Vendor Documentation
Classification
|
Rule Name |
Rule Type |
Common Event |
Classification |
|---|---|---|---|
|
Secure Web Gateway Log Messages |
Base Rule |
Gateway Message |
Information |
|
Minimal Risk Gateway Log Messages |
Sub Rule |
Low Risk Content Identified |
Information |
|
Unverified Gateway Log Messages |
Sub Rule |
Undefined Security Status |
Activity |
Mapping with LogRhythm Schema
|
Device Key in Log Message |
LogRhythm Schema |
Data Type |
Schema Description |
|
user_id |
N/A |
N/A |
N/A |
|
username |
<login> |
Text/String |
N/A |
|
source_ip |
<snatip> |
IP Address |
N/A |
|
http_action |
<command> |
Text/String |
N/A |
|
server_to_client_bytes |
<bytesout> |
Numbers |
N/A |
|
client_to_server_bytes |
<bytesin> |
Numbers |
N/A |
|
requested_host |
<url> |
Text/String |
N/A |
|
requested_path |
<parentprocesspath> |
Text/String |
N/A |
|
result |
<result> |
Text/String |
N/A |
|
virus |
N/A |
N/A |
N/A |
|
request_timestamp_epoch |
N/A |
N/A |
N/A |
|
request_timestamp |
N/A |
N/A |
N/A |
|
uri_scheme |
<protname> |
Text/String |
N/A |
|
category |
<objecttype> |
Text/String |
N/A |
|
media_type |
N/A |
N/A |
N/A |
|
application_type |
N/A |
N/A |
N/A |
|
reputation |
<severity> |
Text/String |
N/A |
|
last_rule |
N/A |
N/A |
N/A |
|
http_status_code |
<responcecode> |
Numbers |
N/A |
|
client_ip |
<sip> |
IP Address |
N/A |
|
location |
N/A |
N/A |
N/A |
|
block_reason |
<reason> |
Text/String |
N/A |
|
user_agent_product |
N/A |
N/A |
N/A |
|
user_agent_version |
N/A |
N/A |
N/A |
|
user_agent_comment |
<useragent> |
Text/String |
N/A |
|
process_name |
<process> |
Text/String |
N/A |
|
destination_ip |
<dip> |
IP Address |
N/A |
|
destination_port |
<dport> |
Numbers |
N/A |
|
pop_country_code |
N/A |
N/A |
N/A |
|
referer |
N/A |
N/A |
N/A |
|
ssl_scanned |
N/A |
N/A |
N/A |
|
av_scanned_up |
N/A |
N/A |
N/A |
|
av_scanned_down |
N/A |
N/A |
N/A |
|
rbi |
N/A |
N/A |
N/A |
|
dlp |
N/A |
N/A |
N/A |
|
client_system_name |
<sname> |
Text/String |
N/A |
|
filename |
N/A |
N/A |
N/A |
|
pop_egress_ip |
N/A |
N/A |
N/A |
|
pop_ingress_ip |
N/A |
N/A |
N/A |
|
proxy_port |
N/A |
N/A |
N/A |
|
mw_probability |
N/A |
N/A |
N/A |
|
discarded_host |
N/A |
N/A |
N/A |
|
ssl_client_prot |
N/A |
N/A |
N/A |
|
ssl_server_prot |
N/A |
N/A |
N/A |
|
domain_fronting_url |
N/A |
N/A |
N/A |