simpleValues Object

The simpleValues object can contain the following fields:

Field

Type

Description

hasRansomwareSuspendedProcesses

Boolean

Indicates whether there are processes in the Malop classified as ransomware that have been stopped by Cybereason.

decisionfeature

String

The reason that Cybereason has raised the Malop.

rootCauseElementCompanyProduct

String

The item or root cause of the Malop.

malopStartTime

Timestamp

The time (in epoch) when the activity that caused the Malop started.

detectionType

Enum

The detection reason that Cybereason raised the Malop. Type of activity detected. Possible values include:

  • CNC_COMMUNICATION

  • DATA_THEFT

  • MALICIOUS_INFECTION

  • LATERAL_MOVEMENT

  • PRIVILEGE_ESCALATION

  • RANSOMWARE

  • SCANNING

  • STOLEN_CREDENTIALS

  • PERSISTENCE

malopActivityTypes

Enum

Type of activity detected. Possible values include:

  • CNC_COMMUNICATION

  • DATA_THEFT

  • MALICIOUS_INFECTION

  • LATERAL_MOVEMENT

  • PRIVILEGE_ESCALATION

  • RANSOMWARE

  • SCANNING

  • STOLEN_CREDENTIALS

  • PERSISTENCE

elementDisplayName

String

The displayed name for the Element that caused the Malop.

creationTime

Timestamp

The time (in epoch) when the activity that caused the Malop was first detected by Cybereason.

isBlocked

Boolean

Indicates whether a process in the Malop is blocked by Application Control.

rootCauseElementTypes

Enum

The Element type for the item identified as the root cause of the Malop. Possible values for this include Process or LogonSession.

rootCauseElementNames

String

The name of the item identified as the root cause of the Malop. This is the real name of the process (such as explorer.exe, for example) or the name of the logon session.

malopLastUpdateTime

Timestamp

The most recent time (in epoch) that the Malop details were updated.

allRansomwareProcessesSuspended

Boolean

Indicates whether or not all processes associated with a particular Ransomware Malop are all suspended. If this value is set to true then the processes have been suspended.

rootCauseElementHashes

Float

The hash value of the items for the Elements identified by Cybereason as the root cause of the Malop.

managementStatus

Enum

The status of the Malop. Possible values include (with the corresponding value you would see in the Malop Inbox screen):

  • UNREAD (Unread)

  • OPEN (Under Investigation)

  • REOPEN (Reopened)

  • CLOSED (Remediated)

  • FP (Not relevant)

  • TODO (To review)

closeTime

Timestamp

The time the Malop was changed to closed. Reports null if the Malop is still open.

closerName

String

The Cybereason user name for the person who closed the Malop. Reports null if the Malop is still open.

customClassification

String

Any custom priority identifiers assigned to the Malop.