Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Ingestion API Supported | ✓ Yes |
Source: Connector definition
| Column Name | Type | Description |
|---|---|---|
| Action | string | The action performed when criteria meets a rule, for example: block, warn, and would_block. |
| ApplicationId | string | The ID of the destination application. |
| AttackClassification | string | The category of attack detected by a rule that is part of a more general type of attack class. Valid values are: trojan-activity, attempted-user, and unknown. |
| AwsRegion | string | The AWS region where Secure Access stores your logs. |
| CasiCategoryIds | string | The name of the Application category to which the App ID belongs. |
| Cves | string | A list of information about security vulnerabilities and exposures. |
| DataCenter | string | The name of the data center that processed the user-generated traffic. |
| DestinationIp | string | The IP address of the destination. |
| DestinationPort | string | The destination port number of the request. |
| Direction | string | The direction of the packet that matches the signature. Valid values are: S2C, C2S, and UNKNOWN. |
| Egress | string | TRUE indicates that the egress IP was a reserved IP. |
| EgressIp | string | The public IP address assigned to a session as it exits the Secure Access ZTA infrastructure en route to the destination application. |
| EnforcedBy | string | The Secure Access component or service that enforced the policy or control related to this event (e.g., Firewall, Web Proxy). |
| EventCorrelationId | string | A unique identifier generated for each network request, the Event Correlation ID stitches together all related events across various security services (Firewall, SWG, ZTNA) to provide a unified, end-to-end view of a single traffic flow. |
| FirewallRuleId | string | The ID of the rule that matches the firewall session. |
| FtdEnforcementId | string | The unique identifier of the enforcement action taken by a Firepower Threat Defense (FTD) device integrated with Secure Access. |
| FtdEnforcementName | string | The name or type of enforcement action taken by a FTD device integrated with Secure Access (e.g., Malware Block, URL Category Block). |
| GeneratorId | string | Unique ID assigned to the part of the IPS that generated the event. |
| Identities | string | All tunnel identities that are associated with this request. |
| IdentityTypes | string | The type of identity that is associated with this request. |
| IpProtocol | string | The actual protocol of the traffic, such as TCP, UDP, ICMP. |
| IpsConfigType | string | The type of the IPS configuration. Valid values are: CONFIG, PROFILE, and UNKNOWN. |
| OperationMode | string | The mode of operation of the IPS, either detection or prevention. Valid values are: IDS, IPS, and UNKNOWN. |
| OrganizationId | string | The Secure Access organization ID. |
| PolicyResourceId | string | The ID of the IPS policy resource. An example of a policy resource is: signature list. |
| SessionId | string | The unique identifier of a session, which is used to group the correlated events between various services. |
| Severity | string | The severity level of the rule. Valid values are: High, Medium, Low, and Very Low. |
| SignatureId | string | Used to uniquely identify signatures. |
| SignatureListId | string | Unique ID assigned to a Default or Custom Signature List. |
| SignatureMessage | string | A brief description of the signature. |
| SourceIp | string | The IP of the computer making the request. |
| SourcePort | string | The port number of the request. |
| TimeGenerated | datetime | |
| Timestamp | string | The date and time of the IPS detection event, expressed as a UTC-formatted string. |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Cisco Umbrella (via Codeless Connector Framework) | |
| Cisco Cloud Security | |
| Cisco Cloud Security (using elastic premium plan) |
GitHub Only:
In solution CiscoUmbrella:
In solution CiscoUmbrella:
| Workbook | Selection Criteria |
|---|---|
| CiscoUmbrella |
| Parser | Solution | Selection Criteria |
|---|---|---|
| Cisco_Umbrella | CiscoUmbrella |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