From b36a51f49f07de4a39ee5adf52c0b2c58912ab99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A3o=20Sim=C3=B5es?= Date: Thu, 10 Oct 2024 11:21:43 +0100 Subject: [PATCH] [Logpush] Document new gateway HTTP and L4 fields --- .../log-fields/account/gateway_http.mdx | 128 +++++++++++++++++- .../log-fields/account/gateway_network.mdx | 64 ++++++++- 2 files changed, 189 insertions(+), 3 deletions(-) diff --git a/src/content/docs/logs/reference/log-fields/account/gateway_http.mdx b/src/content/docs/logs/reference/log-fields/account/gateway_http.mdx index b45122626fcf25..2ba31b7cbebf97 100644 --- a/src/content/docs/logs/reference/log-fields/account/gateway_http.mdx +++ b/src/content/docs/logs/reference/log-fields/account/gateway_http.mdx @@ -20,6 +20,18 @@ Type: string Action performed by gateway on the HTTP request. +## ApplicationIDs + +Type: array\[int] + +IDs of the applications that matched the HTTP request parameters. + +## ApplicationNames + +Type: array\[string] + +Names of the applications that matched the HTTP request parameters. + ## BlockedFileHash Type: string @@ -50,6 +62,18 @@ Type: string File type blocked in the response eg. exe, bin, if any. +## CategoryIDs + +Type: array\[int] + +IDs of the categories that matched the HTTP request parameters. + +## CategoryNames + +Type: array\[string] + +Names of the categories that matched the HTTP request parameters. + ## Datetime Type: int or string @@ -62,6 +86,18 @@ Type: string Destination ip of the request. +## DestinationIPContinentCode + +Type: string + +Continent code of the destination IP of the HTTP request (for example, 'NA'). + +## DestinationIPCountryCode + +Type: string + +Country code of the destination IP of the HTTP request (for example, 'US'). + ## DestinationPort Type: string @@ -108,7 +144,55 @@ Email used to authenticate the client. Type: object -Information about files detected within the HTTP request. +Information about files detected within the HTTP request. The following data is available for each file. + +### action + +Type: string + +Action taken. Possible values are none, allow and block. + +### content_type + +Type: string + +The file's content type (as read from headers), if applicable. + +### direction + +Type: string + +Possible values are upload and download. + +### file_name + +Type: string + +The file's name, if known. + +### file_hash + +Type: string + +The file's sha256 hash as a hex string, if known. + +### file_size + +Type: int + +The file's size, in bytes. + +### file_type + +Type: string + +The file's type (as detected by signatures), if known. + +## ForensicCopyStatus + +Type: string + +Status of any associated forensic copies that may have been captured during the request. ## HTTPHost @@ -152,6 +236,24 @@ Type: string The name of the gateway policy applied to the request, if any. +## PrivateAppAUD + +Type: string + +The private app AUD, if any. + +## ProxyEndpoint + +Type: string + +The proxy endpoint used on the HTTP request, if any. + +## Quarantined + +Type: bool + +If the request content was quarantined. + ## Referer Type: string @@ -176,6 +278,18 @@ Type: string Source ip of the request. +## SourceIPContinentCode + +Type: string + +Continent code of the source IP of the request (for example, 'NA'). + +## SourceIPCountryCode + +Type: string + +Country code of the source IP of the request (for example, 'US'). + ## SourceInternalIP Type: string @@ -229,3 +343,15 @@ Contents of the user agent header in the HTTP request. Type: string User identity where the HTTP request originated from. + +## VirtualNetworkID + +Type: string + +The identifier of the virtual network the device was connected to, if any. + +## VirtualNetworkName + +Type: string + +The name of the virtual network the device was connected to, if any. \ No newline at end of file diff --git a/src/content/docs/logs/reference/log-fields/account/gateway_network.mdx b/src/content/docs/logs/reference/log-fields/account/gateway_network.mdx index 113aba8caa5501..9efe6e40765cd1 100644 --- a/src/content/docs/logs/reference/log-fields/account/gateway_network.mdx +++ b/src/content/docs/logs/reference/log-fields/account/gateway_network.mdx @@ -20,6 +20,18 @@ Type: string Action performed by gateway on the session. +## ApplicationIDs + +Type: array\[int] + +IDs of the applications that matched the session parameters. + +## ApplicationNames + +Type: array\[string] + +Names of the applications that matched the session parameters. + ## Datetime Type: int or string @@ -32,6 +44,18 @@ Type: string Destination IP of the network session. +## DestinationIPContinentCode + +Type: string + +Continent code of the destination IP of the network session (for example, 'NA'). + +## DestinationIPCountryCode + +Type: string + +Country code of the destination IP of the network session (for example, 'US'). + ## DestinationPort Type: int @@ -86,6 +110,12 @@ Type: string The name of the gateway policy applied to the request, if any. +## ProxyEndpoint + +Type: string + +The proxy endpoint used on this network session, if any. + ## SNI Type: string @@ -104,6 +134,18 @@ Type: string Source IP of the network session. +## SourceIPContinentCode + +Type: string + +Continent code of the source IP of the network session (for example, 'NA'). + +## SourceIPCountryCode + +Type: string + +Country code of the source IP of the network session (for example, 'US'). + ## SourceInternalIP Type: string @@ -116,14 +158,32 @@ Type: int Source port of the network session. -## Transport +## Transport (deprecated) Type: string -Transport protocol used for this session.
Possible values are tcp | quic | udp. +Transport protocol used for this session.
Possible values are tcp \| quic \| udp. Deprecated, please use TransportProtocol instead. + +## TransportProtocol + +Type: string + +Transport protocol used for this session.
Possible values are tcp \| quic \| udp. ## UserID Type: string User identity where the network session originated from. + +## VirtualNetworkID + +Type: string + +The identifier of the virtual network the device was connected to, if any. + +## VirtualNetworkName + +Type: string + +The name of the virtual network the device was connected to, if any. \ No newline at end of file