Support Center > Search Results > SecureKnowledge Details
Description of Fields in Check Point Logs Technical Level
Solution

Introduction

Check Point Infinity solution includes multiple log fields, representing the diversity of Check Point's products. The log fields' mapping will help you understand security threats, logs language to better use complex queries, and your SIEM.

Two types of logs are available:

  • Security Logs - Generated by a Security Gateway, Harmony Endpoint, or Harmony Mobile.
  • Audit Logs - Generated by a Management Server.


Working with the tables below

Each table entry contains:

Field Name Field Display Name Type Description Indexed? Added in Version
Blade Display Name (Blade Name) - Product Name

Show / Hide the explanations
Column Description

Field Name

Field name as it appears in raw log (If the field appears in a table, the table's name will appear inside parentheses)

Field Display Name

Field name as it appears in SmartConsole

Description

Field information

Type

One of these:

Field Type Description
int Stores an integer
ipaddr IP address
guid Global Unique Identifier
luuid Log Unification Unique ID
string Sequence of alphanumeric text or other symbols

Blade Name

Name of blade as it appears in raw log

Blade Display Name

Name of blade as it appears in SmartConsole


Best practices for field mapping usage (SIEM integration)

In case you are using a SIEM platform and want to integrate Check Point logs into it, use the Log Exporter tool.


Disclaimer - These fields are only used for Check Point internal purposes. Therefore, these fields do not appear in the table below:

  • flags
  • ifdir
  • ifname
  • __policy_id_tag
  • version
  • rounded_bytes
  • __interface
  • mgmt
  • db_tag
  • update_service


Configuration files

You can get the information about the log fields in one of these files (do not edit them) on your Management Server:

  • $RTDIR/log_indexer/conf/LogFields.xml
  • $RTDIR/log_exporter/conf/LogFields.xml


Security Logs

Enter a string to filter this table:

Field Name Field Display Name Type Description Indexed Added in Version
Common Fields
bytes Total Bytes int Number of bytes received during a connection No  
confidence_level Confidence Level int Confidence level determined by ThreatCloud
Possible values:
  • 0 - N/A
  • 1 - Low
  • 2 - Medium-Low
  • 3 - Medium
  • 4 - Medium-High
  • 5 - High
 Yes  
calc_desc Description string Log description Yes  
dst Destination ipaddr Destination IP address Yes  
dst_country Destination Country string Destination country Yes  
dst_ip N/A ipaddr Destination IP address Yes  
dst_user_name Destination User Name string Connected username for the destination IP Yes  
email_id Email ID string Email number in SMTP connection Yes  
email_subject Email Subject string Original email subject Yes  
email_session_id Email Session ID string Connection UUID Yes  
event_count Event Count int Number of events associated with the log No  
failure_impact Failure Impact string The impact of update service failure Yes  
file_id File Id int Unique file identifier Yes  
file_type File Type string Classified file type Yes  
file_name File Name string Malicious file name / Matched file size Yes  
file_size File Size int Attachment file size / Matched file size Yes  
file_md5 File MD5 string File MD5 checksum Yes  
file_sha1 File SHA1 string File SHA1 checksum Yes  
file_sha256 File SHA-256 string File SHA256 checksum Yes  
from Sender string Source mail address Yes  
to Recipient string Source mail recipient Yes  
id N/A int Override application ID Yes  
information Information string Status of policy installation for a specific Software Blade (used only for Anti-Bot and Anti-Virus) Yes  
interface_name Interface string The name of the Security Gateway interface, through which a connection passes Yes  
interfacedir Direction string Connection direction Yes  
layer_name Layer Name string Layer name (match table, Threat Prevention match table) No  
layer_uuid N/A string Layer UUID (match table, Threat Prevention match table) Yes  
log_id Log ID int Unique identity for logs includes: Type, Family,
Product/Blade, Category		 Yes  
loguid N/A luuid UUID of unified logs Yes  
malware_action Malware Action string Description of detected malware activity Yes  
malware_family Malware Family string Additional information on protection Yes  
malware_rule_id Threat Prevention Rule ID string Threat Prevention rule ID (Threat Prevention match table) Yes  
malware_rule_name Threat Prevention Rule Name string Threat Prevention rule name (Threat Prevention match table) No  
app_category Primary Category string Application category Yes  
matched_category Matched Category string Name of the matched category (match table) No  
origin Orig string Name of the first Security Gateway that reported this event Yes  
origin_ip N/A ipaddr IP address of the Security Gateway that generated this log Yes  
origin_sic_name N/A string SIC name of the Security Gateway Yes  
policy Threat Prevention Policy string Name of the Threat Policy that this Security Gateway fetched No  
policy_mgmt Policy Management string Name of the Management Server that manages this Security Gateway Yes  
policy_name Policy Name string Name of the last policy that this Security Gateway fetched Yes  
product Blade string Product name Yes  
product_family Product Family int The product family the blade/product belongs to
Possible values:
  • 0 - Network
  • 1 - Endpoint
  • 2 - Access
  • 3 - Threat
  • 4 - Mobile
 Yes  
protection_id Protection ID string Protection malware ID Yes  
protection_name Protection Name string Specific signature name of the attack No  
protection_type Protection Type string Type of protection used to detect the attack No  
proto IP Protocol int Protocol Yes  
protocol Protocol string Protocol detected on the connection No  
proxy_src_ip Proxied Source IP ipaddr Sender source IP (even when using proxy) Yes  
reason Reason string Information on the error occurred Yes  
received_bytes Received Bytes int Number of bytes received during connection No  
resource Resource string Resource from the HTTP request Yes  
rule Rule int Matched rule number (match table) Yes  
rule_action Action string Action of the matched rule in the Access Control policy Yes  
rule_name Access Rule Name string Name of the Access Control rule (match table) No  
rule_uid Policy Rule UID string Rule ID in the Access Control policy to which the connection was matched (match table) Yes  
scan_direction File-Direction string Scan direction
Possible options:
  • From external / dmz / internal to external / dmz / internal
  • To/from this Security Gateway
 Yes  
sent_bytes Sent Bytes int Number of bytes sent during the connection No  
session_id Session Identification luuid Log UID Yes  
sequencenum Sequencenum int Number added to order logs with the same Linux timestamp and origin (Security Gateway that generated these logs) Yes  
service/fservice Destination Port

int/string

 Connection (service) destination port Yes  
service_id Service ID string Service found for the connection (by the destination port) Yes  
severity Severity int/string

