|
Field type |
Field name |
Description |
Example value |
|---|---|---|---|
|
CEF header |
CEF:Version |
CEF version. |
CEF:0 |
|
Device Vendor |
Product vendor. |
UserGate |
|
|
Device Product |
Product type. |
NGFW |
|
|
Device Version |
Product version. |
7 |
|
|
Source |
Log type. |
endpoint_log |
|
|
Name |
Source type. |
log |
|
|
Threat Level |
URL category threat level. |
Available values (from 1 to 10):
|
|
|
CEF [extension] |
rt |
Time when the event was received (in milliseconds since January 1, 1970). |
1652344423822 |
|
deviceExternalId |
A unique name of the device which generated the event. |
35fb5820-74db-4eac-b05b-d01bc284c4e8 |
|
|
act |
Action taken by the device according to the configured policies. |
accept |
|
|
filePath |
The application the firewall rule was applied to. |
C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe |
|
|
cs1Label |
Indicates the endpoint ID. |
endpointId |
|
|
cs1 |
Endpoint ID. |
35fb5820-74db-4eac-b05b-d01bc284c4e8 |
|
|
cs2Label |
Indicates the endpoint name. |
endpointName |
|
|
cs2 |
Endpoint NetBIOS name. |
DESKTOP-0731NFQ |
|
|
cs3Label |
Indicates the rule triggered. |
Rule |
|
|
cs3 |
Rule name. |
Test rule name |
|
|
src |
Traffic source IPv4 address. |
10.10.10.10 |
|
|
spt |
Source port. |
Values: 0-65535. |
|
|
dst |
IPv4 address of the traffic destination. |
194.226.127.130 |
|
|
dpt |
Destination port. |
Values: 0-65535. |
|
|
shost |
Host name. |
||
|
flexString1Label |
Indicates the content type. |
Media type |
|
|
flexString1 |
Content type. |
text/html |
|
|
flexString2Label |
Indicates the URL category. |
URL Categories |
|
|
flexString2 |
URL category. |
Computers & Technology |