTTP |
UPROXY_HTTP |
UPROXY_FTP |
USCAN |
UDAC |
UFTP |
UPAC |
USSFI |
UCLI |
UICAP |
UGUI |
UKAC |
UFAC |
USTARTUP |
|
Supported operations
•Detection