Field Name
|
From Table
|
From Field
|
Description
|
---|---|---|---|
msg_entry_id
|
tblFilterEntries_[Server Name]
|
msg_entry_id
|
Primary key of the table [tblMsgEntries_[Server Name]]
|
msg_delivery_time
|
tblMsgEntries_[Server Name]
|
msg_delivery_time
|
The message delivery time
|
msg_found_at
|
tblMsgEntries_[Server Name]
|
msg_found_at
|
The place where this message is found at
|
msg_source
|
tblMsgEntries_[Server Name]
|
msg_source
|
The semi-colon delimited sender list
|
msg_destination
|
tblMsgEntries_[Server Name]
|
msg_destination
|
The semi-colon delimited recipient list
|
msg_subject
|
tblMsgEntries_[Server Name]
|
msg_subject
|
The subject of this message
|
filter_id
|
tblFilterEntries_[Server Name]
|
filter_id
|
Primary key of the table [tblFilterEntries_[Server Name]]
|
filter_scan_time
|
tblFilterEntries_[Server Name]
|
filter_scan_time
|
The scan time
|
filter_rule
|
tblFilterEntries_[Server Name]
|
filter_rule
|
The filter rule triggered. Virus/malware
name for security risk filter, rule name for content filter, and
file type blocked by attachment blocking filter (such as .exe),
risk level of a malicious URL for Web Reputation filter
|
file_original
|
tblFilterEntries_[Server Name]
|
file_original
|
The original file name that triggered the
rule
|
filter_action
|
tblFilterEntries_[Server Name]
|
filter_action
|
The result of the action taken
|
filter_reason
|
tblFilterEntries_[Server Name]
|
filter_reason
|
The detailed information about how the content
is being detected for content violation, malicious URL for Web Reputation
filter
|
filter_rule_supplement
|
tblFilterEntries_[Server Name]
|
filter_rule_supplement
|
The virus/malware type, used to separate virus and spyware
|
url_category
|
tblFilterEntries_[Server Name]
|
url_category
|
The category of the detected URL
|
DataContent
|
tblFilterEntries_[Server Name]
|
DataContent
|
Matched content
|
msg_id
|
tblMsgEntries_[Server Name]
|
msg_id
|
Message ID
|
dda_int_mode
|
tblMsgEntries_[Server Name]
|
dda_int_mode
|
To indicate which integration mode is used:
inline mode or monitor mode
|
dda_coworking_status
|
tblMsgEntries_[Server Name]
|
dda_coworking_status
|
DTAS agent working status with Virtual
Analyzer like uploading, duplicate checking, querying result, and so on
|
dda_ui_status
|
tblMsgEntries_[Server Name]
|
dda_ui_status
|
Show the status of sample handling, such as
unrated, being analyzed, rated, aborted, and other status on the UI
|
sent_to_dda_time
|
tblMsgEntries_[Server Name]
|
sent_to_dda_time
|
The time of sending sample to Virtual
Analyzer server
|
orgsha1
|
tblMsgEntries_[Server Name]
|
orgsha1
|
The SHA1 value of the sample
|
is_ransomeware
|
tblMsgEntries_[Server Name]
|
is_ransomeware
|
Indicate whether the threat is
ransomware
|
Field Name
|
From Table
|
From Field
|
Description
|
---|---|---|---|
filter_scan_time
|
vwMsgFilterEntriesTmp_[Server Name]
|
filter_scan_time
|
The scan time
|
msg_delivery_time
|
vwMsgFilterEntriesTmp_[Server Name]
|
msg_delivery_time
|
The message delivery time
|
msg_found_at
|
vwMsgFilterEntriesTmp_[Server Name]
|
msg_found_at
|
The place where this message is found at
|
msg_source
|
vwMsgFilterEntriesTmp_[Server Name]
|
msg_source
|
The semi-colon delimited sender list
|
msg_destination
|
vwMsgFilterEntriesTmp_[Server Name]
|
msg_destination
|
The semi-colon delimited recipient list
|
msg_subject
|
vwMsgFilterEntriesTmp_[Server Name]
|
msg_subject
|
The subject of this message
|
filter_rule
|
