Start free trial Contact Sales

sophos fields

sophos Module

sophos.xg

Module for parsing sophosxg syslog.

sophos.xg.action: Event Action

type: keyword

sophos.xg.activityname: Web policy activity that matched and caused the policy result.

type: keyword

sophos.xg.ap: Access Point Serial ID or LocalWifi0 or LocalWifi1.

type: keyword

sophos.xg.app_category: Name of the category under which application falls

type: keyword

sophos.xg.app_filter_policy_id: Application filter policy ID applied on the traffic

type: keyword

sophos.xg.app_is_cloud: Application is Cloud

type: keyword

sophos.xg.app_name: Application name

type: keyword

sophos.xg.app_resolved_by: Application is resolved by signature or synchronized application

type: keyword

sophos.xg.app_risk: Risk level assigned to the application

type: keyword

sophos.xg.app_technology: Technology of the application

type: keyword

sophos.xg.appfilter_policy_id: Application Filter policy applied on the traffic

type: integer

sophos.xg.application: Application name

type: keyword

sophos.xg.application_category: Application is resolved by signature or synchronized application

type: keyword

sophos.xg.application_filter_policy: Application Filter policy applied on the traffic

type: integer

sophos.xg.application_name: Application name

type: keyword

sophos.xg.application_risk: Risk level assigned to the application

type: keyword

sophos.xg.application_technology: Technology of the application

type: keyword

sophos.xg.appresolvedby: Technology of the application

type: keyword

sophos.xg.auth_client: Auth Client

type: keyword

sophos.xg.auth_mechanism: Auth mechanism

type: keyword

sophos.xg.av_policy_name: Malware scanning policy name which is applied on the traffic

type: keyword

sophos.xg.backup_mode: Backup mode

type: keyword

sophos.xg.branch_name: Branch Name

type: keyword

sophos.xg.category: IPS signature category.

type: keyword

sophos.xg.category_type: Type of category under which website falls

type: keyword

sophos.xg.classification: Signature classification

type: keyword

sophos.xg.client_host_name: Client host name

type: keyword

sophos.xg.client_physical_address: Client physical address

type: keyword

sophos.xg.clients_conn_ssid: Number of client connected to the SSID.

type: long

sophos.xg.collisions: collisions

type: long

sophos.xg.con_event: Event Start/Stop

type: keyword

sophos.xg.con_id: Unique identifier of connection

type: integer

sophos.xg.configuration: Configuration

type: float

sophos.xg.conn_id: Unique identifier of connection

type: integer

sophos.xg.connectionname: Connectionname

type: keyword

sophos.xg.connectiontype: Connectiontype

type: keyword

sophos.xg.connevent: Event on which this log is generated

type: keyword

sophos.xg.connid: Connection ID

type: keyword

sophos.xg.content_type: Type of the content

type: keyword

sophos.xg.contenttype: Type of the content

type: keyword

sophos.xg.context_match: Context Match

type: keyword

sophos.xg.context_prefix: Content Prefix

type: keyword

sophos.xg.context_suffix: Context Suffix

type: keyword

sophos.xg.cookie: cookie

type: keyword

sophos.xg.date: Date (yyyy-mm-dd) when the event occurred

type: date

sophos.xg.destinationip: Original destination IP address of traffic

type: ip

sophos.xg.device: device

type: keyword

sophos.xg.device_id: Serial number of the device

type: keyword

sophos.xg.device_model: Model number of the device

type: keyword

sophos.xg.device_name: Model number of the device

type: keyword

sophos.xg.dictionary_name: Dictionary Name

type: keyword

sophos.xg.dir_disp: TPacket direction. Possible values:“org”, “reply”, “”

type: keyword

sophos.xg.direction: Direction

type: keyword

sophos.xg.domainname: Domain from which virus was downloaded

type: keyword

sophos.xg.download_file_name: Download file name

type: keyword

sophos.xg.download_file_type: Download file type

type: keyword

sophos.xg.dst_country_code: Code of the country to which the destination IP belongs

type: keyword

sophos.xg.dst_domainname: Receiver domain name

type: keyword

sophos.xg.dst_ip: Original destination IP address of traffic

type: ip

sophos.xg.dst_port: Original destination port of TCP and UDP traffic

type: integer

sophos.xg.dst_zone_type: Type of destination zone

type: keyword

sophos.xg.dstdomain: Destination Domain

type: keyword

sophos.xg.duration: Durability of traffic (seconds)

type: long

sophos.xg.email_subject: Email Subject

type: keyword

sophos.xg.ep_uuid: Endpoint UUID

type: keyword

sophos.xg.ether_type: ethernet frame type

type: keyword

sophos.xg.eventid: ATP Evenet ID

type: keyword

sophos.xg.eventtime: Event time

type: date

sophos.xg.eventtype: ATP event type

type: keyword

sophos.xg.exceptions: List of the checks excluded by web exceptions.

