Flow Analytics - Firewall Events
This view provides detailed visibilty, filtering and analytical options for events recorded from the Firewall configuration and summarized in Firewall Events
category.
Refer Flow Analytics Overview for details on Search, Filter, Show/Hide Columns, Select Gateways and modify Time Formats/Timeframes.
Tables and Fields available in Firewall Events are as follows
Event Details |
Description |
Date and Time |
ISO 8601 format: YYYY-MM-DD T HH:MM:SS:S Example: 2020-11-22T10:58:46.820 |
Type |
APPD ID, FLOW_LOG, TLS_LOG, URLFILTER |
Level |
DEBUG, INFO, NOTICE, WARNING, ERROR, CRITCAL, ALERT, EMERGENCY |
Session ID |
.. |
Service |
Description |
Src IP |
Source IP Adresss |
Src Port |
Source Port |
Dest IP |
Destination IP Address |
Dest Port |
Destination Port |
Protocol |
UDP, TCP |
Application Info |
Description |
Client App Name |
Application name associated with client side of the session. Example: Advanced Packaging Tool |
Payload App Name |
HTTP application name associated with webserver host. Example: Facebook |
Service App Name |
Application name associated with server side of the session Example: HTTP |
Action |
Description |
Action |
DENY ???????? Verify ALLOW events are not in this view |
State |
ESTABLISHED, CLOSE, CLOSED, CLOSE_WAIT, TIME_WAIT, FIN_WAIT, LAST_ACK |
HTTP Request |
Description |
Host |
Host portion of URL |
Method |
GET, PUT, POST, HEAD, DELETE, PATCH, OPTIONS |
URI |
URI Identifier RFC 3986 |
FQDN |
Description |
FQDN |
Fully Qualified Domain Name |