FileMatch
Data for a matched file.
Fields
| Field | Type | Description |
|---|---|---|
| detectedTime | DateTime | Time the scan detected the match. |
| fileMetadata | FileMetadata | File Metadata for the matched file. |
| fileName | String! | Name of the file that was matched. |
| fileSize | Long! | Size of the file that was matched. |
| filepath | String! | Filepath that was matched. |
| firstObservedSnapshotDate | DateTime | Date of the snapshot when the match was first observed. |
| firstObservedSnapshotFid | UUID! | FID of the first observed snapshot. |
| isFileVersionQuarantined | Boolean! | Indicates whether the workload file version is quarantined. |
| isFirstObservedSnapshotExpired | Boolean! | Specifies whether the first observed snapshot has expired. |
| isMatchedSnapshotExpired | Boolean! | Specifies whether the matched snapshot has expired. |
| isQuarantinedInFirstObservedSnapshot | Boolean! | Indicates whether the file is quarantined in the first observed snapshot. |
| matchId | Long! | ID of the matched file being returned. |
| matchType | IndicatorOfCompromiseKind! | Type of threat match. |
| matchedSnapshotDate | DateTime | Date of the snapshot when the match was found. |
| matchedSnapshotFid | UUID! | FID of the matched snapshot. |
| mtime | DateTime | Modified time of the match. |
| objectFid | UUID! | FID of the object. |
| objectName | String! | The scanned object name. |
| objectType | HierarchyObjectTypeEnum | Object type. |
Used By
Queries
- query: threatMonitoringMatchedFiles (via connection)