InspectedFile

InspectedFile
InspectedFile

Basic information about an inspected file. Full details can be obtained from InspectedFileDetails.

JSON Example 
{
    "sha256": "string",
    "sha1": "string",
    "md5": "string",
    "file_size": 0,
    "last_inspected": 0,
    "inspection_status": "string",
    "threat_score": 0,
    "verdict": "string",
    "error_message": "string",
    "error_code": "string",
    "allow_listed": {
        "last_inspection_setting": false,
        "current_setting": false
    },
    "malware_family": [
        "string"
    ],
    "malware_class": [
        "string"
    ],
    "is_blocked": false,
    "file_type": "string",
    "inspections_count": 0,
    "last_inspected_site": {
        "site_id": "string",
        "site_name": "string",
        "site_type": "string"
    }
}
string
sha256
Optional

SHA256 hash of the file.

string
sha1
Optional

SHA1 hash of the file.

string
md5
Optional

MD5 hash of the file.

integer As int64 As int64
file_size
Optional

Size of the file in bytes.

EpochMsTimestamp
last_inspected
Optional

Timestamp in milliseconds since epoch

InspectionStatus
inspection_status
Optional

Status of the inspection event.

Possible values are : IN_PROGRESS, COMPLETED, ERROR,
integer
threat_score
Optional

Threat score in the range of 0 to 100. A score of 100 is considered high potential threat.

Verdict
verdict
Optional

This property describes the behavior of the file at runtime. Meanings are described below BENIGN: This is a benign file with no malicious code TRUSTED: This is a TRUSTED file based on the behaviour of the file HIGHLY_TRUSTED: This is a file from a highly trusted source like for e.g microsft published the file SUSPICIOUS: This file contains suspicious code and on execution can turn out to be malware MALICIOUS: This file is a malicious file containing malware or bad code that can harm the system UNKNOWN: Either this file behavior is UNKNOWN at this point in time or there is some error in file anlaysis pipeline and verdict could not be concluded. UNINSPECTED: This file is marked as allowlisted and hence the verdict is UNINSPECTED.

Possible values are : BENIGN, TRUSTED, HIGHLY_TRUSTED, SUSPICIOUS, MALICIOUS, UNKNOWN, UNINSPECTED,
string
error_message
Optional

Error message corresponding to last inspection of this file. This field will be populated only when there is some error in the last inspection.

string
error_code
Optional

Error code corresponding to last inspection of this file. This field will be populated only when there is some error in the last inspection.

AllowListedSetting
allow_listed
Optional

Conveys user specified allow-list settting for this file at different time instances using /allow-list API.

array of string
malware_family
Optional

Family of the malware.

array of string
malware_class
Optional

Class of the malware.

boolean
is_blocked
Optional

Conveys if the file is blocked by malware prevention service.

string
file_type
Optional

Type of the file.

integer
inspections_count
Optional

Number of times this file is inspected.

SiteEntity
last_inspected_site
Optional

Site Entity Information.

Used By