23.2.4. IDPS log description

Field name

Description

Example value

timestamp

Time when the event was received. Format: yyyy-mm-ddThh:mm:ssZ.

2022-05-12T08:11:46.15869Z

session

Session ID.

a7a3cd49-8232-4f1a-962a-3659af89e96f (if System: 00000000-0000-0000-0000-000000000000)

packets_sent

Number of packets transmitted from the source to the destination.

1

packets_recv

Number of packets transmitted from the destination to the source.

1

node

A unique name of the device which generated the event.

utmcore@ersthetatica

proto

Level 4 protocol used.

TCP or UDP

bytes_sent

Number of bytes transmitted from the source to the destination.

100

bytes_recv

Number of bytes transmitted from the destination to the source.

6

action

Action taken by the device according to the configured policies.

accept

application

id

Application ID.

195

threat_level

Application threat level.

Available values:

  • 1: very low;

  • 2: low;

  • 3: medium;

  • 4: high;

  • 5: very high.

name

Application name.

Youtube

user

guid

Unique ID of the user. If the user type is Unknown then the ID: 00000000-0000-0000-0000-000000000000.

a7a3cd49-8232-4f1a-962a-3659af89e96f

name

User name.

Admin

groups

guid

Unique ID of the group the user is a member of.

919878b2-e882-49ed-3331-8ec72c3c79cb

name

Name of the group the user is a member of.

Default Group

rule

guid

Unique ID of the rule triggered to cause the event.

59e38e06-533a-4771-9664-031c3e8b2e1f

name

Name of the rule triggered to cause the event.

Allow trusted to untrusted

signatures

id

ID of the triggered signature.

999999

threat_level

Уровень угрозы сработавшей сигнатуры.

Available values:

  • 1: very low;

  • 2: low;

  • 3: medium;

  • 4: high;

  • 5: very high.

name

Name of the triggered signature.

BlackSun Test

source

zone

guid

Unique ID of the traffic source zone.

d0038912-0d8a-4583-a525-e63950b1da47

name

Traffic source zone name.

Trusted

country

Source country name.

AE (a two-letter country code is displayed)

ip

IPv4 address of the traffic source.

10.10.10.10

port

Source port.

Values: 0-65535.

destination

zone

guid

Unique ID of the traffic destination zone.

3c0b1253-f069-4060-903b-5fec4f465db0

name

Traffic destination zone name.

Untrusted

country

Destination country name.

AE (a two-letter country code is displayed)

ip

IPv4 address of the traffic destination.

104.19.197.151

port

Destination port.

Values: 0-65535.