Guides
ProductDeveloperPartnerPersonal
Guides
ProductDeveloperPartnerPersonal

Reports and CSV Formats

Suggest Edits

Cisco Secure Access has various reports that you can download from Secure Access in the comma-separated values (CSV) format. For information about the size of a report, see Estimate the Size of an Exported Report.

Table of Contents

Activity Search Report

You can export the results of the Activity Search Report to a CSV format. For more information, see Export Report Data to CSV and Activity Search Report.

Fields in the Activity Search Report

  • Type—The type of request made, such as DNS.
  • Date—The date the request was made.
  • Time—The time the request was made, in UTC.
  • Action—Whether the request was Allowed or Blocked.
  • Errors—Any certificate or protocol errors in the request.
  • Ruleset ID—The ID number assigned to the ruleset.
  • Ruleset Name—The ruleset that was applied.
  • Rule ID—The ID number assigned to the rule.
  • Rule Name—The rule that was applied.
  • Destination List IDs—The ID number assigned to a destination list.
  • Signature List ID—The unique ID assigned to a Default or Custom Signature List.
  • IPS Signature—The threat detected in our IPS/IDS protection.
  • IPS SIgnature Severity—The severity of the IPS Signature.
  • IPS Signature CVE—Common vulnerabilities and exposures related to the IPS Signature.
  • Identities—All tunnel identities associated with this request.
  • Identity Types—The type of identity that were associated with the request. For example, Roaming Computers or Networks.
  • Policy or Ruleset Identity—The identity that made the request.
  • Policy or Ruleset Identity Type—The type of the identity that made the request.
  • Forwarding Method—The method used to forward the identity of the client to the proxy.
  • Internal IP—The internal IP address that made the request.
  • External IP—The external IP address that made the request.
  • Source IP—The IP of the computer making the request.
  • Destination IP—The destination IP requested.
  • Source Port—The port the request was made on.
  • Destination Port—The destination port the request was made on.
  • Destination—The domain of the request.
  • Hostname—The name of the host.
  • Categories—The content categories, if any, that matched against the destination IP address or port requested.
  • Integrations—Integration categories you set.
  • Blocked Categories—The category that resulted in the destination being blocked.
  • Application—The application associated with the request.
  • Application Category—The categories for any applications associated with the request.
  • Query Type—The type of DNS request that was made.
  • Content Type—The type of web content; typically text or html.
  • Protocol—The actual protocol of the traffic. For example, TCP, UDP, or ICMP.
  • Filename—The name of the file.
  • File Action (Remote Browser Isolation)—The action taken on a file during a Remote Browser Isolation session.
  • Total Size in Bytes—The total size in bytes.
  • Request Size—Request size in bytes.
  • Response Size—Response size in bytes.
  • Packet Size—Packet size in bytes.
  • Referrer—The referring domain or URL.
  • User Agent—The browser agent that made the request.
  • Status Code—The HTTP status code.
  • Direction—The direction of the packet. It is directed either towards the internet or to the customer's network.
  • Threats—Any threats associated with the request.
  • Threat Types—The types of threats associated with the request.
  • SHA256 Hash—The hex digest of the response content.
  • Cisco AMP Result—The malware detected by AMP.
  • Cisco AMP Disposition—What action was taken on the file download.
  • Cisco AMP Score—The risk score associated with the downloaded file. This field returns blank unless the verdict is Unknown, in which the value will be 0.
  • Antivirus Result—Threats detected by the antivirus.
  • Potentially Unwanted Applications—A list of all potentially unwanted application (PUA) results for the proxied file as returned by the antivirus scanner.
  • Detected Response File Type—The file type of the response, as detected by the file type control that blocked the request based on factors such as URL or content type header.
  • Isolated State—Whether the Remote Browser Isolation state was isolated or not.
  • Data Loss Prevention State—Whether the DLP status was allowed or blocked.
  • Tenant Controls—Whether the request is Tenant Application Access Control protected.

Top Categories Report

You can export the results of the Top Categories Report to a CSV format. For more information, see Export Report Data to CSV and Top Categories Report.

Fields in the Top Categories Report

  • Category—A content category in which a request was made. See Manage Content Categories.
  • Count—The number of requests made for the category.

Top Destinations Report

You can export the results of the Top Destinations Report to a CSV format. For more information, see Export Report Data to CSV and Top Destinations Report.

Fields in the Top Destinations Report

  • Domain—The domain that was requested.
  • Query Count—The number of requests for the domain.
  • Categories—The content categories that matched against the destination requested. See Manage Content Categories.

Top Identities Report

You can export the results of the Top Identities Report to a CSV format. For more information, see Export Report Data to CSV and Top Identities Report.

Fields in the Top Identities Report

  • Identity—The identity making requests.
  • Query Count—The number of requests made by the identity.

Log Formats and Versioning < Reports and CSV Formats > Admin Audit Log Formats

Updated 9 months ago