Reports and CSV Formats

Cisco Secure Access has various reports that you can download from Secure Access in the comma-separated values (CSV) format. For information about the size of a report, see Estimate the Size of an Exported Report.

Table of Contents

• Activity Search Report
  • Zero Trust Access Activity Search Fields
• Top Categories Report
• Top Destinations Report
• Top Resources Report

Activity Search Report

You can export the results of the Activity Search Report to a CSV format. For more information, see Export Report Data to CSV and Activity Search Report.

Fields in the Activity Search Report:

• Type—The type of request made, such as DNS.
• Date—The date the request was made.
• Time—The time the request was made, in UTC.
• Action—Whether the request was Allowed or Blocked.
• Errors—Any certificate or protocol errors in the request.
• Ruleset ID—The ID number assigned to the ruleset.
• Ruleset Name—The ruleset that was applied.
• Rule ID—The ID number assigned to the rule.
• Rule Name—The rule that was applied.
• Destination List IDs—The ID number assigned to a destination list.
• Signature List ID—The unique ID assigned to a Default or Custom Signature List.
• IPS Signature—The threat detected in our IPS/IDS protection.
• IPS Signature Severity—The severity of the IPS Signature.
• IPS Signature CVE—Common vulnerabilities and exposures related to the IPS Signature.
• Identities—All tunnel identities associated with this request.
• Identity Types—The types of identity that were associated with the request. For example, Roaming Computers or Networks.
• Policy or Ruleset Identity—The identity that made the request.
• Policy or Ruleset Identity Type—The type of the identity that made the request.
• Forwarding Method—The method used to forward the identity of the client to the proxy.
• Internal IP—The internal IP address that made the request.
• External IP—The external IP address that made the request.
• Source IP—The IP of the computer making the request.
• Destination IP—The destination IP requested.
• Source Port—The port the request was made on.
• Destination Port—The destination port the request was made on.
• Destination—The domain of the request.
• Hostname—The name of the host.
• Categories—The content categories, if any, that matched against the destination IP address or port requested.
• Integrations—Integration categories you set.
• Blocked Categories—The category that resulted in the destination being blocked.
• Application—The application associated with the request.
• Application Category—The categories for any applications associated with the request.
• Query Type—The type of DNS request that was made.
• Content Type—The type of web content; typically text or html.
• Protocol—The actual protocol of the traffic. For example, TCP, UDP, or ICMP.
• Filename—The name of the file.
• File Action (Remote Browser Isolation)—The action taken on a file during a Remote Browser Isolation session.
• Total Size in Bytes—The total size in bytes.
• Request Size—Request size in bytes.
• Response Size—Response size in bytes.
• Packet Size—Packet size in bytes.
• Referrer—The referring domain or URL.
• User Agent—The browser agent that made the request.
• Status Code—The HTTP status code.
• Direction—The direction of the packet. It is directed either towards the internet or to the customer's network.
• Threats—Any threats associated with the request.
• Threat Types—The types of threats associated with the request.
• SHA256 Hash—The hex digest of the response content.
• Cisco AMP Result—The malware detected by AMP.
• Cisco AMP Disposition—What action was taken on the file download.
• Cisco AMP Score—The risk score associated with the downloaded file. This field returns blank unless the verdict is Unknown, in which the value will be 0.
• Antivirus Result—Threats detected by the antivirus.
• Potentially Unwanted Applications—A list of all potentially unwanted application (PUA) results for the proxied file as returned by the antivirus scanner.
• Detected Response File Type—The file type of the response, as detected by the file type control that blocked the request based on factors such as URL or content type header.
• Isolated State—Whether the Remote Browser Isolation state was isolated or not.
• Data Loss Prevention State—Whether the DLP status was allowed or blocked.
• Tenant Controls—Whether the request is Tenant Application Access Control protected.

Zero Trust Access Activity Search Fields

The Activity Search report displays the Zero Trust Access event details.

Top Categories Report

You can export the results of the Top Categories Report to a CSV format. For more information, see Export Report Data to CSV and Top Categories Report.

Fields in the Top Categories Report:

• Category—A content category in which a request was made. See Manage Content Categories.
• Count—The number of requests made for the category.

Top Destinations Report

You can export the results of the Top Destinations Report to a CSV format. For more information, see Export Report Data to CSV and Top Destinations Report.

Fields in the Top Destinations Report:

• Domain—The domain that was requested.
• Query Count—The number of requests for the domain.
• Categories—The content categories that matched against the destination requested. See Manage Content Categories.

Top Resources Report

You can export the results of the Top Resources Report to a CSV format. For more information, see Export Report Data to CSV.

Fields in the Top Resources Report:

• Identity—The identity making requests.
• Query Count—The number of requests made by the identity.

---

Log Formats and Versioning < Reports and CSV Formats > Admin Audit Log Formats