Database reference
- FA_Events table
- FA_LastEvents table
- FA_ALERT
- SNAPSHOTS
- REALFILES
- REALFOLDERS
- ACES
- SCANERRORS
- SERVERS
- Schema
FA_Events table.
The FileAudit database contains two tables. The first table is named FA_Events. The following fields are available in the table:
Name |
Type |
Description |
Computer |
String |
NetBIOS name of the computer where the audited file/folder is located. |
FileName |
String |
Path of the audited file/folder. |
UserAccount |
String |
User account that accessed the file/folder. |
DomainName |
String |
Domain of the user account that accessed the file/folder. |
Process |
String |
Process used to access the file/folder. This field is only available if the access is made locally. |
Accepted |
Number |
1 = Allowed / 0 = Rejected |
AccessRights |
Number |
Rights used to access the file/folder. See Appendix 1. |
Privileges |
Number |
Privileges used to access the file/folder. See Appendix 2. |
AccessId |
Number |
Access operation determined by FileAudit. See Appendix 3. |
RecordNumber |
Number |
Event record number in the Microsoft Windows Security log. |
EventTime |
DateTime |
Local Date & time of the file/folder access. |
EventLocalTime |
DateTime |
Field to ignore. Do not use. |
ObjectType |
Number |
0 = Unknown / 1 = Folder / 2 = File |
ClientAddress |
String |
Client IP address from where the access has been performed. This field is only available if the access is made remotely. |
LogonId |
String |
Logon ID of the user access token used to access the file/folder. |
Id |
Number |
Primary key automatically incremented for every new record. |
ClientName |
String |
Client machine name from where the access has been performed. This field is only available if the ClientAddress field exists. |
UniqueId |
String |
Unique identifier per access event |
OldFileName |
String |
Precedent file/folder path before a move or rename. This field is only available for cloud objects. |
FileUniqueId |
String |
Unique identifier per file/folder, this does not change with a move or rename action. This field is only available for cloud objects. |
FA_LastEvents table.
This second table is used internally by FileAudit to know which events have not yet been scanned. This allows FileAudit to scan only new events.
Name |
Type |
Description |
Computer |
String |
NetBIOS name of the computer where the audited file/folder is located. |
RecordNumber |
Number |
Event record number of the last event scanned by FileAudit from Microsoft Windows Security log. |
EventTime |
DateTime |
Date and time (UTC) of the last event scanned by FileAudit from Microsoft Windows Security log. |
Appendix 1 - AccessRights
AccessRights field is a combination of bits described in the grid as follows.
To exploit this specific field, you need to do a bit of extraction.
Bit |
Flag |
Description |
0 |
FILE_READ_DATA |
List folder / read data |
1 |
FILE_WRITE_DATA |
Create files / write data |
2 |
FILE_APPEND_DATA |
Create folders / append data |
3 |
FILE_READ_EA |
Read extended attributes |
4 |
FILE_FILE_WRITE_EA |
Write extended attributes |
5 |
FILE_EXECUTE |
Traverse folder / execute file |
7 |
FILE_READ_ATTRIBUTES |
Read attributes |
8 |
FILE_WRITE_ATTRIBUTES |
Write attributes |
16 |
DELETE |
Delete |
17 |
READ_CONTROL |
Read permissions |
18 |
WRITE_DAC |
Change permissions |
19 |
WRITE_OWNER |
Take ownership |
20 |
SYNCHRONIZE |
|
24 |
ACCESS_SYSTEM_SECURITY |
Appendix 2 - Privileges
Bit |
Privilege |
Description |
5 |
SeSecurityPrivilege |
|
6 |
SeTakeOwnershipPrivilege |
|
14 |
SeBackupPrivilege |
|
15 |
SeRestorePrivilege |
Appendix 3 - AccessId
Identifier |
Operation |
Description |
0 |
Delete |
The file/folder was deleted, moved or renamed. |
1 |
Ownership |
A user took the ownership on this file/folder. |
2 |
Permissions |
A user changed permissions on this file/folder. |
3 |
Write |
The file was opened in write mode. |
4 |
Execute |
The file is an executable and was executed by a user. |
5 |
Read |
The file was opened in read mode |
6 |
System |
An attempt was made to read or write the system access control list of the file/folder. Typically this event just means that a user displayed properties on the file/folder using the Windows Explorer. |
7 |
Write Attributes |
A file attribute has been changed. |
8 |
Other |
|
9 |
Creation (Cloud) |
The file was created |
10 |
Move |
The file was moved |
11 |
Rename |
The file was renamed |
12 |
Lock (Cloud) |
|
13 |
Unlock (Cloud) |
|
14 |
Copy (Cloud) |
The file was copied |
15 |
Download (Cloud) |
The file was downloaded |
16 |
Restore (Cloud) |
The file was restored |
17 |
Revert (Cloud) |
The file was reverted |
18 |
Share (Cloud) |
The file was shared |
19 |
Unshare (Cloud) |
The file was unshared |
20 |
Check In (Cloud) |
A user checked in a file in Sharepoint Online |
21 |
Check Out (Cloud) |
A user tried to checked out a file in Sharepoint Online |
22 |
Undo Check Out (Cloud) |
A user discarded a check out of a file in Sharepoint Online |
23 |
Destroy (Cloud) |
The file was deleted from trash |
FA_ALERT
This table provide a history with all of the alerts triggered by FileAudit ”Alerts” feature.
