Stations Events

quarantine_actions

Actions on objects moved to quarantine on stations.

Table fields

Field name

Field type

Description

opid

VARCHAR(36) NOT NULL

operation UUID

id

VARCHAR(36) DEFAULT ''

station ID

object

VARCHAR(128) DEFAULT ''

file name in quarantine

qtime

NUMERIC(17) DEFAULT '0'

time of the adding file

opname

VARCHAR(64) DEFAULT ''

name of the operation

opresult

VARCHAR(64) DEFAULT ''

result of the operation

created

NUMERIC(17) DEFAULT '0'

record creation time

Table indexes

Index name

Index type

Fields list

quarantine_actions_0001

simple table index

opid

station_appctl_event

Statistics on Application Control events on stations.

Table fields

Field name

Field type

Description

id

VARCHAR(36) NOT NULL

station ID

sid

INTEGER NOT NULL

user SID

username

INTEGER NOT NULL

user name

type

INTEGER NOT NULL

event type (app_control_event_type_t)

act

INTEGER NOT NULL

applied action (app_control_event_result_t)

policy_type

INTEGER NOT NULL

functional analysis criterion

policy_mask

NUMERIC(19) NOT NULL

functional analysis mask

profile_id

VARCHAR(36) DEFAULT ''

profile UUID

profile_name

INTEGER NOT NULL

profile name

rule_id

VARCHAR(36) DEFAULT ''

rule UUID

rule_name

INTEGER NOT NULL

rule name

test_mode

INTEGER NOT NULL

whether event occurred in test mode

process_path

INTEGER NOT NULL

process file path

process

INTEGER NOT NULL

process information

process_hashdb

INTEGER DEFAULT '0'

bulletin with process hash, see cat_hashdb

object_path

INTEGER NOT NULL

script file path

object

INTEGER NOT NULL

script file information

object_hashdb

INTEGER DEFAULT '0'

bulletin with script hash, see cat_hashdb

eventtime

NUMERIC(17) DEFAULT '0'

event occurrence time, GMT

recvtime

NUMERIC(17) DEFAULT '0'

time when the message on event is received, GMT

notified

INTEGER DEFAULT '0'

whether a message was sent (1—yes, 0—no)

pid

INTEGER NOT NULL

process ID

ppid

INTEGER NOT NULL

parent process ID

Table indexes

Index name

Index type

Fields list

station_appctl_event_0001

simple table index

clustering index

recvtime

station_appctl_event_0002

simple table index

id

Table references

Field name

Direction

Referenced table field

id

stations.id

object

appctl_event_file.id

object_hashdb

cat_hashdb.id

object_path

cat_path.id

process

appctl_event_file.id

process_hashdb

cat_hashdb.id

process_path

cat_path.id

profile_name

cat_profile_name.id

rule_name

cat_rule_name.id

sid

cat_sid.id

username

cat_users.id

station_blocked_device

Statistics on blocked stations.

Table fields

Field name

Field type

Description

id

VARCHAR(36) NOT NULL

station ID

name

INTEGER DEFAULT '0'

station name

address

TEXT DEFAULT ''

station address

username

INTEGER DEFAULT '0'

run by user

instance

INTEGER DEFAULT '0'

device instance ID

friendly_name

INTEGER DEFAULT '0'

device friendly name

description

INTEGER DEFAULT '0'

device description

class

INTEGER DEFAULT '0'

device class—group GUID

blocktime

NUMERIC(17) NOT NULL

station local timestamp, GMT

blockrecvtime

NUMERIC(17) NOT NULL

receive time, GMT

Table indexes

Index name

Index type

Fields list

station_blocked_0001

simple table index

clustering index

blockrecvtime

station_blocked_0002

simple table index

id

Table references

Field name

Direction

Referenced table field

class

cat_device_class.id

description

cat_device_descr.id

friendly_name

cat_dev_friendly_name.id

id

stations.id

instance

cat_device_instance.id

name

cat_name_stations.id

username

cat_users.id

station_deinstallation

Statistics on uninstallations of the Agents on stations.