Threat severity determined by ThreatCloud
Possible values:

  • 0 - Informational
  • 1 - Low
  • 2 - Medium
  • 3 - High
  • 4 - Critical
 Yes  
source_os Source OS string OS of the computer that generated the attack Yes  
src Source ipaddr Client source IP address Yes  
src_ip Source IP ipaddr Source IP Yes  
src_country Source Country string Country name, derived from connection source IP address No  
src_user_name Source User Name string Username connected to the source IP No  
s_port Source Port int Source host port number Yes  
src_port N/A int Source host port number Yes  
ticket_id Ticket ID string Unique ID per file Yes  
time Time string The timestamp when the log was created Yes  
tls_server_host_name TLS Server Host Name string SNI/CN from the encrypted TLS connection used by URL Filtering for categorization Yes R80.40
type Type string Log type Yes  
verdict Verdict string Threat Emulation engine verdict
Possible values:
  • Malicious
  • Benign
  • Error
 Yes  
user User string Source username Yes  
vendor_list Vendor List string The vendor name that provided the verdict for a malicious URL Yes  
web_client_type Client Type string Web client detected in the HTTP request (e.g: Chrome) No  
web_server_type Server Type string Web server detected in the HTTP response No  
conn_direction Connection Direction string Direction of the connection No  
host_type Host Type string Host type No  
Security Gateway - Advanced Log Information
^^log_server Log Server string Name of the Log Server No  
^^log_file_name Log File Name string Name of the log file No  
^^log_file_id Log File ID string ID of the log file No  
^^log_file_position Log File Position string Position of the log record in the log file No  
Security Gateway - Firewall Fields
inzone Source Zone string Indicates whether the source zone is internal or external No  
outzone Destination Zone string Indicates whether the destination zone is internal or external No  
sub_policy_name N/A string Layer name Yes  
sub_policy_uid N/A string Layer UID Yes  
fw_message Firewall Message string Used for various firewall errors Yes  
message Message string ISP link has failed Yes  
isp_link ISP link string Name of ISP link Yes  
fw_subproduct Subproduct string Can be VPN or non-VPN Yes  
sctp_error N/A string Error information, what caused SCTP to fail due to "out_of_state" Yes  
chunk_type N/A string Chunk of the SCTP stream Yes  
sctp_association_state N/A string The bad state you were trying to update to Yes  
tcp_packet_out_of_state TCP packet out of state string State violation Yes  
tcp_flags TCP Flags string TCP packet flags (SYN, ACK, etc.,) Yes  
connectivity_level Connectivity Level string Log for a new connection in wire mode Yes  
ip_option IP Option int IP option that was dropped Yes  
tcp_state N/A string Log with a TCP state change Yes  
expire_time N/A timestmp Connection closing time Yes  
icmp_type ICMP Type int In case a connection is ICMP, type info will be added to the log Yes  
icmp_code ICMP Code int In case a connection is ICMP, ICMP code info will be added to the log Yes  
rpc_prog RPC Program int Log for new RPC state - prog values Yes  
dce-rpc_interface_uuid DCE-RPC Interface UUID uuid Log for new RPC state - UUID values Yes  
start_time Start Time timestmp Session start time Yes  
elapsed Elapsed time Time passed since start time No  
packets_per_second Packets Per Second int Number of packets per second in the connection No  
packets Packets int Number of packets encountered in the connection No  
client_inbound_packets Client Inbound Packets int Number of packets, received by the client No  
client_outbound_packets Client Outbound Packets int Number of packets, sent from the client No  
server_inbound_packets Server Inbound Packets int Number of packets, received by the server No  
server_outbound_packets Server Outbound Packets int Number of packets, sent from the server No  
client_inbound_bytes Client Inbound Bytes int Number of bytes received by the client No  
client_outbound_bytes Client Outbound Bytes int Number of bytes sent from the client No  
server_inbound_bytes Server Inbound Bytes int Number of packets received by the server No  
server_outbound_bytes Server Outbound Bytes int Number of packets sent from the server No  
client_inbound_interface Client Inbound Interface string Gateway interface, where the connection is received from in case of an outbound connection No  
client_outbound_interface Client Outbound Interface string Gateway interface, where the connection is sent from, in case of an inbound connection No  
server_inbound_interface Server Inbound Interface string Gateway interface, where the connection is received from, in case of an inbound connection No  
server_outbound_interface Server Outbound Interface string Gateway interface, where the connection is sent from, in case of an outbound connection No  
icmp ICMP string ICMP message, will be added to the connection log Yes  
capture_uuid Captured UUID luuid UUID generated for the capture. Used when enabling the capture when logging. Yes  
packet_length Packet Length string Length of the packet Yes  
expected_length Expected Length string Expected length of the packet No  
diameter_app_name N/A string The name defined/pre-configured for the diameter application Yes  
diameter_app_ID N/A int The ID of diameter application Yes  
diameter_cmd_code N/A int Diameter not allowed application command id Yes  
diameter_msg_type N/A string Diameter message type Yes  
info Information string Rule information on the blocked diameter CMD Yes  
cp_message N/A string Used to log a general message Yes  
log_delay Log Delay int

When a new connection is created that matches an Accept Template, the Security Gateway generates a log to indicating this.
To decrease the logging load, the Security Gateway aggregates all the logs that are related to a specific Accept Template until it reaches specific thresholds. Then, the Security Gateway sends the aggregated log. If the Security Gateway needs to expire a specific Accept Template, it immediately sends all the aggregated logs that are related to this Accept Template.
If there is only one such log, the Security Gateway sends a regular non-aggregated log and generates an additional log with the Log Delay time to show the time that elapsed from the event, for which the Accept Template log was created.

