Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Ingestion API Supported | ✓ Yes |
Source: Connector definition
| Column Name | Type | Description |
|---|---|---|
| Action | string | Whether the request was allowed or blocked. |
| AiModelName | string | Indicates the name of the AI model involved in the transaction or event. |
| AiSupplyChainCategories | string | The list of AI supply chain categories associated with the event. |
| AmpDisposition | string | The status of the files proxied and scanned by Cisco Advanced Malware Protection (AMP) as part of the File Inspection feature; can be Clean, Malicious or Unknown. |
| AmpMalwareName | string | If Malicious, the name of the malware according to AMP. |
| AmpScore | string | The score of the malware from AMP. This field returns blank ("") unless the verdict is Unknown, in which the value will be 0. |
| ApplicationEntityCategory | string | It represents the classification grouping of application entities based on shared characteristics or functions. |
| ApplicationEntityName | string | It refers to the specific name of an application entity within a system. |
| ApplicationIds | string | The ID of the destination application. |
| AvDetections | string | The detection name according to the antivirus engine used in file inspection. |
| BlockedCategories | string | The category that resulted in the destination being blocked. |
| Categories | string | The security categories for this request, such as Malware. |
| CertificateErrors | string | Any certificate or protocol errors in the request. |
| ContentType | string | The type of web content, typically text/html. |
| DataCenter | string | The name of the data center that processed the user-generated traffic. |
| DestinationIp | string | The destination IP address of the request. |
| DestinationListIds | string | The ID number assigned to a destination list. |
| DetectedResponseFileType | string | The file type that resulted in a blocked response. Examples: exe, avi. |
| DlpStatus | string | If the request was Blocked for DLP. |
| Egress | string | TRUE indicates that the egress IP was a reserved IP. |
| EgressIp | string | The public IP address assigned to a session as it exits the Secure Access ZTA infrastructure en route to the destination application. |
| EventCorrelationId | string | A unique identifier generated for each network request, the Event Correlation ID stitches together all related events across various security services (Firewall, SWG, ZTNA) to provide a unified, end-to-end view of a single traffic flow. |
| ExternalClientIp | string | The egress IP address of the network where the request originated. |
| FileAction | string | The action taken on a file in a remote browser isolation session. |
| FileName | string | The name of the file. |
| ForwardingMethod | string | The method used to forward the proxy events. Example: Secure Web Appliance. |
| GeoLocationOfBlockedDestinationCountries | string | The ISO-3166 IDs of one or more countries where destination IPs blocked by policy are located. |
| HostName | string | The hostname of the user device. |
| Identities | string | All identities associated with this request. |
| IdentityTypes | string | The type of identities that were associated with the request. Examples: Roaming Computer, Network. |
| InternalClientIp | string | The internal IP address of the computer making the request. |
| IsolateAction | string | The remote browser isolation state associated with the request. |
| MspOrganizationId | string | The Secure Access parent organization ID. |
| OrganizationId | string | The Secure Access organization ID. |
| PolicyIdentityLabel | string | The identity that made the request. |
| PolicyIdentityType | string | The first identity type that made the request. Examples: Roaming Computer, Network. |
| Producer | string | The producer of the proxy events. |
| Puas | string | A list of all potentially unwanted application (PUA) results for the proxied file as returned by the antivirus scanner. |
| Referer | string | The referring domain or URL. |
| RequestMethod | string | The HTTP request method. Examples: GET, POST, HEAD, PUT, DELETE. |
| RequestSize | string | Request size in bytes. |
| ResponseBodySize | string | Response body size in bytes. |
| ResponseSize | string | Response size in bytes. |
| RuleId | string | The ID number assigned to the rule. |
| RulesetId | string | The ID number assigned to the ruleset. |
| SecurityOverridden | string | TRUE indicates that security filtering was explicitly overridden and not applied during enforcement. |
| ServerName | string | The name of the server according to the TLS protocol server name indication (SNI), if present, or from the server's SAN certificate common name (CN). |
| Sha256Hash | string | The hex digest of the response content. |
| StatusCode | string | The HTTP status code; should always be 200 or 201. |
| TimeBasedRule | string | TRUE indicates that a the rule was applied due to a time condition. |
| TimeGenerated | datetime | |
| Timestamp | string | The date and time of the Web traffic event, expressed as a UTC-formatted string. |
| Url | string | The URL requested. |
| UserAgent | string | The browser agent that made the request. |
| WarnCategories | string | The ID of one or more content categories in lists matched for a Warn action by the rule. |
| WarnStatus | string | The Warn page's state associated with the request. |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Cisco Umbrella (via Codeless Connector Framework) | |
| Cisco Cloud Security | |
| Cisco Cloud Security (using elastic premium plan) |
GitHub Only:
In solution CiscoUmbrella:
In solution CiscoUmbrella:
| Workbook | Selection Criteria |
|---|---|
| CiscoUmbrella |
| Parser | Solution | Selection Criteria |
|---|---|---|
| Cisco_Umbrella | CiscoUmbrella |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