vwMsgFilterEntriesTmp_[Server Name]
|
filter_rule
|
The filter rule triggered. Virus/malware name for
security risk filter, rule name for content filter, and file type blocked by
attachment blocking filter (such as .exe), risk level of a
malicious URL for Web Reputation filter
|
filter_reason
|
vwMsgFilterEntriesTmp_[Server Name]
|
filter_reason
|
Detailed information about how the content is being detected
for content violation, malicious URL for Web Reputation filter
|
file_original
|
vwMsgFilterEntriesTmp_[Server Name]
|
file_original
|
The original filename that triggered the rule
|
msg_entry_id
|
vwMsgFilterEntriesTmp_[Server Name]
|
msg_entry_id
|
Primary key of the table [tblMsgEntries_[Server
Name]]
|
filter_id
|
vwMsgFilterEntriesTmp_[Server Name]
|
filter_id
|
Primary key of the table
[tblFilterEntries_[Server Name]]
|
filter_action
|
vwMsgFilterEntriesTmp_[Server Name]
|
filter_action
|
The result of the action taken
|
storage_entry_id
|
tblStorageEntries_[Server Name]
|
storage_entry_id
|
Primary key of the table
[tblStorageEntries_[Server Name]]
|
storage_path
|
tblStorageEntries_[Server Name]
|
storage_path
|
The path the file saved to
|
storage_reason
|
tblStorageEntries_[Server Name]
|
storage_reason
|
The reason (quarantine, archive, or backup) to make
this storage entry
|
filter_rule_supplement
|
vwMsgFilterEntriesTmp_[Server Name]
|
filter_rule_supplement
|
The virus/malware type, used to separate virus and
spyware
|
url_category
|
tblFilterEntries_[Server Name]
|
url_category
|
url_category
|
DataContent
|
tblFilterEntries_[Server Name]
|
DataContent
|
Matched content
|
msg_id
|
tblMsgEntries_[Server Name]
|
msg_id
|
Message ID
|
dda_int_mode
|
tblMsgEntries_[Server Name]
|
dda_int_mode
|
To indicate which integration mode is used:
inline mode or monitor mode
|
dda_coworking_status
|
tblMsgEntries_[Server Name]
|
dda_coworking_status
|
DTAS agent working status with Virtual
Analyzer like uploading, duplicate checking, querying result, and so on
|
dda_ui_status
|
tblMsgEntries_[Server Name]
|
dda_ui_status
|
Show the status of sample handling, such as
unrated, being analyzed, rated, aborted, and other status on the UI
|
sent_to_dda_time
|
tblMsgEntries_[Server Name]
|
sent_to_dda_time
|
The time of sending sample to Virtual
Analyzer server
|
orgsha1
|
tblMsgEntries_[Server Name]
|
orgsha1
|
The SHA1 value of the sample
|
is_ransomeware
|
tblMsgEntries_[Server Name]
|
is_ransomeware
|
Indicate whether the threat is
ransomware
|
Field Name
|
From Table
|
From Field
|
Description
|
---|---|---|---|
storage_entry_id
|
tblStorageEntries_[Server Name]
|
storage_entry_id
|
Primary key of the table [tblStorageEntries_[Server Name]]
|
msg_source
|
tblMsgEntries_[Server Name]
|
msg_source
|
The semi-colon delimited sender list
|
msg_destination
|
tblMsgEntries_[Server Name]
|
msg_destination
|
The semi-colon delimited recipient list
|
msg_subject
|
tblMsgEntries_[Server Name]
|
msg_subject
|
The subject of this message
|
filter_id
|
tblStorageEntries_[Server Name]
|
filter_id
|
Primary key of the table [tblFilterEntries_[Server Name]]
|
filter_scan_time
|
tblStorageEntries_[Server Name]
|
filter_scan_time
|
The scan time
|
filter_rule
|
tblStorageEntries_[Server Name]
|
filter_rule
|
The filter rule triggered. Virus/malware
name for security risk filter, rule name for content filter, and
file type blocked by attachment blocking filter (such as .exe),
risk level of a malicious URL for Web Reputation filter
|
file_original
|