 Yes  
connection_count Connections int Number of connections No  
active_conn_elapsed Active Connection Elapsed int Total time of the connection No  
during_sec Duration in Seconds int Duration of the connection (seconds) No  
fragments_dropped Duration in Seconds int Number of dropped fragments in the connection No  
ip_offset IP Offset int Offset of the fragment in the connection No  
Security Gateway - Anti-Spam Fields
email_spam_category Email Spam Category string Email categories
Possible values:
  • Spam
  • Not spam
  • Phishing
 Yes  
email_control Email Control string Engine name Yes  
email_control_analysis Email Control Analysis string Message classification, received from spam vendor engine Yes  
email_session_id Email Session ID string Internal session ID Yes  
email_id Email ID string Internal email ID Yes  
email_recipients_num Email Recipients Number int Number of recipients No  
from From string Sender email address Yes  
to Recipient string Recipient email address Yes  
reason Reason string Description of log's reason Yes  
Security Gateway - Anti-Virus Fields
scan_result Scan Result string "Infected", or description of a failure Yes  
triggered_by N/A string Engine or Software Blade that triggered the log Yes  
original_queue_id Original Queue ID string Original Postfix email queue ID Yes  
risk N/A string Risk level received from the engine Yes  
resource Resource string In case of a malicious URL, the resource field will include that URL Yes  
email_recipients_num Email Recipients Number int Number of recipients Yes  
observable_name N/A string IoC observable signature name Yes  
observable_id N/A string IoC observable signature ID Yes  
observable_comment N/A string IoC observable signature description Yes  
indicator_name Indicator Name string IoC indicator name Yes  
indicator_description N/A string IoC indicator description Yes  
indicator_reference N/A string IoC indicator reference Yes  
indicator_uuid N/A string IoC indicator UUID Yes  
reason Reason string Description of the log's reason Yes  
Security Gateway - Application Control & URL Filtering Fields
appi_name Application Name string Application name (match table) Yes  
app_desc Application Description string Application description (match table) No  
app_id Application ID int Application ID (match table) No  
app_properties Additional Categories string Application categories (match table) Yes  
app_risk Application Risk int Application risk (match table)
Possible values:
  • 0 - Unknown
  • 1 - Very low
  • 2 - Low
  • 3 - Medium
  • 4 - High
  • 5 - Critical
 Yes  
app_rule_id Application Rule ID string Rule number Yes  
app_rule_name Application Rule Name string Rule name No  
app_sig_id Application Signature ID string The signature ID, by which the application was detected (match table) Yes  
categories Categories string Matched categories Yes  
certificate_resource Resource string HTTPS resource Possible values:
  • SNI
  • Domain Name (DN)
 Yes R80.40
certificate_validation Certificate Validation string Precise error, describing HTTPS certificate failure under "HTTPS categorize websites" feature Yes R80.40
description Description string Additional explanation about the certificate validation failure Yes R80.40
usercheck_incident_uid UserCheck ID string UserCheck incident ID No  
usercheck_reference UserCheck Reference string UserCheck reference No  
resource Resource string HTTP connection resource Yes  
browse_time Browse Time time Application session browse time Yes  
limit_requested N/A int Indicates whether data limit was requested for the session Yes  
limit_applied N/A int Indicates whether the session was actually date-limited Yes  
dropped_outgoing N/A int Number of outgoing dropped packets Yes  
dropped_incoming N/A int Number of incoming dropped packets Yes  
dropped_total N/A int Number of dropped packets (both incoming and outgoing) Yes  
suppressed_logs Suppressed Logs int Number of connections/HTTP sessions that were aggregated in this application session log No  
match_id N/A int Mapping of matched rule to its matched application (match table) Yes  
client_type_os N/A string Client OS detected in the HTTP request Yes  
referrer N/A string The referrer header, if exists Yes  
name N/A string Application name Yes  
properties N/A string Application categories (match table) Yes  
risk N/A int Application risk Yes  
sig_id N/A string Application's signature ID, by which it was detected Yes  
desc N/A string Override application description Yes  
referrer_self_uid N/A guid UUID of the current log Yes  
referrer_parent_uid N/A guid Log UUID of the referring application Yes  
needs_browse_time N/A int Browse time required for the connection Yes  
security_inzone N/A string Source security zone Yes  
security_outzone N/A string Destination security zone Yes  
url URL string Matched URL Yes  
app_byte_ps_in Application Byte/Sec In int Incoming traffic of an application (Bytes per Second) No  
app_byte_ps_out Application Byte/Sec Out/td> int Outgoing traffic of an application (Bytes per Second) No  
app_pack_ps_in Application Packet/Sec In int Incoming traffic of an application (Packets per Second) No  
app_pack_ps_out Application Packet/Sec Out/td> int Outgoing traffic of an application (Packets per Second) No  
matched_application Matched Application string Name of the matched application No  
Security Gateway - Cluster Fields
cluster_info Cluster information string Cluster information
Possible options:
  • Failover reason
  • Cluster state changes
  • CP ClusterXL or 3rd party cluster
 Yes  
sync Synchronization string Sync status and the reason (stable, at risk) Yes  
Security Gateway - Content Awareness Fields
file_direction File Direction string File direction
Possible options:
  • Upload
  • Download
 Yes  
invalid_file_size N/A int The "file_size" field is valid only if this field is set to 0 Yes  
top_archive_file_name Archive File string In case of archive file: the file that was sent/received Yes  
data_type_name Data Type string Data type in rulebase that was matched No  
specific_data_type_name N/A string Compound/Group scenario, data type that was matched Yes  
word_list N/A string Words matched by data type Yes  
Security Gateway - Data Loss Prevention (DLP) Fields
info Information string Special log message Yes  
outgoing_url Outgoing URL string URL related to this log (for HTTP) Yes  
dlp_rule_name DLP Rule Name string Matched rule name No  
dlp_recipients DLP Recipients string Mail recipients No  
dlp_subject Mail Subject string Mail subject Yes  
dlp_word_list DLP Words List string Phrases matched by data type Yes  
dlp_template_score DLP Template Score string Template data type match score Yes  
message_size Message Size int Mail/post size Yes  
dlp_rule_name DLP Rule Name string Matched rule name Yes  
dlp_rule_uid DLP Rule UID string Unique ID of the matched rule Yes  
dlp_incident_uid DLP Incident UID guid Unique incident ID Yes  
dlp_related_incident_uid Related Incidents guid Other ID related to this one No  
dlp_data_type_name DLP Data Type Nam string Matched data type Yes  
dlp_data_type_uid Data Type UID string Unique ID of the matched data type Yes  
outgoing_url Outgoing URL string HTTP post URL Yes  
dlp_file_name Scanned Data Fragment string Matched file Yes  
dlp_violation_description Message to User string Violation descriptions described in the rulebase Yes  
dlp_relevant_data_types N/A string In case of Compound/Group: the inner data types that were matched No  
dlp_action_reason DLP Action Reason string Action chosen reason Yes  
dlp_categories DLP Categories string Data type category No  
dlp_transint DLP Transint string HTTP/SMTP/FTP Yes  
duplicate Duplicate string Log marked as duplicated, when mail is split, and the Security Gateway detects it two times Yes  
incident_extension Incident Extension string Format of original data Yes  
matched_file Matched File string Fingerprint: the file from FP repository that was matched by the traffic Yes  
matched_file_text_segments Matched File Text Segments int Fingerprint: number of text segments matched by this traffic Yes  
matched_file_percentage Matched File Percentage int Fingerprint: match percentage of the traffic Yes  
dlp_addtional_action DLP Additional Action string Watermark or None Yes  
dlp_watermark_profile DLP Watermark Profile string Watermark that was applied Yes  
dlp_repository_id Repository ID string ID of scanned repository Yes  
dlp_data_type_uid Data Type UID string Fingerprint data type ID Yes  
dlp_data_type_name DLP Data Type Name string Fingerprint data type name No  
dlp_repository_root_path DLP Repository Root path string Repository path Yes  
scan_id Scan ID string Sequential number of scan Yes  
special_properties Special properties int If this field is set to '1', then the log is not shown (used for monitoring the scan progress) Yes  
dlp_repository_total_size Repository size (MB) int Repository size Yes  
dlp_repository_files_number Repository files int Number of files in repository Yes  
dlp_repository_scanned_files_number Scanned files int Number of scanned files in repository Yes  
duration Duration time Scan duration No  
dlp_fingerprint_long_status Scan Status string Scan status - long format Yes  
dlp_fingerprint_short_status Scan Status Code string Scan status - short format Yes  
dlp_repository_directories_number Directories int Number of directories in repository Yes  
dlp_repository_unreachable
_directories_number		 Unreachable directories int Number of directories the Security Gateway was unable to read Yes  
