|
quarantine_actions
Actions on objects moved to quarantine on stations.
Table fields
Field name
|
Field type
|
Description
|
opid
|
VARCHAR(36) NOT NULL
|
operation UUID
|
id
|
VARCHAR(36) DEFAULT ''
|
station ID
|
object
|
VARCHAR(128) DEFAULT ''
|
quarantined file name
|
qtime
|
NUMERIC(17) DEFAULT '0'
|
time of adding file
|
opname
|
VARCHAR(64) DEFAULT ''
|
operation name
|
opresult
|
VARCHAR(64) DEFAULT ''
|
operation result
|
created
|
NUMERIC(17) DEFAULT '0'
|
record creation time
|
Table indexes
Index name
|
Index type
|
Fields
|
quarantine_actions_0001
|
simple table index
|
opid
|
station_appctl_event
Statistics on Application Control events on stations.
Table fields
Field name
|
Field type
|
Description
|
id
|
VARCHAR(36) NOT NULL
|
station ID
|
sid
|
INTEGER NOT NULL
|
user SID
|
username
|
INTEGER NOT NULL
|
user name
|
type
|
INTEGER NOT NULL
|
event type
|
act
|
INTEGER NOT NULL
|
applied action
|
policy_type
|
INTEGER NOT NULL
|
functional analysis criterion
|
policy_mask
|
NUMERIC(19) NOT NULL
|
functional analysis mask
|
profile_id
|
VARCHAR(36) DEFAULT ''
|
profile UUID
|
profile_name
|
INTEGER NOT NULL
|
profile name
|
rule_id
|
VARCHAR(36) DEFAULT ''
|
rule UUID
|
rule_name
|
INTEGER NOT NULL
|
rule name
|
test_mode
|
INTEGER NOT NULL
|
whether event occurred in test mode
|
process_path
|
INTEGER NOT NULL
|
process file path
|
process
|
INTEGER NOT NULL
|
process information
|
process_hashdb
|
INTEGER DEFAULT '0'
|
bulletin with process hash, see table cat_hashdb
|
object_path
|
INTEGER NOT NULL
|
script file path
|
object
|
INTEGER NOT NULL
|
script file information
|
object_hashdb
|
INTEGER DEFAULT '0'
|
bulletin with script hash, see table cat_hashdb
|
eventtime
|
NUMERIC(17) DEFAULT '0'
|
event occurrence time, GMT
|
recvtime
|
NUMERIC(17) DEFAULT '0'
|
time when the message on event was received, GMT
|
notified
|
INTEGER DEFAULT '0'
|
whether a message was sent (1—yes, 0—no)
|
pid
|
INTEGER NOT NULL
|
process ID
|
ppid
|
INTEGER NOT NULL
|
parent process ID
|
Table indexes
Index name
|
Index type
|
Fields
|
station_appctl_event_0001
|
simple table index
clustering index
|
recvtime
|
station_appctl_event_0002
|
simple table index
|
id
|
Table references
Field name
|
Direction
|
Referenced table field
|
id
|
→
|
stations.id
|
object
|
↔
|
appctl_event_file.id
|
object_hashdb
|
↔
|
cat_hashdb.id
|
object_path
|
↔
|
cat_path.id
|
process
|
↔
|
appctl_event_file.id
|
process_hashdb
|
↔
|
cat_hashdb.id
|
process_path
|
↔
|
cat_path.id
|
profile_name
|
↔
|
cat_profile_name.id
|
rule_name
|
↔
|
cat_rule_name.id
|
sid
|
↔
|
cat_sid.id
|
username
|
↔
|
cat_users.id
|
station_blocked_device
Statistics on blocked devices on stations.
