Web Security Proxy Event Logs

Field Name	Data Type	Required?	Description	Validation
action	Action	False	Action taken by the proxy	Allow: Allow AVInspect: AVInspect Inspect: Inspect Accepted: Accepted IP Block: IP Block• Block: Block SSLInspect: SSLInspect No Response: No Response Unknown: Unknown Warning: Warning Isolate: Isolate
app	String	False	Application detected	Unvalidated
bytes_in	Integer	False	Number of inbound bytes transferred	Unvalidated
category	String	False	Category/Categories of request	Unvalidated
dest	String	True	Destination of the remote traffic	Unvalidated
http_content_type	String	False	Content-type od the requested HTTP resource	Unvalidated
http_method	Http_method	False	HTTP method used in the request	HEAD: HTTP HEAD MKCOL: HTTP MKCOL POST: HTTP POST PROPFIND: HTTP PROPFIND LOCK: HTTP LOCK COPY: HTTP COPY OPTIONS: HTTP OPTIONS PUT: HTTP PUT DELETE: HTTP DELETE MOVE: HTTP MOVE GET: HTTP GET PROPPATCH: HTTP PROPPATCH UNLOCK: HTTP UNLOCK
src	String	True	Source of the network traffic	Unvalidated
status	Integer	False	HTTP response code	Unvalidated
url	String	False	URL of the requested HTTP resource	Unvalidated
user	String	False	User that requested the HTTP resource	Unvalidated
time	Long	True	Time of event	Unvalidated
guid	String	True	Unique ID	Unvalidated
auth_status	String	False	Authentication Status of request	Unvalidated
auth_scheme	String	False	Authentication Scheme of request	Unvalidated
workstation	String	False	WorkStation of request	Unvalidated
protocol	Protocol	True	Requested URL protocol	2: HTTPS 4: Accept Risk 1: HTTP 3: HTTPS (Untrusted)
http_version	String	False	Requested URL protocol version	Unvalidated
tls_version	Integer	False	TLS Version of event	Unvalidated
policy_type	Policy_type	False	Policy Type which triggered verdict	40100: Category Filtering 40400: Block/Allow List 40700: Advanced Security 40600: TTP Policy 40800: Application Control 40500: Logging
policy_name	String	False	Policy name which triggered verdict	Unvalidated
policy_id	Integer	False	Policy Definition ID which triggered verdict	Unvalidated
action_reason	Action_reason	False	Verdict Reason	301: AV Unscannable 7: Newly Observed Domain 300: AV Infected 0: Default Allow 10: Application Control 3: Url Filtering 1: Exceptions 302: Certificate Revoked 2: Safe Search 6: Managed URLs 303: Protocol Protection 305: Connection Fail 4: Category Filtering 304: Risk Accepted 12: Traffic Analysis 11: Extended Proxy 5: Similarity Match 8: Operational 9: Suspicious Site
category_group	String	False	Aggregate Category/Categories of request	Unvalidated
filter_category	String	False	Category which triggered verdict	Unvalidated
security_event	Boolean	False	If event is considered a security event	Unvalidated
virus_details	String	False	AV Details of event	Unvalidated
user_context	User_context	False	MSA Context type	107: No Logged in User 106: No User Details 101: Authenticated 109: Supervised User 103: Unknown Domain User 102: Domain User 0: Network Protection Only 105: Multiple Users 104: Local User
user_count	Integer	False	User count	Unvalidated
local_ip	String	False	Local IP of MSA client	Unvalidated
local_hostname	String	False	Hostname of MSA client	Unvalidated
app_category	String	False	Application Category of request	Unvalidated