dlp_fingerprinted_files_number Fingerprinted Files int Number of successfully scanned files in repository Yes  
dlp_repository_skipped_files_number Filtered Files int Skipped number of files because of configuration Yes  
dlp_repository_scanned_directories_number N/A int Number of directories scanned Yes  
number_of_errors Number of Errors int Number of files that were not scanned due to an error Yes  
next_scheduled_scan_date Next Scheduled Scan Date timestamp Next scan scheduled time according to time object Yes  
dlp_repository_scanned_total_size Scanned Size (MB) int Size scanned Yes  
dlp_repository_scanned_files_number Scanned Files int Number of scanned files in repository Yes  
dlp_repository_reached_directories_number Reachable Directories int Number of scanned directories in repository Yes  
dlp_fingerprint_short_status Scan Status Code string Scan status - short format Yes  
dlp_repository_not_
scanned_directories_percentage		 Not scanned directories percentage int Percentage of directories the Security Gateway was unable to read Yes  
dlp_repository_scanned_directories_number Directories scanned int Number of files that were not scanned due to an error Yes  
speed N/A int Current scan speed Yes  
dlp_repository_scan_progress N/A int Scan percentage Yes  
dlp_relevant_data_types DLP Relevant Data Types string If the matched data type is a group data type, then the field specifies which data types from that group were matched Yes  
dlp_transport DLP Transport string Protocol of the traffic of the incident: HTTP, FTP, SMTP No  
Security Gateway - HTTPS Inspection Fields
https_inspection_rule_id HTTPS Inspection Rule ID string ID of the matched rule Yes  
https_inspection_rule_name HTTPS Inspection Rule Name string Name of the matched rule Yes  
app_properties Additional Categories string List of all found categories (match table) No  
resource Resource string HTTPS resource
Possible values:
  • SNI
  • Domain Name
 Yes  
https_validation HTTPS Validation string Precise error, describing HTTPS inspection failure No  
https_inspection_action Inspection Action string HTTPS Inspection action (Inspect/Bypass/Error) No  
Security Gateway - ICAP Client Fields
icap_service_id N/A int Service ID, can work with multiple servers, treated as "services" Yes  
icap_server_name N/A string Server name Yes  
internal_error N/A string Internal error, for troubleshooting Yes  
verdict Verdict string Enforcement per HTTP connection
Possible values:
  • Accept
  • Block-Reject
  • Data-modification
 Yes  
icap_more_info N/A string Free text for verdict Yes  
reply_status N/A int ICAP reply status code, e.g., 200 or 204 Yes  
icap_server_service N/A string Service name, as given in the ICAP URI Yes  
mirror_and_decrypt_type N/A string Information about decrypt and forward
Possible values:
  • Mirror only
  • Decrypt and Mirror
  • Partial mirroring (HTTPS Inspection Bypass)
 Yes  
interface_name N/A string Designated interface for Mirror and Decrypt Yes  
session_uid N/A int HTTP session ID Yes  
Security Gateway - Identity Awareness Fields
broker_publisher Broker Publisher ipaddr IP address of the broker publisher who shared the session information Yes R80.40
src_machine_name Source Machine Name string Machine name connected to the source IP address No  
src_user_dn N/A string User distinguished name connected to the source IP address Yes  
src_user_group Source User Group string User Group name No  
proxy_user_name N/A string Username connected to the proxy IP address Yes  
proxy_machine_name N/A string Machine name connected to the proxy IP address Yes  
proxy_user_dn N/A string User distinguished name connected to the proxy IP address Yes  
dst_machine_name Destination Machine Name string Machine name connected to the destination IP address No  
identity_type Identity Type string Identity type (user, machine) Yes  
Security Gateway - IPS Fields
resource Resource string Malicious domain Yes  
query Query string DNS query Yes  
dns_query DNS query string DNS query Yes  
dns_type DNS Type string DNS query type Yes  
inspection_item N/A string Blade element performed inspection Yes  
performance_impact Performance Impact int Protection performance impact Yes  
inspection_category N/A string Inspection category: protocol anomaly, signature etc. Yes  
inspection_profile N/A string Profile which the activated protection belongs to Yes  
inspection_information N/A string Attack or violation description Yes  
message Message string Additional information Yes  
suppressed_logs Suppressed Logs int Total number of aggregated malicious connections Yes  
summary N/A string Summary message for non-compliant DNS traffic drops or detects Yes  
tid Tunnel ID int DNS Transaction ID Yes  
dns_message_type N/A string DNS message type
Possible values:
  • Query
  • Response
  • Authoritative response
 Yes  
question_rdata N/A string List of question records domains Yes  
answer_rdata N/A string List of answer resource records to the questioned domains Yes  
authority_rdata N/A string List of authoritative servers Yes  
additional_rdata N/A string List of additional resource records Yes  
files_names N/A string List of files requested by FTP Yes  
ftp_user N/A string FTP username Yes  
mime_from N/A string Sender's address Yes  
mime_to N/A string List of receiver address Yes  
cc N/A string List of CC addresses Yes  
bcc N/A string List of BCC addresses Yes  
content_type Content Type string Mail content type
Possible values:
  • application
  • msword
  • text/html
  • image/gif
  • and so on
 Yes  
subject Subject string Mail subject Yes  
user_agent N/A string String that identifies the requesting software user-agent Yes  
referrer N/A string Referrer HTTP request header, previous web page address. Yes  
http_location N/A string Response header, indicates the URL to redirect a page to Yes  
content_disposition N/A string Indicates how the content is expected to be displayed inline in the web browser Yes  
via N/A string "Via" header is added by proxies for tracking purposes to avoid sending requests in loop Yes  
http_server N/A string Server HTTP header value, contains information about the software used by the origin server, which handles the request Yes  
content_length N/A string Indicates the size of the entity-body of the HTTP header Yes  
method N/A string HTTP method (GET, POST, PUT, etc.) Yes  
status Status string HTTP status code Yes  
authorization N/A string Authorization HTTP header value Yes  
http_host N/A string Domain name of the server that the HTTP request is sent to Yes  
industry_reference Industry Reference string CVE registry entry No  
inspection_settings_log N/A string Indicates that the log was released by inspection settings Yes  
caused_quarantine Caused Quarantine string Indicates whether attack caused a quarantine No  
Security Gateway - Mail Transfer Agent (MTA) Fields
email_control Email Control string Engine name Yes  
email_message_id Email Message ID string Email session ID (unique ID of the mail) Yes  
email_session_id Email Session ID string Internal session ID Yes  
email_recipients_num Email Recipients Number int Number of recipients Yes  
email_id Email ID string Internal email ID Yes  
email_queue_id Email Queue ID string Postfix email queue ID Yes  
email_queue_name Email Queue Name string Postfix email queue name Yes  
original_queue_id Original Queue ID string Original postfix email queue ID Yes  
file_name File Name string Malicious file name Yes  
failure_reason Failure Reason string MTA failure description Yes  
email_headers N/A string String containing all the email headers Yes  
arrival_time Arrival Time timestmp Email arrival timestamp Yes  
email_status Email Status string Describes the email's state
Possible options:
  • delivered
  • deferred
  • skipped
  • bounced
  • hold
  • new
  • scan_started
  • scan_ended
 Yes  
status_update Last status update timestmp Last time log was updated Yes  
original_queue_id Original Queue ID string Original postfix email queue ID Yes  
scan_started Scan Started timestmp Beginning of the scanning process timestamp Yes  
scan_ended Scan Ended timestmp End of the scanning process timestamp Yes  
delivery_time Delivery Time timestmp Timestamp of when email was delivered (MTA finished handling the email Yes  
links_num Links Number int Number of links in the mail Yes  
attachments_num Attachments Number int Number of attachments in the mail Yes  
email_content Email Content string Mail contents
Possible options:
  • attachments/links
  • attachments/links/text only
 Yes  
Security Gateway - Mobile Access Fields
user_group User Group string The group to which the user belongs, upon login Yes  
cvpn_resource Application string Mobile Access application Yes  
cvpn_category Mobile Access Category string Mobile Access application type Yes  
url URL string Translated URL Yes  
outgoing_url Outgoing Url string Untranslated URL, as seen inside the internal network Yes  
reject_id Reject ID string A reject ID that corresponds to the one presented in the Mobile Access error page Yes  
fs-proto N/A string The file share protocol used in Mobile Access File Share application Yes  
session_uid Mobile Access Session UID guid Mobile Access session identification Yes  
Security Gateway - NAT Fields
allocated_ports Allocated Ports int Amount of allocated NAT ports Yes R80.40
capacity Capacity int Capacity of the NAT ports Yes R80.40
ports_usage Ports Usage int Percentage of allocated NAT ports Yes R80.40
nat_exhausted_pool

