Closed ikiril01 closed 8 years ago
gtback
commented
9 years ago Doesn't the presence of Classification_Name determine this? Or are you thinking of cases when you know a sample was detected but you don't know (or don't want to share) the exact classification.
ikiril01
commented
9 years ago @gtback actually, it's mostly about not being a big fan of making implicit assertions through the presence or lack of a particular element; I think having a "detected" flag is easier to grok semantically, and it also aligns well with the VirusTotal API output (https://www.virustotal.com/en/documentation/public-api/), which is as close to a defacto representation of this data as any :)
gtback
commented
9 years ago Sounds good to me! Just wanted to make sure that it was intentional. :grinning:
We currently don't have a way of directly specifying whether a particular AV tool actually detected a sample or not, so we should add a simple Boolean "detected" field to capture this.