Table fields
Field name
|
Field type
|
Description
|
id
|
VARCHAR(36) NOT NULL
|
station ID
|
name
|
INTEGER DEFAULT '0'
|
station name
|
address
|
TEXT DEFAULT ''
|
station address
|
username
|
INTEGER DEFAULT '0'
|
run by user
|
instance
|
INTEGER DEFAULT '0'
|
device instance ID
|
friendly_name
|
INTEGER DEFAULT '0'
|
device friendly name
|
description
|
INTEGER DEFAULT '0'
|
device description
|
class
|
INTEGER DEFAULT '0'
|
device class—group GUID
|
blocktime
|
NUMERIC(17) NOT NULL
|
station local timestamp, GMT
|
blockrecvtime
|
NUMERIC(17) NOT NULL
|
receive time, GMT
|
Table indexes
Index name
|
Index type
|
Fields
|
station_blocked_0001
|
simple table index
clustering index
|
blockrecvtime
|
station_blocked_0002
|
simple table index
|
id
|
Table references
Field name
|
Direction
|
Referenced table field
|
class
|
↔
|
cat_device_class.id
|
description
|
↔
|
cat_device_descr.id
|
friendly_name
|
↔
|
cat_dev_friendly_name.id
|
id
|
→
|
stations.id
|
instance
|
↔
|
cat_device_instance.id
|
name
|
↔
|
cat_name_stations.id
|
username
|
↔
|
cat_users.id
|
station_deinstallation
Statistics on uninstallations of Dr.Web Agents on stations.
Table fields
Field name
|
Field type
|
Description
|
id
|
VARCHAR(36) NOT NULL
|
station ID
|
station
|
INTEGER DEFAULT '0'
|
station name
|
seenfrom
|
TEXT DEFAULT ''
|
network address of the last connection
|
message
|
CLOB DEFAULT ''
|
completion message
|
createtime
|
NUMERIC(17) NOT NULL
|
record creation time
|
Table indexes
Index name
|
Index type
|
Fields
|
station_deinstallation_0001
|
simple table index
clustering index
|
id, createtime
|
Table references
Field name
|
Direction
|
Referenced table field
|
id
|
→
|
stations.id
|
station
|
↔
|
cat_name_stations.id
|
station_geotracks
The lists of station geographic locations.
Table fields
Field name
|
Field type
|
Description
|
id
|
VARCHAR(36) NOT NULL
|
station ID
|
tid
|
VARCHAR(36) NOT NULL
|
track UUID
|
sid
|
VARCHAR(36)
|
server ID: set while processing
|
source
|
INTEGER NOT NULL
|
geo source class, see module geo-source
|
item
|
INTEGER NOT NULL
|
track sequence number
|
attribute
|
VARCHAR(64) DEFAULT ''
|
attribute ID
|
value
|
VARCHAR(100) DEFAULT ''
|
attribute value as a string
|
modtime
|
NUMERIC(17) NOT NULL
|
last modification timestamp
|
Table indexes
Index name
|
Index type
|
Fields
|
station_geotracks_0003
|
simple table index
|
id
|
station_geotracks_0004
|
simple table index
|
sid
|
Table references
Field name
|
Direction
|
Referenced table field
|
id
|
→
|
stations.id
|
station_hips_event
Statistics on events detected on stations by the Preventive protection component.