Nat Exhausted Pool

 string 4-tuple of an exhausted NAT pool Yes

R80.40

R80.10, R80.20, and R80.30 Jumbo Hotfixes
xlatesrc Xlate (NAT) Source IP ipaddr Source IPv4 address after applying NAT Yes  
xlatedst Xlate (NAT) Destination IP ipaddr Destination IPv4 address after applying NAT Yes  
xlatesint Xlate (NAT) Source Port int Source port after applying Hide NAT on the source IP address Yes  
xlatedint Xlate (NAT) Destination Port int Destination port after applying NAT Yes  
nat_rulenum NAT Rule Number int NAT rulebase first matched rule Yes  
nat_addtnl_rulenum NAT Additional Rule Number int When matching 2 automatic rules, the second rule match is shown. Otherwise, this field has the value 0. Yes  
message_info Message Information string Used for information messages, for example:
NAT connection has ended		 Yes  
nat46 N/A string NAT46 status
In most cases "enabled"		 Yes  
end_time N/A timestmp TCP connection end time Yes  
tcp_end_reason N/A string Reason for TCP connection closure Yes  
nat_rulenum NAT Rule Number int NAT rulebase first matched rule Yes  
cgnat CGNAT Information string Describes the NAT allocation for specific subscriber No  
Subscriber Subscriber IP ipaddr Source IP address before CGNAT Yes  
hide_ip N/A ipaddr Source IP address to be used after CGNAT Yes  
int_start N/A int Subscriber start integer to be used for NAT Yes  
int_end N/A int Subscriber end integer to be used for NAT Yes  
Security Gateway - SecureXL Fields
drop_reason Drop Reason string Aggregated logs of dropped packets Yes  
packet_amount N/A int Number of packets dropped No  
packets Packets string Connection tuple:
Source IP address
Source Port
Destination IP address
Destination Port
Protocol Number		 Yes  
monitor_reason N/A string Aggregated logs of monitored packets Yes  
message_info Message Information string Information on multicast packet dropped Yes  
drops_amount N/A int Amount of multicast packets dropped Yes  
securexl_message N/A string Two options for a SecureXL message:
1. Missed accounting records after heavy load on the logging system
2. FireWall log message regarding a packet drop		 Yes  
conns_amount N/A int Number of connections in the aggregated log Yes  
aggregation_info N/A string List of aggregated source connections Yes  
Security Gateway - Threat Emulation Fields
Harmony Endpoint - Threat Emulation Fields
scope Scope ipvxaddr IP address related to the attack Yes  
analyzed_on Analyzed On string Check Point ThreatCloud / emulator name Yes  
detected_on Vulnerable Operating Systems string System and applications version, on which the file was emulated Yes  
dropped_file_name Dropped File Name string List of names dropped from the original file Yes  
dropped_file_type Dropped File Type string List of file types dropped from the original file Yes  
dropped_file_hash Dropped File Hash string List of file hashes dropped from the original file Yes  
dropped_file_verdict Dropped File Verdict string List of file verdicts dropped from the original file Yes  
emulated_on Not Vulnerable OS string Images, in which the files were emulated Yes  
extracted_file_type Extracted File Type string Types of extracted files in case of an archive Yes  
extracted_file_names Extracted File Names string Names of extracted files in case of an archive Yes  
extracted_file_hash Extracted File Hash string Archive hash in case of extracted files Yes  
extracted_file_verdict N/A string Verdict of extracted files in case of an archive Yes  
extracted_file_uid N/A string UID of extracted files in case of an archive Yes  
mitre_initial_access Mitre Initial Access string The adversary is trying to break into your network Yes  
mitre_execution Mitre Execution string The adversary is trying to run malicious code Yes  
mitre_persistence Mitre Persistence string The adversary is trying to maintain his foothold Yes  
mitre_privilege_escalation Mtre Privilege Escalation string The adversary is trying to gain higher-level permissions Yes  
mitre_defense_evasion Mitre Defense Evasion string The adversary is trying to avoid being detected Yes  
mitre_credential_access Mitre Credential Access string The adversary is trying to steal account names and passwords Yes  
mitre_discovery Mitre Discovery string The adversary is trying to expose information about your environment (based on MITRE database) Yes  
mitre_lateral_movement Mitre Lateral Movement string The adversary is trying to explore your environment Yes  
mitre_collection Mitre Collection string The adversary is trying to collect data of interest to achieve his goal Yes  
mitre_command_and_control Mitre Command And Control string The adversary is trying to communicate with compromised systems to control them Yes  
mitre_exfiltration Mitre Exfiltration string The adversary is trying to steal data Yes  
mitre_impact Mitre Impact string The adversary is trying to manipulate, interrupt, or destroy your systems and data Yes  
parent_file_hash N/A string Archive's hash in case of extracted files Yes  
parent_file_name N/A string Archive's name in case of extracted files Yes  
parent_file_uid N/A string Archive's UID in case of extracted files Yes  
similiar_iocs Similar IoCs string Other IoCs, similar to the ones found, related to the malicious file Yes  
similar_hashes Similar Hashes string Hashes found similar to the malicious file Yes  
similar_strings Yes string Strings found similar to the malicious file Yes  
similar_communication Similar Communication string Network action found similar to the malicious file Yes  
te_verdict_determined_by Determined By string Emulators determined file verdict Yes  
packet_capture_unique_id Packet Capture Unique Id string Identifier of the packet capture files Yes  
total_attachments Total Attachments int The number of attachments in an email Yes  
total_logs Total Logs int The total number of logs No  
Security Gateway - Threat Extraction Fields
Harmony Endpoint - Threat Extraction Fields
additional_info General Information string ID of original file/mail which are sent by admin Yes  