Field name |
Data type |
Description |
AlertType |
number |
Type of the alert (Single or mass alert) |
AlertTime |
Datetime |
Time when the alert has been triggered |
Status |
number |
Access status (Granted/Denied) |
AlertName |
string |
Name of the alert |
ServerName |
string |
Name of the server where the alert has been triggered |
DomainName |
string |
Domain of the user account that accessed the file/folder |
UserName |
string |
Name of the user that accessed the file/folder |
Path |
string |
Path(s) of the file(s)/folder(s) where the alert has been triggered |
ClientName |
string |
Client machine name from where the alert has been triggered |
ClientAddress |
string |
List of clients IP addresses from where the alert has been triggered |
AccessType |
number |
List of access types that triggered the alert |
MailRecipient |
string |
List of e-mail recipients who have received a notification that the alert has been triggered |
Script |
string |
The list of script(s) name(s) executed by the alert |
Process |
string |
Process’s name that triggered the alert |
EffectiveCount |
number |
Number of events that have been detected to trigger the alert in the case of a mass alert |
EffectiveTimePeriodInSec |
number |
Effective time period between the first and the last event that triggered the alert in the case of a mass alert |
SNAPSHOTS
This table lists all the network images available in the database. Each image is identified by the "id_snapshot" field.
Field name |
Data type |
Description |
id_snapshot |
number |
Identifier of the network snapshot. |
shot_time |
datetime |
Time when the scan of the snapshot began. |
config_file |
string |
|
description |
string |
REALFILES
This table describes all files available on your Windows computers (or a subset if you define file masks or folder restrictions).
Field name |
Data type |
Description |
Id_realfiles |
number |
Identifier of this file. |
server_name |
string |
Name or network address of the related computer |
id_snapshot |
number |
Snapshot auto-number. |
pathname |
string |
Full path of the file. |
filename |
string |
|
attribs |
number |
Bit mask specifying the file's attributes (see Appendix) |
realsize |
number |
Real size of the file. |
compressedsize |
number |
Compressed size of the file. |
time_created |
datetime |
Time when the file was created. |
time_modified |
datetime |
|
time_accessed |
datetime |
|
account_name |
string |
Owner of the file. |
id_Acl |
number |
Appendix
Symbolic constant |
Value |
Meaning |
FILE_ATTRIBUTE_ARCHIVE |
0x00000020 |
The file or directory is an archived file or directory. Applications use this attribute to mark files for backup or removal. |
FILE_ATTRIBUTE_COMPRESSED |
0x00000800 |
The file or directory is compressed. For a file, this means that the file is compressed. For a directory, this means that compression is the default for newly created files and subdirectories. |
FILE_ATTRIBUTE_DIRECTORY |
0x00000010 |
The handle identifies a directory. |
FILE_ATTRIBUTE_ENCRYPTED |
0x00000040 |
The file or directory is encrypted. For a file, this means that data in the file is encrypted. For a directory, this means that encryption is the default for newly created files and subdirectories. |
FILE_ATTRIBUTE_HIDDEN |
0x00000002 |
The file or directory is hidden. It is not included in an ordinary directory listing. |
FILE_ATTRIBUTE_NORMAL |
0x00000080 |
The file or directory has no other attributes set. This attribute is valid only if used alone. |
FILE_ATTRIBUTE_OFFLINE |
0x00001000 |
The file data is not immediately available. Indicates that the file data has been physically moved to offline storage. |
FILE_ATTRIBUTE_READONLY |
0x00000001 |
The file or directory is read-only. Applications can read the file but cannot write to it or delete it. If this is a directory, applications cannot delete it. |
FILE_ATTRIBUTE_REPARSE_POINT |
0x00000400 |
The file has an associated reparse point. |
FILE_ATTRIBUTE_SPARSE_FILE |
0x00000200 |
The file is a sparse file. |
FILE_ATTRIBUTE_SYSTEM |
0x00000004 |
The file or directory is part of the operating system or is used exclusively by the operating system. |
FILE_ATTRIBUTE_TEMPORARY |
0x00000100 |
The file is being used for temporary storage. File systems attempt to keep all of the data in memory for a quicker access, rather than flushing it back to mass storage. A temporary file should be deleted by the application as soon as it is no longer needed. |
REALFOLDERS
This table describes all folders available on your Windows computers (or a subset).
