[Brower Isolation] Changelog entry for logging

src/content/changelog/browser-isolation/2025-03-03-user-action-logging.mdx

@@ -0,0 +1,28 @@
+---
+title: Gain visibility into user actions in Zero Trust Browser Isolation sessions
+description: User action logs for Remote Browser Isolation
+date: 2025-03-04T11:00:00Z
+---
+
+We're excited to announce that new logging capabilities for [Remote Browser Isolation (RBI)](/cloudflare-one/policies/browser-isolation/) through [Logpush](/logs/reference/log-fields/account/) are available in Beta starting today!
+
+With these enhanced logs, administrators can gain visibility into end user behavior in the remote browser and track blocked data extraction attempts, along with the websites that triggered them, in an isolated session.
+
+```json
+{
+	"AccountID": "$ACCOUNT_ID",
+	"Decision": "block",
+	"DomainName": "www.example.com",
+	"Timestamp": "2025-02-27T23:15:06Z",
+	"Type": "copy",
+	"UserID": "$USER_ID"
+}
+```
+
+User Actions available:
+
+- **Copy & Paste**
+- **Downloads & Uploads**
+- **Printing**
+
+Learn more about how to get started with Logpush in our [documentation](/logs/get-started/).

src/content/docs/logs/reference/log-fields/account/biso_user_actions.md

@@ -0,0 +1,46 @@
+---
+# Code generator. DO NOT EDIT.
+
+title: Browser Isolation User Actions
+pcx_content_type: configuration
+sidebar:
+  order: 21
+---
+
+The descriptions below detail the fields available for `biso_user_actions`.
+
+## AccountID
+
+Type: `string`
+
+The Cloudflare account ID.
+
+## Decision
+
+Type: `string`
+
+The decision applied ('allow' or 'block').
+
+## DomainName
+
+Type: `string`
+
+The domain name in the URL.
+
+## Timestamp
+
+Type: `int or string`
+
+The date and time.
+
+## Type
+
+Type: `string`
+
+The user action type ('copy', 'paste', 'download', etc.).
+
+## UserID
+
+Type: `string`
+
+The user ID.

src/content/docs/logs/reference/log-fields/account/dns_firewall_logs.md

@@ -25,7 +25,7 @@ The ID of the cluster which handled this request.
 
 Type: `string`
 
-IATA airport code of data center that received the request.
+IATA airport code of the data center that received the request.
 
 ## EDNSSubnet
 

src/content/docs/logs/reference/log-fields/account/gateway_dns.md

@@ -61,13 +61,13 @@ Resolved intermediate cname domains in reverse (for example, ['com.example.alias
 
 Type: `string`
 
-The name of the colo that received the DNS query (for example, 'SJC', 'MIA', 'IAD').
+The name of the data center that received the DNS query (for example, 'SJC', 'MIA', 'IAD').
 
 ## ColoID
 
 Type: `int`
 
-The ID of the colo that received the DNS query (for example, 46, 72, 397).
+The ID of the data center that received the DNS query (for example, 46, 72, 397).
 
 ## CustomResolveDurationMs
 

src/content/docs/logs/reference/log-fields/account/network_analytics_logs.md

@@ -31,31 +31,31 @@ Descriptive name of the type of attack that this packet was a part of, if any. O
 
 Type: `string`
 
-The city where the Cloudflare datacenter that received the packet is located.
+The city where the Cloudflare data center that received the packet is located.
 
 ## ColoCode
 
 Type: `string`
 
-The Cloudflare datacenter that received the packet (nearest IATA airport code).
+The Cloudflare data center that received the packet (nearest IATA airport code).
 
 ## ColoCountry
 
 Type: `string`
 
-The country where the Cloudflare datacenter that received the packet is located (ISO 3166-1 alpha-2).
+The country where the Cloudflare data center that received the packet is located (ISO 3166-1 alpha-2).
 
 ## ColoGeoHash
 
 Type: `string`
 
-The latitude and longitude where the colo that received the packet is located (Geohash encoding).
+The latitude and longitude where the Cloudflare data center that received the packet is located (Geohash encoding).
 
 ## ColoName
 
 Type: `string`
 
-The unique site identifier of the Cloudflare datacenter that received the packet (for example, 'ams01', 'sjc01', 'lhr01').
+The unique site identifier of the Cloudflare data center that received the packet (for example, 'ams01', 'sjc01', 'lhr01').
 
 ## Datetime
 

src/content/docs/logs/reference/log-fields/account/workers_trace_events.md

@@ -55,7 +55,7 @@ List of console messages emitted during the invocation.
 
 Type: `string`
 
-The outcome of the worker script invocation. <br />Possible values are <em>ok</em> \| <em>exception</em>.
+The outcome of the Worker script invocation. <br />Possible values are <em>ok</em> \| <em>exception</em>.
 
 ## ScriptName
 

src/content/docs/logs/reference/log-fields/account/zero_trust_network_sessions.md

@@ -91,7 +91,7 @@ Name of the client device which initiated the network session, if applicable, (f
 
 Type: `string`
 
-The name of the Cloudflare colo from which traffic egressed to the origin.
+The name of the Cloudflare data center from which traffic egressed to the origin.
 
 ## EgressIP
 
@@ -127,7 +127,7 @@ Email address associated with the user identity which initiated the network sess
 
 Type: `string`
 
-The name of the Cloudflare colo to which traffic ingressed.
+The name of the Cloudflare data center to which traffic ingressed.
 
