exosp-av-alerts
Fetch antivirus alerts for specified date range from Exosphere service.
exosp-av-alerts [profile=PROFILE] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [order=ORDER]
- profile=PROFILE
- Connect profile code of Exosphere
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10smeans data from 10 seconds earlier. - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- order=ORDER
- asc or desc.
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Event time | |
| profile | String | Connect profile | Exosphere connect profile code |
| os_name | String | OS name | e.g. windows, macos |
| hostname | String | hostname | e.g. Scott's MacBook Pro |
| dept_name | String | dept_name | e.g. HR |
| emp_name | String | emp_name | e.g. Scott |
| user | String | user | e.g. scott |
| inspection_type | String | Inspection type | e.g. MN(Manual), RS(Reserved), RT(Realtime) |
| category | String | category | e.g. virus, program |
| signature | String | signature | e.g. Eicar-Test-Signature |
| action | String | action | e.g. quarantined, disinfected, skipped, none |
| result | String | result | e.g. success, fail |
| file_name | String | file_name | e.g. eicarcom2.zip |
| sha256 | String | sha256 | |
| file_path | String | file_path | e.g. /path/to/eicarcom2.zip |
| dept_path | String | dept_path | e.g. Logpresso > HR |