Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Ingestion API Supported | ✓ Yes |
Source: Connector definition
| Column Name | Type | Description |
|---|---|---|
| AdJoinedId | string | ID of the device if it is joined to an Active Directory domain. |
| AntiMalwareAgents | dynamic | The clients' anti malware agents. |
| AppConnectorGroupId | string | The group ID of the App Connector. |
| ApplicationPort | string | The port of the destination application. |
| ApplicationProtocol | string | The type of protocol used for transactions. |
| BlockReason | string | The reason for the transaction being blocked. |
| ClientBrowser | string | The name of the browser on the user device. |
| ClientFirewall | string | The client system firewall. Valid values are SYS or NONE. |
| ClientGeoLocation | string | The regional location of the user device. |
| ClientIp | string | The IP address of the user device. |
| ClientOs | string | The operating system of the user device. |
| DetectedTrustedNetworks | string | A list of trusted networks that were detected by the client during the event. |
| DiskEncryption | string | The client Disk Encryption Type. Valid values are: SYS, NONE or THIRD PARTY. |
| DuoDeviceId | string | The ID of the Duo App on the device. |
| DuoDeviceIdString | string | The ID label of the Duo App on the device. |
| EgressIp | string | The public IP address assigned to a session as it exits the Secure Access ZTA infrastructure en route to the destination application. |
| EnforcedBy | string | The Secure Access component or service that enforced the policy or control related to this event (e.g., Firewall, Web Proxy). |
| FtdEnforcementId | string | The unique identifier of the enforcement action taken by a Firepower Threat Defense (FTD) device integrated with Secure Access. |
| FtdEnforcementName | string | The name or type of enforcement action taken by a Cisco Secure Firewall Threat Defense device that is integrated with Secure Access, for example, Malware Block and URL Category Block. |
| HeadendType | string | The type of the headend. Valid values are: CLAP or BAP. |
| HostName | string | The hostname of the user device. |
| IdentityEmail | string | The email address of the Active Directory user. |
| IdentityLabels | string | The list of labels for the identity. |
| IdentityTypeLabels | string | The label of the identity type. |
| MdmDeviceId | string | The unique identifier assigned to the device by the integrated MDM platform, enabling Secure Access to track and manage the device's access privileges. |
| MdmIsCompliant | string | Indicates whether the device meets the compliance policies defined within the integrated MDM platform: TRUE or FALSE. |
| MdmIsManaged | string | Indicates whether the device is currently under active management by the integrated MDM platform: TRUE or FALSE. |
| MdmLastUpdated | string | The date and time that Secure Access last received updated device information from the integrated MDM platform. |
| MdmSource | string | The specific Mobile Device Manager (MDM) platform integrated with Secure Access providing device management and compliance information. |
| OrganizationId | string | The Secure Access organization ID. |
| PossibleMatchPosture | dynamic | For a block event, the posture that could have allowed the transaction if not for the block reason. |
| PossibleMatchRuleId | dynamic | For a block event, the ID of the rule within the ruleset that could have allowed the transaction if not for the block reason. |
| PossibleMatchRulesetId | dynamic | For a block event, the ID of the ruleset that could have allowed the transaction if not for the block reason. |
| PostureId | string | ID of the matching posture profile. |
| PrivateAppGroupId | string | The ID of the private application group. |
| PrivateAppId | string | The ID of the private application. |
| PrivateResourceGroupId | string | The ID if the rule matched is based on the private application group. |
| PrivateResourceId | string | The ID that Secure Access assigns to the customer-defined private application. |
| RequestedIdFqdn | string | The IP or FQDN of the requested application. |
| ResolvedIp | string | The IP of the application returned by the proxy. |
| RuleId | string | The ID of the access rule. |
| RulesetId | string | The ID of the ruleset. |
| SecureClientVersion | string | The version of the Cisco Secure Client on the endpoint device accessing a private resource. |
| SourceProcessHash | dynamic | The hash of the source process that initiated the transaction from the client side. |
| SourceProcessId | dynamic | The ID of the source process that initiated the transaction from the client side.. |
| SourceProcessName | dynamic | The name of the source process that initiated the transaction from the client side (e.g., chrome.exe). |
| SourceProcessUserName | dynamic | The user name associated with the source process that initiated the transaction from the client side. |
| StepUpAuthResult | string | The result of the authentication. Valid values are: SUCCESS or FAILURE. |
| StepUpAuthTokenLife | string | The time in seconds between when you generated the token and used the token. |
| StepUpAuthType | string | The type of authentication. Valid values are: SAML_SSO, MFA, or NONE. |
| SystemPassword | string | Whether the system password is enabled with its timeout in seconds. |
| TimeGenerated | datetime | |
| Timestamp | string | The date and time of the ZTA event, expressed as a UTC-formatted string. |
| TransactionId | string | A unique identifier generated by the Secure Client for each network request. |
| TrustedNetwork | string | The trusted network that was applied during policy enforcement. |
| TunnelType | string | The type of tunnel used to connect to the ZTA proxy. |
| Verdict | string | Whether the user has access to a resource. |
| ZtaProfileId | string | The unique identifier of the applicable ZTA profile associated with the event. |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Cisco Umbrella (via Codeless Connector Framework) | |
| Cisco Cloud Security | |
| Cisco Cloud Security (using elastic premium plan) |
GitHub Only:
In solution CiscoUmbrella:
In solution CiscoUmbrella:
| Workbook | Selection Criteria |
|---|---|
| CiscoUmbrella |
| Parser | Solution | Selection Criteria |
|---|---|---|
| Cisco_Umbrella | CiscoUmbrella |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