docs/reference/filebeat/exported-fields-sophos.md
% This file is generated! See dev-tools/mage/generate_fields_docs.go
sophos Module
stack: beta
Module for parsing sophosxg syslog.
sophos.xg.action
: Event Action
type: keyword
sophos.xg.activityname
: Web policy activity that matched and caused the policy result.
type: keyword
sophos.xg.ap
: Access Point Serial ID or LocalWifi0 or LocalWifi1.
type: keyword
sophos.xg.app_category
: Name of the category under which application falls
type: keyword
sophos.xg.app_filter_policy_id
: Application filter policy ID applied on the traffic
type: keyword
sophos.xg.app_is_cloud
: Application is Cloud
type: keyword
sophos.xg.app_name
: Application name
type: keyword
sophos.xg.app_resolved_by
: Application is resolved by signature or synchronized application
type: keyword
sophos.xg.app_risk
: Risk level assigned to the application
type: keyword
sophos.xg.app_technology
: Technology of the application
type: keyword
sophos.xg.appfilter_policy_id
: Application Filter policy applied on the traffic
type: integer
sophos.xg.application
: Application name
type: keyword
sophos.xg.application_category
: Application is resolved by signature or synchronized application
type: keyword
sophos.xg.application_filter_policy
: Application Filter policy applied on the traffic
type: integer
sophos.xg.application_name
: Application name
type: keyword
sophos.xg.application_risk
: Risk level assigned to the application
type: keyword
sophos.xg.application_technology
: Technology of the application
type: keyword
sophos.xg.appresolvedby
: Technology of the application
type: keyword
sophos.xg.auth_client
: Auth Client
type: keyword
sophos.xg.auth_mechanism
: Auth mechanism
type: keyword
sophos.xg.av_policy_name
: Malware scanning policy name which is applied on the traffic
type: keyword
sophos.xg.backup_mode
: Backup mode
type: keyword
sophos.xg.branch_name
: Branch Name
type: keyword
sophos.xg.category
: IPS signature category.
type: keyword
sophos.xg.category_type
: Type of category under which website falls
type: keyword
sophos.xg.classification
: Signature classification
type: keyword
sophos.xg.client_host_name
: Client host name
type: keyword
sophos.xg.client_physical_address
: Client physical address
type: keyword
sophos.xg.clients_conn_ssid
: Number of client connected to the SSID.
type: long
sophos.xg.collisions
: collisions
type: long
sophos.xg.con_event
: Event Start/Stop
type: keyword
sophos.xg.con_id
: Unique identifier of connection
type: integer
sophos.xg.configuration
: Configuration
type: float
sophos.xg.conn_id
: Unique identifier of connection
type: integer
sophos.xg.connectionname
: Connectionname
type: keyword
sophos.xg.connectiontype
: Connectiontype
type: keyword
sophos.xg.connevent
: Event on which this log is generated
type: keyword
sophos.xg.connid
: Connection ID
type: keyword
sophos.xg.content_type
: Type of the content
type: keyword
sophos.xg.contenttype
: Type of the content
type: keyword
sophos.xg.context_match
: Context Match
type: keyword
sophos.xg.context_prefix
: Content Prefix
type: keyword
sophos.xg.context_suffix
: Context Suffix
type: keyword
sophos.xg.cookie
: cookie
type: keyword
sophos.xg.date
: Date (yyyy-mm-dd) when the event occurred
type: date
sophos.xg.destinationip
: Original destination IP address of traffic
type: ip
sophos.xg.device
: device
type: keyword
sophos.xg.device_id
: Serial number of the device
type: keyword
sophos.xg.device_model
: Model number of the device
type: keyword
sophos.xg.device_name
: Model number of the device
type: keyword
sophos.xg.dictionary_name
: Dictionary Name
type: keyword
sophos.xg.dir_disp
: TPacket direction. Possible values:“org”, “reply”, “”
type: keyword
sophos.xg.direction
: Direction
type: keyword
sophos.xg.domainname
: Domain from which virus was downloaded
type: keyword
sophos.xg.download_file_name
: Download file name
type: keyword
sophos.xg.download_file_type
: Download file type
type: keyword
sophos.xg.dst_country_code
: Code of the country to which the destination IP belongs
type: keyword
sophos.xg.dst_domainname
: Receiver domain name
type: keyword
sophos.xg.dst_ip
: Original destination IP address of traffic
type: ip
sophos.xg.dst_port
: Original destination port of TCP and UDP traffic
type: integer
sophos.xg.dst_zone_type
: Type of destination zone
type: keyword
sophos.xg.dstdomain
: Destination Domain
type: keyword
sophos.xg.duration
: Durability of traffic (seconds)
type: long
sophos.xg.email_subject
: Email Subject
type: keyword
sophos.xg.ep_uuid
: Endpoint UUID
type: keyword
sophos.xg.ether_type
: ethernet frame type
type: keyword
sophos.xg.eventid
: ATP Evenet ID
type: keyword
sophos.xg.eventtime
: Event time
type: date
sophos.xg.eventtype
: ATP event type
type: keyword
sophos.xg.exceptions
: List of the checks excluded by web exceptions.