tblStorageEntries_[Server Name]
|
file_original
|
The original filename that triggered the
rule
|
filter_action
|
tblStorageEntries_[Server Name]
|
filter_action
|
The result of the action taken
|
storage_reason
|
tblStorageEntries_[Server Name]
|
storage_reason
|
The reason (quarantine, archive, or backup)
for this storage entry
|
storage_resend_count
|
tblStorageEntries_[Server Name]
|
storage_resend_count
|
The count of this entry has been resent
|
Field Name
|
From Table
|
From Field
|
Description
|
||
---|---|---|---|---|---|
storage_entry_id
|
vwMsgFilterEntries_[Server Name]
|
storage_entry_id
|
Primary key of the table
[tblStorageEntries_[Server Name]]
|
||
filter_scan_time
|
vwMsgFilterEntries_[Server Name]
|
filter_scan_time
|
The scan time
|
||
msg_delivery_time
|
vwMsgFilterEntries_[Server Name]
|
msg_delivery_time
|
The message delivery time
|
||
msg_found_at
|
vwMsgFilterEntries_[Server Name]
|
msg_found_at
|
The place where this message is found at
|
||
msg_source
|
vwMsgFilterEntries_[Server Name]
|
msg_source
|
The semi-colon delimited sender list
|
||
msg_destination
|
vwMsgFilterEntries_[Server Name]
|
msg_destination
|
The semi-colon delimited recipient list
|
||
msg_subject
|
vwMsgFilterEntries_[Server Name]
|
msg_subject
|
The subject of this message
|
||
filter_rule_cf
|
vwMsgFilterEntries_[Server Name]
|
filter_rule
|
File type blocked by attachment blocking filter (such
as .exe)
|
||
filter_original
|
vwMsgFilterEntries_[Server Name]
|
filter_original
|
The original filename that triggered the rule
|
||
filter_action
|
vwMsgFilterEntries_[Server Name]
|
filter_action
|
The result of action taken. Reference
[action_description.xml], which is located in %SMEX_HOME%\ web\xml
|
||
filter_id
|
vwMsgFilterEntries_[Server Name]
|
filter_id
|
Primary key of the table
[tblFilterEntries_[Server Name]]
|
Field Name
|
From Table
|
From Field
|
Description
|
||
---|---|---|---|---|---|
storage_entry_id
|
vwMsgFilterEntries_[Server Name]
|
storage_entry_id
|
Primary key of the table tblStorageEntries_[Server Name]
|
||
filter_scan_time
|
vwMsgFilterEntries_[Server Name]
|
filter_scan_time
|
The scan time
|
||
msg_delivery_time
|
vwMsgFilterEntries_[Server Name]
|
msg_delivery_time
|
The message delivery time
|
||
msg_found_at
|
vwMsgFilterEntries_[Server Name]
|
msg_found_at
|
The place where this message is found at
|
||
msg_source
|
vwMsgFilterEntries_[Server Name]
|
msg_source
|
The semi-colon delimited sender list
|
||
msg_destination
|
vwMsgFilterEntries_[Server Name]
|
msg_destination
|
The semi-colon delimited recipient list
|
||
msg_subject
|
vwMsgFilterEntries_[Server Name]
|
msg_subject
|
The subject of this message
|
||
filter_rule_av
|
vwMsgFilterEntries_[Server Name]
|
filter_rule
|
Virus/malware name
|
||
filter_original
|
vwMsgFilterEntries_[Server Name]
|
filter_original
|
The original filename that triggered the
rule
|
||
filter_action
|
vwMsgFilterEntries_[Server Name]
|
filter_action
|
The result of action taken. Reference [action_description.xml],
which is located in %SMEX_HOME%\ web\xml.
|
||
filter_rule_supplement
|
vwMsgFilterEntries_[Server Name]
|
filter_rule_supplement
|
The virus/malware type, used to separate
virus and spyware.
|
||
filter_id
|
vwMsgFilterEntries_[Server Name]
|
filter_id
|
Primary key of the table [tblFilterEntries_[Server Name]]
|
||
storage_reason
|
vwMsgFilterEntries_[Server Name]
|
storage_reason
|
The reason (quarantine, archive, or backup)
for this storage entry.
