Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Found Viruses Log rule set

The Found Viruses Log rule set is a nested rule set in the Default log handler rule set.

Nested default rule set – Found Viruses Log
Criteria – Always

The rule set contains the following rule.

Write found viruses.log

Antimalware.Infected equals true –> Continue —

Set User-Defined.logLine = DateTime.ToWebReporterString + “ ”” ...

FileSystemLogging.WriteLogEntry (User-Defined.logLine)<Found Viruses Log>

The rule uses an event to fill a log file entry with parameter values relating to web objects that are infected by viruses or other malware, such as virus names or IP addresses.

It uses another event to write this entry into a log file.

The log file entry is specified as a parameter in both events. The log that stores the log file is specified by the settings of the write event.

Values for the following parameters are set and logged by the events of the rule (properties used by the set event are shown in italics):

  • Date and timeDateTime.ToWebReporterString
  • User nameAuthentication.UserName
  • Client IP addressString.ReplaceIfEquals (IP.ToString(Client.IP), “”, “-”)
  • Virus and malware namesList.OfString.ToString (Antimalware.VirusNames)

The logging rule applies whenever a requested web object has been found to be infected. The two rule events for filling and writing a log entry are then executed.

Processing continues with the next rule or rule set.

Tags recommended by the template: article:topic

  • Was this article helpful?