|
srv_appctl_event
Statistics on Application Control events on stations of neighbor Dr.Web Server.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection ID
|
lname
|
INTEGER DEFAULT '0'
|
neighbor Dr.Web Server name
|
mid
|
VARCHAR(36) DEFAULT ''
|
message UUID
|
stationname
|
INTEGER DEFAULT '0'
|
station name
|
id
|
VARCHAR(36) DEFAULT ''
|
station ID
|
username
|
INTEGER NOT NULL
|
user name
|
type
|
INTEGER NOT NULL
|
event type
|
act
|
INTEGER NOT NULL
|
applied action
|
policy_type
|
INTEGER NOT NULL
|
functional analysis criterion
|
policy_mask
|
NUMERIC(19) NOT NULL
|
functional analysis mask
|
profile_id
|
VARCHAR(36) DEFAULT ''
|
profile UUID
|
profile_name
|
INTEGER NOT NULL
|
profile name
|
rule_id
|
VARCHAR(36) DEFAULT ''
|
rule UUID
|
rule_name
|
INTEGER NOT NULL
|
rule name
|
test_mode
|
INTEGER NOT NULL
|
whether event occurred in test mode
|
process_path
|
INTEGER NOT NULL
|
process file path
|
process
|
INTEGER NOT NULL
|
process information
|
process_hashdb
|
INTEGER DEFAULT '0'
|
bulletin with process hash, see table cat_hashdb
|
object_path
|
INTEGER NOT NULL
|
script file path
|
object
|
INTEGER NOT NULL
|
script file information
|
object_hashdb
|
INTEGER DEFAULT '0'
|
bulletin with script hash, see table cat_hashdb
|
eventtime
|
NUMERIC(17) DEFAULT '0'
|
event occurrence time, GMT
|
recvtime
|
NUMERIC(17) DEFAULT '0'
|
time when the message on event was received, GMT
|
arrived
|
NUMERIC(17) DEFAULT '0'
|
record modification time
|
notified
|
INTEGER DEFAULT '0'
|
whether a message was sent (1—yes, 0—no)
|
pid
|
INTEGER NOT NULL
|
process ID
|
ppid
|
INTEGER NOT NULL
|
parent process ID
|
Table indexes
Index name
|
Index type
|
Fields
|
srv_appctl_event_0001
|
simple table index
clustering index
|
recvtime
|
srv_appctl_event_0002
|
simple table index
|
lid, osid
|
Table references
Field name
|
Direction
|
Referenced table field
|
lname
|
↔
|
cat_name_links.id
|
object
|
↔
|
appctl_event_file.id
|
object_hashdb
|
↔
|
cat_hashdb.id
|
object_path
|
↔
|
cat_path.id
|
osid
|
←
|
srv_recvhistory.mid
|
process
|
↔
|
appctl_event_file.id
|
process_hashdb
|
↔
|
cat_hashdb.id
|
process_path
|
↔
|
cat_path.id
|
profile_name
|
↔
|
cat_profile_name.id
|
rule_name
|
↔
|
cat_rule_name.id
|
stationname
|
↔
|
cat_name_stations.id
|
username
|
↔
|
cat_users.id
|
srv_geolocation
Information on geographic location received from neighbor Dr.Web Servers.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
Dr.Web Server ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection ID
|
id
|
VARCHAR(36) DEFAULT ''
|
station ID, empty if it is Dr.Web Server
|
name
|
INTEGER DEFAULT '0'
|
station name
|
latitude
|
INTEGER DEFAULT '0'
|
latitude, in seconds, +north -south
|
longitude
|
INTEGER DEFAULT '0'
|
longitude, in seconds, +east -west
|
arrived
|
NUMERIC(17) NOT NULL
|
record modification time
|
Table indexes
Index name
|
Index type
|
Fields
|
srv_geolocation_0001
|
unique table index
clustering index
|
id, lid, osid
|
Table references
Field name
|
Direction
|
Referenced table field
|
name
|
↔
|
cat_name_stations.id
|
srv_hips_event
Statistics on events detected on stations of neighbor Dr.Web Server by the Preventive protection component.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection ID
|
lname
|
INTEGER DEFAULT '0'
|
neighbor Dr.Web Server name
|
mid
|
VARCHAR(36) DEFAULT ''
|
message UUID
|
stationname
|
INTEGER DEFAULT '0'
|
station name
|
id
|
VARCHAR(36) DEFAULT ''
|
station ID
|
pid
|
NUMERIC(12) DEFAULT '4'
|
process ID
|
ppath
|
INTEGER DEFAULT '0'
|
process path, see table cat_path
|
htype
|
INTEGER DEFAULT '0'
|
protected object
|
tpath
|
INTEGER DEFAULT '0'
|
protected object path, see table cat_path
|
stype
|
INTEGER DEFAULT '0'
|
reason of execution of unauthorized code blocking
|
denied
|
INTEGER DEFAULT '0'
|
action applied to the suspicious process: 1—denied, 0—allowed
|
isuser
|
INTEGER DEFAULT '0'
|
initiator of the action applied to the suspicious process: 1—user, 0—automatic reaction
