diff --git a/dictionary.json b/dictionary.json
index f3d3da359..81dbd643a 100644
--- a/dictionary.json
+++ b/dictionary.json
@@ -855,6 +855,11 @@
       "is_array": true,
       "type": "string_t"
     },
+    "command_uid": {
+      "caption": "Command UID",
+      "description": "The unique command identifier.",
+      "type": "string_t"
+    },
     "comment": {
       "caption": "Comment",
       "description": "The user-provided comment.",
@@ -2253,6 +2258,56 @@
       "is_array": true,
       "type": "string_t"
     },
+    "num_detections": {
+      "caption": "Detections",
+      "description": "The number of detections.",
+      "type": "integer_t"
+    },
+    "num_files": {
+      "caption": "Scanned Files",
+      "description": "The number of files scanned.",
+      "type": "integer_t"
+    },
+    "num_folders": {
+      "caption": "Scanned Folders",
+      "description": "The number of folders scanned.",
+      "type": "integer_t"
+    },
+    "num_network_items": {
+      "caption": "Scanned Network Items",
+      "description": "The number of network items scanned.",
+      "type": "integer_t"
+    },
+    "num_processes": {
+      "caption": "Scanned Processes",
+      "description": "The number of processes scanned.",
+      "type": "integer_t"
+    },
+    "num_registry_items": {
+      "caption": "Scanned Registry Items",
+      "description": "The number of registry items scanned.",
+      "type": "integer_t"
+    },
+    "num_resolutions": {
+      "caption": "Resolutions",
+      "description": "The number of items that were resolved.",
+      "type": "integer_t"
+    },
+    "num_skipped_items": {
+      "caption": "Skipped",
+      "description": "The number of skipped items.",
+      "type": "integer_t"
+    },
+    "num_trusted_items": {
+      "caption": "Trusted",
+      "description": "The number of trusted items.",
+      "type": "integer_t"
+    },
+    "num_violations": {
+      "caption": "Violations",
+      "description": "The number of times the policy or rule was violated.",
+      "type": "integer_t"
+    },
     "observables": {
       "caption": "Observables",
       "description": "The observables associated with the event or a finding.",
@@ -2913,6 +2968,16 @@
       "description": "The numeric scale factor of display.",
       "type": "integer_t"
     },
+    "scan": {
+      "caption": "Scan",
+      "description": "The Scan object describes characteristics of a scan.  See specific usage.",
+      "type": "scan"
+    },
+    "schedule_uid": {
+      "caption": "Schedule UID",
+      "description": "The unique identifier of the schedule associated with a scan job.",
+      "type": "string_t"
+    },
     "scheme": {
       "caption": "Scheme",
       "description": "The scheme portion of the URL. For example: <code>http</code>, <code>https</code>, <code>ftp</code>, or <code>sftp</code>.",
@@ -3406,6 +3471,11 @@
       "is_array": true,
       "type": "email_t"
     },
+    "total": {
+      "caption": "Total",
+      "description": "The total number of items. See specific usage.",
+      "type": "integer_t"
+    },
     "traffic": {
       "caption": "Traffic",
       "description": "The network traffic refers to the amount of data moving across a network at a given point of time. Intended to be used alongside Network Connection.",
diff --git a/events/application/scan_activity.json b/events/application/scan_activity.json
new file mode 100644
index 000000000..a2b74cc6f
--- /dev/null
+++ b/events/application/scan_activity.json
@@ -0,0 +1,132 @@
+{
+  "caption": "Scan Activity",
+  "category": "application",
+  "description": "Scan events report the start, completion, and results of a scan job. The scan event includes the number of items that were scanned and the number of detections that were resolved.",
+  "extends": "base_event",
+  "name": "scan_activity",
+  "profiles": [
+    "host"
+  ],
+  "uid": 7,
+  "attributes": {
+    "$include": [
+      "profiles/host.json"
+    ],
+    "command_uid": {
+      "description": "The command identifier that is associated with this scan event.  This ID uniquely identifies the proactive scan command, e.g., if remotely initiated.",
+      "group": "primary",
+      "requirement": "recommended"
+    },
+    "activity_id": {
+      "enum": {
+        "1": {
+          "description": "The scan was started.",
+          "caption": "Started"
+        },
+        "2": {
+          "description": "The scan was completed.",
+          "caption": "Completed"
+        },
+        "3": {
+          "description": "The scan was cancelled.",
+          "caption": "Cancelled"
+        },
+        "4": {
+          "description": "The allocated scan time was insufficient to complete the requested scan.",
+          "caption": "Duration Violation"
+        },
+        "5": {
+          "description": "The scan was paused, either by the user or by program constraints (e.g. scans that are suspended during certain time intervals), and not resumed within the allotted time.",
