SOAP API LogQueryService, Complex Types

LogDataModel

LogDataModel

Yes

The data for a single log message and all associated metadata for that log.

Bytes

base64Binary

Yes

The byte length of the IP object value.

Value

string

Yes

The IP address value.

IsBroadcast

boolean

No

If true, this is a broadcast address.

IsIPv4

boolean

No

If true, this is an IPv4 address.

IsIPv6

boolean

No

If true, this is an IPv6 address.

IsLinkLocal

boolean

No

If true, this is a link local address.

IsLoopback

boolean

No

If true, this is a loopback address.

IsNetwork

boolean

No

If true, this is a network address.

IsPrivate

boolean

No

If true, this is private address.

IsPublicIPv4

boolean

No

If true, this is a public IPv4 address.

IsResolvable

boolean

No

If true, the address is resolvable.

CityName

string

Yes

The city name of the GeoIP location resolved for this address.

CountryName

string

Yes

The country name of the GeoIP location resolved for this address.

FullName

string

Yes

The full name of the GeoIP location resolved for this address.

FullNameRegion

string

Yes

The region full name of the GeoIP location resolved for this address.

HasCity

boolean

No

If true, the GeoIP location was able to resolve a city node.

HasCountry

boolean

No

If true, the GeoIP location was able to resolve a country node.

HasLatLong

boolean

No

If true, the GeoIP location was able to resolve a latitude and longitude.

HasParentLocation

boolean

No

If true, the GeoIP location has a parent location.

HasRegion

boolean

No

If true, the GeoIP location was able to resolve a region node.

IsValid

boolean

No

If true, the GeoIP location has been validated.

Latitude

double

No

The latitude of the GeoIP location resolved for this address.

LocationID

int

No

The unique ID of the location object.

LocationKey

string

Yes

The location abbreviation used on some displays.

Longitude

double

No

The longitude of the GeoIP location resolved for this address.

ParentLocationID

int

No

The unique ID of the parent location object.

RegionName

string

Yes

The region name of the GeoIP location resolved for this address.

Type

LocationTypeEnum

No

The location type of the GeoIP location resolved for this address.

Account

string

Yes

User account referenced or impacted by log activity.

Amount

double

Yes

Amount of an item.

Bytes

double

Yes

Amount of data sent and received from a device, system, or process.

BytesIn

double

Yes

Number of bytes received or input from a device, system, or process.

BytesOut

double

Yes

Number of bytes sent from a device, system, or process.

ClassificationID

int

Yes

The unique ID of one of three major activity groups–Operations, Audit, or Security–and a more specific sub-classification.

Command

string

Yes

The command that was executed.

CommonEventId

int

Yes

The unique ID of the common event which determines its Classification.

CommonEventName

string

Yes

A short, plain-language description of the log that determines its Classification.

Count

int

Yes

The number of times the log entry occurred when aggregated with other identical log entries.

Direction

DirectionEnum

No

The enumeration of the Direction of activity between a log's Origin and Impacted Zones.

DirectionName

string

Yes

Direction by name of activity between a log's Origin and Impacted Zones. Values can be Internal, External, Outbound, Local, or Unknown.

Domain

string

Yes

Windows of DNS referenced or impacted by log activity.

Duration

double

Yes

Running time of a session, job, activity, etc.

EntityId

int

Yes

The unique ID of the entity.

EntityName

string

Yes

The name of the entity.

Group

string

Yes

User group or role referenced or impacted by log activity.

ImpactedEntityId

int

Yes

The unique ID of the Impacted Entity.

ImpactedEntityName

string

Yes

The resolved Entity of the impacted host.

ImpactedHostId

int

Yes

The unique ID of the Host such as a DNS name or NetBIOS impacted by the log activity.

ImpactedInterface

string

Yes

The impacted interface number of a device or the physical port number of a switch.

ImpactedIP

string

Yes

The IP address impacted by the log activity.

ImpactedHostName

string

Yes

The name of the Host such as a DNS name or NetBIOS name impacted by the log activity.

ImpactedLocation

LocationInfoDataModel

Yes

Country, region, and/or city impacted by the logged activity as derived from the GeoIP resolution.

ImpactedLocationID

int

Yes

The unique ID of the Impacted Location object.

ImpactedMAC

string

Yes

The host/device impacted MAC address.

ImpactedName

string

Yes

The device name impacted.

ImpactedNATIP

string

Yes

The IP address the Impacted IP was translated to/from via NAT device logs.

ImpactedNATPort

int

Yes

The TCP/UDP address the Impacted IP was translated to/from via NAT device logs.

ImpactedNetwork

NetworkDataModel

Yes

Known Network that was impacted by the log activity.

ImpactedNetworkId

int

Yes

The unique ID for the Known Network that was impacted by the log activity.

ImpactedPort

int

Yes

The destination/client TCP/UDP port number.

ImpactedZone

HostZoneEnum

No

The enumeration value of the resolved Zone that was impacted by the activity - Internal, External, or DMZ.

