panel Archives - Wavecrest Knowledge Base

Web Data Source Field Definitions

Field Name	Definition
appsite	Friendly name for a Website or Application
authtype
blocked	This occurs because the user is not authorized to access the site, that is, his access has been “blocked.” However, it can also be caused by technical anomalies, for example, “page not found by server.”
bytes	Number of total bytes (transmit and receive) for the session.
category	Describes the content of a Web page that was visited.
classification	User defined classification for the website content that was visited. Values could be any of the following: Acceptable, Unacceptable and Neutral
clientin
clientout
contenttype	Refers to an HTTP header field that specifies the type of data contained in the body of an HTTP request or response. Values could be any of the following: jpeg, mpeg, pdf, html, css, etc.
datetime	Date time stamp associated with each recrod hit
domain	A fully qualified domain name (FQDN) is a complete and unambiguous domain name that specifies the exact location of a specific resource on the internet.
group	Organizational groups are structured in a hierarchical manner, forming a tree-like structure.
hit	Number of records (represents a record count)
identity
ip	Source IP Address
network
outboundip	Destination IP Address
proxyport
refererdomain	HTTP header field that indicates the URL or domain from which a user navigated to the current page.
resultcode	HTTP status codes that are used to indicate the result or status of an HTTP request made to a web server. Some commonly encountered codes are: 200 OK, 404 Not Found, etc.
searchterms	Search query or keyword, refers to the specific words or phrases that a user enters into a search engine to find information on a particular topic.
serverin
serverout
source
timeonline	An approximation of the time that a user spends on the Internet. Wavecrest’s Smart Engine algorithms can produce the most accurate time online measurement.
user	Field refers to the information recorded about the user associated with a specific network connection or traffic event.
useragent	HTTP header field sent by a web browser or other client software when making a request to a web server. It identifies the client’s software, version, and other relevant information to help the server understand the capabilities and requirements of the client.
visit	A click action for the purpose of visiting a Web site. One click equals one request for a Web page.

Palo Alto Data Source Field Definitions

Category: Panel, Visualizer

Field Name	Definition
action	Action taken for the session; values are alert, allow, deny, drop, drop-all-packets, reset-client, reset-server, reset-both, block-url.
action_source	Specifies whether the action taken to allow or block an application was defined in the application or in policy. The actions can be allow, deny, drop, reset- server, reset-client or reset-both for the session.
application	Application associated with the session.
application_category	The application category specified in the application configuration properties.
application_risk	Risk level associated with the application (1=lowest to 5=highest).
application_saas	Displays yes if a SaaS application or no if not a SaaS application.
application_subcategory	The application subcategory specified in the application configuration properties.
application_technology	The application technology specified in the application configuration properties.
bytes	Number of total bytes (transmit and receive) for the session.
category	Describes the content of a Web page that was visited.
contenttype	Refers to an HTTP header field that specifies the type of data contained in the body of an HTTP request or response. Values could be any of the following: jpeg, mpeg, pdf, html, css, etc.
datetime	Date time stamp associated with each recrod hit
dest_country	Destination country or Internal region for private addresses.
dest_ip	Original session destination IP address.
dest_zone	Zone the session was destined to.
deviceLogType
direction	Indicates the direction of the attack, client-to-server or server-to-client
group	Organizational groups are structured in a hierarchical manner, forming a tree-like structure.
hit	Number of records (represents a record count)
http2_connection	Identifies if traffic used an HTTP/2 Connection or not
identity
ip	Original session source IP address.
ip_protocol	IP protocol associated with the session.
port	Destination port utilized by the session.
recordName
referrer
results
rule	Name of the rule that the session matched.
severity
source
source_zone	Zone the session was sourced from.
threat_category	Describes threat categories used to classify different types of threat signatures.
Threat_contenttype	Subtype of the threat and traffic log
threat_id	Palo Alto Networks identifier for known and custom threats.
type	Specifies the type of log;
url
user	Field refers to the information recorded about the user associated with a specific network connection or traffic event.
useragent	HTTP header field sent by a web browser or other client software when making a request to a web server. It identifies the client’s software, version, and other relevant information to help the server understand the capabilities and requirements of the client.