Skip to main content
Skip table of contents

V 2.0 : Application Control URL Filtering Events

Vendor Documentation

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192

Classification

Rule NameRule TypeCommon EventClassification
V 2.0 : Application Control URL Filtering EventsBase RuleGeneral Application Control MessageInformation
V 2.0 : Application Control : Traffic AcceptedSub RuleTraffic Allowed by Network FirewallNetwork Allow
V 2.0 : Application Control : Traffic AllowedSub RuleTraffic Allowed by Network FirewallNetwork Allow
V 2.0 : Application Control : Traffic BlockedSub RuleTraffic Denied by Network FirewallNetwork Deny
V 2.0 : Application Control : Traffic EncryptedSub RuleEncrypt PacketNetwork Traffic
V 2.0 : Application Control : Traffic DecryptedSub RuleDecrypted PacketNetwork Traffic

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
virtuallogsourceN/AN/AN/A
subproductN/AN/ASub Product
Product<vmid>Text/StringProduct name
OriginipN/AN/AIP of the log origin 
originN/AN/AName of the first Security Gateway that reported this event
Action<action>
<tag1>		Text/StringN/A
SIP<sip>IP AddressSource IP
SPort<sport>NumberSource host port number
DIP<dip>IP AddressDestination IP
dport<dport>NumberDestination host port number
protocol<protnum>NumberProtocol detected on the connection
ifname<sinterface>Text/StringThe name of the Security Gateway interface, through which a connection traverses
ifdirectionN/AN/AConnection direction
reason<reason>Text/StringDescription of log's reason
RuleN/AN/AN/A
Info<vendorinfo>Text/StringN/A
XlateSIP<snatip>IP AddressSource ipv4 after applying NAT
XlateSport<snatport>NumberSource host port number after applying NAT
XlateDIP<dnatip>IP AddressDestination ipv4 after applying NAT
XlateDPort<dnatport>NumberDestination host port number after applying NAT
user<login>Text/StringSource user name
alertN/AN/AN/A
icmp-codeN/AN/AN/A
icmp-typeN/AN/AN/A
matched_categoryN/AN/AN/A
rule_nameN/AN/AN/A
UrlN/AN/AMatched URL 
timeN/AN/AThe time stamp when the log was created.
OriginZoneN/AN/AN/A
ImpactedZoneN/AN/AN/A
Service<protname>Text/StringN/A
duration<duration>NumberN/A
conn_directionN/AN/AN/A
flagsN/AN/AN/A
logidN/AN/AN/A
loguidN/AN/AUUID  of unified logs 
originsicnameN/AN/AN/A
sequencenumN/AN/ANumber added to order logs with the same Linux timestamp and origin
version<version>NumberN/A
__policy_id_tag<policy>Text/StringN/A
aggregated_log_countN/AN/AN/A
browse_timeN/AN/AN/A
bytesN/AN/AN/A
client_inbound_bytes<bytesin>NumberN/A
client_inbound_packets<packetsin>NumberN/A
client_outbound_bytes<bytesout>NumberN/A
client_outbound_packets<packetsout>NumberN/A
connection_count<quantity>NumberN/A
creation_timeN/AN/AN/A
hll_keyN/AN/AN/A
last_hit_timeN/AN/AN/A
lastupdatetimeN/AN/AN/A
app_categoryN/AN/AN/A
app_descN/AN/AApplication description
app_idN/AN/AApplication ID
app_properties<subject>Text/StringApplication categories
app_risk<severity>NumberApplication risk
Possible values:
0 - Unknown
1 - Very Low
2 - Low
3 - Medium
4 - High
5 - Critical
app_sig_idN/AN/AN/A
appi_name<process>Text/StringApplication name
layer_nameN/AN/AN/A
layer_uuidN/AN/AN/A
match_idN/AN/AN/A
parent_ruleN/AN/AN/A
rule_actionN/AN/AN/A
rule_uidN/AN/AN/A
packetsN/AN/AN/A
server_inbound_bytesN/AN/AN/A
server_inbound_packetsN/AN/AN/A
server_outbound_bytesN/AN/AN/A
server_outbound_packetsN/AN/AN/A
sig_idN/AN/AN/A
update_countN/AN/AN/A
resource<url>Text/String/NumberResource from the HTTP request
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close