Secure Web Gateway Log Messages
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
---|---|---|---|
Secure Web Gateway Log Messages | Base Rule | Gateway Message | Information |
Minimal Risk Gateway Log Messages | Sub Rule | Low Risk Content Identified | Information |
Unverified Gateway Log Messages | Sub Rule | Undefined Security Status | Activity |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
user_id | N/A | N/A | N/A |
username | <login> | Text/String | N/A |
source_ip | <snatip> | IP Address | N/A |
http_action | <command> | Text/String | N/A |
server_to_client_bytes | <bytesout> | Numbers | N/A |
client_to_server_bytes | <bytesin> | Numbers | N/A |
requested_host | <url> | Text/String | N/A |
requested_path | <parentprocesspath> | Text/String | N/A |
result | <result> | Text/String | N/A |
virus | N/A | N/A | N/A |
request_timestamp_epoch | N/A | N/A | N/A |
request_timestamp | N/A | N/A | N/A |
uri_scheme | <protname> | Text/String | N/A |
category | <objecttype> | Text/String | N/A |
media_type | N/A | N/A | N/A |
application_type | N/A | N/A | N/A |
reputation | <severity> | Text/String | N/A |
last_rule | N/A | N/A | N/A |
http_status_code | <responcecode> | Numbers | N/A |
client_ip | <sip> | IP Address | N/A |
location | N/A | N/A | N/A |
block_reason | <reason> | Text/String | N/A |
user_agent_product | N/A | N/A | N/A |
user_agent_version | N/A | N/A | N/A |
user_agent_comment | <useragent> | Text/String | N/A |
process_name | <process> | Text/String | N/A |
destination_ip | <dip> | IP Address | N/A |
destination_port | <dport> | Numbers | N/A |
pop_country_code | N/A | N/A | N/A |
referer | N/A | N/A | N/A |
ssl_scanned | N/A | N/A | N/A |
av_scanned_up | N/A | N/A | N/A |
av_scanned_down | N/A | N/A | N/A |
rbi | N/A | N/A | N/A |
dlp | N/A | N/A | N/A |
client_system_name | <sname> | Text/String | N/A |
filename | N/A | N/A | N/A |
pop_egress_ip | N/A | N/A | N/A |
pop_ingress_ip | N/A | N/A | N/A |
proxy_port | N/A | N/A | N/A |
mw_probability | N/A | N/A | N/A |
discarded_host | N/A | N/A | N/A |
ssl_client_prot | N/A | N/A | N/A |
ssl_server_prot | N/A | N/A | N/A |
domain_fronting_url | N/A | N/A | N/A |