Field name |
Data type |
Description |
id_snapshot |
number |
snapshot auto-number |
server_name |
string |
Netbios name of the server without the 2 backslashes. |
id_realfolder |
number |
Identifier of this folder. The field is used to link tables such as aces\object_id |
id_share |
number |
Link to the share if the folder is shared (shares table). |
pathname |
string |
Full path of the folder. |
foldername |
string |
Name of the folder |
attribs |
number |
Bit mask specifying the folder's attributes (see Appendix in table realfiles). |
time_created |
time |
Time when the folder was created. |
account_name |
string |
Owner of the file. |
realsize |
number |
Size of the folder including al subdirectories and files (Bytes) |
compressedsize |
number |
Currently not scanned |
NbFiles |
number |
Number of files in the folder |
NbFolders |
number |
Number of subfolders in the folder |
time_accessed |
time |
Last accessing time. |
rootsize |
number |
Size of all files at the root of the folder |
ACES
This table contains the ACEs (access control entries) of the total scanned objects (files).
Field name |
Data type |
Description |
id_snapshot |
number |
auto-numbering of network snapshots. |
object_id |
number |
Identifier of a file (see "realfiles") or a share (see "shares"). |
type |
number |
Type of access (can be: ACCESS_ALLOWED_ACE_TYPE = 1 or ACCESS_DENIED_ACE_TYPE = 0). |
rightmask |
number |
Bit mask describing the type of access: allowed or denied (see Appendix). |
aceflags |
||
account_name |
string |
Full account name corresponding to the ACE. |
Rights |
string |
rwxd read write execute delete access rights |
Appendix
Bits |
Meaning |
||||||||||||||||||
0 through 15 |
Specific rights. Contains the access mask specific to the object type associated with the mask. |
||||||||||||||||||
16 through 23 |
Standard rights. Contains the object's standard access rights and can be a combination of the following pre-defined flags:
|
||||||||||||||||||
24 |
Access system security (ACCESS_SYSTEM_SECURITY). This flag is not a typical access type. It is used to indicate access to an ACL system. This type of access requires the calling process to have a specific privilege. |
||||||||||||||||||
25 |
Maximum allowed (MAXIMUM_ALLOWED) |
||||||||||||||||||
26 through 27 |
Reserved |
||||||||||||||||||
28 |
Generic all (GENERIC_ALL) |
||||||||||||||||||
29 |
Generic execute (GENERIC_EXECUTE) |
||||||||||||||||||
30 |
Generic write (GENERIC_WRITE) |
||||||||||||||||||
31 |
Generic read (GENERIC_READ) |
SCANERRORS
The scanner insert in this table all errors and warnings occurring during a scan. An error means that the computer was not scanned. A warning means that information will be missing for the computer.
