Class: MalwareScanInfo

The malware scan information object describes characteristics, metadata of a

malware scanning job.

 classDiagram
    class MalwareScanInfo
    click MalwareScanInfo href "../MalwareScanInfo/"
      Scan <|-- MalwareScanInfo
        click Scan href "../Scan/"

      MalwareScanInfo : end_time

      MalwareScanInfo : name

      MalwareScanInfo : num_files

      MalwareScanInfo : num_infected

      MalwareScanInfo : num_volumes

      MalwareScanInfo : size

      MalwareScanInfo : start_time

      MalwareScanInfo : type

      MalwareScanInfo : type_id





        MalwareScanInfo --> "1" ScanTypeIdEnum : type_id
        click ScanTypeIdEnum href "../ScanTypeIdEnum/"



      MalwareScanInfo : uid

      MalwareScanInfo : unique_malware_count

Inheritance

OcsfObject
- Object
  - Entity
    - Scan
      - MalwareScanInfo

Slots

Name	Cardinality and Range	Description	Inheritance
end_time	0..1 TimestampT	The timestamp indicating when the scan job completed execution	direct
num_files	0..1 Integer	The total number of files analyzed during the scan	direct
num_infected	0..1 Integer	The total number of files identified as infected with malware during the scan	direct
num_volumes	0..1 Integer	The total number of storage volumes examined during the malware scan	direct
size	0..1 Integer	The total size in bytes of all files that were scanned	direct
start_time	0..1 TimestampT	The timestamp indicating when the scan job began execution	direct
unique_malware_count	0..1 Integer	The number of unique malware detected across all infected files	direct
name	0..1 recommended String	The administrator-supplied or application-generated name of the scan	Scan, Entity
type	0..1 String	The type of scan	Scan
type_id	1 ScanTypeIdEnum	The type id of the scan	Scan
uid	0..1 recommended String	The application-defined unique identifier assigned to an instance of a scan	Scan, Entity

