|
srv_appctl_event
Statistics on Application Control events on stations of neighbor Server.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection UUID
|
lname
|
INTEGER DEFAULT '0'
|
neighbor Server name
|
mid
|
VARCHAR(36) DEFAULT ''
|
message UUID
|
stationname
|
INTEGER DEFAULT '0'
|
station name
|
id
|
VARCHAR(36) DEFAULT ''
|
station ID
|
username
|
INTEGER NOT NULL
|
user name
|
type
|
INTEGER NOT NULL
|
event type (app_control_event_type_t)
|
act
|
INTEGER NOT NULL
|
applied action (app_control_event_result_t)
|
policy_type
|
INTEGER NOT NULL
|
functional analysis criterion
|
policy_mask
|
NUMERIC(19) NOT NULL
|
functional analysis mask
|
profile_id
|
VARCHAR(36) DEFAULT ''
|
profile UUID
|
profile_name
|
INTEGER NOT NULL
|
profile name
|
rule_id
|
VARCHAR(36) DEFAULT ''
|
rule UUID
|
rule_name
|
INTEGER NOT NULL
|
rule name
|
test_mode
|
INTEGER NOT NULL
|
whether event occurred in test mode
|
process_path
|
INTEGER NOT NULL
|
process file path
|
process
|
INTEGER NOT NULL
|
process information
|
process_hashdb
|
INTEGER DEFAULT '0'
|
bulletin with process hash, see cat_hashdb
|
object_path
|
INTEGER NOT NULL
|
script file path
|
object
|
INTEGER NOT NULL
|
script file information
|
object_hashdb
|
INTEGER DEFAULT '0'
|
bulletin with script hash, see cat_hashdb
|
eventtime
|
NUMERIC(17) DEFAULT '0'
|
event occurrence time, GMT
|
recvtime
|
NUMERIC(17) DEFAULT '0'
|
time when the message on event is received, GMT
|
arrived
|
NUMERIC(17) DEFAULT '0'
|
record modification time
|
notified
|
INTEGER DEFAULT '0'
|
whether a message was sent (1 - yes, 0 - no)
|
Table indexes
Index name
|
Index type
|
Fields list
|
srv_appctl_event_0001
|
simple table index
clustering index
|
recvtime
|
srv_appctl_event_0002
|
simple table index
|
lid, osid
|
Table references
Field name
|
Direction
|
Referenced table field
|
lname
|
↔
|
cat_name_links.id
|
object
|
↔
|
appctl_event_file.id
|
object_hashdb
|
↔
|
cat_hashdb.id
|
object_path
|
↔
|
cat_path.id
|
osid
|
←
|
srv_recvhistory.mid
|
process
|
↔
|
appctl_event_file.id
|
process_hashdb
|
↔
|
cat_hashdb.id
|
process_path
|
↔
|
cat_path.id
|
profile_name
|
↔
|
cat_profile_name.id
|
rule_name
|
↔
|
cat_rule_name.id
|
stationname
|
↔
|
cat_name_stations.id
|
username
|
↔
|
cat_users.id
|
srv_geolocation
Information on geographic location received from neighbor Servers.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
Server ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection UUID
|
id
|
VARCHAR(36) DEFAULT ''
|
station ID, empty if it is a Server
|
name
|
INTEGER DEFAULT '0'
|
station name
|
latitude
|
INTEGER DEFAULT '0'
|
latitude, in seconds, +north -south
|
longitude
|
INTEGER DEFAULT '0'
|
longitude, in seconds, +east -west
|
arrived
|
NUMERIC(17) NOT NULL
|
record modification time
|
Table indexes
Index name
|
Index type
|
Fields list
|
srv_geolocation_0001
|
unique table index
clustering index
|
id, lid, osid
|
Table references
Field name
|
Direction
|
Referenced table field
|
name
|
↔
|
cat_name_stations.id
|
srv_hips_event
Statistics on events detected on stations of neighbor Server by the Preventive protection component.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection UUID
|
lname
|
INTEGER DEFAULT '0'
|
neighbor Server name
|
mid
|
VARCHAR(36) DEFAULT ''
|
message UUID
|
stationname
|
INTEGER DEFAULT '0'
|
station name
|
id
|
VARCHAR(36) DEFAULT ''
|
station ID
|
pid
|
NUMERIC(12) DEFAULT '4'
|
process ID
|
ppath
|
INTEGER DEFAULT '0'
|
process path, see cat_path
|
htype
|
INTEGER DEFAULT '0'
|
protected object
|
tpath
|
INTEGER DEFAULT '0'
|
protected object path, see cat_path
|
stype
|
INTEGER DEFAULT '0'
|
reason of execution of unauthorized code blocking
|
denied
|
INTEGER DEFAULT '0'
|
action on a suspicious process: 1 - denied, 0 - allowed
|
isuser
|
INTEGER DEFAULT '0'
|
initiator of the action on a suspicious process: 1 - user , 0 - automatic reaction
|
ecount
|