Table fields
Field name
|
Field type
|
Description
|
id
|
VARCHAR(36) NOT NULL
|
station ID
|
pid
|
NUMERIC(12) DEFAULT '4'
|
process ID
|
ppath
|
INTEGER DEFAULT '0'
|
process path, see table cat_path
|
htype
|
INTEGER DEFAULT '0'
|
protected object
|
tpath
|
INTEGER DEFAULT '0'
|
protected object path, see table cat_path
|
stype
|
INTEGER DEFAULT '0'
|
reason of execution of unauthorized code blocking
|
denied
|
INTEGER DEFAULT '0'
|
action applied to the suspicious process: 1—denied, 0—allowed
|
isuser
|
INTEGER DEFAULT '0'
|
initiator of the action applied to the suspicious process: 1—user, 0—automatic reaction
|
ecount
|
INTEGER DEFAULT '0'
|
number of denials in case of automatic reaction
|
euser
|
INTEGER DEFAULT '0'
|
process initiator, see table cat_users
|
auser
|
INTEGER DEFAULT '0'
|
initiator of the action applied to the process (if isuser = 1), see table cat_users
|
eventtime
|
NUMERIC(17) DEFAULT '0'
|
event occurrence time, GMT
|
recvtime
|
NUMERIC(17) DEFAULT '0'
|
time when the message on event was received, GMT
|
notified
|
INTEGER DEFAULT '0'
|
whether a message was sent (1—yes, 0—no)
|
sha1
|
INTEGER DEFAULT '0'
|
process file SHA-1 hash, see table cat_hash
|
sha256
|
INTEGER DEFAULT '0'
|
process file SHA-256 hash, see table cat_hash
|
hashdb
|
INTEGER DEFAULT '0'
|
bulletin with process hash, see table cat_hashdb
|
Table indexes
Index name
|
Index type
|
Fields
|
station_hips_event_0001
|
simple table index
|
id
|
station_hips_event_0002
|
simple table index
clustering index
|
recvtime
|
station_hips_event_0003
|
simple table index
|
sha1
|
station_hips_event_0004
|
simple table index
|
sha256
|
Table references
Field name
|
Direction
|
Referenced table field
|
auser
|
↔
|
cat_users.id
|
euser
|
↔
|
cat_users.id
|
hashdb
|
↔
|
cat_hashdb.id
|
id
|
→
|
stations.id
|
ppath
|
↔
|
cat_path.id
|
sha1
|
↔
|
cat_hash.id
|
sha256
|
↔
|
cat_hash.id
|
tpath
|
↔
|
cat_path.id
|
station_infection
Statistics on threats detected on stations.
Table fields
Field name
|
Field type
|
Description
|
id
|
VARCHAR(36) NOT NULL
|
station ID
|
processid
|
VARCHAR(36) NOT NULL
|
process ID
|
originator
|
INTEGER NOT NULL
|
component ID
|
infectionrecvtime
|
NUMERIC(17) NOT NULL
|
time when the message on event was received, GMT
|
infectiontime
|
NUMERIC(17) NOT NULL
|
event occurrence time, GMT
|
type1
|
NUMERIC(15) DEFAULT '0'
|
object type
|
type2
|
NUMERIC(15) DEFAULT '0'
|
infection type
|
virus
|
INTEGER DEFAULT '0'
|
threat name
|
object
|
INTEGER DEFAULT '0'
|
infected object name
|
treatment
|
NUMERIC(15) DEFAULT '0'
|
action upon a detected object
|
owner
|
INTEGER DEFAULT '0'
|
object owner
|
username
|
INTEGER DEFAULT '0'
|
user who launched the component
|
station
|
INTEGER DEFAULT '0'
|
station name
|
address
|
TEXT DEFAULT ''
|
station address
|
group_id
|
VARCHAR(36) DEFAULT ''
|
group ID
|
group_name
|
INTEGER DEFAULT '0'
|
group name
|
login_time
|
NUMERIC(17) DEFAULT '0'
|
time when station connected to Dr.Web Server
|
notified
|
INTEGER DEFAULT '0'
|
whether a message was sent (1—yes, 0—no)
|
st_descr
|
INTEGER DEFAULT '0'
|
station description
|
st_mac
|
INTEGER DEFAULT '0'
|
station MAC
|
st_uid
|
INTEGER DEFAULT '0'
|
station SID
|
st_ldapdn
|
INTEGER DEFAULT '0'
|
station LDAP DN
|
sha1
|
INTEGER DEFAULT '0'
|
object SHA-1 hash, see table cat_hash
|
sha256
|
INTEGER DEFAULT '0'
|
object SHA-256 hash, see table cat_hash
|
hashdb
|
INTEGER DEFAULT '0'
|
bulletin with process hash, see table cat_hashdb
|
Table indexes
Index name
|
Index type
|
Fields
|
station_infection_0001
|
simple table index
clustering index
|
infectionrecvtime
|
station_infection_0002
|
simple table index
|
id, processid, originator
|
station_infection_0003
|
simple table index
|
sha1
|
station_infection_0004
|
simple table index
|
sha256
|
Table references
Field name
|
Direction
|
Referenced table field
|
group_name
|
↔
|
cat_name_groups.id
|
hashdb
|
↔
|
cat_hashdb.id
|
id
|
→
|
stations.id
|
object
|
↔
|
cat_path.id
|
owner
|
↔
|
cat_users.id
|
sha1
|
↔
|
cat_hash.id
|
sha256
|
↔
|
cat_hash.id
|
st_descr
|
↔
|
cat_descr.id
|
st_ldapdn
|
↔
|
cat_ldapdn.id
|
st_mac
|
↔
|
cat_mac.id
|
st_uid
|
↔
|
cat_sid.id
|
station
|
↔
|
cat_name_stations.id
|
username
|
↔
|
cat_users.id
|
virus
|
↔
|
cat_virus.id
|
station_installation
Statistics on installations of Dr.Web Agents on stations.