Table fields

Field name

Field type

Description

id

VARCHAR(36) NOT NULL

station ID

station

INTEGER DEFAULT '0'

station name

seenfrom

TEXT DEFAULT ''

network address of the last connection

message

CLOB DEFAULT ''

completion message

createtime

NUMERIC(17) NOT NULL

record creation time

Table indexes

Index name

Index type

Fields list

station_deinstallation_0001

simple table index

clustering index

id, createtime

Table references

Field name

Direction

Referenced table field

id

stations.id

station

cat_name_stations.id

station_geotracks

The lists of station geographic locations.

Table fields

Field name

Field type

Description

id

VARCHAR(36) NOT NULL

station ID

tid

VARCHAR(36) NOT NULL

track UUID

sid

VARCHAR(36)

server ID: set while processing

source

INTEGER NOT NULL

geo source class, see geo-source .h/.ds

item

INTEGER NOT NULL

track sequence number

attribute

VARCHAR(64) DEFAULT ''

attribute ID

value

VARCHAR(100) DEFAULT ''

attribute value as a string

modtime

NUMERIC(17) NOT NULL

last modification timestamp

Table indexes

Index name

Index type

Fields list

station_geotracks_0003

simple table index

id

station_geotracks_0004

simple table index

sid

Table references

Field name

Direction

Referenced table field

id

stations.id

station_hips_event

Statistics on events detected on stations by the Preventive protection component.

Table fields

Field name

Field type

Description

id

VARCHAR(36) NOT NULL

station ID

pid

NUMERIC(12) DEFAULT '4'

process ID

ppath

INTEGER DEFAULT '0'

process path, see cat_path

htype

INTEGER DEFAULT '0'

protected object

tpath

INTEGER DEFAULT '0'

protected object path, see cat_path

stype

INTEGER DEFAULT '0'

reason of execution of unauthorized code blocking

denied

INTEGER DEFAULT '0'

action on a suspicious process: 1—denied, 0—allowed

isuser

INTEGER DEFAULT '0'

initiator of the action on a suspicious process: 1—user , 0—automatic reaction

ecount

INTEGER DEFAULT '0'

number of denials in case of automatic reaction

euser

INTEGER DEFAULT '0'

initiator of a process, see cat_users

auser

INTEGER DEFAULT '0'

initiator of an action to a process (if isuser = 1), see cat_users

eventtime

NUMERIC(17) DEFAULT '0'

event occurrence time, GMT

recvtime

NUMERIC(17) DEFAULT '0'

time when the message on event is received, GMT

notified

INTEGER DEFAULT '0'

whether a message was sent (1—yes, 0—no)

sha1

INTEGER DEFAULT '0'

process file SHA-1 hash: cat_hash

sha256

INTEGER DEFAULT '0'

process file SHA-256 hash: cat_hash

hashdb

INTEGER DEFAULT '0'

bulletin with process hash: cat_hashdb

Table indexes

Index name

Index type

Fields list

station_hips_event_0001

simple table index

id

station_hips_event_0002

simple table index

clustering index

recvtime

station_hips_event_0003

simple table index

sha1

station_hips_event_0004

simple table index

sha256

Table references

Field name

Direction

Referenced table field

auser

cat_users.id

euser

cat_users.id

hashdb

cat_hashdb.id

id

stations.id

ppath

cat_path.id

sha1

cat_hash.id

sha256

cat_hash.id

tpath

cat_path.id

station_infection

Statistics on threats detected on stations.