INTEGER DEFAULT '0'
|
number of denials in case of automatic reaction
|
euser
|
INTEGER DEFAULT '0'
|
initiator of a process, see cat_users
|
auser
|
INTEGER DEFAULT '0'
|
initiator of an action to a process (if isuser = 1), see cat_users
|
eventtime
|
NUMERIC(17) DEFAULT '0'
|
event occurrence time on station, GMT
|
recvtime
|
NUMERIC(17) DEFAULT '0'
|
time when the message on event is received, GMT
|
arrived
|
NUMERIC(17) NOT NULL
|
record creation
|
notified
|
INTEGER DEFAULT '0'
|
whether a message was sent (1 - yes, 0 - no)
|
sha1
|
INTEGER DEFAULT '0'
|
process file SHA-1 hash, see cat_hash
|
sha256
|
INTEGER DEFAULT '0'
|
process file SHA-256 hash, see cat_hash
|
hashdb
|
INTEGER DEFAULT '0'
|
bulletin with process hash, see cat_hashdb
|
Table indexes
Index name
|
Index type
|
Fields list
|
srv_hips_event_0001
|
simple table index
clustering index
|
recvtime
|
srv_hips_event_0002
|
simple table index
|
lid, osid
|
srv_hips_event_0003
|
simple table index
|
sha1
|
srv_hips_event_0004
|
simple table index
|
sha256
|
Table references
Field name
|
Direction
|
Referenced table field
|
auser
|
↔
|
cat_users.id
|
euser
|
↔
|
cat_users.id
|
hashdb
|
↔
|
cat_hashdb.id
|
osid
|
←
|
srv_recvhistory.mid
|
ppath
|
↔
|
cat_path.id
|
sha1
|
↔
|
cat_hash.id
|
sha256
|
↔
|
cat_hash.id
|
tpath
|
↔
|
cat_path.id
|
srv_infection
Statistics on threats detected on stations of neighbor Server.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection UUID
|
lname
|
INTEGER DEFAULT '0'
|
neighbor Server name
|
mid
|
VARCHAR(36) DEFAULT ''
|
message UUID
|
stationname
|
INTEGER DEFAULT '0'
|
station name
|
id
|
VARCHAR(36) DEFAULT ''
|
station ID
|
processid
|
VARCHAR(36) DEFAULT ''
|
process ID
|
originator
|
INTEGER DEFAULT '0'
|
component ID, see documentation
|
infectionrecvtime
|
NUMERIC(17) NOT NULL
|
time when the message on event is received, GMT
|
infectiontime
|
NUMERIC(17) DEFAULT '0'
|
event occurrence time on station, GMT
|
type1
|
NUMERIC(15) DEFAULT '0'
|
infection type, see documentation
|
type2
|
NUMERIC(15) DEFAULT '0'
|
infection type, see documentation
|
virus
|
INTEGER DEFAULT '0'
|
threat name
|
object
|
INTEGER DEFAULT '0'
|
infected object name
|
treatment
|
NUMERIC(15) DEFAULT '0'
|
action upon a detected object, see documentation
|
owner
|
INTEGER DEFAULT '0'
|
infected object owner
|
username
|
INTEGER DEFAULT '0'
|
user who launched the component
|
arrived
|
NUMERIC(17) NOT NULL
|
record creation
|
notified
|
INTEGER DEFAULT '0'
|
whether a message was sent (1 - yes, 0 - no)
|
sha1
|
INTEGER DEFAULT '0'
|
object SHA-1 hash, see cat_hash
|
sha256
|
INTEGER DEFAULT '0'
|
object SHA-256 hash, see cat_hash
|
hashdb
|
INTEGER DEFAULT '0'
|
bulletin with process hash, see cat_hashdb
|
Table indexes
Index name
|
Index type
|
Fields list
|
srv_infection_0001
|
simple table index
clustering index
|
infectionrecvtime
|
srv_infection_0002
|
simple table index
|
lid, osid
|
srv_infection_0003
|
simple table index
|
sha1
|
srv_infection_0004
|
simple table index
|
sha256
|
Table references
Field name
|
Direction
|
Referenced table field
|
hashdb
|
↔
|
cat_hashdb.id
|
lname
|
↔
|
cat_name_links.id
|
object
|
↔
|
cat_path.id
|
osid
|
←
|
srv_recvhistory.mid
|
owner
|
↔
|
cat_users.id
|
sha1
|
↔
|
cat_hash.id
|
sha256
|
↔
|
cat_hash.id
|
stationname
|
↔
|
cat_name_stations.id
|
username
|
↔
|
cat_users.id
|
virus
|
↔
|
cat_virus.id
|
srv_installation
Statistics on installations of the Agents on stations of neighbor Server.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection UUID
|
lname
|
INTEGER DEFAULT '0'
|
neighbor Server name
|
mid
|
VARCHAR(36) DEFAULT ''
|
message UUID
|
id
|
VARCHAR(36) DEFAULT ''
|
station temporary ID
|
station
|
INTEGER DEFAULT '0'
|
station name
|
seenfrom
|
TEXT DEFAULT ''
|
network address of the last connection
|
message
|
CLOB DEFAULT ''
|
failure message
|
event
|
INTEGER DEFAULT '0'
|
event type: Begin, Success, Failed, etc.