Usages

used by	used in	type	used
SecurityControlProfile	malware_scan_info	range	MalwareScanInfo
BaseEvent	malware_scan_info	range	MalwareScanInfo
ApplicationEvent	malware_scan_info	range	MalwareScanInfo
ApiActivity	malware_scan_info	range	MalwareScanInfo
ApplicationError	malware_scan_info	range	MalwareScanInfo
ApplicationLifecycle	malware_scan_info	range	MalwareScanInfo
DatastoreActivity	malware_scan_info	range	MalwareScanInfo
FileHosting	malware_scan_info	range	MalwareScanInfo
ScanActivity	malware_scan_info	range	MalwareScanInfo
WebResourceAccessActivity	malware_scan_info	range	MalwareScanInfo
WebResourcesActivity	malware_scan_info	range	MalwareScanInfo
DiscoveryEvent	malware_scan_info	range	MalwareScanInfo
AdminGroupQuery	malware_scan_info	range	MalwareScanInfo
CloudResourcesInventoryInfo	malware_scan_info	range	MalwareScanInfo
ConfigState	malware_scan_info	range	MalwareScanInfo
DeviceConfigStateChange	malware_scan_info	range	MalwareScanInfo
DiscoveryResult	malware_scan_info	range	MalwareScanInfo
EvidenceInfo	malware_scan_info	range	MalwareScanInfo
FileQuery	malware_scan_info	range	MalwareScanInfo
FolderQuery	malware_scan_info	range	MalwareScanInfo
InventoryInfo	malware_scan_info	range	MalwareScanInfo
JobQuery	malware_scan_info	range	MalwareScanInfo
KernelObjectQuery	malware_scan_info	range	MalwareScanInfo
ModuleQuery	malware_scan_info	range	MalwareScanInfo
NetworkConnectionQuery	malware_scan_info	range	MalwareScanInfo
NetworksQuery	malware_scan_info	range	MalwareScanInfo
OsintInventoryInfo	malware_scan_info	range	MalwareScanInfo
PatchState	malware_scan_info	range	MalwareScanInfo
PeripheralDeviceQuery	malware_scan_info	range	MalwareScanInfo
ProcessQuery	malware_scan_info	range	MalwareScanInfo
ServiceQuery	malware_scan_info	range	MalwareScanInfo
SessionQuery	malware_scan_info	range	MalwareScanInfo
SoftwareInfo	malware_scan_info	range	MalwareScanInfo
StartupItemQuery	malware_scan_info	range	MalwareScanInfo
UserInventory	malware_scan_info	range	MalwareScanInfo
UserQuery	malware_scan_info	range	MalwareScanInfo
ApplicationSecurityPostureFinding	malware_scan_info	range	MalwareScanInfo
ComplianceFinding	malware_scan_info	range	MalwareScanInfo
DataSecurityFinding	malware_scan_info	range	MalwareScanInfo
DetectionFinding	malware_scan_info	range	MalwareScanInfo
Finding	malware_scan_info	range	MalwareScanInfo
IamAnalysisFinding	malware_scan_info	range	MalwareScanInfo
IncidentFinding	malware_scan_info	range	MalwareScanInfo
SecurityFinding	malware_scan_info	range	MalwareScanInfo
VulnerabilityFinding	malware_scan_info	range	MalwareScanInfo
IamEvent	malware_scan_info	range	MalwareScanInfo
AccountChange	malware_scan_info	range	MalwareScanInfo
Authentication	malware_scan_info	range	MalwareScanInfo
AuthorizeSession	malware_scan_info	range	MalwareScanInfo
EntityManagement	malware_scan_info	range	MalwareScanInfo
GroupManagement	malware_scan_info	range	MalwareScanInfo
UserAccess	malware_scan_info	range	MalwareScanInfo
NetworkEvent	malware_scan_info	range	MalwareScanInfo
DhcpActivity	malware_scan_info	range	MalwareScanInfo
DnsActivity	malware_scan_info	range	MalwareScanInfo
EmailActivity	malware_scan_info	range	MalwareScanInfo
EmailFileActivity	malware_scan_info	range	MalwareScanInfo
EmailUrlActivity	malware_scan_info	range	MalwareScanInfo
FtpActivity	malware_scan_info	range	MalwareScanInfo
HttpActivity	malware_scan_info	range	MalwareScanInfo
NetworkActivity	malware_scan_info	range	MalwareScanInfo
NetworkFileActivity	malware_scan_info	range	MalwareScanInfo
NtpActivity	malware_scan_info	range	MalwareScanInfo
RdpActivity	malware_scan_info	range	MalwareScanInfo
SmbActivity	malware_scan_info	range	MalwareScanInfo
SshActivity	malware_scan_info	range	MalwareScanInfo
TunnelActivity	malware_scan_info	range	MalwareScanInfo
FileRemediationActivity	malware_scan_info	range	MalwareScanInfo
NetworkRemediationActivity	malware_scan_info	range	MalwareScanInfo
ProcessRemediationActivity	malware_scan_info	range	MalwareScanInfo
RemediationActivity	malware_scan_info	range	MalwareScanInfo
SystemEvent	malware_scan_info	range	MalwareScanInfo
EventLogActvity	malware_scan_info	range	MalwareScanInfo
FileActivity	malware_scan_info	range	MalwareScanInfo
KernelActivity	malware_scan_info	range	MalwareScanInfo
KernelExtensionActivity	malware_scan_info	range	MalwareScanInfo
MemoryActivity	malware_scan_info	range	MalwareScanInfo
ModuleActivity	malware_scan_info	range	MalwareScanInfo
PeripheralActivity	malware_scan_info	range	MalwareScanInfo
ProcessActivity	malware_scan_info	range	MalwareScanInfo
ScheduledJobActivity	malware_scan_info	range	MalwareScanInfo
ScriptActivity	malware_scan_info	range	MalwareScanInfo
UnmannedSystemsEvent	malware_scan_info	range	MalwareScanInfo
AirborneBroadcastActivity	malware_scan_info	range	MalwareScanInfo
DroneFlightsActivity	malware_scan_info	range	MalwareScanInfo
PrefetchQuery	malware_scan_info	range	MalwareScanInfo
RegistryKeyActivity	malware_scan_info	range	MalwareScanInfo
RegistryKeyQuery	malware_scan_info	range	MalwareScanInfo
RegistryValueActivity	malware_scan_info	range	MalwareScanInfo
RegistryValueQuery	malware_scan_info	range	MalwareScanInfo
WindowsResourceActivity	malware_scan_info	range	MalwareScanInfo
WindowsServiceActivity	malware_scan_info	range	MalwareScanInfo

In Subsets

objects_subset

Aliases

Malware Scan Info

Identifier and Mapping Information

Schema Source

from schema: https://w3id.org/lmodel/ocsf

Mappings

Mapping Type	Mapped Value
self	ocsf:MalwareScanInfo
native	ocsf:MalwareScanInfo

LinkML Source

Direct

name: MalwareScanInfo
description: 'The malware scan information object describes characteristics, metadata
  of a

  malware scanning job.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Malware Scan Info
is_a: Scan
slots:
- end_time
- num_files
- num_infected
- num_volumes
- size
- start_time
- unique_malware_count
slot_usage:
  end_time:
    name: end_time
    description: The timestamp indicating when the scan job completed execution.
  num_files:
    name: num_files
    description: The total number of files analyzed during the scan.
  num_infected:
    name: num_infected
    description: The total number of files identified as infected with malware during
      the scan.
  num_volumes:
    name: num_volumes
    description: The total number of storage volumes examined during the malware scan.
  size:
    name: size
    description: The total size in bytes of all files that were scanned.
  start_time:
    name: start_time
    description: The timestamp indicating when the scan job began execution.
  unique_malware_count:
    name: unique_malware_count
    description: The number of unique malware detected across all infected files.

