simpleValues Object
The simpleValues object can contain the following fields:
Field |
Type |
Description |
---|---|---|
hasRansomwareSuspendedProcesses |
Boolean |
Indicates whether there are processes in the Malop classified as ransomware that have been stopped by Cybereason. |
decisionfeature |
String |
The reason that Cybereason has raised the Malop. |
rootCauseElementCompanyProduct |
String |
The item or root cause of the Malop. |
malopStartTime |
Timestamp |
The time (in epoch) when the activity that caused the Malop started. |
detectionType |
Enum |
The detection reason that Cybereason raised the Malop. Type of activity detected. Possible values include:
|
malopActivityTypes |
Enum |
Type of activity detected. Possible values include:
|
elementDisplayName |
String |
The displayed name for the Element that caused the Malop. |
creationTime |
Timestamp |
The time (in epoch) when the activity that caused the Malop was first detected by Cybereason. |
isBlocked |
Boolean |
Indicates whether a process in the Malop is blocked by Application Control. |
rootCauseElementTypes |
Enum |
The Element type for the item identified as the root cause of the Malop. Possible values for this include Process or LogonSession. |
rootCauseElementNames |
String |
The name of the item identified as the root cause of the Malop. This is the real name of the process (such as explorer.exe, for example) or the name of the logon session. |
malopLastUpdateTime |
Timestamp |
The most recent time (in epoch) that the Malop details were updated. |
allRansomwareProcessesSuspended |
Boolean |
Indicates whether or not all processes associated with a particular Ransomware Malop are all suspended. If this value is set to true then the processes have been suspended. |
rootCauseElementHashes |
Float |
The hash value of the items for the Elements identified by Cybereason as the root cause of the Malop. |
managementStatus |
Enum |
The status of the Malop. Possible values include (with the corresponding value you would see in the Malop Inbox screen):
|
closeTime |
Timestamp |
The time the Malop was changed to closed. Reports null if the Malop is still open. |
closerName |
String |
The Cybereason user name for the person who closed the Malop. Reports null if the Malop is still open. |
customClassification |
String |
Any custom priority identifiers assigned to the Malop. |