Table fields

Field name

Field type

Description

id

VARCHAR(36) NOT NULL

station ID

processid

VARCHAR(36) NOT NULL

process ID

originator

INTEGER NOT NULL

component ID

infectionrecvtime

NUMERIC(17) NOT NULL

time when the message on event is received, GMT

infectiontime

NUMERIC(17) NOT NULL

event occurrence time, GMT

type1

NUMERIC(15) DEFAULT '0'

infection type

type2

NUMERIC(15) DEFAULT '0'

infection type

virus

INTEGER DEFAULT '0'

threat name

object

INTEGER DEFAULT '0'

infected object name

treatment

NUMERIC(15) DEFAULT '0'

action upon a detected object

owner

INTEGER DEFAULT '0'

infected object owner

username

INTEGER DEFAULT '0'

user who launched the component

station

INTEGER DEFAULT '0'

station name

address

TEXT DEFAULT ''

station address

group_id

VARCHAR(36) DEFAULT ''

group ID

group_name

INTEGER DEFAULT '0'

group name

login_time

NUMERIC(17) DEFAULT '0'

time when station connected to the Server

notified

INTEGER DEFAULT '0'

whether a message was sent (1—yes, 0—no)

st_descr

INTEGER DEFAULT '0'

station description

st_mac

INTEGER DEFAULT '0'

station MAC

st_uid

INTEGER DEFAULT '0'

station SID

st_ldapdn

INTEGER DEFAULT '0'

station LDAP DN

sha1

INTEGER DEFAULT '0'

object SHA-1 hash: cat_hash

sha256

INTEGER DEFAULT '0'

object SHA-256 hash: cat_hash

hashdb

INTEGER DEFAULT '0'

bulletin with process hash: cat_hashdb

Table indexes

Index name

Index type

Fields list

station_infection_0001

simple table index

clustering index

infectionrecvtime

station_infection_0002

simple table index

id, processid, originator

station_infection_0003

simple table index

sha1

station_infection_0004

simple table index

sha256

Table references

Field name

Direction

Referenced table field

group_name

cat_name_groups.id

hashdb

cat_hashdb.id

id

stations.id

object

cat_path.id

owner

cat_users.id

sha1

cat_hash.id

sha256

cat_hash.id

st_descr

cat_descr.id

st_ldapdn

cat_ldapdn.id

st_mac

cat_mac.id

st_uid

cat_sid.id

station

cat_name_stations.id

username

cat_users.id

virus

cat_virus.id

station_installation

Statistics on installations of the Agents on stations.

Table fields

Field name

Field type

Description

id

VARCHAR(36) NOT NULL

station temporary ID

station

INTEGER DEFAULT '0'

station name

seenfrom

TEXT DEFAULT ''

network address of the last connection

message

CLOB DEFAULT ''

failure message

event

INTEGER DEFAULT '0'

event type: Begin, Success, Failed, etc.

starttime

NUMERIC(17) NOT NULL

installation start time

endtime

NUMERIC(17) DEFAULT '0'

installation finish time

sessionid

VARCHAR(36) DEFAULT '' NOT NULL

session ID

Table indexes

Index name

Index type

Fields list

station_installation_0001

simple table index

clustering index

id

station_installation_0002

simple table index

sessionid

Table references

Field name

Direction

Referenced table field

id

stations.id

station

cat_name_stations.id

station_jobslog

Log of tasks execution on stations.

Table fields

Field name

Field type

Description

id

VARCHAR(36) NOT NULL

record originator (station ID)

name

INTEGER DEFAULT '0'

job name, reference to `cat_job`

done

INTEGER DEFAULT '0'

completion status: 0 if failed, != 0 if OK

completed

NUMERIC(17) NOT NULL

completion time

error

INTEGER DEFAULT '0'

error message

Table indexes

Index name

Index type

Fields list

station_jobslog_0001

simple table index

clustering index

completed, id

Table references

Field name

Direction

Referenced table field

error

cat_job_stn.id

id

stations.id

name

cat_job.id

station_procerror

Statistics on scan errors on stations.