Table fields
Field name
|
Field type
|
Description
|
id
|
VARCHAR(36) NOT NULL
|
station temporary ID
|
station
|
INTEGER DEFAULT '0'
|
station name
|
seenfrom
|
TEXT DEFAULT ''
|
network address of the last connection
|
message
|
CLOB DEFAULT ''
|
failure message
|
event
|
INTEGER DEFAULT '0'
|
event type: Begin, Success, Failed, etc.
|
starttime
|
NUMERIC(17) NOT NULL
|
installation start time
|
endtime
|
NUMERIC(17) DEFAULT '0'
|
installation finish time
|
sessionid
|
VARCHAR(36) DEFAULT '' NOT NULL
|
session ID
|
Table indexes
Index name
|
Index type
|
Fields
|
station_installation_0001
|
simple table index
clustering index
|
id
|
station_installation_0002
|
simple table index
|
sessionid
|
Table references
Field name
|
Direction
|
Referenced table field
|
id
|
→
|
stations.id
|
station
|
↔
|
cat_name_stations.id
|
station_jobslog
Log of task execution on stations.
Table fields
Field name
|
Field type
|
Description
|
id
|
VARCHAR(36) NOT NULL
|
record originator (station ID)
|
name
|
INTEGER DEFAULT '0'
|
task name, reference to table cat_job
|
done
|
INTEGER DEFAULT '0'
|
completion status: 0 if failed, != 0 if OK
|
completed
|
NUMERIC(17) NOT NULL
|
completion time
|
error
|
INTEGER DEFAULT '0'
|
error message
|
Table indexes
Index name
|
Index type
|
Fields
|
station_jobslog_0001
|
simple table index
clustering index
|
completed, id
|
Table references
Field name
|
Direction
|
Referenced table field
|
error
|
↔
|
cat_job_stn.id
|
id
|
→
|
stations.id
|
name
|
↔
|
cat_job.id
|
station_procerror
Statistics on scan errors on stations.
Table fields
Field name
|
Field type
|
Description
|
id
|
VARCHAR(36) NOT NULL
|
station ID
|
processid
|
VARCHAR(36) NOT NULL
|
process ID
|
originator
|
INTEGER NOT NULL
|
component ID
|
errrecvtime
|
NUMERIC(17) NOT NULL
|
receive time, GMT
|
errtime
|
NUMERIC(17) DEFAULT '0'
|
error occurrence time on station, GMT
|
object
|
INTEGER DEFAULT '0'
|
object name
|
errcode
|
NUMERIC(15) DEFAULT '0'
|
error code
|
owner
|
INTEGER DEFAULT '0'
|
object owner
|
username
|
INTEGER DEFAULT '0'
|
user who launched the component
|
sha1
|
INTEGER DEFAULT '0'
|
object SHA-1 hash, see table cat_hash
|
sha256
|
INTEGER DEFAULT '0'
|
object SHA-256 hash, see table cat_hash
|
hashdb
|
INTEGER DEFAULT '0'
|
bulletin with process hash, see table cat_hashdb
|
Table indexes
Index name
|
Index type
|
Fields
|
station_procerror_0001
|
simple table index
clustering index
|
errrecvtime
|
station_procerror_0002
|
simple table index
|
id, processid, originator
|
station_procerror_0003
|
simple table index
|
sha1
|
station_procerror_0004
|
simple table index
|
sha256
|
Table references
Field name
|
Direction
|
Referenced table field
|
hashdb
|
↔
|
cat_hashdb.id
|
id
|
→
|
stations.id
|
object
|
↔
|
cat_path.id
|
owner
|
↔
|
cat_users.id
|
sha1
|
↔
|
cat_hash.id
|
sha256
|
↔
|
cat_hash.id
|
username
|
↔
|
cat_users.id
|
station_run
Statistics on start and stop of anti-virus component operation on stations.
