firewallSearchDocumentSchema
firewallSearchDocumentSchema
Schema for each Firewall log document
JSON Example
{
"_source": {
"@timestamp": "string",
"logType": "string",
"enterpriseLogicalId": "string",
"edgeName": "string",
"ruleId": "string",
"edgeLogicalId": "string",
"actionTaken": "string",
"sessionId": "number",
"segmentLogicalId": "string",
"inputInterface": "string",
"protocol": "number",
"sourceIp": "string",
"destinationIp": "string",
"sourcePort": "number",
"destinationPort": "number",
"destination": "string",
"domainName": "string",
"firewallPolicyName": "string",
"segmentName": "string",
"extensionHeader": "string",
"application": "string",
"sessionDurationSecs": "number",
"bytesSent": "number",
"bytesReceived": "number",
"closeReason": "string",
"signatureId": "number",
"verdict": "string",
"signature": "string",
"category": "string",
"ruleVersion": "number",
"attackSource": "string",
"attackTarget": "string",
"severity": "number",
"idsAlert": "number",
"ipsAlert": "number"
}
}