|
ecount
|
INTEGER DEFAULT '0'
|
number of denials in case of automatic reaction
|
euser
|
INTEGER DEFAULT '0'
|
process initiator, see table cat_users
|
auser
|
INTEGER DEFAULT '0'
|
initiator of the action applied to the process (if isuser = 1), see table cat_users
|
eventtime
|
NUMERIC(17) DEFAULT '0'
|
event occurrence time on station, GMT
|
recvtime
|
NUMERIC(17) DEFAULT '0'
|
time when the message on event was received, GMT
|
arrived
|
NUMERIC(17) NOT NULL
|
record creation
|
notified
|
INTEGER DEFAULT '0'
|
whether a message was sent (1—yes, 0—no)
|
sha1
|
INTEGER DEFAULT '0'
|
process file SHA-1 hash, see table cat_hash
|
sha256
|
INTEGER DEFAULT '0'
|
process file SHA-256 hash, see table cat_hash
|
hashdb
|
INTEGER DEFAULT '0'
|
bulletin with process hash, see table cat_hash
|
Table indexes
Index name
|
Index type
|
Fields
|
srv_hips_event_0001
|
simple table index
clustering index
|
recvtime
|
srv_hips_event_0002
|
simple table index
|
lid, osid
|
srv_hips_event_0003
|
simple table index
|
sha1
|
srv_hips_event_0004
|
simple table index
|
sha256
|
Table references
Field name
|
Direction
|
Referenced table field
|
auser
|
↔
|
cat_users.id
|
euser
|
↔
|
cat_users.id
|
hashdb
|
↔
|
cat_hashdb.id
|
osid
|
←
|
srv_recvhistory.mid
|
ppath
|
↔
|
cat_path.id
|
sha1
|
↔
|
cat_hash.id
|
sha256
|
↔
|
cat_hash.id
|
tpath
|
↔
|
cat_path.id
|
srv_infection
Statistics on threats detected on stations of neighbor Dr.Web Server.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection ID
|
lname
|
INTEGER DEFAULT '0'
|
neighbor Dr.Web Server name
|
mid
|
VARCHAR(36) DEFAULT ''
|
message UUID
|
stationname
|
INTEGER DEFAULT '0'
|
station name
|
id
|
VARCHAR(36) DEFAULT ''
|
station ID
|
processid
|
VARCHAR(36) DEFAULT ''
|
process ID
|
originator
|
INTEGER DEFAULT '0'
|
component ID
|
infectionrecvtime
|
NUMERIC(17) NOT NULL
|
time when the message on event was received, GMT
|
infectiontime
|
NUMERIC(17) DEFAULT '0'
|
event occurrence time on station, GMT
|
type1
|
NUMERIC(15) DEFAULT '0'
|
object type
|
type2
|
NUMERIC(15) DEFAULT '0'
|
infection type
|
virus
|
INTEGER DEFAULT '0'
|
threat name
|
object
|
INTEGER DEFAULT '0'
|
infected object name
|
treatment
|
NUMERIC(15) DEFAULT '0'
|
action upon a detected object
|
owner
|
INTEGER DEFAULT '0'
|
object owner
|
username
|
INTEGER DEFAULT '0'
|
user who launched the component
|
arrived
|
NUMERIC(17) NOT NULL
|
record creation
|
notified
|
INTEGER DEFAULT '0'
|
whether a message was sent (1—yes, 0—no)
|
sha1
|
INTEGER DEFAULT '0'
|
object SHA-1 hash, see table cat_hash
|
sha256
|
INTEGER DEFAULT '0'
|
object SHA-256 hash, see table cat_hash
|
hashdb
|
INTEGER DEFAULT '0'
|
bulletin with process hash, see table cat_hash
|
Table indexes
Index name
|
Index type
|
Fields
|
srv_infection_0001
|
simple table index
clustering index
|
infectionrecvtime
|
srv_infection_0002
|
simple table index
|
lid, osid
|
srv_infection_0003
|
simple table index
|
sha1
|
srv_infection_0004
|
simple table index
|
sha256
|
Table references
Field name
|
Direction
|
Referenced table field
|
hashdb
|
↔
|
cat_hashdb.id
|
lname
|
↔
|
cat_name_links.id
|
object
|
↔
|
cat_path.id
|
osid
|
←
|
srv_recvhistory.mid
|
owner
|
↔
|
cat_users.id
|
sha1
|
↔
|
cat_hash.id
|
sha256
|
↔
|
cat_hash.id
|
stationname
|
↔
|
cat_name_stations.id
|
username
|
↔
|
cat_users.id
|
virus
|
↔
|
cat_virus.id
|
srv_installation
Statistics on installations of Dr.Web Agents on stations of neighbor Dr.Web Server.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection ID
|
lname
|
INTEGER DEFAULT '0'
|
neighbor Dr.Web Server name
|
mid
|
VARCHAR(36) DEFAULT ''
|
message UUID
|
id
|
VARCHAR(36) DEFAULT ''
|
station temporary ID
|
station
|
INTEGER DEFAULT '0'
|
station name
|
seenfrom
|
TEXT DEFAULT ''
|
network address of the last connection
|
message
|
CLOB DEFAULT ''
|
failure message
|
event
|
INTEGER DEFAULT '0'
|
event type: Begin, Success, Failed, etc.