|
||
detected_by
|
vwMsgFilterEntries_[Server Name]
|
detected_by
|
The scan mechanism that detected the security
risk
Possible values:
|
||
is_ransomeware
|
vwMsgFilterEntries_[Server Name]
|
is_ransomeware
|
Indicate whether the threat is
ransomware
|
Field Name
|
From Table
|
From Field
|
Description
|
||
---|---|---|---|---|---|
storage_entry_id
|
vwMsgFilterEntries_[Server Name]
|
storage_entry_id
|
Primary key of the table tblStorageEntries_[Server Name]
|
||
filter_scan_time
|
vwMsgFilterEntries_[Server Name]
|
filter_scan_time
|
The scan time
|
||
msg_delivery_time
|
vwMsgFilterEntries_[Server Name]
|
msg_delivery_time
|
The message delivery time
|
||
msg_found_at
|
vwMsgFilterEntries_[Server Name]
|
msg_found_at
|
The place where this message is found at
|
||
msg_source
|
vwMsgFilterEntries_[Server Name]
|
msg_source
|
The semi-colon delimited sender list
|
||
msg_destination
|
vwMsgFilterEntries_[Server Name]
|
msg_destination
|
The semi-colon delimited recipient list
|
||
msg_subject
|
vwMsgFilterEntries_[Server Name]
|
msg_subject
|
The subject of this message
|
||
filter_rule_cf
|
vwMsgFilterEntries_[Server Name]
|
filter_rule
|
Rule name for content filter
|
||
filter_original
|
vwMsgFilterEntries_[Server Name]
|
filter_original
|
The original filename that triggered the
rule
|
||
filter_action
|
vwMsgFilterEntries_[Server Name]
|
filter_action
|
The result of action taken. Reference [action_description.xml],
which is located in %SMEX_HOME%\ web\xml.
|
||
filter_reason
|
vwMsgFilterEntries_[Server Name]
|
filter_reason
|
Detailed information about how the content
is being detected for content violation, malicious URL for Web Reputation
filter
|
||
filter_id
|
vwMsgFilterEntries_[Server Name]
|
filter_id
|
Primary key of the table [tblFilterEntries_[Server Name]]
|
Field Name
|
From Table
|
From Field
|
Description
|
||
---|---|---|---|---|---|
storage_entry_id
|
vwMsgFilterEntries_[Server Name]
|
storage_entry_id
|
Primary key of the table
[tblStorageEntries_[Server Name]]
|
||
filter_scan_time
|
vwMsgFilterEntries_[Server Name]
|
filter_scan_time
|
The scan time
|
||
msg_delivery_time
|
vwMsgFilterEntries_[Server Name]
|
msg_delivery_time
|
The message delivery time
|
||
msg_found_at
|
vwMsgFilterEntries_[Server Name]
|
msg_found_at
|
The place where this message is found at
|
||
msg_source
|
vwMsgFilterEntries_[Server Name]
|
msg_source
|
The semi-colon delimited sender list
|
||
msg_destination
|
vwMsgFilterEntries_[Server Name]
|
msg_destination
|
The semi-colon delimited recipient list
|
||
msg_subject
|
vwMsgFilterEntries_[Server Name]
|
msg_subject
|
The subject of this message
|
||
filter_rule_dlp
|
vwMsgFilterEntries_[Server Name]
|
filter_rule
|
Rule name for Data Loss Prevention
|
||
filter_action
|
vwMsgFilterEntries_[Server Name]
|
filter_action
|
The result of action taken. Reference
[action_description.xml], which is located in %SMEX_HOME%\ web\xml
|
||
file_original
|
vwMsgFilterEntries_[Server Name]
|
file_original
|
The original filename that triggered the rule
|
||
filter_template
|
vwMsgFilterEntries_[Server Name]
|
filter_reason
|
The triggered Data Loss Prevention template
|
||
DataContent
|
tblFilterEntries_[Server Name]
|
DataContent
|
Matched content
|
Field Name
|
From Table
|
From Field
|
Description
|
||
---|---|---|---|---|---|
storage_entry_id
|
vwMsgFilterEntries_[Server Name]
|
storage_entry_id
|
Primary key of the table tblStorageEntries_[Server Name]
|
||
filter_scan_time
|
vwMsgFilterEntries_[Server Name]
|
filter_scan_time
|
The scan time
|
||
msg_delivery_time
|
vwMsgFilterEntries_[Server Name]
|
msg_delivery_time
|
The message delivery time
|
||
msg_found_at
|
vwMsgFilterEntries_[Server Name]
|
msg_found_at
|
The place where this message is found at
|
||
msg_source
|
vwMsgFilterEntries_[Server Name]
|
msg_source
|
The semi-colon delimited sender list
|
||
msg_destination
|
vwMsgFilterEntries_[Server Name]
|
msg_destination
|
The semi-colon delimited recipient list
|
||
msg_subject
|
vwMsgFilterEntries_[Server Name]
|
msg_subject
|
The subject of this message
|
||
filter_rule_us
|
vwMsgFilterEntries_[Server Name]
|
filter_rule
|
Unscannable reason
|
||
filter_original
|
vwMsgFilterEntries_[Server Name]
|
filter_original
|
The original filename that triggered the
rule
|
||
filter_action
|
vwMsgFilterEntries_[Server Name]
|
filter_action
|
The result of action taken. Reference [action_description.xml],
which is located in %SMEX_HOME%\ web\xml.
