The Antivirus data model provided below aligns with the most commonly used devices and their log formats. Read more about how to use the DNIF Data Model

$SubSystem $Action Description
ANTIVIRUS SCANFAILED The AntiVirus application has failed to scan
ANTIVIRUS SCANCANCELLED The AntiVirus scan was cancelled
ANTIVIRUS PACK_BLKD Malicious packets blocked by the device
ANTIVIRUS SIG_UPDTD Successful updation of the antivirus signatures
ANTIVIRUS SCANCOMPLETED The Antivirus scan was completed
ANTIVIRUS SCANSTARTED The Antivirus scan was initiated
ANTIVIRUS VIRUS_DETECT Malicious file/code was detected by the Antivirus software