Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Ingestion API Supported | ✓ Yes |
Source: Connector definition
| Column Name | Type | Description |
|---|---|---|
| ArchiveDepth | string | The level (if any) at which the file was nested in an archive file. |
| ArchiveFileName | string | The name of the archive file involved with the activity. |
| ArchiveSha | string | The SHA-256 checksum hash of the archive file. |
| AwsRegion | string | The AWS region where Secure Access stores your logs. |
| Direction | string | The traffic direction of the file event. Valid values are: UNKNOWN, UPLOAD, DOWNLOAD. |
| Disposition | string | The status of the files proxied and scanned by Cisco Advanced Malware Protection (AMP) as part of the File Inspection feature. Valid values are: CLEAN, MALWARE, UNKNOWN. |
| DlpStatus | string | The verdict of the DLP scanning service. |
| EnforcedBy | string | The Secure Access component or service that enforced the policy or control related to this event (e.g., Firewall, Web Proxy). |
| FileAction | string | The action taken on a file in a remote browser isolation session. |
| FileName | string | The name of the file involved with the activity. |
| FileSize | string | The size of the file in bytes. |
| FileStaticAnalysis | string | The status of the file static sample analysis. |
| FileTypeId | string | The type of file. For example, PDF or MSEXE. |
| FirewallEventId | string | The ID of the firewall event. Populated only for traffic handled by Cisco Secure Firewall. |
| FtdEnforcementId | string | The unique identifier of the enforcement action taken by a Firepower Threat Defense (FTD) device integrated with Secure Access. |
| FtdEnforcementName | string | The name or type of enforcement action taken by a FTD device integrated with Secure Access (e.g., Malware Block, URL Category Block). |
| OrganizationId | string | The Secure Access organization ID. |
| RetentionPolicy | string | The number of days that AWS S3 stores your Secure Access File Events log. |
| Sha256 | string | The SHA-256 checksum hash of the file. |
| ThreatName | string | Name of the threat identified for files with MALWARE disposition. |
| ThreatScore | string | The threat score most recently associated with this file. This is a value from 0 to 100. |
| TimeGenerated | datetime | |
| Timestamp | string | The date and time of the request transaction, expressed as a UTC-formatted string. |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Cisco Umbrella (via Codeless Connector Framework) | |
| Cisco Cloud Security | |
| Cisco Cloud Security (using elastic premium plan) |
GitHub Only:
In solution CiscoUmbrella:
In solution CiscoUmbrella:
| Workbook | Selection Criteria |
|---|---|
| CiscoUmbrella |
| Parser | Solution | Selection Criteria |
|---|---|---|
| Cisco_Umbrella | CiscoUmbrella |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