content_risk Content Risk int File risk
Possible values:
  • 0 - Unknown
  • 1 - Very Low
  • 2 - Low
  • 3 - Medium
  • 4 - High
  • 5 - Critical
 Yes  
operation Operation string Operation made by Threat Extraction Yes  
scrubbed_content Suspicious Content string Active content that was found Yes  
scrub_time N/A string Extraction process duration Yes  
scrub_download_time N/A string File download time from resource Yes  
scrub_total_time N/A string Threat extraction total file handling time Yes  
scrub_activity Threat Extraction Activity string The result of the extraction Yes  
subject Subject string Mail subject Yes  
watermark N/A string Reports whether watermark is added to the cleaned file Yes  
Security Gateway - Unified Policy Fields
domain_name Domain Name string Domain name sent to DNS request Yes  
source_object N/A string Matched object name on source column Yes  
destination_object N/A string Matched object name on destination column Yes  
drop_reason Drop Reason string Drop reason description Yes  
hit N/A int Number of hits on a rule Yes  
rulebase_id N/A int Layer number Yes  
first_hit_time N/A int First hit time in current interval Yes  
last_hit_time Last Update Time int Last hit time in current interval Yes  
rematch_info N/A string Information sent when old connections cannot be matched during policy installation Yes  
last_rematch_time N/A timestmp Connection rematched time Yes  
action_reason Action Reason string Connection drop reason Yes  
c_bytes N/A int Boolean value indicates whether bytes sent from the client side are used Yes  
context_num N/A int Serial number of the log for a specific connection Yes  
match_id N/A int Private key of the rule (match table) Yes  
alert Alert string Alert level of matched rule for connection logs (Unified Policy alert - HLL table) Yes  
action Action int Action of matched rule
Possible values:
  • 0 - Drop
  • 1 - Reject
  • 2 - Accept
  • 3 - Encrypt
  • 4 - Decrypt
  • 17 - Authorize
  • 18 - Deauthorize
  • 30 - Bypass
  • 33 - Block
  • 34 - Detect
  • 39 - Do not send
  • 43 - Allow
  • 46 - Ask User
  • 61 - Extract
Note: This field is not mandatory to every log		 Yes  
parent_rule N/A int Parent rule number, in case of inline layer (match table) Yes  
match_fk N/A int Rule number Yes  
dropped_outgoing N/A int Number of outgoing bytes dropped when using UP-limit feature Yes  
dropped_incoming N/A int Number of incoming bytes dropped when using UP-limit feature Yes  
dropped_total N/A int Total bytes dropped when using UP-limit feature Yes  
Security Gateway - VoIP Fields
content_type Content Type string VoIP session Yes  
media_type N/A string Media used (audio, video, etc.) Yes  
sip_reason SIP Reason string Explains why 'source_ip' is not allowed to redirect (handover) Yes  
voip_method Request string Registration request Yes  
registered_ip-phones N/A string Registered IP-Phones Yes  
voip_reg_user_type Registered IP-Phone Type string Registered IP-Phone type Yes  
voip_call_id VoIP Call ID string Call-ID Yes  
voip_reg_int Registration Port int Registration port Yes  
voip_reg_ipp Registration IP Protocol int Registration IP protocol Yes  
voip_reg_period Registration Period int Registration period Yes  
voip_log_type VoIP Log Type string VoIP log types
Possible values:
  • reject
  • call
  • registration
 Yes  
voip_method Request string Call request Yes  
src_phone_number Source IP-phone string Source IP -Phone Yes  
voip_from_user_type Source IP-Phone Type string Source IP-Phone type Yes  
dst_phone_number Destination Phone Number string Destination IP-Phone Yes  
voip_to_user_type Destination IP-Phone Type string Destination IP-Phone type Yes  
voip_call_dir VoIP Call direction string Call direction: in/out Yes  
voip_call_state VoIP Call State string Call state
Possible values:
  • in
  • out
 Yes  
voip_call_term_time Call termination time stamp string Call termination time stamp Yes  
voip_duration VoIP Duration time Call duration (seconds) No  
voip_media_port Media Port string Media port Yes  
voip_media_ipp Media IP Protocol string Media IP protocol Yes  
voip_est_codec Estimated Codec string Estimated codec Yes  
voip_exp Expiration int Expiration Yes  
voip_attach_sz VoIP Attachment Size int Attachment size Yes  
voip_attach_action_info VoIP Attach Action Information string Attachment action information Yes  
src_phone_number Source IP-phone string Source IP-Phone Yes  
voip_media_codec N/A string Estimated codec Yes  
voip_reject_reason VoIP Reject Reason string Reject reason Yes  
voip_reason_info VoIP Reject Reason Information string Information Yes  
voip_config VoIP Configuration string Configuration Yes  
voip_reg_server Registrar Server ipaddr Registrar server IP address Yes  
Security Gateway - VPN Fields
scv_user SCV User string Username, whose packets are dropped during Secure Configuration Verification (SCV) Yes  
scv_message_info SCV Message Information string Drop reason Yes  
ppp Point to Point Protocol string Authentication status Yes  
scheme Encryption Scheme string Describes the scheme used for the log Yes  
auth_method Authentication Method string Password authentication protocol used (PAP or EAP) Yes  
machine Machine string L2TP machine which triggered the log and the log refers to it Yes  
vpn_feature_name VPN Feature string L2TP / IKE / Link Selection Yes  
reject_category Reject Category string Authentication failure reason Yes  
peer_ip_probing_status_update N/A string IP address response status Yes  
peer_ip N/A string IP address which the client connects to Yes  
peer_gateway VPN Peer Gateway ipaddr Main IP address of the VPN peer Security Gateway Yes  
link_probing_status_update N/A string IP address response status Yes  
source_interface N/A string External Interface name for source interface or Null if not found Yes  
next_hop_ip N/A string Next hop IP address Yes  
srckeyid Source Key ID string Initiator SPI ID Yes  
dstkeyid Destination Key ID string Responder SPI ID Yes  
encryption_failure Encryption Failure string