 ## Offramp
 

src/content/docs/logs/reference/log-fields/zone/dns_logs.md

@@ -13,7 +13,7 @@ The descriptions below detail the fields available for `dns_logs`.
 
 Type: `string`
 
-IATA airport code of data center that received the request.
+IATA airport code of the data center that received the request.
 
 ## EDNSSubnet
 

src/content/docs/logs/reference/log-fields/zone/firewall_events.md

@@ -145,7 +145,7 @@ The description of the rule triggered by this request.
 
 Type: `string`
 
-The airport code of the Cloudflare datacenter that served this request.
+The airport code of the Cloudflare data center that served this request.
 
 ## EdgeResponseStatus
 

src/content/docs/logs/reference/log-fields/zone/http_requests.md

@@ -253,19 +253,19 @@ String key-value pairs for Cookies. This field is populated based on [Logpush Cu
 
 Type: `bool`
 
-True if the request looped through multiple zones on the Cloudflare edge. This is considered an orange to orange (o2o) request.
+True if the request looped through multiple zones on the Cloudflare edge. This is considered an orange to orange (O2O) request.
 
 ## EdgeColoCode
 
 Type: `string`
 
-IATA airport code of data center that received the request.
+IATA airport code of the data center that received the request.
 
 ## EdgeColoID
 
 Type: `int`
 
-Cloudflare edge colo id.
+Cloudflare edge data center ID.
 
 ## EdgeEndTimestamp
 
@@ -511,13 +511,13 @@ Array of security products that matched the request. The same product can appear
 
 Type: `int`
 
-The Cloudflare datacenter used to connect to the origin server if Argo Smart Routing is used.
+The Cloudflare data center used to connect to the origin server if Argo Smart Routing is used.
 
 ## UpperTierColoID
 
 Type: `int`
 
-The "upper tier" datacenter that was checked for a cached copy if Tiered Cache is used.
+The "upper tier" data center that was checked for a cached copy if Tiered Cache is used.
 
 ## WAFAttackScore
 
@@ -559,31 +559,31 @@ WAF score for an XSS attack.
 
 Type: `int`
 
-Amount of time in microseconds spent executing a worker, if any.
+Amount of time in microseconds spent executing a Worker, if any.
 
 ## WorkerScriptName
 
 Type: `string`
 
-The worker script name that made the request.
+The Worker script name that made the request.
 
 ## WorkerStatus
 
 Type: `string`
 
-Status returned from worker daemon.
+Status returned from Worker daemon.
 
 ## WorkerSubrequest
 
 Type: `bool`
 
-Whether or not this request was a worker subrequest.
+Whether or not this request was a Worker subrequest.
 
 ## WorkerSubrequestCount
 
 Type: `int`
 
-Number of subrequests issued by a worker when handling this request.
+Number of subrequests issued by a Worker when handling this request.
 
 ## WorkerWallTimeUs
 
@@ -595,4 +595,4 @@ The elapsed time in microseconds between the start of a Worker invocation, and w
 
 Type: `string`
 
-The human-readable name of the zone (e.g. 'cloudflare.com').
+The human-readable name of the zone (for example, 'cloudflare.com').

src/content/docs/logs/reference/log-fields/zone/page_shield_events.md

@@ -43,7 +43,7 @@ The ID of the policy which was violated.
 
 Type: `string`
 
-The resource type of the violated directive. Possible values are 'script', 'connection' or 'other' for unmonitored resource types
+The resource type of the violated directive. Possible values are 'script', 'connection', or 'other' for unmonitored resource types.
 
 ## Timestamp
 
@@ -61,7 +61,7 @@ The resource URL.
 
 Type: `bool`
 
-Whether the resource URL contains the CDN-CGI path.
+Whether the resource URL contains the '/cdn-cgi/' path.
 
 ## URLHost
 

src/content/docs/logs/reference/log-fields/zone/spectrum_events.md

@@ -43,7 +43,7 @@ Client IP address.
 
 Type: `string`
 
-Whether the connection matched any IP Firewall rules. UNKNOWN = No match or Firewall not enabled for spectrum; <em>UNKNOWN</em> \| <em>ALLOW</em> \| <em>BLOCK_ERROR</em> \| <em>BLOCK_IP</em> \| <em>BLOCK_COUNTRY</em> \| <em>BLOCK_ASN</em> \| <em>WHITELIST_IP</em> \| <em>WHITELIST_COUNTRY</em> \| <em>WHITELIST_ASN</em>.
+Whether the connection matched any IP Firewall rules. UNKNOWN = No match or Firewall not enabled for Spectrum; <em>UNKNOWN</em> \| <em>ALLOW</em> \| <em>BLOCK_ERROR</em> \| <em>BLOCK_IP</em> \| <em>BLOCK_COUNTRY</em> \| <em>BLOCK_ASN</em> \| <em>WHITELIST_IP</em> \| <em>WHITELIST_COUNTRY</em> \| <em>WHITELIST_ASN</em>.
 
 ## ClientPort
 
@@ -91,7 +91,7 @@ Indicates state of TLS session from the client to Spectrum; <em>UNKNOWN</em> \|
 
 Type: `string`
 
-IATA airport code of data center that received the request.
+IATA airport code of the data center that received the request.
 
 ## ConnectTimestamp