|
Field name |
Description |
Example value |
||
|---|---|---|---|---|
|
timestamp |
Time when the event was received. Format: yyyy-mm-ddThh:mm:ssZ. |
2022-05-12T08:11:46.15869Z |
||
|
node |
The unique name of the device that generated the event. |
|||
|
proto |
Level 4 protocol used. |
UDP |
||
|
data |
Indicates the data being transmitted. |
{"question":[{"domain":"google.com","type":"A","class":"IN"}], "answer":[{"domain":"google.com","type":"TXT","class":"IN","ttl":5,"data":"Blocked"},{"domain":"google.com","type":"A","class":"IN","ttl":5,"data":"10.10.0.1"}]} |
||
|
reasons |
The reason why the event was created, e.g. the URL category on which the rule was triggered. |
{"url_cats":[{"id":37,"name":"Search Engines & Portals","threat_level":1}]} |
||
|
url_categories |
id |
ID of the triggered URL category. |
37 |
|
|
threat_level |
Threat level of the triggered category. |
Available values:
|
||
|
name |
Name of the triggered category. |
Search Engines & Portals |
||
|
source |
zone |
guid |
Unique ID of the traffic source zone. |
d0038912-0d8a-4583-a525-e63950b1da47 |
|
name |
Traffic source zone name. |
Trusted |
||
|
country |
Source country name. |
AE (a two-letter country code is displayed) |
||
|
ip |
IPv4 address of the traffic source. |
10.10.10.10 |
||
|
port |
Source port |
Values: 0-65535. |
||
|
destination |
zone |
guid |
Unique ID of the traffic destination zone. |
3c0b1253-f069-4060-903b-5fec4f465db0 |
|
name |
Traffic destination zone name. |
Untrusted |
||
|
country |
Destination country name. |
AE (a two-letter country code is displayed) |
||
|
ip |
IPv4 address of the traffic destination. |
104.19.197.151 |
||
|
port |
Destination port |
Values: 0-65535. Port 53 is normally used for DNS. |
||
|
rule |
guid |
Unique ID of the rule triggered to cause the event. |
59e38e06-533a-4771-9664-031c3e8b2e1f |
|
|
name |
Name of the rule triggered to cause the event. |
Rule1 |
||
|
user |
guid |
Unique ID of the user. If the user type is Unknown then the ID: 00000000-0000-0000-0000-000000000000. |
a7a3cd49-8232-4f1a-962a-3659af89e96f |
|
|
name |
The username. |
user1 |
||
|
groups |
guid |
Unique ID of the group the user is a member of. |
919878b2-e882-49ed-3331-8ec72c3c79cb |
|
|
name |
Name of the group the user is a member of. |
Default Group |
||