ImpactedZoneName

string

Yes

The name of this specific zone.

ItemsPacketsIn

double

Yes

Items such as packets received or input from a device, system, or process.

ItemsPacketsOut

double

Yes

Items such as packets sent or output from a device, system, or process.

LogDate/NormalDate

dateTime

Yes

Timestamp when the log was generated or received, corrected to UTC.

LogMessage

string

Yes

The log message generated due to the activity detected by the source.

Login

string

Yes

User associated with the log activity.

LogSourceHost

string

Yes

The system or device where the Log Source originates.

LogSourceHostId

int

Yes

The unique ID of the log source host object.

LogSourceHostName

string

Yes

The name of the log source host.

LogSourceId

int

Yes

The unique ID of the log source.

LogSourceName

string

Yes

A unique log originator on a specific Host.

LogSourceType

int

Yes

Type of facility or source where the log originated.

LogSourceTypeName

string

Yes

Type of facility or source where the log originated.

MessageID

long

Yes

The unique ID for this log Message.

MessageType

MessageTypeEnum

No

The Message Type that could be: Message, Log, Known Log, Event, Alarm.

MPERuleId

int

Yes

The unique ID of the associated MPE Rule object.

MPERuleName

string

Yes

Message Processing Engine (MPE) Rule. It identifies and normalizes a log messages and assigns it a Common Event.

NormalDateMax

dateTime

Yes

If message is aggregated the max creation date contained in the group of logs. It can be in UTC or user-selected time zone.

Object

string

Yes

Resource such as a file, file path, or registry key that is referenced or impacted by log activity.

ObjectName

string

Yes

Name of the resource such as a file, file path, or registry key that is referenced or impacted by log activity.

OriginEntityId

int

Yes

The unique ID of the Origin Entity.

OriginEntityName

string

Yes

The resolved Entity of the origin host.

OriginHostID

int

Yes

The unique ID of the Origin Host object.

OriginInterface

string

Yes

The origin interface number of a device or the physical port number of a switch.

OriginIP

string

Yes

The IP address that was the origin of the log activity.

OriginHostName

string

Yes

The name of the Host such as a DNS name or NetBIOS name that was the origin of the log activity.

OriginLocation

LocationInfoDataModel

Yes

Country, region, and/or city where the logged activity originated as derived from the GeoIP resolution.

OriginLocationID

int

Yes

The unique ID of the Origin Location object.

OriginLogin

string

Yes

User associated with the log activity.

OriginMAC

string

Yes

The host/device origin MAC address.

OriginName

string

Yes

The orgin of the transaction captured by the log.

OriginNATIP

string

Yes

The IP address the Origin IP was translated to/from via NAT device logs.

OriginNATPort

int

Yes

The TCP/UDP address the Origin IP was translated to/from via NAT device logs.

OriginNetwork

NetworkDataModel

Yes

Known Network that was the origin of the log activity.

OriginNetworkId

int

Yes

The unique ID of the Origin Network object.

OriginPort

int

Yes

The source/client TCP/UDP port number.

OriginZone

HostZoneEnum

No

The enumeration value of the resolved Zone that was the origin of the activity - Internal, External, or DMZ.

OriginZoneName

string

Yes

The name given to this specific zone.

Priority

int

Yes

Calculated Risk Based Priority (RBP) of the log entry.

Process

string

Yes

Name or value that identifies a process.

ProcessID

int

Yes

The unique ID of the process object.

ProtocolId

int

Yes

The unique ID of the Protocol object.

ProtocolName

string

Yes

Network protocol applicable to the log message.

Quantity

double

Yes

The item quantity.

Rate

double

Yes

Rate of an item.

Recipient

string

Yes

Email address or VOIP caller number. For non-email logs, it might represent who received some form of information.

Sender

string

Yes

Email originator or VOIP caller number. For non-email logs, it might represent who sent some form of information.

SequenceNumber

int

Yes

The collection sequence of events obtained to generate an alarm.

ServiceId

int

Yes

The unique ID of the Service object.

ServiceName

string

Yes

The name of a service which transferred the recorded traffic.

Session

string

Yes

User, system, or application session.

Severity

string

Yes

Value indicating severity of the log.

Size

double

Yes

Item Size.

Subject

string

Yes

Email subject line. For other logs, it might represent the subject of some form of communicated information.

URL

string

Yes

URL referenced or impacted by log activity.

VendorMsgID

string

Yes

Unique, vendor-assigned value that IDs the log message.

Version

string

Yes

Value representing the version (i.e., OS version, patch version, doc version, etc.).

ClassificationName

string

Yes

The name of one of three major activity groups–Operations, Audit, or Security–and a more specific sub-classification.

ClassificationTypeName

string

Yes

One of three major activity groups: Operations, Audit, or Security.

StartRangeValue

dateTime

Yes

Starting value of the date range.

EndRangeValue

dateTime

Yes

Ending value of the date range.

