The following table provides descriptions for the scan results output.
Some results are specific to the model file scanned and are not described in this table. For example: pickle_modules.
detections - When a model file is considered malicious or unsafe, the scan result includes detection information, providing details about why the model is considered malicious or unsafe.
- category
- cve - The related Common Vulnerabilities and Exposures (CVE) security flaws.
- cwe - The related Common Weakness Enumeration (CWE) software weaknesses.
- cwe_href - A link to the related CWE webpage (if available).
- description - A statement about what triggered the malicious or unsafe severity level.
- detection_id - A unique identifier for the detection.
- message
- mitre_atlas - The related MITRE ATLAS tactics and techniques for this malicious or unsafe file.
- owasp - The related Open Worldwide Application Security Project (OWASP) information related to this malicious or unsafe file.
- rule_id
- severity - The severity level for the scan result. Includes: Malicious.
- technical_blog_href - A link to a HiddenLayer blog related to the vulnerabilities found in the model file.
end_time - The Unix timestamp for when the scan completed.
results - The scan results include information about the model file, including hashes (md5 and sha256) and file format information (like pickle).
- md5 - The MD5 hash value for the file.
- sha256 - The SHA256 hash value for the file.
- subtype - The libraries related to the model file, like NumPy and Scikit.
- tlsh - The TLSH hash value for the file.
- type - The type of model file, like Pickle.
status - The status of the scan. Includes: Created, Done.
scan_id - The unique identifier for the scan.
start_time - The Unix timestamp for when the scan started.
request_path
severity - The severity level for the model file, determined by the HiddenLayer Model Scanner. Includes: Safe, Malicious.