VMware Developer Documentation
API Reference PowerCLI Reference
[{"label":"Latest (1.0.0)","version":"latest"}]
nsx-malware-prevention
Malware Prevention API Data Structures

FileInspectionEvent

File Inspection Event.

Properties

boolean
allow_listed Optional

Specifies whether this file is present in allow list. If true, the file is present in the allow-list.
VirtualMachineDetails
client Optional

Details about virtual machine.
string
error_code Optional

Error code corresponding to this inspection event. This field will be populated only when there is some error in the inspection.
string
error_message Optional

Error message corresponding to this inspection event. This field will be populated only when there is some error in the inspection.
string
file_name Optional

Name of the file as observed in this instance of inspection.
InspectionStatus Enum
inspection_status Optional

Status of the inspection event.

Possible values are: IN_PROGRESSCOMPLETEDERROR

integer as int64
inspection_time Optional

Timestamp in milliseconds since epoch
boolean
is_blocked Optional

This field conveys if the file is blocked by malware prevention service.
string
md5 Optional

MD5 hash of the file.
VirtualMachineDetails
server Optional

Details about virtual machine.
string
sha1 Optional

SHA1 hash of the file.
string
sha256 Optional

SHA256 hash of the file.
integer
threat_score Optional

Threat score assigned to this inspection event. Threat score in the range of 0 to 100 for known verdict. A score of 100 is considered high potential threat. Score -1 indicates the verdict is UNINSPECTED because file is allowlisted. Any score outside the range of -1 to 100 will mean that verdict is UNKNOWN.
string
transport_node_id Optional

ID of the transport node on which this file is detected. Transport nodes are hypervisor hosts or NSX Edges that participated in the NSX-T topology.
TransportNodeType Enum
transport_node_type Optional

Type of transport node by which file is downloaded.

Possible values are: HOSTGATEWAYINVALID

Verdict Enum
verdict Optional

This property describes the behavior of the file at runtime. Meanings are described below BENIGN: This is a benign file with no malicious code TRUSTED: This is a TRUSTED file based on the behaviour of the file HIGHLY_TRUSTED: This is a file from a highly trusted source like for e.g microsft published the file SUSPICIOUS: This file contains suspicious code and on execution can turn out to be malware MALICIOUS: This file is a malicious file containing malware or bad code that can harm the system UNKNOWN: This file is not known and hence its behavior is UNKNOWN at this point in time. UNINSPECTED: This file is marked as allowlisted and hence the verdict is UNINSPECTED.

Possible values are: BENIGNTRUSTEDHIGHLY_TRUSTEDSUSPICIOUSMALICIOUSUNKNOWNUNINSPECTED

JSON Example

{
	"allow_listed": false,
	"client": {
		"fqdn": "string",
		"ip_address": "string",
		"vm_id": "string"
	},
	"error_code": "string",
	"error_message": "string",
	"file_name": "string",
	"inspection_status": "IN_PROGRESS",
	"inspection_time": 0,
	"is_blocked": false,
	"md5": "string",
	"server": {
		"fqdn": "string",
		"ip_address": "string",
		"vm_id": "string"
	},
	"sha1": "string",
	"sha256": "string",
	"threat_score": 0,
	"transport_node_id": "string",
	"transport_node_type": "HOST",
	"verdict": "BENIGN"
}
[{"label":"Latest (1.0.0)","version":"latest"}]
nsx-malware-prevention
Property Of

InlineFileInspectionEventsListResult1

Generated on: 02 Mar 23 14:14 UTC
Feedback

Was this page helpful?

© 2023 VMware Inc. Terms of Use Privacy Your California Privacy Rights Accessibility Trademarks Glossary Help Contact Us