Unified events column details
Values in some field on the Unified Events page depend on the event type. See this table for values by event type for the default fields.
To see all event fields and their correspondences, use the column picker (
) icon.
|
Unified events field |
Connection or security-related connection event field |
Intrusion event field |
File event field |
Malware event field |
|---|---|---|---|---|
|
Time |
First Packet |
Time |
Time |
Time |
|
Event Type |
-- |
-- |
-- |
-- |
|
Action |
Action |
Inline Result |
Action |
Action |
|
Reason |
Reason |
Reason |
(Not applicable) |
(Not applicable) |
|
Source IP |
Initiator IP |
Source IP |
Sending IP |
Sending IP |
|
Destination IP |
Responder IP |
Destination IP |
Receiving IP |
Receiving IP |
|
Source Port/ICMP Type |
Source Port |
Source Port |
Sending Port |
Sending Port |
|
Destination Port/ ICMP Type |
Destination Port |
Destination Port |
Receiving Port |
Receiving Port |
|
Web Application |
Web Application |
Web Application |
Web Application |
Web Application |
|
Rule |
Access Control Rule |
Access Control Rule |
(Not applicable) |
(Not applicable) |
|
Policy |
Access Control Policy |
Intrusion Policy |
File Policy |
File Policy |
|
Device |
Device |
Device |
Device |
Device |
Note | Even if logging is not enabled at the beginning of a connection, the system has and uses this value as the Time field in the unified events table. To check if a connection event was logged at the beginning and end of the connection, expand the event row for details. If both ends of the connection were logged, you will see a Last Packet field. |