Skip to main content
Skip table of contents

V 2.0 : DLP Logs

Vendor Documentation


Rule NameRule TypeCommon EventClassification
V 2.0 : DLP LogsBase RuleGeneral DLP MessageInformation
V 2.0 : DLP Logs BlockSub RuleTraffic Denied by Network FirewallNetwork Deny
V 2.0 : DLP Logs MonitorSub RuleService MonitoringInformation

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

TimestampN/AN/AThe timestamp of the request transaction in UTC.
Event TypeN/AN/AThe type of event that matched a data identifier. Inline, a proxy request, is the only current event type.
Unique Event IDN/AN/AThe unique identifier for the event. There can be multiple violation matches in one event.
Severity<severity>Text/StringThe severity of the rule (Low, Medium, High, or Critical)
IdentityN/AN/AThe source that triggered the violation.


N/AThe owner of the file.
Name<object>Text/StringThe name of the file.
Application<process>Text/StringThe application of the request.
Destination<domainorigin>Text/StringThe domain of the request.
Text/StringIf the violation was Blocked or Monitored.
Rule<policy>Text/StringThe DLP rule name.
Data ClassificationN/AN/AThe data classification whose data identifier matched on the violation.
Data IdentifierN/AN/AThe data identifier that matched on the request.
Content TypeN/AN/AThe mime type of the file that matches the data identifier.
File Size<size>NumberThe size of the file.
SHA256 Hash<hash>Text/StringThe hex digest of the response content.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.