Field Name

Data Type

Required?

Description

Validation

action

Action

False

Action taken by the proxy

  • Allow: Allow
  • AVInspect: AVInspect
  • Inspect: Inspect
  • Accepted: Accepted
  • IP Block: IP Block• Block: Block
  • SSLInspect:

    SSLInspect

  • No Response: No

    Response

  • Unknown: Unknown
  • Warning: Warning
  • Isolate: Isolate

app

String

False

Application detected

Unvalidated

bytes_in

Integer

False

Number of inbound bytes transferred

Unvalidated

category

String

False

Category/Categories of request

Unvalidated

dest

String

True

Destination of the remote traffic

Unvalidated

http_content_type

String

False

Content-type od the requested HTTP resource

Unvalidated

http_method

Http_method

False

HTTP method used in the request

  • HEAD: HTTP HEAD
  • MKCOL: HTTP

    MKCOL

  • POST: HTTP POST
  • PROPFIND: HTTP

    PROPFIND

  • LOCK: HTTP LOCK
  • COPY: HTTP COPY
  • OPTIONS: HTTP

    OPTIONS

  • PUT: HTTP PUT
  • DELETE: HTTP

    DELETE

  • MOVE: HTTP MOVE
  • GET: HTTP GET
  • PROPPATCH: HTTP

    PROPPATCH

  • UNLOCK: HTTP

UNLOCK

src

String

True

Source of the network traffic

Unvalidated

status

Integer

False

HTTP response code

Unvalidated

url

String

False

URL of the requested HTTP resource

Unvalidated

user

String

False

User that requested the HTTP resource

Unvalidated

time

Long

True

Time of event

Unvalidated

guid

String

True

Unique ID

Unvalidated

auth_status

String

False

Authentication Status of request

Unvalidated

auth_scheme

String

False

Authentication Scheme of request

Unvalidated

workstation

String

False

WorkStation of request

Unvalidated

protocol

Protocol

True

Requested URL protocol

  • 2: HTTPS
  • 4: Accept Risk
  • 1: HTTP
  • 3: HTTPS (Untrusted)

http_version

String

False

Requested URL protocol version

Unvalidated

tls_version

Integer

False

TLS Version of event

Unvalidated

policy_type

Policy_type

False

Policy Type which triggered verdict

  • 40100: Category

    Filtering

  • 40400: Block/Allow

    List

  • 40700: Advanced

    Security

  • 40600: TTP Policy
  • 40800: Application

    Control

  • 40500: Logging

policy_name

String

False

Policy name which triggered verdict

Unvalidated

policy_id

Integer

False

Policy Definition ID which triggered verdict

Unvalidated

action_reason

Action_reason

False

Verdict Reason

  • 301: AV Unscannable
  • 7: Newly Observed

    Domain

  • 300: AV Infected
  • 0: Default Allow
  • 10: Application

    Control

  • 3: Url Filtering
  • 1: Exceptions
  • 302: Certificate

    Revoked

  • 2: Safe Search
  • 6: Managed URLs
  • 303: Protocol

    Protection

  • 305: Connection Fail
  • 4: Category Filtering
  • 304: Risk Accepted
  • 12: Traffic Analysis
  • 11: Extended Proxy
  • 5: Similarity Match
  • 8: Operational
  • 9: Suspicious Site

category_group

String

False

Aggregate

Category/Categories of request

Unvalidated

filter_category

String

False

Category which triggered verdict

Unvalidated

security_event

Boolean

False

If event is considered a security event

Unvalidated

virus_details

String

False

AV Details of event

Unvalidated

user_context

User_context

False

MSA Context type

  • 107: No Logged in

    User

  • 106: No User Details
  • 101: Authenticated
  • 109: Supervised User
  • 103: Unknown

    Domain User

  • 102: Domain User
  • 0: Network

    Protection Only

  • 105: Multiple Users
  • 104: Local User

user_count

Integer

False

User count

Unvalidated

local_ip

String

False

Local IP of MSA client

Unvalidated

local_hostname

String

False

Hostname of MSA client

Unvalidated

app_category

String

False

Application Category of request

Unvalidated