How to use the --order-by key for malware or get CLI?

Issue

How to use the --order-by key for malware CLI?
It is not specified in the documentation - https://docs.imunifyav.com/cli/#malware

Environment

• Imunify360
• ImunifyAV
• CLI

Solution

The --order-by key uses column names from the Imunify database:

# sqlite3 /var/imunify360/imunify360.db
SQLite version 3.7.17 2013-05-20 00:56:22
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> .headers on
sqlite> select * from malware_history;
id|path|event|initiator|cause|file_owner|ctime|app_name|resource_type|db_host|db_port|db_name
1|/var/www/vhosts/joomla.tld/httpdocs/xmrig|found|root|background|joomla|1609653732||file|||
...

Meaning, the following options are available:

id
path
event
initiator
cause
file_owner
ctime
app_name
resource_type
db_host
db_port
db_name

Usage examples:

1. To display the 10 oldest records:

   # imunify360-agent malware history list --limit=50000 --order-by ctime+ | head

   Here we use:

• "--limit=50000" - by default command shows only 50 records. I increased the limit to check all records
• "--order-by ctime+" - to order records by the time they were added.+is for ascending order,-for descending.

2. To display all records related to "jdoe" home directory sorted by the path to the file:

   # imunify360-agent malware history list --limit=50000 --order-by path+ | grep jdoe

    

3. To display limit=10 of number of abuser 's tries , descending order-by the number of them we can go with, 
   

   imunify360-agent get --period 1h --order-by retries+ --limit=10

    

4. To display limit=10 of number of abuser 's tries, ascending order-by the number of them we can go with,
   

   imunify360-agent get --period 1h --order-by retries- --limit=10