FilterType

LogQueryFilterTypeEnum

Yes

The enumeration value of the filter type.

FilterMode

LogQueryFilterModeEnum

Yes

The enumeration value of the filter mode.

FilterOperator

LogQueryFilterOperatorEnum

Yes

The enumeration value name of the filter operator.

FilterValues

LogQueryFilterValueDataModel

Yes

The filter value object.

IncludeNullValues

boolean

Yes

If true, the query will include joins where one side is null.

ValueType

LogQueryFilterValueTypeEnum

Yes

The enumeration value type.

Value

ArrayOflong

Yes

The big integer value.

ValueType

LogQueryFilterValueTypeEnum

Yes

The enumeration value type.

Value

base64Binary

Yes

The byte value.

ValueType

LogQueryFilterValueTypeEnum

Yes

The enumeration value type.

ValueType

LogQueryFilterValueTypeEnum

Yes

The enumeration value type.

Value

ArrayOfLogQueryDateRangeValue

Yes

The date range value.

ValueType

LogQueryFilterValueTypeEnum

Yes

The enumeration value type.

Value

ArrayOfint

Yes

The integer value.

ValueType

LogQueryFilterValueTypeEnum

Yes

The enumeration value type.

Value

ArrayOfstring

Yes

The IP address value.

ValueType

LogQueryFilterValueTypeEnum

Yes

The enumeration value type.

Value

ArrayOfLogQueryIPRangeValue

Yes

The IP address range value.

ValueType

LogQueryFilterValueTypeEnum

Yes

The enumeration value type.

Value

ArrayOfLogQueryPortRangeValue

Yes

The port range value.

ValueType

LogQueryFilterValueTypeEnum

Yes

The enumeration value type.

Value

ArrayOfLogQueryQuantityValue

Yes

The quantity value.

ValueType

LogQueryFilterValueTypeEnum

Yes

The enumeration value type.

Value

ArrayOfstring

Yes

The string value.

ValueType

LogQueryFilterValueTypeEnum

Yes

The enumeration value type.

Value

ArrayOfduration

Yes

The timespan value.

StartRangeValue

string

Yes

The start IP address of the range.

EndRangeValue

string

Yes

The end IP address of the range.

includeRawLogs

boolean

No

If true, include raw logs.

logSourceIDs

ArrayOfint

Yes

A list of unique IDs of the log sources.

logSourceListIDs

ArrayOfint

Yes

A list of unique IDs of the log source list.

MaxItems

int

No

The max items to be returned by the query.

PrimaryFilter

ArrayOfLogQueryFilterDataModel

Yes

A list of query filters grouped together as the primary filter.

QueryEventManager

boolean

No

The query event manager flag.

QueryLogManagers

boolean

No

The query log manager flag.

PageSize

int

No

The page size.

LogManagers

ArrayOfint

Yes

A list of the log managers.

StartRangeValue

int

No

The start port range value.

EndRangeValue

int

No

The end port range value.

CanEqual

boolean

No

Flag to indicate if the valid values equal the start and beginning values of the range.

Value1

double

No

First value in the quantity model.

Value2

double

Yes

Second value in the quantity model.

Operation

LogQueryQuantityOperatorEnum

No

Operation taken to quantify the model.

FaultID

guid

No

Details

string

Yes

FaultTime

dateTime

No

ErrorID

int

No

BeginIPRange

IPAddressDataModel

Yes

The beginning value of the IP range of the network.

DestinationRiskLevel

unsignedByte

No

The destination risk level assigned to this network.

DestinationRiskLevelName

string

Yes

The destination risk level name assigned to this network.

DisplayValue

string

Yes

The display value.

EndIPRange

IPAddressDataModel

Yes

The ending value of the IP address range for the network.

EntityId

int

Yes

The unique ID for the entity object.

HasLocationID

boolean

No

If true, the network has a location association.

HasLocationKey

boolean

No

If true, the network has a location key association.

HostZone

HostZoneEnum

No

The host zone object associated to the network.

HostZoneName

string

Yes

The host zone name associated to the network.

LocationID

int

Yes

The unique ID for location object.

LocationKey

string

Yes

The location key for the network.

NetworkId

int

Yes

The unique ID for the network object.

SourceThreatLevel

int

Yes

The source threat level assigned to the network.

WatchLevel

WatchItemDataModel

Yes

The watch level assigned to the network.

WatchLevelName

string

Yes

The watch level name assigned to the network.

Comments

string

Yes

The comments set on a watch item.

HostID

int

No

The unique ID of the requested host for this watch item.

Login

string

Yes

The login of the request account for this watch item.

NetworkId

int

No

The unique ID for the network for this watch item.

PersonID

int

No

The unique ID for the person for this watch item.

WatchItemType

WatchItemTypeEnum

No

The enumeration of the type of watch item.

WatchLevel

WatchLevelEnum

No

The enumeration of the watch level requested.

WatchLevelName

string

Yes

The name of the watch level requested.