The Virus Quarantine action deals with the resolution quarantine action as it relates to the identification of a virus on a given host. There are two possible results for this action: S for successful, F for failure.
|
Information |
Level |
|---|---|
|
Source - User Information |
Tertiary |
|
Source - Host Information |
Secondary |
|
Source - Object Information |
Secondary |
|
Source - Process Information |
Tertiary |
|
Source - Group Information |
Tertiary |
|
Dest - User Information |
Secondary |
|
Dest - Host Information |
Primary |
|
Dest - Object Information |
Primary |
|
Dest - Process Information |
Primary |
|
Dest - Group Information |
Tertiary |
|
Agent - Information |
Primary |
|
Agent - Host Information |
Primary |
|
Event Source - Host Information |
Primary |
|
Event Source - Information |
Tertiary |
|
Event - Information |
Primary |
|
Result - Information |
Primary |
The important information for this action is which process or file was quarantined because of which virus detection on which host. The event information was expressed on which host and recorded by which agent on which host.
The virus name should be stored in the result_signature field of CEG.
|
Result |
event_result |
event_severity |
|---|---|---|
|
Success |
S |
2 |
|
Failure |
F |
6 |
|
Copyright © 2013 CA.
All rights reserved.
|
|