Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Ingestion API Supported | ✓ Yes |
Source: Connector definition
| Column Name | Type | Description |
|---|---|---|
| Action | string | The final verdict whether to allow or block the traffic based on the rule. |
| AppId | string | The unique application ID identified for the current session. |
| AwsRegion | string | The AWS region that stores your VPN logs. |
| BytesReceived | string | The number of bytes received during the session. Populated only for traffic handled by Cisco Secure Firewall. |
| BytesSent | string | The number of bytes sent during the session. Populated only for traffic handled by Cisco Secure Firewall. |
| CasiCategoryIds | dynamic | Name of the Application category to which the App ID belongs. |
| ContentCategoryIds | string | ID of one or more content categories matched by the rule. |
| ContentCategoryListIds | string | ID of one or more content category lists that include categories matched by the rule. |
| DataCenter | string | The name of the data center that processed the user-generated traffic. |
| DestinationCountry | string | The ISO-3166 alpha-2 two-character identifier of the country associated with the destination IP. |
| DestinationIp | string | The destination IP address of the user-generated traffic towards the CDFW. |
| DestinationListIds | string | The destination list IDs that Secure Access applied in the rule. |
| DestinationPort | string | The destination port number of the user-generated traffic towards the CDFW. |
| Direction | string | The direction of the packet. It is destined either towards the internet or to the customer's network. |
| Egress | string | TRUE indicates that the egress IP was a reserved IP. |
| EgressIp | string | The public IP address assigned to a session as it exits the Secure Access ZTA infrastructure en route to the destination application. |
| EventCorrelationId | string | A unique identifier generated for each network request, the Event Correlation ID stitches together all related events across various security services (Firewall, SWG, ZTNA) to provide a unified, end-to-end view of a single traffic flow. |
| FirstPacketTimestamp | string | The timestamp when the first packet of the session was received in UTC in seconds. Populated only for traffic handled by Cisco Secure Firewall. |
| Fqdns | string | The fully qualified domain names (FQDNs) that match the request. |
| FwEventId | string | The ID of the firewall event. Populated only for traffic handled by Cisco Secure Firewall. |
| Identities | string | The names of the network tunnel. |
| IdentityType | string | The type of identity that made the request. Should always be CDFW Tunnel Device. |
| LastPacketTimestamp | string | The timestamp when the last packet of the session was received in UTC in seconds. Populated only for traffic handled by Cisco Secure Firewall. |
| OrganizationId | string | The Secure Access organization ID. |
| OriginIds | dynamic | The unique identity of the network tunnel. |
| PacketSize | string | The size in bytes of the packet sent to the CDFW. |
| PacketsReceived | string | The number of packets received during the session. Populated only for traffic handled by Cisco Secure Firewall. |
| PacketsSent | string | The number of packets sent during the session. Populated only for traffic handled by Cisco Secure Firewall. |
| PostureId | string | The unique ID of the endpoint posture profile. |
| PrivateAppGroupId | string | The unique ID of the private resource group ID that the private resource belongs to. |
| PrivateFlow | string | TRUE if Secure Access applied a private access rule to the user-generated traffic, and FALSE if Secure Access applied an internet access rule. |
| Protocol | string | The actual protocol of the traffic. Valid values are: TCP, UDP, or ICMP. |
| RuleId | string | The ID of the rule that processed the user traffic. |
| SourceIp | string | The internal IP address of the user-generated traffic towards the CDFW. If the traffic goes through NAT before it comes to CDFW, it will be the NAT IP address. |
| SourcePort | string | The internal port number of the user-generated traffic towards the CDFW. |
| TimeGenerated | datetime | |
| Timestamp | string | The date and time of the cloud-delivered firewall traffic event, expressed as a UTC-formatted string. |
| TrafficSource | string | The source of the user-generated traffic. Valid values are 0 - Unknown, 1 - VPN,2 – ZTNA, 3 - Network Tunnel. |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Cisco Umbrella (via Codeless Connector Framework) | |
| Cisco Cloud Security | |
| Cisco Cloud Security (using elastic premium plan) |
GitHub Only:
In solution CiscoUmbrella:
In solution CiscoUmbrella:
| Workbook | Selection Criteria |
|---|---|
| CiscoUmbrella |
| Parser | Solution | Selection Criteria |
|---|---|---|
| Cisco_Umbrella | CiscoUmbrella |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