type: keyword

sophos.xg.execution_path: ATP execution path

type: keyword

sophos.xg.extra: extra

type: keyword

sophos.xg.file_name: Filename

type: keyword

sophos.xg.file_path: File path

type: keyword

sophos.xg.file_size: File Size

type: integer

sophos.xg.filename: File name associated with the event

type: keyword

sophos.xg.filepath: Path of the file containing virus

type: keyword

sophos.xg.filesize: Size of the file that contained virus

type: integer

sophos.xg.free: free

type: integer

sophos.xg.from_email_address: Sender email address

type: keyword

sophos.xg.ftp_direction: Direction of FTP transfer: Upload or Download

type: keyword

sophos.xg.ftp_url: FTP URL from which virus was downloaded

type: keyword

sophos.xg.ftpcommand: FTP command used when virus was found

type: keyword

sophos.xg.fw_rule_id: Firewall Rule ID which is applied on the traffic

type: integer

sophos.xg.fw_rule_type: Firewall rule type which is applied on the traffic

type: keyword

sophos.xg.hb_health: Heartbeat status

type: keyword

sophos.xg.hb_status: Heartbeat status

type: keyword

sophos.xg.host: Host

type: keyword

sophos.xg.http_category: HTTP Category

type: keyword

sophos.xg.http_category_type: HTTP Category Type

type: keyword

sophos.xg.httpresponsecode: code of HTTP response

type: long

sophos.xg.iap: Internet Access policy ID applied on the traffic

type: keyword

sophos.xg.icmp_code: ICMP code of ICMP traffic

type: keyword

sophos.xg.icmp_type: ICMP type of ICMP traffic

type: keyword

sophos.xg.idle_cpu: idle ##

type: float

sophos.xg.idp_policy_id: IPS policy ID which is applied on the traffic

type: integer

sophos.xg.idp_policy_name: IPS policy name i.e. IPS policy name which is applied on the traffic

type: keyword

sophos.xg.in_interface: Interface for incoming traffic, e.g., Port A

type: keyword

sophos.xg.interface: interface

type: keyword

sophos.xg.ipaddress: Ipaddress

type: keyword

sophos.xg.ips_policy_id: IPS policy ID applied on the traffic

type: integer

sophos.xg.lease_time: Lease Time

type: keyword

sophos.xg.localgateway: Localgateway

type: keyword

sophos.xg.localnetwork: Localnetwork

type: keyword

sophos.xg.log_component: Component responsible for logging e.g. Firewall rule

type: keyword

sophos.xg.log_id: Unique 12 characters code (0101011)

type: keyword

sophos.xg.log_subtype: Sub type of event

type: keyword

sophos.xg.log_type: Type of event e.g. firewall event

type: keyword

sophos.xg.log_version: Log Version

type: keyword

sophos.xg.login_user: ATP login user

type: keyword

sophos.xg.mailid: mailid

type: keyword

sophos.xg.mailsize: mailsize

type: integer

sophos.xg.message: Message

type: keyword

sophos.xg.mode: Mode

type: keyword

sophos.xg.nat_rule_id: NAT Rule ID

type: keyword

sophos.xg.newversion: Newversion

type: keyword

sophos.xg.oldversion: Oldversion

type: keyword

sophos.xg.out_interface: Interface for outgoing traffic, e.g., Port B

type: keyword

sophos.xg.override_authorizer: Override authorizer

type: keyword

sophos.xg.override_name: Override name

type: keyword

sophos.xg.override_token: Override token

type: keyword

sophos.xg.phpsessid: PHP session ID

type: keyword

sophos.xg.platform: Platform of the traffic.