Induced

name: MalwareScanInfo
description: 'The malware scan information object describes characteristics, metadata
  of a

  malware scanning job.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Malware Scan Info
is_a: Scan
slot_usage:
  end_time:
    name: end_time
    description: The timestamp indicating when the scan job completed execution.
  num_files:
    name: num_files
    description: The total number of files analyzed during the scan.
  num_infected:
    name: num_infected
    description: The total number of files identified as infected with malware during
      the scan.
  num_volumes:
    name: num_volumes
    description: The total number of storage volumes examined during the malware scan.
  size:
    name: size
    description: The total size in bytes of all files that were scanned.
  start_time:
    name: start_time
    description: The timestamp indicating when the scan job began execution.
  unique_malware_count:
    name: unique_malware_count
    description: The number of unique malware detected across all infected files.
attributes:
  end_time:
    name: end_time
    description: The timestamp indicating when the scan job completed execution.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - End Time
    rank: 1000
    alias: end_time
    owner: MalwareScanInfo
    domain_of:
    - Span
    - Timespan
    - Trace
    - NetworkTraffic
    - UnmannedSystemOperatingArea
    - MalwareScanInfo
    - BaseEvent
    - ScanActivity
    - Finding
    - IncidentFinding
    range: TimestampT
  num_files:
    name: num_files
    description: The total number of files analyzed during the scan.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Scanned Files
    rank: 1000
    alias: num_files
    owner: MalwareScanInfo
    domain_of:
    - MalwareScanInfo
    - ScanActivity
    range: integer
  num_infected:
    name: num_infected
    description: The total number of files identified as infected with malware during
      the scan.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Number of Infected Entities
    rank: 1000
    alias: num_infected
    owner: MalwareScanInfo
    domain_of:
    - Malware
    - MalwareScanInfo
    range: integer
  num_volumes:
    name: num_volumes
    description: The total number of storage volumes examined during the malware scan.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Number of Volumes
    rank: 1000
    alias: num_volumes
    owner: MalwareScanInfo
    domain_of:
    - MalwareScanInfo
    range: integer
  size:
    name: size
    description: The total size in bytes of all files that were scanned.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Size
    rank: 1000
    alias: size
    owner: MalwareScanInfo
    domain_of:
    - Advisory
    - Container
    - DataClassification
    - Database
    - Databucket
    - Email
    - File
    - KbArticle
    - Table
    - MalwareScanInfo
    - MemoryActivity
    range: integer
  start_time:
    name: start_time
    description: The timestamp indicating when the scan job began execution.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Start Time
    rank: 1000
    alias: start_time
    owner: MalwareScanInfo
    domain_of:
    - Span
    - Timespan
    - Trace
    - NetworkTraffic
    - UnmannedSystemOperatingArea
    - MalwareScanInfo
    - BaseEvent
    - ScanActivity
    - Finding
    - IncidentFinding
    range: TimestampT
  unique_malware_count:
    name: unique_malware_count
    description: The number of unique malware detected across all infected files.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Unique Malware Count
    rank: 1000
    alias: unique_malware_count
    owner: MalwareScanInfo
    domain_of:
    - MalwareScanInfo
    range: integer
  name:
    name: name
    description: 'The administrator-supplied or application-generated name of the
      scan. For