Field name |
Data type |
Description |
id_snapshot |
number |
Snapshot auto-number |
server_name |
string |
Name or network address of the related computer |
EventLevel |
number |
0/1 for warning/error |
EventCode |
number |
scan error number see appendix |
Appendix Errors & Warning codes
Code |
Symbolic name |
Level |
Description |
0 |
SCAN_ERROR_NAME_RESOLUTION |
Error |
Unable to to resolve the name |
1 |
SCAN_ERROR_PING |
Error |
Unable to ping |
2 |
SCAN_ERROR_NETPATH_NOTFOUND |
Error |
Network path not found |
3 |
SCAN_ERROR_REMOTEREG |
Error |
Unable to access the registry |
4 |
SCAN_ERROR_ACCESS_DENIED |
Error |
Access denied |
5 |
SCAN_ERROR_CONNECT |
Error |
Unable to connect |
6 |
SCAN_ERROR_COMPUTER_REC |
Error |
Unable to insert the computer in the database |
7 |
SCAN_ERROR_LICENSE_SERVERS |
Error |
Not enough server licenses |
8 |
SCAN_ERROR_LICENSE_WKSTAS |
Error |
Not enough workstation licenses |
9 |
SCAN_ERROR_OTHER |
Error |
Unspecified error |
10 |
SCAN_ERROR_EXCEPTION |
Error |
Unexpected error |
100 |
SCAN_WARNING_SMBIOS_INITDENIED |
Warning |
Advanced scan (Initialization denied) |
101 |
SCAN_WARNING_SMBIOS_RPCUNAVAILABLE |
Warning |
Advanced scan (RPC server unavailable) |
102 |
SCAN_WARNING_SMBIOS_NODATA |
Warning |
Advanced scan (No SMBIOS data) |
103 |
SCAN_WARNING_SMBIOS_OTHER |
Warning |
Advanced scan error |
104 |
SCAN_WARNING_NOADMINSHARES |
Warning |
No administrative shares |
105 |
SCAN_WARNING_DBINSERTION |
Warning |
Database insertion error |
106 |
SCAN_WARNING_OTHER |
Warning |
Unspecified warning |
107 |
SCAN_WARNING_ERRORSHARES |
Warning |
Unable to scan shares |
108 |
SCAN_WARNING_ERRORSERVICES |
Warning |
Unable to scan services |
109 |
SCAN_WARNING_EXCEPTION |
Warning |
Unexpected warning |
1000 |
SCAN_DOMAIN_ERROR_OU |
Domain Error |
Unable to retrieve computers from the Global Catalog |
1001 |
SCAN_DOMAIN_ERROR_LIST |
Domain Error |
Unable to find a domain controller |
1002 |
SCAN_DOMAIN_ERROR_CONTROLLER |
Domain Error |
Unable to retrieve computers from the domain controller |
SERVERS
This table describes the list of computers specifying their name, type, comments and service pack.
Field name |
Data type |
Description |
id_snapshot |
number |
Identifier of the network snapshot. |
server_name |
string |
Netbios name of the server without the two preceding backslash characters. |
domain_name |
string |
Name of the domain (or the workgroup) to which the servers belongs. |
type |
number |
Number composed of a bit mask describing the type of the server (see Appendix 1). |
texttype |
string |
A comprehensible text string describing the preceding type value. |
comments |
string |
Comments of the server. |
maxusers |
number |
Maximal number of concurrent connected users. If this value equals -1, it means that there is no limit. |
userspath |
string |
This string contains the path to user directories. |
sp |
string |
Describes the actual Windows NT Service Pack installed. |
install_date |
date |
Date when the operating system has been installed. |
bios_type |
string |
Bios description. |
bios_date |
string |
Bios date (useful for Y2K tests). |
os |
string |
Active operating system. |
OSLevel |
0 = workstation/ 1 = server/ 2 advanced server |
|
wmi |
number |