|
starttime
|
NUMERIC(17) NOT NULL
|
installation start time
|
endtime
|
NUMERIC(17) NOT NULL
|
installation finish time
|
arrived
|
NUMERIC(17) NOT NULL
|
record creation
|
Table indexes
Index name
|
Index type
|
Fields list
|
srv_installation_0001
|
simple table index
clustering index
|
starttime
|
srv_installation_0002
|
simple table index
|
lid, osid
|
Table references
Field name
|
Direction
|
Referenced table field
|
lname
|
↔
|
cat_name_links.id
|
osid
|
←
|
srv_recvhistory.mid
|
station
|
↔
|
cat_name_stations.id
|
srv_procerror
Statistics on scan errors on stations of neighbor Server.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection UUID
|
lname
|
INTEGER DEFAULT '0'
|
neighbor Server name
|
mid
|
VARCHAR(36) DEFAULT ''
|
message UUID
|
stationname
|
INTEGER DEFAULT '0'
|
station name
|
id
|
VARCHAR(36) DEFAULT ''
|
station ID
|
processid
|
VARCHAR(36) DEFAULT ''
|
process ID
|
originator
|
INTEGER DEFAULT '0'
|
component ID, see documentation
|
errrecvtime
|
NUMERIC(17) NOT NULL
|
time when the message on error is received, GMT
|
errtime
|
NUMERIC(17) DEFAULT '0'
|
error occurrence time on station, GMT
|
object
|
INTEGER DEFAULT '0'
|
infected object name
|
errcode
|
NUMERIC(15) DEFAULT '0'
|
error code, see documentation
|
owner
|
INTEGER DEFAULT '0'
|
infected object owner
|
username
|
INTEGER DEFAULT '0'
|
user who launched the component
|
arrived
|
NUMERIC(17) NOT NULL
|
record creation
|
sha1
|
INTEGER DEFAULT '0'
|
object SHA-1 hash: cat_hash
|
sha256
|
INTEGER DEFAULT '0'
|
object SHA-256 hash: cat_hash
|
hashdb
|
INTEGER DEFAULT '0'
|
bulletin with process hash: cat_hashdb
|
Table indexes
Index name
|
Index type
|
Fields list
|
srv_procerror_0001
|
simple table index
clustering index
|
errrecvtime
|
srv_procerror_0002
|
simple table index
|
lid, osid
|
srv_procerror_0003
|
simple table index
|
sha1
|
srv_procerror_0004
|
simple table index
|
sha256
|
Table references
Field name
|
Direction
|
Referenced table field
|
hashdb
|
↔
|
cat_hashdb.id
|
lname
|
↔
|
cat_name_links.id
|
object
|
↔
|
cat_path.id
|
osid
|
←
|
srv_recvhistory.mid
|
owner
|
↔
|
cat_users.id
|
sha1
|
↔
|
cat_hash.id
|
sha256
|
↔
|
cat_hash.id
|
stationname
|
↔
|
cat_name_stations.id
|
username
|
↔
|
cat_users.id
|
srv_recvhistory
Event log received from the neighbor Servers.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
mid
|
VARCHAR(36) NOT NULL
|
message UUID
|
arrived
|
NUMERIC(17) NOT NULL
|
record creation
|
Table indexes
Index name
|
Index type
|
Fields list
|
srv_recvhistory_pkey
|
table primary key
|
osid, mid
|
srv_run
Statistics on start and stop of anti-virus components operation on stations of neighbor Server.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection UUID
|
lname
|
INTEGER DEFAULT '0'
|
neighbor Server name
|
mid
|
VARCHAR(36) DEFAULT ''
|
message UUID
|
stationname
|
INTEGER DEFAULT '0'
|
station name
|
id
|
VARCHAR(36) NOT NULL
|
station ID
|
processid
|
VARCHAR(36) NOT NULL
|
process ID
|
originator
|
INTEGER NOT NULL
|
component ID, see documentation