+          "caption": "Pause Violation"
+        },
+        "6": {
+          "description": "The scan could not be completed due to an internal error.",
+          "caption": "Error"
+        },
+        "7": {
+          "description": "The scan was paused.",
+          "caption": "Paused"
+        },
+        "8": {
+          "description": "The scan was resumed from the pause point.",
+          "caption": "Resumed"
+        },
+        "9": {
+          "description": "The scan restarted from the beginning of the file enumeration.",
+          "caption": "Restarted"
+        },
+        "10": {
+          "description": "The user delayed the scan.",
+          "caption": "Delayed"
+        }
+      }
+    },
+    "duration": {
+      "description": "The duration of the scan",
+      "requirement": "recommended"
+    },
+    "end_time": {
+      "description": "The end time of the scan job.",
+      "requirement": "recommended"
+    },
+    "num_detections": {
+      "group": "primary",
+      "requirement": "recommended"
+    },
+    "num_files": {
+      "group": "primary",
+      "requirement": "recommended"
+    },
+    "num_folders": {
+      "group": "primary",
+      "requirement": "recommended"
+    },
+    "num_network_items": {
+      "group": "primary",
+      "requirement": "recommended"
+    },
+    "num_processes": {
+      "group": "primary",
+      "requirement": "recommended"
+    },
+    "num_registry_items": {
+      "group": "primary",
+      "requirement": "recommended"
+    },
+    "num_resolutions": {
+      "group": "primary",
+      "requirement": "recommended"
+    },
+    "num_skipped_items": {
+      "group": "primary",
+      "requirement": "recommended"
+    },
+    "num_trusted_items": {
+      "group": "primary",
+      "requirement": "recommended"
+    },
+    "policy": {
+      "description": "The policy associated with this Scan event; required if the scan was initiated by a policy.",
+      "group": "primary",
+      "requirement": "recommended"
+    },
+    "scan": {
+      "description": "The Scan object describes characteristics of the scan job.",
+      "group": "primary",
+      "requirement": "required"
+    },
+    "schedule_uid": {
+      "group": "primary",
+      "requirement": "recommended"
+    },
+    "start_time": {
+      "description": "The start time of the scan job.",
+      "requirement": "recommended"
+    },
+    "total": {
+      "description": "The total number of items that were scanned; zero if no items were scanned.",
+      "group": "primary",
+      "requirement": "recommended"
+    }
+  }
+}
\ No newline at end of file
diff --git a/objects/scan.json b/objects/scan.json
new file mode 100644
index 000000000..d6d902601
--- /dev/null
+++ b/objects/scan.json
@@ -0,0 +1,62 @@
+{
+  "caption": "Scan",
+  "description": "The Scan object describes characteristics of a proactive scan.",
+  "extends": "_entity",
+  "name": "scan",
+  "attributes": {
+    "name": {
+      "description": "The administrator-supplied or application-generated name of the scan. For example: \"Home office weekly user database scan\", \"Scan folders for viruses\", \"Full system virus scan\""
+    },
+    "type": {
+      "description": "The type of scan.",
+      "requirement": "optional"
+    },
+    "type_id": {
+       "description": "The type id of the scan.",
+        "requirement": "required",
+        "enum": {
+          "0": {
+            "caption": "Unknown"
+          },
+          "1": {
+            "description": "The scan was manually initiated by the user or administrator.",
+            "caption": "Manual"
+          },
+          "2": {
+            "description": "The scan was started based on scheduler.",
+            "caption": "Scheduled"
+          },
+          "3": {
+            "description": "The scan was triggered by a content update.",
+            "caption": "Updated Content"
+          },
+          "4": {
+            "description": "The scan was triggered by newly quarantined items.",
+            "caption": "Quarantined Items"
+          },
+          "5": {
+            "description": "The scan was triggered by the attachment of removable media.",
+            "caption": "Attached Media"
+          },
+          "6": {
+            "description": "The scan was started due to a user logon.",
+            "caption": "User Logon"
+          },
+          "7": {
+            "description": "The scan was triggered by an Early Launch Anti-Malware (ELAM) detection.",
+            "caption": "ELAM"
+          },
+          "99": {
+            "caption": "Other",
+            "description": "The scan type id is not mapped. See the <code>type</code> attribute, which contains a data source specific value."
+          }
+        },
+        "sibling": "type",
+        "type": "integer_t"
+      },
+      "uid": {
+        "description": "The application-defined unique identifier assigned to an instance of a scan.",
+        "caption": "Scan UID"
+      }
+    }
+}