The file data contains all attributes about a file that was flagged by Sandfly Security or a user defined sandfly for whatever reason. All attributes will be for the actual file, file link or device if found.
{ "date": { "created": "", "created_minutes": 0, "modified": "", "modified_minutes": 0, "accessed": "", "accessed_minutes": 0 }, "inode": 0, "device": 0, "rdevice": 0, "nlink": 0, "mode": "", "uid": 0, "username": "", "gid": 0, "groupname": "", "size": 0, "size_byte_count": 0, "size_mismatch": false, "blksize": 0, "blocks": 0, "path": "", "path_root": "", "path_link": "", "name": "", "extension": "", "flags": { "directory": false, "regular": false, "link": false, "suid": false, "suid_root": false, "sgid": false, "sgid_root": false, "socket": false, "device": false, "char_device": false, "named_pipe": false, "sticky": false, "immutable": false, "hidden": false, "deleted": false }, "entropy": 0, "hash": { "md5": "", "sha1": "", "sha256": "", "sha512": "" }, "magic_num": { "hex": "", "text": "", "type": "", "class": "", "expected_extensions": null }, "data": null }
Previous Article: | Next Article: | ![]() |