SOAP API LogQueryService, Simple Types

Unknown

Host zone is unknown.

Internal

Host is within the internal zone.

DMZ

Host is within the DMZ zone.

External

Host is within the external zone.

NULL

No location value supplied.

Country

Location value is of the Country.

Region

Location value is of the Region.

City

Location value is of the City.

FilterIn

Include results which match criteria.

FilterOut

Exclude results which match criteria.

And

Boolean And

Or

Boolean Or

AndPrevious

Group previous filters and start new group with boolean And relationship to the previous group.

OrPrevious

Group previous filters and start new group with boolean Or relationship to the previous group.

Direction

The movement of traffic within the system.

Priority

Priority of the message source.

NormalMsgDateRange

The normalized date the message was recorded.

NormalMsgDateTimeOfDay

The normalized time of day the message was recorded.

Entity

Entity where messages are originating from.

MsgSource

The message source name.

MsgSourceHost

The host system the message source came from.

MsgSourceType

The type of message source.

Classification

The classification of the message.

CommonEvent

Get messages which the common event assigned to the message.

MPERule

The MPERule used to parse the message.

KnownHost

The host systems sending or receiving the message.

KnownOriginHost

The host system sending the message.

KnownImpactedHost

The host system receiving the message.

KnownService

The service which transmitted the message.

IP

Any IP address found within the message.

OriginIP

The IP address of the sending system for the message.

ImpactedIP

The IP address of the receiving system for the message.

IPRange

Identify messages that contain any IP address with a range.

OriginIPRange

The IP address range that was the origin of the log activity.

ImpactedIPRange

The IP address range that was the impacted of the log activity.

HostName

The name of the Host such as a DNS name or NetBIOS name that was the origin or impacted by the log activity.

OriginHostName

The name of the Host such as a DNS name or NetBIOS name that was the origin of the log activity.

ImpactedHostName

The name of the Host such as a DNS name or NetBIOS name that was the impacted of the log activity.

OriginPort

The source/client TCP/UDP port number.

ImpactedPort

The destination/client TCP/UDP port number.

Protocol

Network protocol applicable to the log message.

Login

User associated with the log activity.

Account

User account referenced or impacted by log activity.

Sender

Email originator or VOIP caller number. For non-email logs, it might represent who sent some form of information.

Recipient

Email address or VOIP caller number. For non-email logs, it might represent who received some form of information.

Subject

Email subject line. For other logs, it might represent the subject of some form of communicated information.

Object

Resource such as a file, file path, or registry key that is referenced or impacted by log activity.

Message

The log message

VendorMsgID

Unique, vendor-assigned value that IDs the log message.

Group

User group or role referenced or impacted by log activity.

Domain

Windows of DNS referenced or impacted by log activity.

Session

User, system, or application session.

Process

Name or value that IDs a process.

URL

URL referenced or impacted by log activity.

User

User associated with the log activity.

Address

Any IP address.

Port

A TCP/UDP port number associated with the log activity.

OriginPortRange

The range of accepted values of the source/client TCP/UDP port number.

ImpactedPortRange

The range of accepted values of the destination/client TCP/UDP port number.

PortRange

The range of accepted values of TCP/UDP port numbers associated with the logged activity.

OriginNetwork

Known Network that was the origin of the log activity.

ImpactedNetwork

Known Network that was the impacted by the log activity.

Network

Known Network associated to the logged activity.

IDMGroupForLogin

IDMGroupForAccount

IDMGroupForUser

BytesIn

Number of bytes received by a device, system, or process.

BytesOut

Number of bytes sent from a device, system, or process.

ItemsIn

Items such as packets received or input from a device, system, or process.

ItemsOut

Items such as packets sent or output from a device, system, or process.

Duration

Running time of a session, job, activity, etc.

Quantity

The item quantity.

Amount

Amount of an item.

Rate

Rate of an item.

Size

Item size.

OriginLocation

Country, region, and/or city where the logged activity originated as derived from the GeoIP resolution.

ImpactedLocation

Country, region, and/or city impacted by the logged activity as derived from the GeoIP resolution.

Location

Country, region, and/or city by the logged activity as derived from the GeoIP resolution.

OriginEntity

The resolved Entity of the origin host.

ImpactedEntity

The resolved Entity of the impacted host.