|
starttime
|
NUMERIC(17) NOT NULL
|
installation start time
|
endtime
|
NUMERIC(17) NOT NULL
|
installation finish time
|
arrived
|
NUMERIC(17) NOT NULL
|
record creation
|
Table indexes
Index name
|
Index type
|
Fields
|
srv_installation_0001
|
simple table index
clustering index
|
starttime
|
srv_installation_0002
|
simple table index
|
lid, osid
|
Table references
Field name
|
Direction
|
Referenced table field
|
lname
|
↔
|
cat_name_links.id
|
osid
|
←
|
srv_recvhistory.mid
|
station
|
↔
|
cat_name_stations.id
|
srv_procerror
Statistics on scan errors on stations of neighbor Dr.Web Server.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection ID
|
lname
|
INTEGER DEFAULT '0'
|
neighbor Dr.Web Server name
|
mid
|
VARCHAR(36) DEFAULT ''
|
message UUID
|
stationname
|
INTEGER DEFAULT '0'
|
station name
|
id
|
VARCHAR(36) DEFAULT ''
|
station ID
|
processid
|
VARCHAR(36) DEFAULT ''
|
process ID
|
originator
|
INTEGER DEFAULT '0'
|
component ID
|
errrecvtime
|
NUMERIC(17) NOT NULL
|
time when the message on error was received, GMT
|
errtime
|
NUMERIC(17) DEFAULT '0'
|
error occurrence time on station, GMT
|
object
|
INTEGER DEFAULT '0'
|
object name
|
errcode
|
NUMERIC(15) DEFAULT '0'
|
error code
|
owner
|
INTEGER DEFAULT '0'
|
object owner
|
username
|
INTEGER DEFAULT '0'
|
user who launched the component
|
arrived
|
NUMERIC(17) NOT NULL
|
record creation
|
sha1
|
INTEGER DEFAULT '0'
|
object SHA-1 hash, see table cat_hash
|
sha256
|
INTEGER DEFAULT '0'
|
object SHA-256 hash, see table cat_hash
|
hashdb
|
INTEGER DEFAULT '0'
|
bulletin with process hash, see table cat_hashdb
|
Table indexes
Index name
|
Index type
|
Fields
|
srv_procerror_0001
|
simple table index
clustering index
|
errrecvtime
|
srv_procerror_0002
|
simple table index
|
lid, osid
|
srv_procerror_0003
|
simple table index
|
sha1
|
srv_procerror_0004
|
simple table index
|
sha256
|
Table references
Field name
|
Direction
|
Referenced table field
|
hashdb
|
↔
|
cat_hashdb.id
|
lname
|
↔
|
cat_name_links.id
|
object
|
↔
|
cat_path.id
|
osid
|
←
|
srv_recvhistory.mid
|
owner
|
↔
|
cat_users.id
|
sha1
|
↔
|
cat_hash.id
|
sha256
|
↔
|
cat_hash.id
|
stationname
|
↔
|
cat_name_stations.id
|
username
|
↔
|
cat_users.id
|
srv_recvhistory
Event log received from the neighbor Dr.Web Servers.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
mid
|
VARCHAR(36) NOT NULL
|
message UUID
|
arrived
|
NUMERIC(17) NOT NULL
|
record creation
|
Table indexes
Index name
|
Index type
|
Fields
|
srv_recvhistory_pkey
|
table primary key
|
osid, mid
|
srv_run
Statistics on start and stop of anti-virus component operation on stations of neighbor Dr.Web Server.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection ID
|
lname
|
INTEGER DEFAULT '0'
|
neighbor Dr.Web Server name
|
mid
|
VARCHAR(36) DEFAULT ''
|
message UUID
|
stationname
|
INTEGER DEFAULT '0'
|
station name
|
id
|
VARCHAR(36) NOT NULL
|
station ID
|
processid
|
VARCHAR(36) NOT NULL
|
process ID
|
originator
|
INTEGER NOT NULL
|
component ID
|
engine
|
NUMERIC(15) DEFAULT '0'
|
engine version
|