|
||
filter_id
|
vwMsgFilterEntries_[Server Name]
|
filter_id
|
Primary key of the table [tblFilterEntries_[Server Name]]
|
||
storage_reason
|
vwMsgFilterEntries_[Server Name]
|
storage_reason
|
The reason (quarantine, archive, or backup)
for this storage entry.
|
Field Name
|
From Table
|
From Field
|
Description
|
---|---|---|---|
storage_entry_id
|
vwMsgFilterEntries_[Server Name]
|
storage_entry_id
|
Primary key of the table [tblStorageEntries_[Server Name]]
|
filter_scan_time
|
vwMsgFilterEntries_[Server Name]
|
filter_scan_time
|
The scan time
|
msg_source
|
vwMsgFilterEntries_[Server Name]
|
msg_source
|
The semi-colon delimited sender list
|
msg_destination
|
vwMsgFilterEntries_[Server Name]
|
msg_destination
|
The semi-colon delimited recipient list
|
msg_subject
|
vwMsgFilterEntries_[Server Name]
|
msg_subject
|
The subject of this message
|
filter_rule
|
vwMsgFilterEntries_[Server Name]
|
filter_rule
|
The filter rule triggered. Virus/malware
name for security risk filter, rule name for content filter, and
file type blocked by attachment blocking filter(such as .exe), risk
level of a malicious URL for Web Reputation filter
|
storage_resend_count
|
vwMsgFilterEntries_[Server Name]
|
storage_resend_count
|
The count of this entry has been resent
|
storage_reason
|
vwMsgFilterEntries_[Server Name]
|
storage_reason
|
The reason (quarantine, archive, or backup)
for this storage entry.
|
Field Name
|
From Table
|
From Field
|
Description
|
||
---|---|---|---|---|---|
filter_scan_time
|
vwMsgFilterEntries_[Server Name]
|
filter_scan_time
|
The scan time
|
||
msg_delivery_time
|
vwMsgFilterEntries_[Server Name]
|
msg_delivery_time
|
The message delivery time
|
||
msg_source
|
vwMsgFilterEntries_[Server Name]
|
msg_source
|
The semi-colon delimited sender list
|
||
msg_destination
|
vwMsgFilterEntries_[Server Name]
|
msg_destination
|
The semi-colon delimited recipient list
|
||
msg_subject
|
vwMsgFilterEntries_[Server Name]
|
msg_subject
|
The subject of this message
|
||
risk_level
|
vwMsgFilterEntries_[Server Name]
|
risk_level
|
The determined risk level for an advanced threat Possible values:
|
||
Suspicious_url
|
vwMsgFilterEntries_[Server Name]
|
filter_reason
|
Suspicious URL
|
||
filter_action
|
filter_action
|
The result of action taken. Reference [action_description.xml],
which is located in %SMEX_HOME%\ web\xml.
