ScheduleStoredFileSHAList
Description
The file storage feature allows you to capture selected files detected in traffic, and automatically store a copy of the file temporarily to a device’s hard drive or if installed, to the malware storage pack.
After your device captures the files, you can
1. Store captured files on the device’s hard drive for later analysis.
2. Download the stored file to a local computer for further manual analysis or archival purposes.
3. Submit captured files for AMP cloud lookup or dynamic analysis.
All SHAs of captured files can be downloaded using this scheduler. Since it supports only schedulerTpe IMMEDIATE, it will generate StoredSHAList.csv at /var/sf/fileCapture/ location on your FDM.
This can be further downloaded to your machine using GET /action/downloadstoredfileshalist/{objId} API. Here, objId should be default. (Note: The field level constraints listed here might not cover all the constraints on the field. Additional constraints might exist.)
Supported Operations
Model Properties
| Property | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| version | False | string | A unique string version assigned by the system when the object is created or modified. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete an existing object. As the version will change every time the object is modified, the value provided in this identifier must match exactly what is present in the system or the request will be rejected. | |||
| scheduleType | False | string | ScheduleType can only be IMMEDIATE | |||
| user | False | string | Requested user name Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| forceOperation | False | boolean | Force operation is not applicable | |||
| jobHistoryUuid | False | string | UUID to track the progress of this job. However, it is not being used anywhere as scheduleType only 'IMMEDIATE' is supported for now. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| ipAddress | False | string | Ip address of the requester (Default) Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| jobName | False | string | User readable jobName to uniquely identify a job | |||
| id | False | string | A unique string identifier assigned by the system when the object is created. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete (or reference) an existing object. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| type | True | string | schedulestoredfileshalist | |||