Message indicating why the encryption failed

 Yes  
ike_ids N/A string All Quick Mode (QM) IDs Yes  
community Community string Community name for the IPsec key and the use of the IKE No  
ike N/A string IKEMode (PHASE1, PHASE2, etc.) Yes  
cookieI IKE Initiator Cookie string Initiator cookie Yes  
cookieR IKE Responder Cookie string Responder cookie Yes  
msgid IKE Phase2 Message ID string Message ID Yes  
methods Encryption Methods string IPsec methods Yes  
connection_uid Connection UID luuid Calculation of MD5 of the IP address and username as UID Yes  
site_name N/A string VPN Site name Yes  
cvpn_category Mobile Access Category string Endpoint Security On Demand (ESOD) Yes  
esod_rule_name ESOD Rule Name string Unknown rule name Yes  
esod_rule_action ESOD Rule Action string Unknown rule action Yes  
esod_rule_type ESOD Rule Type string Unknown rule type Yes  
esod_noncompliance_reason ESOD Noncompliance Reason string Non-compliance reason Yes  
esod_associated_policies ESOD Associated Policies string Associated policies Yes  
spyware_name Malware Name string Spyware name Yes  
spyware_type Malware Type string Spyware type Yes  
anti_virus_type Virus Type string Anti-Virus type Yes  
end_user_firewall_type End User Firewall Type string End user firewall type Yes  
esod_scan_status ESOD Scan Status string Scan failed Yes  
esod_access_status ESOD access status string Access denied Yes  
client_type N/A string Endpoint Connect Yes  
message Message string General log message Yes  
session_uid N/A guid SNX Session GUID Yes  
cir CIR, Bps int Shows the Committed Information Rate (CIR, Bits per Second) No  
cir_threshold CIR Threshold, Bps int Shows the Committed Information Rate Threshold (Bits per Second) No  
rtt RTT, ms int Shows the Round Trip Time (RTT, milliseconds) No  
wire_byte_ps_in Wire Byte/Sec in int Incoming Wire Mode speed (Bytes per Second) No  
wire_byte_ps_out Wire Byte/Sec Out int Outgoing Wire Mode speed (Bytes per Second) No  
wire_pack_ps_in Wire Packet/Sec in int Incoming Wire Mode speed (Packets per Second) No  
wire_pack_ps_out Wire Packet/Sec Out int Outgoing Wire Mode speed (Packets per Second) No  
Security Gateway - Web Security Fields
summary N/A string URLs detected for a specific host Yes  
resource Resource string The resource from the HTTP request Yes  
precise_error N/A string HTTP parser error Yes  
method N/A string HTTP method
Possible values:
  • 0 - DELETE
  • 500 - GET
  • 1000 - HEAD
  • 1500 - METHOD
  • 2000 - OPTIONS
  • 2500 - POST
  • 3000 - PUT
  • 3500 - TRACE
  • 4000 - CONNECT
 Yes  
Harmony Endpoint - Common Fields
client_name Client Name string Client Application or Software Blade that detected the event Yes  
client_version Product Version string Build version of Harmony Endpoint client installed on the computer Yes  
extension_version Extension Version string Build version of the Harmony Endpoint Browse Extension Yes  
host_time Host Time string Local time on the endpoint computer Yes  
installed_products Installed Blades string List of installed Endpoint Software Blades Yes  
os_name OS Name string Name of the OS installed on the source endpoint computer Yes  
os_version OS Version string Build version of the OS installed on the source endpoint computer Yes  
packet_capture Packet Capture string Link to the PCAP traffic capture file with the recorded malicious connection No  
process_md5 Process MD5 string MD5 hash of the process that triggered the attack Yes  
process_name Process Name string Name of the process that triggered the attack Yes  
cc CC string The Carbon Copy address of the email Yes  
reason Reason string The reason for detecting or stopping the attack Yes  
resource Resource string URL, Domain, or DNS of the malicious request Yes  
Harmony Endpoint - Anti-Bot Fields
first_detection First Detection string Time of the first detection of the infection Yes  
last_detection Last Detection string Time of the last detection of the infection Yes  
parent_process_md5 Parent Process MD5 string MD5 hash of the parent process of the process that triggered the attack Yes  
parent_process_name Parent Process Name string Name of the parent process of the process that triggered the attack Yes  
parent_process_username Parent Process Username string Owner username of the parent process of the process that triggered the attack Yes  
process_username Process Username string Owner username of the process that triggered the attack Yes  
Harmony Endpoint - Anti-Malware Fields
destination_dns_hostname Destination DNS Hostname string Malicious DNS request domain Yes  
smartdefense_profile Threat Profile string IPS profile responsible for the decision about the action (Threat Prevention match table) Yes  
email_session_id Email Session ID string Email session ID (unique ID of the mail) Yes  
email_recipients_num Email Recipients Number string Number of recipients to whom the mail was sent Yes  
suppressed_logs Suppressed logs int Aggregated connections for five minutes on the same source, destination, and port Yes  
blade_name N/A string Software Blade name Yes  
status status int Ok
Warning
Error		 Yes  
short_desc N/A string Short description of the process that was executed Yes  
long_desc N/A string More information on the process (usually describing error reason in failure) Yes  
scan_hosts_hour N/A int Number of unique hosts during the last hour Yes  
scan_hosts_day N/A int Number of unique hosts during the last day Yes  
scan_hosts_week N/A int Number of unique hosts during the last week Yes  
unique_detected_hour N/A int Detected virus for a specific host during the last hour Yes  
unique_detected_day N/A int Detected virus for a specific host during the last day Yes  
unique_detected_week N/A int Detected virus for a specific host during the last week Yes  
scan_mail N/A int Number of emails that were scanned by the "Anti-Bot malicious activity" engine Yes  
additional_ip Additional IP string DNS host name Yes  
description Description string Additional explanation how the security gateway enforced the connection Yes  
Harmony Endpoint - Forensics Fields
attack_status Attack Status string In case of a malicious event on an endpoint computer, the status of the attack Yes  
impacted_files Impacted Files string In case of an infection on an endpoint computer, the list of files that the malware impacted Yes  
remediated_files Remediated Files string In case of an infection and a successful cleaning of that infection, this is a list of remediated files on the computer Yes  
triggered_by Triggered By string The name of the mechanism that triggered the Software Blade to enforce a protection Yes  
Harmony Endpoint - Zero Phishing Fields
trusted_domain Trusted Domain string In case of phishing event, the domain, which the attacker was impersonating Yes  
Harmony Mobile App Fields
app_package App Package string Unique identifier of the application on the protected mobile device Yes R80.20
appi_name Application Name string Name of application downloaded on the protected mobile device Yes R80.20
app_repackaged Application Repackaged string Indicates whether the original application was repackaged not by the official developer Yes R80.20
app_sid_id Application Signature ID string Unique SHA identifier of a mobile application Yes R80.20
app_version Application Version string Version of the application downloaded on the protected mobile device Yes R80.20
developer_certificate_name Developer Certificate Name string Name of the developer's certificate that was used to sign the mobile application Yes R80.20


