Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Ingestion API Supported | ✓ Yes |
Source: Connector definition
| Column Name | Type | Description |
|---|---|---|
| AppConnectorGroupId | string | The group ID of the App Connector. |
| AppConnectorId | string | The ID of the App Connector. |
| ConnectionFailureReason | string | The error codes for failed connection requests. |
| ConnectionStatus | string | The status of the request to connect to the private resource. Valid values are: Connected, Reset, Terminated, or Unknown. |
| EgressIp | string | The egress IP address is not included in the flow logs and appears as empty. However, it can be found in the ZTA logs using the same transaction ID. |
| EgressPort | string | The egress port number of the network where the request originated. |
| EnforcedBy | string | The Secure Access component or service that enforced the policy or control related to this event (e.g., Firewall, Web Proxy). |
| EventType | string | The type of flow event. |
| FtdEnforcementId | string | The unique identifier of the enforcement action taken by a Firepower Threat Defense (FTD) device integrated with Secure Access. |
| FtdEnforcementName | string | The name or type of enforcement action taken by a FTD device integrated with Secure Access (e.g., Malware Block, URL Category Block). |
| HeadendType | string | The type of the headend. Valid values are: CLAP or BAP. |
| HostName | string | The hostname of the user device. |
| IdentityEmail | string | The email address of the Active Directory user. |
| IdentityLabels | string | The list of labels for the identity. |
| IdentityTypeLabels | string | The label of the identity type. |
| MspOrganizationId | string | The Secure Access organization ID of the parent managed service provider. |
| NtGroupId | string | The tunnel ID associated with this request. |
| OrganizationId | string | The Secure Access organization ID. |
| PrivateResourceGroupId | string | The ID if the rule matched is based on the private application group. |
| PrivateResourceId | string | The ID that Secure Access assigns to the customer-defined private application. |
| RuleId | string | The ID of the access rule. |
| RulesetId | string | The ID of the ruleset. |
| RxBytes | string | The number of bytes received during the session. |
| TimeGenerated | datetime | |
| Timestamp | string | The date and time of the ZTA event, expressed as a UTC-formatted string. |
| TransactionId | string | Universally unique identifier (UUID) of the transaction associated with the event. |
| TxBytes | string | The number of bytes transmitted or sent during the session. |
| ZtaSourcePort | string | The port number used by the Zero Trust proxy service to connect to an unmanaged device requesting a connection to a private resource. |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Cisco Umbrella (via Codeless Connector Framework) | |
| Cisco Cloud Security | |
| Cisco Cloud Security (using elastic premium plan) |
GitHub Only:
In solution CiscoUmbrella:
In solution CiscoUmbrella:
| Workbook | Selection Criteria |
|---|---|
| CiscoUmbrella |
| Parser | Solution | Selection Criteria |
|---|---|---|
| Cisco_Umbrella | CiscoUmbrella |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