Table fields

Field name

Field type

Description

id

VARCHAR(36) NOT NULL

station ID

processid

VARCHAR(36) NOT NULL

process ID

originator

INTEGER NOT NULL

component ID

errrecvtime

NUMERIC(17) NOT NULL

receive time, GMT

errtime

NUMERIC(17) DEFAULT '0'

error occurrence time on station, GMT

object

INTEGER DEFAULT '0'

infected object name

errcode

NUMERIC(15) DEFAULT '0'

error code

owner

INTEGER DEFAULT '0'

infected object owner

username

INTEGER DEFAULT '0'

user who launched the component

sha1

INTEGER DEFAULT '0'

object SHA-1 hash: cat_hash

sha256

INTEGER DEFAULT '0'

object SHA-256 hash: cat_hash

hashdb

INTEGER DEFAULT '0'

bulletin with process hash: cat_hashdb

Table indexes

Index name

Index type

Fields list

station_procerror_0001

simple table index

clustering index

errrecvtime

station_procerror_0002

simple table index

id, processid, originator

station_procerror_0003

simple table index

sha1

station_procerror_0004

simple table index

sha256

Table references

Field name

Direction

Referenced table field

hashdb

cat_hashdb.id

id

stations.id

object

cat_path.id

owner

cat_users.id

sha1

cat_hash.id

sha256

cat_hash.id

username

cat_users.id

station_run

Statistics on start and stop of anti-virus components operation on stations.

Table fields

Field name

Field type

Description

id

VARCHAR(36) NOT NULL

station ID

processid

VARCHAR(36) NOT NULL

process ID

originator

INTEGER NOT NULL

component ID

engine

NUMERIC(15) DEFAULT '0'

engine version

viruses

NUMERIC(15) DEFAULT '0'

known viruses

rc

NUMERIC(15) DEFAULT '0'

return code

infections

NUMERIC(15) DEFAULT '0'

number of detected threats

errors

NUMERIC(15) DEFAULT '0'

number of occurred errors

username

INTEGER DEFAULT '0'

user who launched the component

beginrecvtime

NUMERIC(17) NOT NULL

time when the message on component start is received, GMT

begintime

NUMERIC(17) DEFAULT '0'

component start time on station, GMT

endrecvtime

NUMERIC(17) NOT NULL

time when the message on component stop is received, GMT

endtime

NUMERIC(17) DEFAULT '0'

component stop time on station, GMT

Table indexes

Index name

Index type

Fields list

station_run_0001

simple table index

beginrecvtime

station_run_0002

simple table index

endrecvtime

station_run_0003

simple table index

clustering index

id, processid, originator

Table references

Field name

Direction

Referenced table field

id

stations.id

username

cat_users.id

station_scanstat

Statistics of stations scans by anti-virus components.

Table fields

Field name

Field type

Description

id

VARCHAR(36) NOT NULL

station ID

processid

VARCHAR(36) DEFAULT ''

process ID

originator

INTEGER DEFAULT '0'

component ID

recievetime

NUMERIC(17) NOT NULL

time when the message on statistic is received, GMT

stationtime

NUMERIC(17) DEFAULT '0'

statistic getting time on station, GMT

scanned

NUMERIC(19) DEFAULT '0'

scanned objects

infected

NUMERIC(19) DEFAULT '0'

infected objects

modifications

NUMERIC(19) DEFAULT '0'

infected by modification

suspicious

NUMERIC(19) DEFAULT '0'

suspicious objects

cured

NUMERIC(19) DEFAULT '0'

cured objects

deleted

NUMERIC(19) DEFAULT '0'

deleted objects

renamed

NUMERIC(19) DEFAULT '0'

renamed objects

moved

NUMERIC(19) DEFAULT '0'

moved objects

locked

NUMERIC(19) DEFAULT '0'

locked objects

activities

NUMERIC(19) DEFAULT '0'

virus activities

errors

NUMERIC(19) DEFAULT '0'

scan errors

prcsize

NUMERIC(19) DEFAULT '0'

processed bytes

prctime

NUMERIC(19) DEFAULT '0'

processing time, seconds

username

TEXT DEFAULT ''

user who launched the component

Table indexes

Index name

Index type

Fields list

station_scanstat_0004

simple table index

recievetime

station_scanstat_0005

simple table index

clustering index

id, recievetime

Table references

Field name

Direction

Referenced table field

id

stations.id