Table fields
Field name
|
Field type
|
Description
|
id
|
VARCHAR(36) NOT NULL
|
station ID
|
processid
|
VARCHAR(36) NOT NULL
|
process ID
|
originator
|
INTEGER NOT NULL
|
component ID
|
engine
|
NUMERIC(15) DEFAULT '0'
|
engine version
|
viruses
|
NUMERIC(15) DEFAULT '0'
|
known threats
|
rc
|
NUMERIC(15) DEFAULT '0'
|
return code
|
infections
|
NUMERIC(15) DEFAULT '0'
|
number of detected threats
|
errors
|
NUMERIC(15) DEFAULT '0'
|
number of occurred errors
|
username
|
INTEGER DEFAULT '0'
|
user who launched the component
|
beginrecvtime
|
NUMERIC(17) NOT NULL
|
time when the message on component start was received, GMT
|
begintime
|
NUMERIC(17) DEFAULT '0'
|
component start time on station, GMT
|
endrecvtime
|
NUMERIC(17) NOT NULL
|
time when the message on component stop was received, GMT
|
endtime
|
NUMERIC(17) DEFAULT '0'
|
component stop time on station, GMT
|
Table indexes
Index name
|
Index type
|
Fields
|
station_run_0001
|
simple table index
|
beginrecvtime
|
station_run_0002
|
simple table index
|
endrecvtime
|
station_run_0003
|
simple table index
clustering index
|
id, processid, originator
|
Table references
Field name
|
Direction
|
Referenced table field
|
id
|
→
|
stations.id
|
username
|
↔
|
cat_users.id
|
station_scanstat
Statistics of stations scans by anti-virus components.
Table fields
Field name
|
Field type
|
Description
|
id
|
VARCHAR(36) NOT NULL
|
station ID
|
processid
|
VARCHAR(36) DEFAULT ''
|
process ID
|
originator
|
INTEGER DEFAULT '0'
|
component ID
|
recievetime
|
NUMERIC(17) NOT NULL
|
time when the message on statistics was received, GMT
|
stationtime
|
NUMERIC(17) DEFAULT '0'
|
time when statistics on station was received, GMT
|
scanned
|
NUMERIC(19) DEFAULT '0'
|
scanned objects
|
infected
|
NUMERIC(19) DEFAULT '0'
|
malicious objects
|
modifications
|
NUMERIC(19) DEFAULT '0'
|
objects infected by a threat modification
|
suspicious
|
NUMERIC(19) DEFAULT '0'
|
suspicious objects
|
cured
|
NUMERIC(19) DEFAULT '0'
|
cured objects
|
deleted
|
NUMERIC(19) DEFAULT '0'
|
deleted objects
|
renamed
|
NUMERIC(19) DEFAULT '0'
|
renamed objects
|
moved
|
NUMERIC(19) DEFAULT '0'
|
moved objects
|
locked
|
NUMERIC(19) DEFAULT '0'
|
locked objects
|
activities
|
NUMERIC(19) DEFAULT '0'
|
malicious activities
|
errors
|
NUMERIC(19) DEFAULT '0'
|
scan errors
|
prcsize
|
NUMERIC(19) DEFAULT '0'
|
processed bytes
|
prctime
|
NUMERIC(19) DEFAULT '0'
|
processing time, seconds
|
username
|
TEXT DEFAULT ''
|
user who launched the component
|
Table indexes
Index name
|
Index type
|
Fields
|
station_scanstat_0004
|
simple table index
|
recievetime
|
station_scanstat_0005
|
simple table index
clustering index
|
id, recievetime
|
Table references
Field name
|
Direction
|
Referenced table field
|
id
|
→
|
stations.id
|
|