Field name |
Description |
Example value |
||
---|---|---|---|---|
timestamp |
Time when the event was received. Format: yyyy-mm-ddThh:mm:ssZ. |
2022-05-12T08:11:46.15869Z |
||
session |
Session ID. |
a7a3cd49-8232-4f1a-962a-3659af89e96f (if System: 00000000-0000-0000-0000-000000000000) |
||
packets_sent |
Number of packets transmitted from the source to the destination. |
1 |
||
packets_recv |
Number of packets transmitted from the destination to the source. |
1 |
||
node |
The unique name of the device that generated the event. |
utmcore@ersthetatica |
||
proto |
Level 4 protocol used. |
TCP or UDP |
||
bytes_sent |
Number of bytes transmitted from the source to the destination. |
100 |
||
bytes_recv |
Number of bytes transmitted from the destination to the source. |
6 |
||
action |
Action taken by the device according to the configured policies. |
accept |
||
application |
id |
Application ID. |
195 |
|
threat_level |
Application threat level. |
Available values:
|
||
name |
Application name. |
Youtube |
||
user |
guid |
Unique ID of the user. If the user type is Unknown then the ID: 00000000-0000-0000-0000-000000000000. |
a7a3cd49-8232-4f1a-962a-3659af89e96f |
|
name |
The username. |
Admin |
||
groups |
guid |
Unique ID of the group the user is a member of. |
919878b2-e882-49ed-3331-8ec72c3c79cb |
|
name |
Name of the group the user is a member of. |
Default Group |
||
rule |
guid |
Unique ID of the rule triggered to cause the event. |
59e38e06-533a-4771-9664-031c3e8b2e1f |
|
name |
Name of the rule triggered to cause the event. |
Allow trusted to untrusted |
||
signatures |
id |
ID of the triggered signature. |
999999 |
|
threat_level |
Threat level of the triggered signature. |
Available values:
|
||
name |
Name of the triggered signature. |
BlackSun Test |
||
source |
zone |
guid |
Unique ID of the traffic source zone. |
d0038912-0d8a-4583-a525-e63950b1da47 |
name |
Traffic source zone name. |
Trusted |
||
country |
Source country name. |
AE (a two-letter country code is displayed) |
||
ip |
IPv4 address of the traffic source. |
10.10.10.10 |
||
port |
Source port |
Values: 0-65535. |
||
destination |
zone |
guid |
Unique ID of the traffic destination zone. |
3c0b1253-f069-4060-903b-5fec4f465db0 |
name |
Traffic destination zone name. |
Untrusted |
||
country |
Destination country name. |
AE (a two-letter country code is displayed) |
||
ip |
IPv4 address of the traffic destination. |
104.19.197.151 |
||
port |
Destination port |
Values: 0-65535. |