Data Mapping: Secure Access Activity Data
|
Field Name |
General Field |
Description |
Sample |
|---|---|---|---|
|
endpointHostName |
EndpointName |
Endpoint hostname |
|
|
customerId |
- |
Company ID |
|
|
osName |
- |
Endpoint device operating system |
|
|
dst |
|
Destination IP address |
10.10.10.10 |
|
endpointGuid |
EndpointID |
GUID of the agent which reported the detection |
66f0cb71-4150-4437-ba8b-91151bb12345 |
|
principalName |
- |
User principal name used to log on to Trend Micro Web Security admin portal |
|
|
request |
URL |
The requested destination URL the user is accessing |
https://google.com |
|
act |
- |
Action taken for the violation
|
4 |
|
src |
|
Source IP address that is connecting to the Internet Access gateway |
|
|
serverTls |
- |
Server TLS/SSL version |
TLS 1.2 |
|
eventTime |
- |
Event generation time on the agent side |
1599465660 |
|
serverProtocol |
- |
HTTP protocol version of destination server |
HTTP/1.1 |
|
userAgent |
- |
Name of the web browser app user connects from |
|
|
rt |
- |
Report received time |
1599465660 |
|
tenantGuid |
- |
Tenant GUID of the Internet Access Gateway |
66f0cb71-4150-4437-ba8b-91151bb09876 |
|
eventName |
- |
Event type name |
SWG_ACTIVITY_LOG |
|
application |
- |
Name of the requested application |
|
|
ruleName |
- |
Name of the rule that triggered the event |
ETL_Access Rules_Web_Host |
|
clientIp |
- |
Internal IP address of source endpoint |
"fe80:0:0:0:fc7b:7a74:d273:8d13" |
|
requestBase |
- |
SWG: Domain of the requested URL |
www.facebook.com |
|
score |
- |
Web Reputation Services URL rating |
81 |
|
userDomain |
- |
Domain of the username |
etlsystems.com |
|
suid |
UserAccount |
User name or IP address |
Millie Hutchinson |
|
duration |
- |
Scan complete time, in milliseconds |
28 |
|
eventSubName |
- |
Event type subname |
OneDrive download file |
|
fileHash |
FileSHA1 |
The SHA-1 of the file which violated the policy |
1e15bf99022a9164708cebb3eace8fd61ad45cba |
|
fileHashSha256 |
FileSHA2 |
The SHA-256 of the file which violated the policy |
ba9edecdd09de1307714564c24409bd25508e22fe11c768053a08f173f263e93 |
|
fileName |
FileName |
File name of the file which violated the policy |
word.doc |
|
fileSize |
- |
Size of the file which violated the policy |
12134 |
|
fileType |
- |
File type of the file which violated the policy |
Microsoft Word |
|
malName |
- |
Name of the malware detected |
"BadZipFile" |
|
mimeType |
- |
The MIME type/ content type of the response body |
text/html |
|
sender |
- |
Roaming users or gateway where the web traffic passed |
ETL VPN |
|
detectionType |
- |
Scan type |
60 |
|
profile |
- |
Name of the Threat Protection template or Data Loss Prevention profile triggered |
"default" |
|
userDepartment |
- |
User department |
Sales |
|
requestMethod |
- |
HTTP/HTTPS request method |
POST |
|
pname |
- |
Internal product ID (Deprecated, use productCode) |
|
|
pver |
- |
Product version |
"1.0" |
|
deviceGUID |
- |
GUID of the agent which reported this detection |
"d1142f61-5bdf-4a48-bee8-b35f7b6c2376" |
|
requestMimeType |
- |
Requested content type |
|
|
failedHTTPSInspection |
- |
Failed to inspect HTTPS traffic |
TRUE |
|
tlsJA3Fingerprint |
- |
JA3 fingerprint |
"771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-41,29-23-24,0" |
|
responseSize |
- |
Response length |
6096 |
|
clientProtocol |
- |
Protocol the endpoint used when connecting to the Internet Access Gateway |
HTTP/1.1 |
|
clientTls |
- |
TLS version the endpoint used when connecting to the Internet Access Gateway |
TLS 1.2 |
|
contentEncoding |
- |
Content encoding of the request or response |
"gzip" |
|
authType |
- |
Endpoint authorization method |
Agent JWT |
|
requestSize |
- |
Request length |
952 |
|
serverRespTime |
- |
Response time from requested server, in milliseconds |
311 |
|
trafficType |
- |
Endpoint connection method to Internet Access Gateway |
Forward |
|
urlCat |
- |
Category of the requested URL |
Social Networking |
|
Field Name |
General Field |
Description |
Sample |
|---|---|---|---|
|
endpointHostName |
EndpointName |
Endpoint hostname |
|
|
customerId |
- |
Company ID |
|
|
osName |
- |
Endpoint device operating system |
|
|
dst |
|
IP address of destination private application server |
10.206.209.64 |
|
endpointGuid |
EndpointID |
Endpoint ID generated by the Secure Access Module |
DSP84573ULLJHM5GK2R7 |
|
principalName |
- |
User principal name of signed-in user |
|
|
request |
URL |
The requested destination URL the user is accessing |
SWG: https://google.com ZTNA: /api/example/v1/testit |
|
act |
- |
Action taken for the violation |
block |
|
src |
|
Source endpoint public IP address |
|
|
serverTls |
- |
Server TLS/SSL version
|
31 |
|
eventTime |
- |
Event generation time on the agent side |
1599465660 |
|
serverProtocol |
- |
HTTP protocol version of destination server |
1.1 |
|
userAgent |
- |
Name of the web browser app user connects from |
|
|
rt |
- |
Report received time |
1599465660 |
|
tenantGuid |
- |
Tenant GUID of the Internet Access Gateway |
66f0cb71-4150-4437-ba8b-91151bb09876 |
|
eventName |
- |
Event type name |
|
|
application |
- |
Name of the requested application |
wiki |
|
ruleName |
- |
Name of the rule that triggered the event |
block_wiki_for_guest |
|
clientIp |
- |
Virtual IP address of source endpoint Secure Access Module |
10.64.23.45 100.64.0.2 |
|
requestBase |
- |
Domain of the requested private application |
gary.webserver64.com |
|
ruleType |
- |
Type of rule which triggered |
access |
|
ruleUuid |
- |
UUID of the triggered rule |
12340518-abd7-43e1-9b73-2f55c4c95a8e |
|
objectId |
- |
UUID of private access application |
6f1fe071-9636-4c99-9a4d-c9f6d409a4c8 |
|
spt |
Port |
Source virtual port assigned to endpoint Secure Access Module |
57763 |
|
policyUuid |
- |
UUID of the triggered Private Access or Risk Control rule |
afef0518-abd7-43e1-9b73-2f55c4c95a8e |
|
dpt |
Port |
Destination port of private application server |
443 |
|
companyName |
- |
Company name |
Trend Micro |
|
start |
- |
Secure Access Module session start time |
1575462989 |
