Reports and CSV Formats
Cisco Secure Access has various reports that you can download from Secure Access in the comma-separated values (CSV) format. For information about the size of a report, see Estimate the Size of an Exported Report.
Table of Contents
Activity Search Report
You can export the results of the Activity Search Report to a CSV format. For more information, see Export Report Data to CSV and Activity Search Report.
Fields in the Activity Search Report
- Type—The type of request made, such as DNS.
- Date—The date the request was made.
- Time—The time the request was made, in UTC.
- Action—Whether the request was Allowed or Blocked.
- Errors—Any certificate or protocol errors in the request.
- Ruleset ID—The ID number assigned to the ruleset.
- Ruleset Name—The ruleset that was applied.
- Rule ID—The ID number assigned to the rule.
- Rule Name—The rule that was applied.
- Destination List IDs—The ID number assigned to a destination list.
- Signature List ID—The unique ID assigned to a Default or Custom Signature List.
- IPS Signature—The threat detected in our IPS/IDS protection.
- IPS SIgnature Severity—The severity of the IPS Signature.
- IPS Signature CVE—Common vulnerabilities and exposures related to the IPS Signature.
- Identities—All tunnel identities associated with this request.
- Identity Types—The type of identity that were associated with the request. For example, Roaming Computers or Networks.
- Policy or Ruleset Identity—The identity that made the request.
- Policy or Ruleset Identity Type—The type of the identity that made the request.
- Forwarding Method—The method used to forward the identity of the client to the proxy.
- Internal IP—The internal IP address that made the request.
- External IP—The external IP address that made the request.
- Source IP—The IP of the computer making the request.
- Destination IP—The destination IP requested.
- Source Port—The port the request was made on.
- Destination Port—The destination port the request was made on.
- Destination—The domain of the request.
- Hostname—The name of the host.
- Categories—The content categories, if any, that matched against the destination IP address or port requested.
- Integrations—Integration categories you set.
- Blocked Categories—The category that resulted in the destination being blocked.
- Application—The application associated with the request.
- Application Category—The categories for any applications associated with the request.
- Query Type—The type of DNS request that was made.
- Content Type—The type of web content; typically text or html.
- Protocol—The actual protocol of the traffic. For example, TCP, UDP, or ICMP.
- Filename—The name of the file.
- File Action (Remote Browser Isolation)—The action taken on a file during a Remote Browser Isolation session.
- Total Size in Bytes—The total size in bytes.
- Request Size—Request size in bytes.
- Response Size—Response size in bytes.
- Packet Size—Packet size in bytes.
- Referrer—The referring domain or URL.
- User Agent—The browser agent that made the request.
- Status Code—The HTTP status code.
- Direction—The direction of the packet. It is directed either towards the internet or to the customer's network.
- Threats—Any threats associated with the request.
- Threat Types—The types of threats associated with the request.
- SHA256 Hash—The hex digest of the response content.
- Cisco AMP Result—The malware detected by AMP.
- Cisco AMP Disposition—What action was taken on the file download.
- Cisco AMP Score—The risk score associated with the downloaded file. This field returns blank unless the verdict is Unknown, in which the value will be 0.
- Antivirus Result—Threats detected by the antivirus.
- Potentially Unwanted Applications—A list of all potentially unwanted application (PUA) results for the proxied file as returned by the antivirus scanner.
- Detected Response File Type—The file type of the response, as detected by the file type control that blocked the request based on factors such as URL or content type header.
- Isolated State—Whether the Remote Browser Isolation state was isolated or not.
- Data Loss Prevention State—Whether the DLP status was allowed or blocked.
- Tenant Controls—Whether the request is Tenant Application Access Control protected.
Top Categories Report
You can export the results of the Top Categories Report to a CSV format. For more information, see Export Report Data to CSV and Top Categories Report.
Fields in the Top Categories Report
- Category—A content category in which a request was made. See Manage Content Categories.
- Count—The number of requests made for the category.
Top Destinations Report
You can export the results of the Top Destinations Report to a CSV format. For more information, see Export Report Data to CSV and Top Destinations Report.
Fields in the Top Destinations Report
- Domain—The domain that was requested.
- Query Count—The number of requests for the domain.
- Categories—The content categories that matched against the destination requested. See Manage Content Categories.
Top Identities Report
You can export the results of the Top Identities Report to a CSV format. For more information, see Export Report Data to CSV and Top Identities Report.
Fields in the Top Identities Report
- Identity—The identity making requests.
- Query Count—The number of requests made by the identity.
Log Formats and Versioning < Reports and CSV Formats > Admin Audit Log Formats
Updated 10 months ago