type: keyword

sophos.xg.policy_type: Policy type applied to the traffic

type: keyword

sophos.xg.priority: Severity level of traffic

type: keyword

sophos.xg.protocol: Protocol number of traffic

type: keyword

sophos.xg.qualifier: Qualifier

type: keyword

sophos.xg.quarantine: Path and filename of the file quarantined

type: keyword

sophos.xg.quarantine_reason: Quarantine reason

type: keyword

sophos.xg.querystring: querystring

type: keyword

sophos.xg.raw_data: Raw data

type: keyword

sophos.xg.received_pkts: Total number of packets received

type: long

sophos.xg.receiveddrops: received drops

type: long

sophos.xg.receivederrors: received errors

type: keyword

sophos.xg.receivedkbits: received kbits

type: long

sophos.xg.recv_bytes: Total number of bytes received

type: long

sophos.xg.red_id: RED ID

type: keyword

sophos.xg.referer: Referer

type: keyword

sophos.xg.remote_ip: Remote IP

type: ip

sophos.xg.remotenetwork: remotenetwork

type: keyword

sophos.xg.reported_host: Reported Host

type: keyword

sophos.xg.reported_ip: Reported IP

type: keyword

sophos.xg.reports: Reports

type: float

sophos.xg.rule_priority: Priority of IPS policy

type: keyword

sophos.xg.sent_bytes: Total number of bytes sent

type: long

sophos.xg.sent_pkts: Total number of packets sent

type: long

sophos.xg.server: Server

type: keyword

sophos.xg.sessionid: Sessionid

type: keyword

sophos.xg.sha1sum: SHA1 checksum of the item being analyzed

type: keyword

sophos.xg.signature: Signature

type: float

sophos.xg.signature_id: Signature ID

type: keyword

sophos.xg.signature_msg: Signature messsage

type: keyword

sophos.xg.site_category: Site Category

type: keyword

sophos.xg.source: Source

type: keyword

sophos.xg.sourceip: Original source IP address of traffic

type: ip

sophos.xg.spamaction: Spam Action

type: keyword

sophos.xg.sqli: related SQLI caught by the WAF

type: keyword

sophos.xg.src_country_code: Code of the country to which the source IP belongs

type: keyword

sophos.xg.src_domainname: Sender domain name

type: keyword

sophos.xg.src_ip: Original source IP address of traffic

type: ip

sophos.xg.src_mac: Original source MAC address of traffic

type: keyword

sophos.xg.src_port: Original source port of TCP and UDP traffic

type: integer

sophos.xg.src_zone_type: Type of source zone

type: keyword

sophos.xg.ssid: Configured SSID name.

type: keyword

sophos.xg.start_time: Start time

type: date

sophos.xg.starttime: Starttime

type: date

sophos.xg.status: Ultimate status of traffic – Allowed or Denied

type: keyword

sophos.xg.status_code: Status code

type: keyword

sophos.xg.subject: Email subject

type: keyword

sophos.xg.syslog_server_name: Syslog server name.

type: keyword

sophos.xg.system_cpu: system

type: float

sophos.xg.target: Platform of the traffic.

type: keyword

sophos.xg.temp: Temp

type: float

sophos.xg.threatname: ATP threatname

type: keyword

sophos.xg.timestamp: timestamp

type: date

sophos.xg.timezone: Time (hh:mm:ss) when the event occurred

type: keyword

sophos.xg.to_email_address: Receipeint email address

type: keyword

sophos.xg.total_memory: Total Memory

type: integer

sophos.xg.trans_dst_ip: Translated destination IP address for outgoing traffic

type: ip

sophos.xg.trans_dst_port: Translated destination port for outgoing traffic

type: integer

sophos.xg.trans_src_ip: Translated source IP address for outgoing traffic

type: ip

sophos.xg.trans_src_port: Translated source port for outgoing traffic

type: integer

sophos.xg.transaction_id: Transaction ID

type: keyword

sophos.xg.transactionid: Transaction ID of the AV scan.

type: keyword

sophos.xg.transmitteddrops: transmitted drops

type: long

sophos.xg.transmittederrors: transmitted errors

type: keyword

sophos.xg.transmittedkbits: transmitted kbits

type: long

sophos.xg.unit: unit

type: keyword

sophos.xg.updatedip: updatedip

type: ip

sophos.xg.upload_file_name: Upload file name

type: keyword

sophos.xg.upload_file_type: Upload file type

type: keyword

sophos.xg.url: URL from which virus was downloaded

type: keyword

sophos.xg.used: used

type: integer

sophos.xg.used_quota: Used Quota

type: keyword

sophos.xg.user: User

type: keyword

sophos.xg.user_cpu: system

type: float

sophos.xg.user_gp: Group name to which the user belongs.

type: keyword

sophos.xg.user_group: Group name to which the user belongs

type: keyword

sophos.xg.user_name: user_name

type: keyword

sophos.xg.users: Number of users from System Health / Live User events.

type: long

sophos.xg.vconn_id: Connection ID of the master connection

type: integer

sophos.xg.virus: virus name

type: keyword

sophos.xg.web_policy_id: Web policy ID

type: keyword

sophos.xg.website: Website

type: keyword

sophos.xg.xss: related XSS caught by the WAF

type: keyword