Audit logs

Enter a string to filter this table:

Field Name Field Display Name Type Description
administrator Administrator string User who performed the operation
fieldschanges Changes string Specific changes done on the affected object
client_ip Client IP ipaddr IP address of the client machine, from which the change was performed
logic changes Logic Changes string Technical information about the specific changes done on the affected object
objecttype Object Type string The type of the affected object
operation Operation string The type of operation done on the object or rule
operation number Operation Number int Operation number done by the administrator, each operation is represented by a number
Show / Hide this section
  • 0 - Create Object
  • 1 - Update Object
  • 2 - Rename Object
  • 3 - Delete Object
  • 4 - Unlock Object
  • 5 - Ublock Table
  • 6 - Unlock Database
  • 7 - Install Security policy
  • 8 - Uninstall Security policy
  • 9 - Status Change
  • 10 - Log in
  • 11 - Login Failed
  • 12 - Logout
  • 13 - Init Sic Certificate
  • 14 - Push Sic Certificate
  • 15 - Revoke Sic Certificate
  • 16 - Init IKE Key
  • 17 - Disable IKE Key
  • 18 - Generate IKE Certificate
  • 19 - Revoke IKE Certificate
  • 20 - OMSEC Command
  • 21 - Kill Operation
  • 22 - Restore Version
  • 23 - Create Version
  • 24 - Delete Version
  • 25 - Automatic Log Export
  • 26 - Synchronize Peer
  • 27 - Synchronized By Peer
  • 28 - Change to Active
  • 29 - Change to Standby
  • 30 - Detect Active Server
  • 31 - General Database Change
  • 32 - Put File
  • 33 - Fetch File
  • 34 - SmartUpdate Install Module
  • 35 - SmartUpdate Uninstall Module
  • 36 - MDS License Violation Detected
  • 37 - CMA Synchronized by an SMC Backup Server
  • 38 - System Message
  • 39 - MDS Assign Global Policy and Install Last Policy
  • 40 - MDS Assign Global Policy
  • 41 - MDS Install Last Policy
  • 42 - MDS Remove Global Policy
  • 43 - MDS Start CMA
  • 44 - MDS Stop CMA
  • 45 - MDS Enable Global Use
  • 46 - MDS Disable Global Use
  • 47 - VSX Configuration Update
  • 48 - Set Session Description
  • 49 - Log Export
  • 50 - Log Switch
  • 51 - Log Purge
  • 52 - Plugin Activate
  • 53 - Plugin Deactivate
  • 54 - Validation Failure
  • 55 - P1SHELL Command
  • 56 - MDS License Operation
  • 57 - Portable Client Password Recovery
  • 58 - Security Management Server IP Address Changed
  • 59 - DLP Incident Viewed
  • 60 - IPS Contract Invalid
objectname Performed On string The name of the object that is affected by the action
session_name Session Name string The name of the session, in which the change was published
session_description Session Description string The description of the session, in which the change was published
subject Subject string Audit log category

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment 

SECURE YOUR EVERYTHING

©

Copyright | Privacy Policy
Follow Us