Equals 1 if Windows Management Instrumentation is active on the computer. Otherwise, it is equals to 0. |
ram |
number |
Amount of physical memory (MB). |
ramUsed |
number |
Memory in use (MB) |
dns_hostname |
string |
|
dns_domain_name |
string |
|
dns_nameservers |
string |
|
dns_suffixes |
string |
|
Manufacturer |
string |
Computer's manufacturer |
Model |
string |
Computer's model |
Serial |
string |
Computer's serial number |
MotherBoard |
string |
|
MBSerial |
string |
Motherboard's serial |
MBManufacturer |
string |
Motherboard's manufacturer |
SmBIOSVersion |
string |
Supported version of the SMBIOS standard |
DComEnabled |
number |
0/1 DCOM is disabled/enabled |
RegisteredOwner |
string |
Name of the registered user |
RegisteredOrganization |
string |
Name of the registered company |
LastUser |
string |
Last logged on user (account_name) |
SystemRoot |
string |
OS directory (commonly c:\winnt c:\windows) |
ProgramFilesDir |
string |
Commonly c:\program files\ |
CommonFilesDir |
string |
Commonly c:\program files\Common Files |
BootTime |
number |
Time interval (in days) since the last boot of the machine |
IdleTime |
number |
Idle Time (in days) since the last boot. % Used processor time = 100-IdleTime/BootTime*100 |
ScanTime |
time |
Scan time |
IEVersion |
number |
Internet Explorer version |
number |
Internet Explorer service pack |
|
LanguageId |
number |
Operating system language. See appendix 2 for the meaning of this number. |
CanonicalName |
string |
Canonical name of the computer in the Active Directory |
Container |
string |
Container of the computer in the Active Directory |
ComputerState |
number |
1/0 need a reboot yes/no |
ChassisType |
number |
Computer case see appendix 3. |
ChipSet |
string |
|
Platform |
number |
|
string |
Edition |
Appendix 1
Symbolic constant |
Value |
Meaning |
SV_TYPE_WORKSTATION |
0x00000001 |
All LAN Manager workstations. |
SV_TYPE_SERVER |
0x00000002 |
All LAN Manager servers. |
SV_TYPE_SQLSERVER |
0x00000004 |
Any server running with Microsoft SQL Server. |
SV_TYPE_DOMAIN_CTRL |
0x00000008 |
Primary domain controller. |
SV_TYPE_DOMAIN_BAKCTRL |
0x00000010 |
Backup domain controller. |
SV_TYPE_TIMESOURCE |
0x00000020 |
Server running the Timesource service. |
SV_TYPE_AFP |
0x00000040 |
Apple File Protocol servers. |
SV_TYPE_NOVELL |
0x00000080 |
Novell servers. |
SV_TYPE_DOMAIN_MEMBER |
0x00000100 |
LAN Manager 2.x Domain Member. |
SV_TYPE_LOCAL_LIST_ONLY |
0x40000000 |
Servers maintained by the browser. |
SV_TYPE_PRINT |
0x00000200 |
Server sharing print queue. |
SV_TYPE_DIALIN |
0x00000400 |
Server running dial-in service. |
SV_TYPE_XENIX_SERVER |
0x00000800 |
Xenix server. |
SV_TYPE_MFPN |
0x00004000 |
Microsoft File and Print for Netware. |
SV_TYPE_NT |
0x00001000 |
Windows NT (poste de travail ou serveur). |
SV_TYPE_WFW |
0x00002000 |
Server running Windows for Workgroups. |
SV_TYPE_SERVER_NT |
0x00008000 |
Windows NT non-DC server. |
SV_TYPE_POTENTIAL_BROWSER |
0x00010000 |
Server that can run the Browser service. |
SV_TYPE_BACKUP_BROWSER |
0x00020000 |
Server running a Browser service as backup. |
SV_TYPE_MASTER_BROWSER |
0x00040000 |
Server running the master Browser service. |
SV_TYPE_DOMAIN_MASTER |
0x00080000 |
Server running the domain master Browser. |