OriginZone

The resolved Zone that was the origin of the activity - Internal, External, or DMZ.

ImpactedZone

The resolved Zone that was impacted by the activity - Internal, External, or DMZ.

BytesInOut

Amount of data sent and received from a device, system, or process.

ItemsInOut

Items such as packets sent and received from a device, system, or process.

Application

The application which executed the logged traffic.

Host

The host or device associated by the logged activity.

OriginHost

The host or device source by the logged activity.

ImpactedHost

The host or device impacted by the logged activity.

OriginEntityOrImpactedEntity

The resolved Entity of host involved by the logged activity.

OriginZoneOrImpactedZone

The resolved Zone impacted or the source of the logged by the activity - Internal, External, or DMZ.

OriginMAC

The host/device origin MAC address.

ImpactedMAC

The host/device impacted MAC address.

OriginNATIP

The IP address the Origin IP was translated to/from via NAT device logs.

ImpactedNATIP

The IP address the Impacted IP was translated to/from via NAT device logs.

OriginInterface

The origin interface number of a device or the physical port number of a switch.

ImpactedInterface

The impacted interface number of a device or the physical port number of a switch.

PID

The ID associated with a process.

Severity

Value indicating severity of the log.

Version

Value representing the version (i.e., OS version, patch version, doc version, etc.)

Command

The command that was executed.

ObjectName

The name for an Object. Note: Object will store the full path and name but ObjectName will only store the object name.

OriginNATPort

The source/client NAT TCP/UDP port number.

ImpactedNATPort

The destination/client NAT TCP/UDP port number.

OriginNATIPRange

The source/client NAT IP address range.

ImpactedNATIPRange

The destination/client NAT IP address range.

NATIP

Any NAT IP address.

NATIPRange

Any NAT IP address within a provided range.

OriginNATPortRange

The source/client NAT TCP/UDP port number range.

ImpactedNATPortRange

The destination/client NAT TCP/UDP port number range.

NATPort

Any NAT TCP/UDP port number.

NATPortRange

Any NAT TCP/UDP port number within the provided range.

MAC

Any host/device MAC address.

Interface

Any interface number of a device or the physical port number of a switch.

Byte

Filter values are of a byte data type.

Integer

Filter values are of a 32bit integer value data type.  Also used for smaller integer value types.

LongInteger

Filter values are of a 64bit integer value data type.

String

Filter values are of a string value data type.

IPAddress

Filter values are of a string value which is validated to be in the format of an IP address.

IPAddressRange

Filter values are of an IP address range value validated to be in the format of IP addresses.

DateRange

Filter values are of a date range value used for dates.

PortRange

Filter values are of a complex data object which contains multiple integer values.

Quantity

Filter values are of a complex data object which contains float value(s).

ListReference

Filter value identifier of a saved list.

Deprecated: Do not use

ListSet

Filter object value of a list.

Deprecated: Do not use

TimeSpan

Filter values are of a Timespan data value.

POLY

Filter values are of a complex data object.

Equals

Selected quantity equals the value provided.

NotEqual

Selected quantity is not equal to the value provided.

GreaterThan

Selected quantity is greater than the value provided.

GreaterThanOrEqual

Selected quantity is greater than or equal to the value provided.

LessThan

Selected quantity is less than the value provided.

LessThanOrEqual

Selected quantity is less than or equal to the value provided.

Between

Selected quantity is between the values provided.

BetweenOrEqual

Selected quantity is between or equal to the values provided.

Outside

Selected quantity is outside or the value range provided.

OutsideOrEqual

Selected quantity is outside or equal to the value range provided.

Log

No meta information for this log.

KnownLog

Known log has meta information.

Event

Known log escalated to event with meta information.

GlobalNetwork

Networks which have administrative interest.

PersonalNetwork

Networks which have personal interest to a user.

GlobalHost

Host which have administrative interest.

PersonalHost

Host which have personal interest to a user.

GlobalLogin

Logins which have administrative interest.

PersonalLogin

Logins which have personal interest to a user.

None

No priority.

LowLow

Lowest priority.

LowMedium

Lower priority.

LowHigh

Low priority.

MediumLow

Lower medium priority.

MediumMedium

Medium priority.

MediumHigh

Upper medium priority.

HighLow

High priority.

HighMedium

Higher priority.

HighHigh

Highest priority.