Reports and CSV Formats
Cisco Secure Access has various reports that you can download from Secure Access in the comma-separated values (CSV) format. For information about the size of a report, see Estimate the Size of an Exported Report.
Table of Contents
Activity Search Report
You can export the results of the Activity Search Report to a CSV format. For more information, see Export Report Data to CSV and Activity Search Report.
Fields in the Activity Search Report:
- Type—The type of request made, such as DNS.
- Date—The date the request was made.
- Time—The time the request was made, in UTC.
- Action—Whether the request was Allowed or Blocked.
- Errors—Any certificate or protocol errors in the request.
- Ruleset ID—The ID number assigned to the ruleset.
- Ruleset Name—The ruleset that was applied.
- Rule ID—The ID number assigned to the rule.
- Rule Name—The rule that was applied.
- Destination List IDs—The ID number assigned to a destination list.
- Signature List ID—The unique ID assigned to a Default or Custom Signature List.
- IPS Signature—The threat detected in our IPS/IDS protection.
- IPS Signature Severity—The severity of the IPS Signature.
- IPS Signature CVE—Common vulnerabilities and exposures related to the IPS Signature.
- Identities—All tunnel identities associated with this request.
- Identity Types—The types of identity that were associated with the request. For example, Roaming Computers or Networks.
- Policy or Ruleset Identity—The identity that made the request.
- Policy or Ruleset Identity Type—The type of the identity that made the request.
- Forwarding Method—The method used to forward the identity of the client to the proxy.
- Internal IP—The internal IP address that made the request.
- External IP—The external IP address that made the request.
- Source IP—The IP of the computer making the request.
- Destination IP—The destination IP requested.
- Source Port—The port the request was made on.
- Destination Port—The destination port the request was made on.
- Destination—The domain of the request.
- Hostname—The name of the host.
- Categories—The content categories, if any, that matched against the destination IP address or port requested.
- Integrations—Integration categories you set.
- Blocked Categories—The category that resulted in the destination being blocked.
- Application—The application associated with the request.
- Application Category—The categories for any applications associated with the request.
- Query Type—The type of DNS request that was made.
- Content Type—The type of web content; typically text or html.
- Protocol—The actual protocol of the traffic. For example, TCP, UDP, or ICMP.
- Filename—The name of the file.
- File Action (Remote Browser Isolation)—The action taken on a file during a Remote Browser Isolation session.
- Total Size in Bytes—The total size in bytes.
- Request Size—Request size in bytes.
- Response Size—Response size in bytes.
- Packet Size—Packet size in bytes.
- Referrer—The referring domain or URL.
- User Agent—The browser agent that made the request.
- Status Code—The HTTP status code.
- Direction—The direction of the packet. It is directed either towards the internet or to the customer's network.
- Threats—Any threats associated with the request.
- Threat Types—The types of threats associated with the request.
- SHA256 Hash—The hex digest of the response content.
- Cisco AMP Result—The malware detected by AMP.
- Cisco AMP Disposition—What action was taken on the file download.
- Cisco AMP Score—The risk score associated with the downloaded file. This field returns blank unless the verdict is Unknown, in which the value will be 0.
- Antivirus Result—Threats detected by the antivirus.
- Potentially Unwanted Applications—A list of all potentially unwanted application (PUA) results for the proxied file as returned by the antivirus scanner.
- Detected Response File Type—The file type of the response, as detected by the file type control that blocked the request based on factors such as URL or content type header.
- Isolated State—Whether the Remote Browser Isolation state was isolated or not.
- Data Loss Prevention State—Whether the DLP status was allowed or blocked.
- Tenant Controls—Whether the request is Tenant Application Access Control protected.
Zero Trust Access Activity Search Fields
The Activity Search report displays the Zero Trust Access event details.
Field Name | Reports Section | Description |
---|---|---|
Ingress Region | Event Details | The geographic region of the data center where Secure Access received the incoming traffic. |
Resource Connector Group | Event Details | The ID of the resource connector group that provides access to the private resource. |
Tunnel Type | Event Details | The type of traffic supported by the network tunnel, which the endpoint established with the proxy. The transport protocol on the tunnel is either HTTP or HTTP3. |
Transaction ID | Event Details | The unique ID associated with the Zero Trust request. Use the transaction ID to correlate and troubleshoot connection issues. |
Block Reason | Block Details | Secure Access provides an explanation for blocking access to the private resource. |
Associated Rule | Block Details | When access was blocked for not meeting access or posture requirements, Secure Access reports the closest matched policy rule that would have allowed access. |
Associated Posture | Block Details | The posture profile that is configured for the associated rule. |
Endpoint Application | Endpoint Details | The name of the endpoint application, which initiated the connection. |
Application Signature | Endpoint Details | The SHA256 signature of the endpoint application process. |
Endpoint Username | Endpoint Details | The username that is associated with the endpoint application process. |
Top Categories Report
You can export the results of the Top Categories Report to a CSV format. For more information, see Export Report Data to CSV and Top Categories Report.
Fields in the Top Categories Report:
- Category—A content category in which a request was made. See Manage Content Categories.
- Count—The number of requests made for the category.
Top Destinations Report
You can export the results of the Top Destinations Report to a CSV format. For more information, see Export Report Data to CSV and Top Destinations Report.
Fields in the Top Destinations Report:
- Domain—The domain that was requested.
- Query Count—The number of requests for the domain.
- Categories—The content categories that matched against the destination requested. See Manage Content Categories.
Top Resources Report
You can export the results of the Top Resources Report to a CSV format. For more information, see Export Report Data to CSV.
Fields in the Top Resources Report:
- Identity—The identity making requests.
- Query Count—The number of requests made by the identity.
Log Formats and Versioning < Reports and CSV Formats > Admin Audit Log Formats
Updated 5 months ago