SV_TYPE_DOMAIN_ENUM |
0x80000000 |
Primary Domain. |
SV_TYPE_WINDOWS |
0x00400000 |
Windows 95 or later. |
SV_TYPE_ALL |
0xFFFFFFF |
All servers. |
Appendix 2
Constante symbolique |
Valeur |
Signification |
LANG_NEUTRAL |
0x00 |
Neutral |
LANG_ARABIC |
0x01 |
Arabic |
LANG_BULGARIAN |
0x02 |
Bulgarian |
LANG_CATALAN |
0x03 |
Catalan |
LANG_CHINESE |
0x04 |
Chinese |
LANG_CZECH |
0x05 |
Czech |
LANG_DANISH |
0x06 |
Danish |
LANG_GERMAN |
0x07 |
German |
LANG_GREEK |
0x08 |
Greek |
LANG_ENGLISH |
0x09 |
English |
LANG_SPANISH |
0x0a |
Spanish |
LANG_FINNISH |
0x0b |
Finnish |
LANG_FRENCH |
0x0c |
French |
LANG_HEBREW |
0x0d |
Hebrew |
LANG_HUNGARIAN |
0x0e |
Hungarian |
LANG_ICELANDIC |
0x0f |
Icelandic |
LANG_ITALIAN |
0x10 |
Italian |
LANG_JAPANESE |
0x11 |
Japanese |
LANG_KOREAN |
0x12 |
Korean |
LANG_DUTCH |
0x13 |
Dutch |
LANG_NORWEGIAN |
0x14 |
Norwegian |
LANG_POLISH |
0x15 |
Polish |
LANG_PORTUGUESE |
0x16 |
Portuguese |
LANG_ROMANIAN |
0x18 |
Romanian |
LANG_RUSSIAN |
0x19 |
Russian |
LANG_CROATIAN |
0x1a |
Croatian |
LANG_SERBIAN |
0x1a |
Serbian |
LANG_SLOVAK |
0x1b |
Slovak |
LANG_ALBANIAN |
0x1c |
Albanian |
LANG_SWEDISH |
0x1d |
Swedish |
LANG_THAI |
0x1e |
Thai |
LANG_TURKISH |
0x1f |
Turkish |
LANG_URDU |
0x20 |
Urdu |
LANG_INDONESIAN |
0x21 |
Indonesian |
LANG_UKRAINIAN |
0x22 |
Ukrainian |
LANG_BELARUSIAN |
0x23 |
Belarusian |
LANG_SLOVENIAN |
0x24 |
Slovenian |
LANG_ESTONIAN |
0x25 |
Estonian |
LANG_LATVIAN |
0x26 |
Latvian |
LANG_LITHUANIAN |
0x27 |
Lithuanian |
LANG_FARSI |
0x29 |
Farsi |
LANG_VIETNAMESE |
0x2a |
Vietnamese |
LANG_ARMENIAN |
0x2b |
Armenian |
LANG_AZERI |
0x2c |
Azeri |
LANG_BASQUE |
0x2d |
Basque |
LANG_MACEDONIAN |
0x2f |
FYRO Macedonian |
LANG_AFRIKAANS |
0x36 |
Afrikaans |
LANG_GEORGIAN |
0x37 |
Georgian |
LANG_FAEROESE |
0x38 |
Faeroese |
LANG_HINDI |
0x39 |
Hindi |
LANG_MALAY |
0x3e |
Malay |
LANG_KAZAK |
0x3f |
Kazak |
LANG_KYRGYZ |
0x40 |
Kyrgyz |
LANG_SWAHILI |
0x41 |
Swahili |
LANG_UZBEK |
0x43 |
Uzbek |
LANG_TATAR |
0x44 |
Tatar |
LANG_BENGALI |
0x45 |
Not supported |
LANG_PUNJABI |
0x46 |
Punjabi |
LANG_GUJARATI |
0x47 |
Gujarati |
LANG_ORIYA |
0x48 |
Not supported |
LANG_TAMIL |
0x49 |
Tamil |
LANG_TELUGU |
0x4a |
Telugu |
LANG_KANNADA |
0x4b |
Kannada |
LANG_MALAYALAM |
0x4c |
Not supported |
LANG_ASSAMESE |
0x4d |
Not supported |
LANG_MARATHI |
0x4e |
Marathi |
LANG_SANSKRIT |
0x4f |
Sanskrit |
LANG_MONGOLIAN |
0x50 |
Mongolian |
LANG_GALICIAN |
0x56 |
Galician |
LANG_KONKANI |
0x57 |
Konkani |
LANG_MANIPURI |
0x58 |
Not supported |
LANG_SINDHI |
0x59 |
Not supported |
LANG_SYRIAC |
0x5a |
Syriac |
LANG_KASHMIRI |
0x60 |
Not supported |
LANG_NEPALI |
0x61 |
Not supported |
LANG_DIVEHI |
0x65 |
Divehi |
LANG_INVARIANT |
0x7f |
Appendix 3 Chassis type
Nombre |
Cas |
1 |
Autres |
2 |
Inconnu |
3 |
Desktop |
4 |
Low Profile Desktop |
5 |
Pizza Box |
6 |
Mini Tower |
7 |
Tower |
8 |
Portable |
9 |
LapTop |
10 |
Notebook |
11 |
Hand Held |
12 |
Docking Station |
13 |
All in One |
14 |
Sub Notebook |
15 |
Space-saving |
16 |
Lunch Box |
17 |
Main Server Chassis |
18 |
Expansion Chassis |
19 |
SubChassis |
20 |
Bus Expansion Chassis |
21 |
Peripheral Chassis |
22 |
RAID Chassis |
23 |
Rack Mount Chassis |
24 |
Multi-system chassis. |
Schema