Data Fields |
Type |
Description |
status |
string |
Ultimate status of traffic – Allowed or Denied |
user |
string |
User name |
protocol |
integer |
Protocol number of traffic |
src_port |
integer |
Original source port of TCP and UDP traffic |
dst_port |
integer |
Original destination port of TCP and UDP traffic |
src_ip |
string |
Original source IP address of traffic |
dst_ip |
string |
Original destination IP address of traffic |
url |
string |
URL from which threat was downloaded |
threat |
string |
Name of the threat |
event_id |
integer |
Event ID |
type |
string |
Type of the event |
host_login_user |
string |
Logged username on endpoint device. |
host_process_user |
string |
Running process on endpoint device |
endpoint_id |
integer |
Endpoint ID |
execution_path |
string |
Path of execution file |