Skip to main content
Skip table of contents

Secure Web Gateway Log Messages

Vendor Documentation

https://docs.cyderes.cloud/parser-knowledge-base/skyhigh_casb/

https://success.skyhighsecurity.com/Skyhigh_Secure_Web_Gateway_%28Cloud%29/Using_the_Forensics_API_for_Reporting/Reporting_Example

Classification

Rule Name

Rule Type

Common Event

Classification

Secure Web Gateway Log Messages

Base Rule

Gateway Message

Information

Minimal Risk Gateway Log Messages

Sub Rule

Low Risk Content Identified

Information

Unverified Gateway Log Messages

Sub Rule

Undefined Security Status

Activity

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

user_id

N/A

N/A

N/A

username

<login>

Text/String

N/A

source_ip

<snatip>

IP Address

N/A

http_action

<command>

Text/String

N/A

server_to_client_bytes

<bytesout>

Numbers

N/A

client_to_server_bytes

<bytesin>

Numbers

N/A

requested_host

<url>

Text/String

N/A

requested_path

<parentprocesspath>

Text/String

N/A

result

<result>

Text/String

N/A

virus

N/A

N/A

N/A

request_timestamp_epoch

N/A

N/A

N/A

request_timestamp

N/A

N/A

N/A

uri_scheme

<protname>

Text/String

N/A

category

<objecttype>

Text/String

N/A

media_type

N/A

N/A

N/A

application_type

N/A

N/A

N/A

reputation

<severity>

Text/String

N/A

last_rule

N/A

N/A

N/A

http_status_code

<responcecode>

Numbers

N/A

client_ip

<sip>

IP Address

N/A

location

N/A

N/A

N/A

block_reason

<reason>

Text/String

N/A

user_agent_product

N/A

N/A

N/A

user_agent_version

N/A

N/A

N/A

user_agent_comment

<useragent>

Text/String

N/A

process_name

<process>

Text/String

N/A

destination_ip

<dip>

IP Address

N/A

destination_port

<dport>

Numbers

N/A

pop_country_code

N/A

N/A

N/A

referer

N/A

N/A

N/A

ssl_scanned

N/A

N/A

N/A

av_scanned_up

N/A

N/A

N/A

av_scanned_down

N/A

N/A

N/A

rbi

N/A

N/A

N/A

dlp

N/A

N/A

N/A

client_system_name

<sname>

Text/String

N/A

filename

N/A

N/A

N/A

pop_egress_ip

N/A

N/A

N/A

pop_ingress_ip

N/A

N/A

N/A

proxy_port

N/A

N/A

N/A

mw_probability

N/A

N/A

N/A

discarded_host

N/A

N/A

N/A

ssl_client_prot

N/A

N/A

N/A

ssl_server_prot

N/A

N/A

N/A

domain_fronting_url

N/A

N/A

N/A

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close