|
engine
|
NUMERIC(15) DEFAULT '0'
|
engine version
|
viruses
|
NUMERIC(15) DEFAULT '0'
|
known viruses
|
rc
|
NUMERIC(15) DEFAULT '0'
|
return code
|
infections
|
NUMERIC(15) DEFAULT '0'
|
number of detected threats
|
errors
|
NUMERIC(15) DEFAULT '0'
|
number of occurred errors
|
username
|
INTEGER DEFAULT '0'
|
user who launched the component
|
beginrecvtime
|
NUMERIC(17) NOT NULL
|
time when the message on component start is received, GMT
|
begintime
|
NUMERIC(17) DEFAULT '0'
|
component start time on station, GMT
|
endrecvtime
|
NUMERIC(17) NOT NULL
|
time when the message on component stop is received, GMT
|
endtime
|
NUMERIC(17) DEFAULT '0'
|
component stop time on station, GMT
|
arrived
|
NUMERIC(17) NOT NULL
|
record creation
|
Table indexes
Index name
|
Index type
|
Fields list
|
srv_run_0001
|
simple table index
clustering index
|
beginrecvtime, lid, osid
|
srv_run_0002
|
simple table index
|
id, processid, originator, osid
|
Table references
Field name
|
Direction
|
Referenced table field
|
lname
|
↔
|
cat_name_links.id
|
osid
|
←
|
srv_recvhistory.mid
|
stationname
|
↔
|
cat_name_stations.id
|
username
|
↔
|
cat_users.id
|
srv_scanstat
Statistics of neighbor Server stations scans by anti-virus components.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection UUID
|
lname
|
INTEGER DEFAULT '0'
|
neighbor Server name
|
mid
|
VARCHAR(36) DEFAULT ''
|
message UUID
|
stationname
|
INTEGER DEFAULT '0'
|
station name
|
id
|
VARCHAR(36) NOT NULL
|
station ID
|
processid
|
VARCHAR(36) DEFAULT ''
|
process ID
|
originator
|
INTEGER DEFAULT '0'
|
component ID, see documentation
|
recievetime
|
NUMERIC(17) NOT NULL
|
time when the message on statistic is received, GMT
|
stationtime
|
NUMERIC(17) DEFAULT '0'
|
statistic getting time on station, GMT
|
scanned
|
NUMERIC(19) DEFAULT '0'
|
scanned objects
|
infected
|
NUMERIC(19) DEFAULT '0'
|
infected objects
|
modifications
|
NUMERIC(19) DEFAULT '0'
|
infected by modification
|
suspicious
|
NUMERIC(19) DEFAULT '0'
|
suspicious objects
|
cured
|
NUMERIC(19) DEFAULT '0'
|
cured objects
|
deleted
|
NUMERIC(19) DEFAULT '0'
|
deleted objects
|
renamed
|
NUMERIC(19) DEFAULT '0'
|
renamed objects
|
moved
|
NUMERIC(19) DEFAULT '0'
|
moved objects
|
locked
|
NUMERIC(19) DEFAULT '0'
|
locked objects
|
activities
|
NUMERIC(19) DEFAULT '0'
|
virus activities
|
errors
|
NUMERIC(19) DEFAULT '0'
|
scan errors
|
prcsize
|
NUMERIC(19) DEFAULT '0'
|
processed bytes
|
prctime
|
NUMERIC(19) DEFAULT '0'
|
processing time, seconds
|
arrived
|
NUMERIC(17) NOT NULL
|
record creation
|
username
|
INTEGER DEFAULT '0'
|
user who launched the component
|
Table indexes
Index name
|
Index type
|
Fields list
|
srv_scanstat_0001
|
simple table index
clustering index
|
recievetime
|
srv_scanstat_0002
|
simple table index
|
lid, osid
|
Table references
Field name
|
Direction
|
Referenced table field
|
lname
|
↔
|
cat_name_links.id
|
osid
|
←
|
srv_recvhistory.mid
|
stationname
|
↔
|
cat_name_stations.id
|
username
|
↔
|
cat_users.id
|
|