Field Name

Data Type

Required?

Description

Validation

src

String

True

Source of the network resolution event

Unvalidated

query

String

True

Domain to be resolved

Unvalidated

record_type

String

True

DNS resource record type

Unvalidated

reply_code

Reply_code

True

Return code for the response

  • Non-Existent

    Domain: NX Domain • Format Error:

    Format Error

  • Server Failure:

    Server Fail

  • No Error: No Error

reply_code_id

Reply_code_id

True

Return code numerical id for the response

  • 3: NX Domain
  • 1: Format Error
  • 2: Server Fail
  • 0: No Error

time

Long

True

Time of event

Unvalidated

guid

String

True

Unique ID

Unvalidated

user

String

False

Username of request

Unvalidated

auth_status

String

False

Authentication Status of request

Unvalidated

auth_scheme

String

False

Authentication Scheme of request

Unvalidated

workstation

String

False

WorkStation of request

Unvalidated

protocol

Protocol

True

Protocol in use

  • 6: Direct IP Request
  • 0: DNS

action

Action

False

Filter verdict

  • Allow: Allow
  • Inspect: Inspect• Accepted: Accepted • Unfiltered:

    Unfiltered

  • IP Block: IP Block
  • Block: Block
  • No Response: No

    Response

  • Warning: Warning
  • Isolate: Isolate

policy_type

Policy_type

False

Policy Type which triggered verdict

  • 40100: Category

    Filtering

  • 40400: Block/Allow

    List

  • 40700: Advanced

    Security

  • 40600: TTP Policy
  • 40800: Application

    Control

  • 40500: Logging

policy_name

String

False

Policy name which triggered verdict

Unvalidated

policy_id

Integer

False

Policy Definition ID which triggered verdict

Unvalidated

action_reason

Action_reason

False

Verdict Reason

  • 602: NX Domain
  • 7: Newly Observed

    Domain

  • 0: Default Allow
  • 10: Application

    Control

  • 604: Direct IP
  • 3: Url Filtering• 1: Exceptions
  • 2: Safe Search
  • 6: Managed URLs
  • 4: Category Filtering
  • 12: Traffic Analysis
  • 11: Extended Proxy
  • 600: Server Fail
  • 5: Similarity Match
  • 8: Operational
  • 603: None
  • 9: Suspicious Site
  • 601: No Answer

category

String

False

Category/Categories of request

Unvalidated

category_group

String

False

Aggregate

Category/Categories of request

Unvalidated

filter_category

String

False

Category which triggered verdict

Unvalidated

security_event

Boolean

True

If event is considered a security event

Unvalidated

user_context

User_context

False

MSA Context type

  • 107: No Logged in

    User

  • 106: No User Details
  • 101: Authenticated
  • 109: Supervised User
  • 103: Unknown

    Domain User

  • 102: Domain User
  • 0: Network

    Protection Only

  • 105: Multiple Users
  • 104: Local User

user_count

Integer

False

User count

Unvalidated

local_ip

String

False

Local IP of MSA client

Unvalidated

local_hostname

String

False

Hostname of MSA client

Unvalidated

app

String

False

Application Code of request

Unvalidated

app_category

String

False

Application Category of request

Unvalidated

request_ip

String

False

IP Request that was blocked by the MSA client

Unvalidated