viruses
|
NUMERIC(15) DEFAULT '0'
|
known threats
|
rc
|
NUMERIC(15) DEFAULT '0'
|
return code
|
infections
|
NUMERIC(15) DEFAULT '0'
|
number of detected threats
|
errors
|
NUMERIC(15) DEFAULT '0'
|
number of occurred errors
|
username
|
INTEGER DEFAULT '0'
|
user who launched the component
|
beginrecvtime
|
NUMERIC(17) NOT NULL
|
time when the message on component start was received, GMT
|
begintime
|
NUMERIC(17) DEFAULT '0'
|
component start time on station, GMT
|
endrecvtime
|
NUMERIC(17) NOT NULL
|
time when the message on component stop was received, GMT
|
endtime
|
NUMERIC(17) DEFAULT '0'
|
component stop time on station, GMT
|
arrived
|
NUMERIC(17) NOT NULL
|
record creation
|
Table indexes
Index name
|
Index type
|
Fields
|
srv_run_0001
|
simple table index
clustering index
|
beginrecvtime, lid, osid
|
srv_run_0002
|
simple table index
|
id, processid, originator, osid
|
Table references
Field name
|
Direction
|
Referenced table field
|
lname
|
↔
|
cat_name_links.id
|
osid
|
←
|
srv_recvhistory.mid
|
stationname
|
↔
|
cat_name_stations.id
|
username
|
↔
|
cat_users.id
|
srv_scanstat
Statistics of neighbor Dr.Web Server stations scans by anti-virus components.
Table fields
Field name
|
Field type
|
Description
|
osid
|
VARCHAR(36) NOT NULL
|
originator ID
|
lid
|
VARCHAR(36) NOT NULL
|
interserver connection ID
|
lname
|
INTEGER DEFAULT '0'
|
neighbor Dr.Web Server name
|
mid
|
VARCHAR(36) DEFAULT ''
|
message UUID
|
stationname
|
INTEGER DEFAULT '0'
|
station name
|
id
|
VARCHAR(36) NOT NULL
|
station ID
|
processid
|
VARCHAR(36) DEFAULT ''
|
process ID
|
originator
|
INTEGER DEFAULT '0'
|
component ID
|
recievetime
|
NUMERIC(17) NOT NULL
|
time when the message on statistic was received, GMT
|
stationtime
|
NUMERIC(17) DEFAULT '0'
|
time when statistics on station was received, GMT
|
scanned
|
NUMERIC(19) DEFAULT '0'
|
scanned objects
|
infected
|
NUMERIC(19) DEFAULT '0'
|
malicious objects
|
modifications
|
NUMERIC(19) DEFAULT '0'
|
objects infected by a threat modification
|
suspicious
|
NUMERIC(19) DEFAULT '0'
|
suspicious objects
|
cured
|
NUMERIC(19) DEFAULT '0'
|
cured objects
|
deleted
|
NUMERIC(19) DEFAULT '0'
|
deleted objects
|
renamed
|
NUMERIC(19) DEFAULT '0'
|
renamed objects
|
moved
|
NUMERIC(19) DEFAULT '0'
|
moved objects
|
locked
|
NUMERIC(19) DEFAULT '0'
|
locked objects
|
activities
|
NUMERIC(19) DEFAULT '0'
|
malicious activities
|
errors
|
NUMERIC(19) DEFAULT '0'
|
scan errors
|
prcsize
|
NUMERIC(19) DEFAULT '0'
|
processed bytes
|
prctime
|
NUMERIC(19) DEFAULT '0'
|
processing time, seconds
|
arrived
|
NUMERIC(17) NOT NULL
|
record creation
|
username
|
INTEGER DEFAULT '0'
|
user who launched the component
|
Table indexes
Index name
|
Index type
|
Fields
|
srv_scanstat_0001
|
simple table index
clustering index
|
recievetime
|
srv_scanstat_0002
|
simple table index
|
lid, osid
|
Table references
Field name
|
Direction
|
Referenced table field
|
lname
|
↔
|
cat_name_links.id
|
osid
|
←
|
srv_recvhistory.mid
|
stationname
|
↔
|
cat_name_stations.id
|
username
|
↔
|
cat_users.id
|
|