...
Field | Description |
|---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format is ISO 8601 and RFC 3339 |
SYSTEM | The source system |
CRITICALITY | |
DEVNAME | Device name |
DEVID | Serial number of the device for the traffic’s origin |
TYPE | Event type is traffic |
SUBTYPE | Event subtype is apf-flow |
EVENTID | Eventid is 10 digit hexadecimal value |
DIRECTION | IN, OUT |
OBSERVED | Observed network types used |
RX_BYTES | Received transmission bytes |
PACKET_COUNT | Received packet count |
ACTION | Status of the session |
ACTION_CONTEXT | List of executed actions per network type sessions detected. e.g. logged, logged, captured, etc. |
CTI_TRIGGER | IP address of the triggering CTI system |
CTI_PROVIDER | Name of the IP Reputation checking system |
CTI_FEED | CTI system that does the IP Reputation check |
CTI_TYPE | Cross triggering interface type. e.g URL, MD, IP, FQDN |
PROTO | Interface of the traffic's destination |
SRCIP | IP address of the traffic’s origin |
SRCPORT | Port number of the traffic's origin |
DSTIP | Destination IP address for the web |
DSTPORT | Port number of the traffic's destination |
SNAREDATAMAP | All other data in the event will be pushed to this field |
...