|
|||
filter_id
|
vwMsgFilterEntries_[Server Name]
|
filter_id
|
Primary key of the table [tblFilterEntries_[Server Name]]
|
||
storage_entry_id
|
vwMsgFilterEntries_[Server Name]
|
storage_entry_id
|
Primary key of the table [tblStorageEntries_[Server Name]]
|
||
url_category
|
tblFilterEntries_[Server Name]
|
url_category
|
The category of the detected URL
|
||
is_ransomeware
|
vwMsgFilterEntries_[Server Name]
|
is_ransomeware
|
Indicate whether the threat is
ransomware
|
Field Name
|
From Table
|
From Field
|
Description
|
||
---|---|---|---|---|---|
msg_id
|
vwMsgFilterEntries_[Server Name]
|
msg_id
|
Message ID
|
||
filter_scan_time
|
vwMsgFilterEntries_[Server Name]
|
filter_scan_time
|
The scan time
|
||
msg_delivery_time
|
vwMsgFilterEntries_[Server Name]
|
msg_delivery_time
|
The message delivery time
|
||
msg_found_at
|
vwMsgFilterEntries_[Server Name]
|
msg_found_at
|
The place where this message was found
|
||
msg_source
|
vwMsgFilterEntries_[Server Name]
|
msg_source
|
The semi-colon delimited sender list
|
||
msg_destination
|
vwMsgFilterEntries_[Server Name]
|
msg_destination
|
The semi-colon delimited recipient list
|
||
msg_subject
|
vwMsgFilterEntries_[Server Name]
|
msg_subject
|
The subject of this message
|
||
filter_rule_av
|
vwMsgFilterEntries_[Server Name]
|
filter_rule
|
Virus/malware name
|
||
filter_reason
|
vwMsgFilterEntries_[Server Name]
|
filter_reason
|
Detailed information about how the content is being detected
for content violation, malicious URL for Web Reputation filter
|
||
file_original
|
vwMsgFilterEntries_[Server Name]
|
file_original
|
The original filename that triggered the rule
|
||
filter_action
|
vwMsgFilterEntries_[Server Name]
|
filter_action
|
The result of action taken. Reference
[action_description.xml], which is located in %SMEX_HOME%\ web\xml
|
||
filter_rule_supplement
|
vwMsgFilterEntries_[Server Name]
|
filter_rule_supplement
|
The virus/malware type, used to separate virus and
spyware
|
||
detected_by
|
vwMsgFilterEntries_[Server Name]
|
detected_by
|
The scan mechanism that detected the security
risk
Possible values:
|
||
risk_level
|
vwMsgFilterEntries_[Server Name]
|
risk_level
|
The determined risk level for an advanced threat
Possible values:
|
||
atse_aggressive_level
|
vwMsgFilterEntries_[Server Name]
|
atse_aggressive_level
|
ATSE scan level
|
||
detected_rule_category
|
vwMsgFilterEntries_[Server Name]
|
detected_rule_category
|
ATSE detected rule category
|
||
dda_int_mode
|
vwMsgFilterEntries_[Server Name]
|
dda_int_mode
|
To indicate which integration mode is used:
inline mode or monitor mode
|
||
dda_coworking_status
|
vwMsgFilterEntries_[Server Name]
|
dda_coworking_status
|
DTAS agent working status with Virtual
Analyzer like uploading, duplicate checking, querying result, and so on
|
||
dda_ui_status
|
vwMsgFilterEntries_[Server Name]
|
dda_ui_status
|
Show the status of sample handling, such as
unrated, being analyzed, rated, aborted, and other status on the UI
|
||
sent_to_dda_time
|
vwMsgFilterEntries_[Server Name]
|
sent_to_dda_time
|
The time of sending sample to Virtual
Analyzer server
|
||
orgsha1
|
vwMsgFilterEntries_[Server Name]
|
orgsha1
|
The SHA1 value of the sample
|
SELECT msg_source,msg_destination,filter_rule_av FROM vwAVLogs_[Server Name] WHERE filter_scan_time BETWEEN ‘2008-12-12 09:00:00’ AND ‘2008-12-19 09:00:00’ ORDER BY filter_scan_time;
SELECT * FROM vwCFLogs_[Server Name] WHERE filter_scan_time BETWEEN ‘2008-12-12 09:00:00’ AND ‘2008-12-19 09:00:00’ ORDER BY filter_scan_time;
SELECT * FROM vwABLogs_[Server Name] WHERE filter_scan_time BETWEEN ‘2008-12-12 09:00:00’ AND ‘2008-12-19 09:00:00’ ORDER BY filter_scan_time;
SELECT * FROM vwMsgStorageEntries_[Server Name] WHERE filter_scan_time BETWEEN ‘2008-12-12 09:00:00’ AND ‘2008-12-19 09:00:00’ ORDER BY filter_scan_time;