Unified Events Column Descriptions
Values in some fields depend on the event type. Field correspondences for the default fields are as follows:
|
Unified Events Field Name |
Connection or Security Intelligence Event Field Name |
Intrusion Event Field Name |
File Event Field Name |
Malware Event Field Name |
|---|---|---|---|---|
|
Time |
First Packet See note below. |
Time |
Time |
Time |
|
Event Type |
-- |
-- |
-- |
-- |
|
Action |
Action |
Inline Result |
Action |
Action |
|
Reason |
Reason |
Reason |
(Not applicable) |
(Not applicable) |
|
Source IP |
Initiator IP |
Source IP |
Sending IP |
Sending IP |
|
Destination IP |
Responder IP |
Destination IP |
Receiving IP |
Receiving IP |
|
Source Port/ICMP Type |
Source Port |
Source Port |
Sending Port |
Sending Port |
|
Destination Port/ ICMP Type |
Destination Port |
Destination Port |
Receiving Port |
Receiving Port |
|
Web Application |
Web Application |
Web Application |
Web Application |
Web Application |
|
Rule |
Access Control Rule |
Access Control Rule |
(Not applicable) |
(Not applicable) |
|
Policy |
Access Control Policy |
Intrusion Policy |
File Policy |
File Policy |
|
Device |
Device |
Device |
Device |
Device |
Click the column picker (
) icon to see all event fields and their correspondences.
Note | Even if you have not enabled logging at the beginning of the connection, the system has and uses this value as the time field in the unified events table. To determine whether a connection event was logged at the beginning and end of the connection, expand the event's row to view details. If both ends of the connection were logged, you see a Last Packet field. |