      example: "Home office weekly user database scan", "Scan folders for viruses",

      "Full system virus scan"'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Name
    rank: 1000
    alias: name
    owner: MalwareScanInfo
    domain_of:
    - AnalysisTarget
    - Observable
    - Os
    - Osint
    - Package
    - Parameter
    - PrivilegeInfo
    - San
    - Scim
    - Script
    - ServicePrivilegeAnalysis
    - SoftwareComponent
    - Sso
    - StartupItem
    - ThreatActor
    - Token
    - Entity
    - Resource
    - Account
    - Agent
    - AiModel
    - Aircraft
    - Analytic
    - ApplicationObject
    - Assessment
    - AutonomousSystem
    - Campaign
    - Check
    - CisBenchmark
    - CisBenchmarkResult
    - CisControl
    - ClassifierDetails
    - Container
    - D3fTactic
    - D3fTechnique
    - Database
    - Databucket
    - DomainContact
    - Edge
    - Endpoint
    - Enrichment
    - EnvironmentVariable
    - Evidences
    - Extension
    - Feature
    - File
    - Graph
    - Group
    - HttpCookie
    - HttpHeader
    - Idp
    - Image
    - Job
    - Kernel
    - KeyValueObject
    - LoadBalancer
    - Logger
    - Malware
    - ManagedEntity
    - MessageContext
    - Metric
    - Mitigation
    - NetworkInterface
    - Node
    - Organization
    - PeripheralDevice
    - Policy
    - ProcessEntity
    - Product
    - QueryInfo
    - Reporter
    - ResourceDetails
    - Rule
    - Scan
    - Service
    - SubTechnique
    - Table
    - Tactic
    - Technique
    - Trait
    - TransformationInfo
    - UnmannedAerialSystem
    - User
    - WebResource
    - Device
    - FtpActivity
    - RegValue
    - WinResource
    - WinService
    - PrefetchQuery
    range: string
    recommended: true
  type:
    name: type
    description: The type of scan.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Type
    rank: 1000
    alias: type
    owner: MalwareScanInfo
    domain_of:
    - AnalysisTarget
    - Observable
    - Os
    - Osint
    - Package
    - PrivilegeInfo
    - ProgrammaticCredential
    - RelatedEvent
    - San
    - Sbom
    - Script
    - SoftwareComponent
    - StartupItem
    - ThreatActor
    - Ticket
    - Timespan
    - TlsExtension
    - Token
    - Dns
    - Resource
    - Account
    - Agent
    - Analytic
    - ApplicationObject
    - AuthenticationToken
    - ClassifierDetails
    - Cve
    - Database
    - Databucket
    - DiscoveryDetails
    - DnsAnswer
    - DomainContact
    - EncryptionDetails
    - Endpoint
    - Enrichment
    - File
    - Graph
    - Group
    - Ja4Fingerprint
    - Kernel
    - ManagedEntity
    - Metadata
    - Module
    - NetworkEndpoint
    - NetworkInterface
    - Node
    - PeripheralDevice
    - Policy
    - Rule
    - Scan
    - Trait
    - UnmannedAerialSystem
    - UnmannedSystemOperatingArea
    - User
    - WebResource
    - Device
    - DatastoreActivity
    - FtpActivity
    - RegValue
    - WinResource
    range: string
  type_id:
    name: type_id
    annotations:
      sibling:
        tag: sibling
        value: type
    description: The type id of the scan.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Type ID
    rank: 1000
    alias: type_id
    owner: MalwareScanInfo
    domain_of:
    - Observable
    - Os
    - Osint
    - Package
    - PrivilegeInfo
    - Sbom
    - Script
    - SoftwareComponent
    - StartupItem
    - ThreatActor
    - Ticket
    - Timespan
    - TlsExtension
    - Token
    - Account
    - Agent
    - Analytic
    - AuthenticationToken
    - Database
    - Databucket
    - DomainContact
    - Endpoint
    - File
    - Ja4Fingerprint
    - Kernel
    - ManagedEntity
    - NetworkEndpoint
    - NetworkInterface
    - PeripheralDevice
    - Scan
    - UnmannedAerialSystem
    - UnmannedSystemOperatingArea
    - User
    - Device
    - DatastoreActivity
    - RegValue
    - WinResource
    range: ScanTypeIdEnum
    required: true
  uid:
    name: uid
    description: The application-defined unique identifier assigned to an instance
      of a scan.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Unique ID
    rank: 1000
    alias: uid
    owner: MalwareScanInfo
    domain_of:
    - Osint
    - Package
    - ProgrammaticCredential
    - RelatedEvent
    - Request
    - Sbom
    - Scim
    - Script
    - Session
    - Span
    - Sso
    - Ticket
    - Token
    - Trace
    - Entity
    - Resource
    - Account
    - Advisory
    - Agent
    - AiModel
    - Aircraft
    - Analytic
    - ApplicationObject
    - Assessment
    - Certificate
    - Check
    - ClassifierDetails
    - Container
    - Cve
    - Cwe
    - D3fTactic
    - D3fTechnique
    - DataClassification
    - Database
    - Databucket
    - DomainContact
    - Edge
    - Email
    - Endpoint
    - Evidences
    - Extension
    - Feature
    - File
    - FindingObject
    - FindingInfo
    - Graph
    - Group
    - HttpRequest
    - Idp
    - Image
    - KbArticle
    - LoadBalancer
    - Logger
    - Malware
    - ManagedEntity
    - MessageContext
    - Metadata
    - Mitigation
    - NetworkConnectionInfo
    - NetworkEndpoint
    - NetworkInterface
    - Node
    - Organization
    - PeripheralDevice
    - Policy
    - ProcessEntity
    - Product
    - QueryInfo
    - Reporter
    - Rule
    - Scan
    - Service
    - SubTechnique
    - Table
    - Tactic
    - Technique
    - Trait
    - TransformationInfo
    - UnmannedAerialSystem
    - User
    - WebResource
    - Device
    - WinResource
    range: string
    recommended: true