Responses

HIDDEN_MODULE_DETECTED Generated when a hidden_module_scan command is issued. Note that the name of the event does not confirm the presence of a hidden module. Please check the output to confirm whether a hidden module was detected. Platf...

GET_DOCUMENT_REP Generated when a doc_cache_get task requests a cached document. Platforms:

This page contains details for events generated by File and Registry Integirty Monitoring, or "FIM", Sensor commands . FIM_ADD Response event for the fim_add sensor command. An ERROR: 0 implies the path was successfully added. Platforms:...

This page contains details for events generated by Files and Directories sensor commands . DIR_FINDHASH_REP Response event for the dir_find_hash sensor command. Platforms: Sample Event: { "DIRECTORY_LIST": [ {...

This page contains details for events generated by Management sensor commands . GET_EXFIL_EVENT_REP Response from an exfil_get sensor command. Platforms: HISTORY_DUMP_REP Response from history_dump sensor command. Does not...

This page contains details for response events generated by Memory sensor commands . DEBUG_DATA_REP Response from a get_debug_data request. MEM_FIND_HANDLES_REP Response event for the mem_find_handle sensor command. Platforms: ...

This page contains details for response events generated by Mitigation sensor commands . REJOIN_NETWORK Emitted after a sensor is allowed network connectivity again (after it was previously segregated). An error code of 0 indicates success. ...

NETSTAT_REP Response from a netstat command to list active network sockets. Platforms: Sample Event: { "FRIENDLY": 0, "NETWORK_ACTIVITY": [ { "DESTINATION": { "IP_ADDRESS": "0.0.0.0", "PORT":...

OS_AUTORUNS_REP Response from an os_autoruns request. Platforms: Sample Event: { "TIMESTAMP": 1456194620, "AUTORUNS": [ { "REGISTRY_KEY": "Software\\Microsoft\\Windows\\CurrentVersion\\Run\\VMware User Process", ...

REGISTRY_LIST_REP This event is generated in response to the reg_list command to list keys and values in a registry key. Platforms: Sample Event: { "REGISTRY_KEY": [ "ActiveState", "ATI Technologies", "BreakP...