Field | Type | Extra fields |
---|
eventdate | timestamp
| |
recordType | int4
| |
recordLength | int4
| |
archiveTimestamp | timestamp
| |
checksum | int4
| |
deviceId | int4
| |
legacyIpAddress | str
| |
macAddress | str
| |
hasIpv6 | int4
| |
eventSecond | int4
| |
eventMicrosecond | int4
| |
eventType | int4
| |
eventSubtype | int4
| |
ipv6Address | str
| |
blockType | int4
| |
blockLength | int4
| |
ingressZone | str
| |
egressZone | str
| |
ingressInterface | str
| |
egressInterface | str
| |
initiatorIpAddress | str
| |
responderIpAddress | str
| |
policyRevision | str
| |
ruleId | int8
| |
ruleAction | int4
| |
ruleReason | int4
| |
initiatorPort | int4
| |
responderPort | int4
| |
tcpFlag | int4
| |
protocol | int4
| |
netflowSource | str
| |
instanceId | int4
| |
connectionCounter | int4
| |
firstPacketTimestamp | timestamp
| |
lastPacketTimestamp | timestamp
| |
initiatorTransmittedPackets | int4
| |
responderTransmittedPackets | int4
| |
initiatorTransmittedBytes | int4
| |
responderTransmittedBytes | int4
| |
userId | int8
| |
applicationId | int4
| |
urlCategory | int4
| |
urlReputation | int4
| |
clientApplicationId | int4
| |
webApplicationId | int4
| |
clientUrl__blockType | int4
| |
clientUrl__blockLength | int4
| |
clientUrl__data | str
| |
netbios__blockType | int4
| |
netbios__blockLength | int4
| |
netbios__data | str
| |
clientApplicationVersion__blockType | int4
| |
clientApplicationVersion__blockLength | int4
| |
clientApplicationVersion__data | str
| |
monitorRule1 | int8
| |
monitorRule2 | int4
| |
monitorRule3 | int4
| |
monitorRule4 | int4
| |
monitorRule5 | int4
| |
monitorRule6 | int4
| |
monitorRule7 | int4
| |
monitorRule8 | int4
| |
securityIntelligenceSourceDestination | int4
| |
securityIntelligenceLayer | int4
| |
fileEventCount | int4
| |
intrusionEventCount | int4
| |
initiatorCountry | int4
| |
responderCountry | int4
| |
iocNumber | int4
| |
sourceAutonomousSystem | int4
| |
destinationAutonomousSystem | int4
| |
snmpIn | int4
| |
snmpOut | int4
| |
sourceTos | int4
| |
destinationTos | int4
| |
sourceMask | int4
| |
destinationMask | int4
| |
securityContext | str
| |
vlanId | int4
| |
referencedHost__blockType | int4
| |
referencedHost__blockLength | int4
| |
referencedHost__data | str
| |
userAgent__blockType | int4
| |
userAgent__blockLength | int4
| |
userAgent__data | str
| |
httpReferrer__blockType | int4
| |
httpReferrer__blockLength | int4
| |
httpReferrer__data | str
| |
sslCertificateFingerprint | str
| |
sslPolicyId | str
| |
sslRuleId | int4
| |
sslCipherSuite | int4
| |
sslVersion | int4
| |
sslServerCertificateStatus | int4
| |
sslActualAction | int4
| |
sslExpectedAction | int4
| |
sslFlowStatus | int4
| |
sslFlowError | int4
| |
sslFlowMessages | int4
| |
sslFlowFlags | int4
| |
sslServerName__blockType | int4
| |
sslServerName__blockLength | int4
| |
sslServerName__data | str
| |
sslUrlCategory | int4
| |
sslSessionId | str
| |
sslSessionIdLength | int4
| |
sslTicketId | str
| |
sslTicketIdLength | int4
| |
networkAnalysisPolicyRevision | str
| |
endpointProfileId | int4
| |
securityGroupId | int4
| |
locationIpv6 | str
| |
httpResponse | int4
| |
dnsQuery__blockType | int4
| |
dnsQuery__blockLength | int4
| |
dnsQuery__data | str
| |
dnsRecordType | int4
| |
dnsResponseType | int4
| |
dnsTtl | int4
| |
sinkholeUuid | str
| |
securityIntelligenceList1 | int4
| |
securityIntelligenceList2 | int4
| |
at_computed__recordTypeCategory | str
| |
at_computed__recordTypeDescription | str
| |
at_computed__transportProtocol | str
| |
at_computed__webApplication | str
| |
at_computed__clientApplication | str
| |
at_computed__applicationProtocol | str
| |
at_computed__securityIntelligenceIp | str
| |
at_computed__securityIntelligenceEvent | str
| |
at_computed__urlCategory | str
| |
at_computed__urlReputation | str
| |
at_computed__firewallRule | str
| |
at_computed__firewallRuleAction | str
| |
at_computed__firewallRuleReason | str
| |
at_computed__firewallPolicy | str
| |
at_computed__ingressInterface | str
| |
at_computed__egressInterface | str
| |
at_computed__ingressSecurityZone | str
| |
at_computed__egressSecurityZone | str
| |
at_computed__sourceIpCountry | str
| |
at_computed__destinationIpCountry | str
| |
at_computed__user | str
| |
at_computed_dnsRecordName | str
| |
at_computed_dnsRecordDescription | str
| |
at_computed__sslActualAction | str
| |
at_computed__sslExpectedAction | str
| |
at_computed__sslFlowStatus | str
| |
at_computed__sslServerCertificateStatus | str
| |
at_computed__sslCipherSuite | str
| |
at_computed__sslVersion | str
| |
at_computed__monitorRule1 | str
| |
at_computed__monitorRule2 | str
| |
at_computed__monitorRule3 | str
| |
at_computed__monitorRule4 | str
| |
at_computed__monitorRule5 | str
| |
at_computed__monitorRule6 | str
| |
at_computed__monitorRule7 | str
| |
at_computed__sensor | str
| |
at_computed__eventDescription | str
| |
at_computed__eventSecond | timestamp
| |
at_computed__eventDateTime | timestamp
| |
hostchain | str
| ✓ |
tag | str
| ✓ |
rawMessage | str
| ✓ |