file-scans

Type: object

Scan results of file-scans. For each scanned file, where either a match was found or an error was emitted, one JSON object per line is stored.

root file
Type: object

Information about the scanned file

 No Additional Properties

root file path
Type: string

The path of the scanned file

root file md5
Type: string

MD5 hexdigest of the executable file, if the file could be read

root file sha256
Type: string

SHA256 hexdigest of the executable file, if the file could be read

root match
Type: array

Contains information about matched rules. Is empty-array if no rules matched.

Each item of this array must be:

root match match.schema.json
Type: object

Information about a yara rule match

 No Additional Properties

root match match strings
Type: array

The exact strings of the yara rule, that were found, including their offsets in the memory segment.

Each item of this array must be:

root match match strings strings items
Type: object
No Additional Properties

root match match strings strings items offset
Type: number

The offset, where the string was found, relative to the start of the scanned memory segment or file. Note, this value can get very large. make sure your parser uses an int64.

root match match strings strings items name
Type: string

The name of the matched string as defined in the yara rule

root match match strings strings items base
Type: number

root match match namespace
Type: string

The namespace of the matched yara rule. This depends on how the rules where compiled.

root match match rule
Type: string

The name of the matched yara rule

root error
Type: string or null

The error message or null if no error happened. Note, there may still be matches if an error happened.