Title
Create new category
Edit page index title
Edit category
Edit link
Report Schema
Here you will find an explanation of the JSON report schema
allowed
file_paths: JSON array of files with Allowed result
av_info
JSON object containing objects describing the scanning engines used
key is the name of AV engine
def_time: timestamp of the last time the engine was updated
eng_id: string used to identify the engine
blocked
file_paths: JSON array of file paths with Blocked result
cdr
file_paths: JSON array of files with Zero-Day Protection results
coo
file_paths: JSON array of files blocked due to Country Of Origin
copy_info
optional displays when a Scan and Copy workflow was used
total_failures: count of how many files failed to copy
total_processed: count of sanitized and redacted files successfully copied
total_unprocessed: count of files copied that were not sanitized or redacted
cve
JSON object containing objects that describe Vulnerability findings
key is the name of the CVE ID from the National Vulnerability Database
access_complexity: a CVSS access-complexity descriptor
access_vector: a CVSS access-vector descriptor
authentication: a CVSS authentication descriptor
description: a text description of the specific vulnerability
file_paths: JSON array of files with this CVE result
impact: JSON object describing impact description
availability: a CVSS availability impact descriptor
confidentiality: a CVSS confidentiality impact descriptor
integrity: a CVSS integrity impact descriptor
last_modified_time: last modified time for this CVE
published_time: last published time for this CVE
severity: String description of Severity level:
LOWMODERATEIMPORTANTCRITICALNOT_AVAILABLEUNKNOWN
severity_index: 5 point scale numerical description of Severity level with 5 being greatest and 0 being unknown
end_time
scan end timestamp
infected
file_paths: JSON array of infected file paths
name
name for this specific report made from internal instance ID, date, and time
paths
JSON array of mount points for scanned media
result_set
JSON object containing objects for individual file results
key is the full path to the file
av_info: JSON object containing objects describing results from scanning engine
key is AV name
scan_result_i: (internal use only)
threat_found: optional, only included if engine returns an infected result
engine_result: result from the scanning engine
cdr_info: null or a JSON object describing Zero-Day scan results for this file
description: string with CDR engine result
details: JSON array containing objects describing actions taken by the CDR engine (optional, could be empty)
action: string for action taken by CDR engine
object_name: string for type of object sanitized
sanitized_file_info: JSON object with information about the available sanitized file
file_size: size of sanitized file
sha256: sha256 hash of the sanitized file
coo_info: null or JSON object containing Country Of Origin information
company_name: name of company that created this file
country_of_origin: location where this file was created
violates_policy: boolean for whether or not this file violates the policy set in the Kiosk settings
cve_info: JSON array containing the CVE IDs of all CVEs found in this file
dlp_info: JSON object containing Data Loss Prevention engine results
hits: null or object containing DLP hit details
ssn: (optional) object describing Social Security Number hits
display_name: display name for this type of hit
hits: JSON array of objects describing each SSN hit
ccn: (optional) object describing Credit Card Number hits
display_name: display name for this type of hit
hits: JSON array of objects describing each CCN hit
extraction_info: JSON object containing information about any files extracted from this file. This will be empty for any non-archive file
file_info: JSON object containing details about this file
display_name: display name for this file
file_size: size of file
file_type: technical name for type of file
file_type_description: simple name for type of file
md5: MD5 hash of file
sha1: SHA1 hash of file
sha256: SHA256 hash of file
primary_result: the overall scan result determined from all engine results
removed: boolean for whether the infected file was deleted
transfer_info: JSON object containing details on where the file was copied to
rootkit_allowed
file_paths: JSON array of scanned boot sector files with Allowed result
rootkit_blocked
file_paths: JSON array of scanned boot sector files with Blocked result
session_error
(optional): a string with an error message.
Only included in report if there was an issue that stopped the session without user interaction
session_type
type of session
scan-> Scan workflowcopy-> Scan and Copy to USB workflowvault-> Scan and Copy to Managed File Transfer workflow
skipped
file_paths: JSON array of paths for any files that skipped scanning
start_time
scan start time
total_result_count
total count of all files scanned
user_question_answer
JSON array containing objects for questions and answers
key is text of the question
answer: users' answer to the question
uuid: (internal use only)
version: (internal use only)
vault_guest
(optional when Scan and Copy to MetaDefender Managed File Transfer is enabled)
Guest ID to log into Managed File Transfer to retrieve transferred files
vault_guest_qr_base64
(optional when Scan and Copy to MetaDefender Managed File Transfer is enabled, internal use only)