type: keyword
sophos.xg.execution_path
: ATP execution path
type: keyword
sophos.xg.extra
: extra
type: keyword
sophos.xg.file_name
: Filename
type: keyword
sophos.xg.file_path
: File path
type: keyword
sophos.xg.file_size
: File Size
type: integer
sophos.xg.filename
: File name associated with the event
type: keyword
sophos.xg.filepath
: Path of the file containing virus
type: keyword
sophos.xg.filesize
: Size of the file that contained virus
type: integer
sophos.xg.free
: free
type: integer
sophos.xg.from_email_address
: Sender email address
type: keyword
sophos.xg.ftp_direction
: Direction of FTP transfer: Upload or Download
type: keyword
sophos.xg.ftp_url
: FTP URL from which virus was downloaded
type: keyword
sophos.xg.ftpcommand
: FTP command used when virus was found
type: keyword
sophos.xg.fw_rule_id
: Firewall Rule ID which is applied on the traffic
type: integer
sophos.xg.fw_rule_type
: Firewall rule type which is applied on the traffic
type: keyword
sophos.xg.hb_health
: Heartbeat status
type: keyword
sophos.xg.hb_status
: Heartbeat status
type: keyword
sophos.xg.host
: Host
type: keyword
sophos.xg.http_category
: HTTP Category
type: keyword
sophos.xg.http_category_type
: HTTP Category Type
type: keyword
sophos.xg.httpresponsecode
: code of HTTP response
type: long
sophos.xg.iap
: Internet Access policy ID applied on the traffic
type: keyword
sophos.xg.icmp_code
: ICMP code of ICMP traffic
type: keyword
sophos.xg.icmp_type
: ICMP type of ICMP traffic
type: keyword
sophos.xg.idle_cpu
: idle ##
type: float
sophos.xg.idp_policy_id
: IPS policy ID which is applied on the traffic
type: integer
sophos.xg.idp_policy_name
: IPS policy name i.e. IPS policy name which is applied on the traffic
type: keyword
sophos.xg.in_interface
: Interface for incoming traffic, e.g., Port A
type: keyword
sophos.xg.interface
: interface
type: keyword
sophos.xg.ipaddress
: Ipaddress
type: keyword
sophos.xg.ips_policy_id
: IPS policy ID applied on the traffic
type: integer
sophos.xg.lease_time
: Lease Time
type: keyword
sophos.xg.localgateway
: Localgateway
type: keyword
sophos.xg.localnetwork
: Localnetwork
type: keyword
sophos.xg.log_component
: Component responsible for logging e.g. Firewall rule
type: keyword
sophos.xg.log_id
: Unique 12 characters code (0101011)
type: keyword
sophos.xg.log_subtype
: Sub type of event
type: keyword
sophos.xg.log_type
: Type of event e.g. firewall event
type: keyword
sophos.xg.log_version
: Log Version
type: keyword
sophos.xg.login_user
: ATP login user
type: keyword
sophos.xg.mailid
: mailid
type: keyword
sophos.xg.mailsize
: mailsize
type: integer
sophos.xg.message
: Message
type: keyword
sophos.xg.mode
: Mode
type: keyword
sophos.xg.nat_rule_id
: NAT Rule ID
type: keyword
sophos.xg.newversion
: Newversion
type: keyword
sophos.xg.oldversion
: Oldversion
type: keyword
sophos.xg.out_interface
: Interface for outgoing traffic, e.g., Port B
type: keyword
sophos.xg.override_authorizer
: Override authorizer
type: keyword
sophos.xg.override_name
: Override name
type: keyword
sophos.xg.override_token
: Override token
type: keyword
sophos.xg.phpsessid
: PHP session ID
type: keyword
sophos.xg.platform
: Platform of the traffic.
type: keyword
sophos.xg.policy_type
: Policy type applied to the traffic
type: keyword
sophos.xg.priority
: Severity level of traffic
type: keyword
sophos.xg.protocol
: Protocol number of traffic
type: keyword
sophos.xg.qualifier
: Qualifier
type: keyword
sophos.xg.quarantine
: Path and filename of the file quarantined
type: keyword
sophos.xg.quarantine_reason
: Quarantine reason
type: keyword
sophos.xg.querystring
: querystring
type: keyword
sophos.xg.raw_data
: Raw data
type: keyword
sophos.xg.received_pkts
: Total number of packets received
type: long
sophos.xg.receiveddrops
: received drops
type: long
sophos.xg.receivederrors
: received errors
type: keyword
sophos.xg.receivedkbits
: received kbits
type: long
sophos.xg.recv_bytes
: Total number of bytes received
type: long
sophos.xg.red_id
: RED ID
type: keyword
sophos.xg.referer
: Referer
type: keyword
sophos.xg.remote_ip
: Remote IP
type: ip
sophos.xg.remotenetwork
: remotenetwork
type: keyword
sophos.xg.reported_host
: Reported Host
type: keyword
sophos.xg.reported_ip
: Reported IP
type: keyword
sophos.xg.reports
: Reports
type: float
sophos.xg.rule_priority
: Priority of IPS policy
type: keyword
sophos.xg.sent_bytes
: Total number of bytes sent
type: long
sophos.xg.sent_pkts
: Total number of packets sent
type: long
sophos.xg.server
: Server
type: keyword
sophos.xg.sessionid
: Sessionid
type: keyword
sophos.xg.sha1sum
: SHA1 checksum of the item being analyzed
type: keyword
sophos.xg.signature
: Signature
type: float
sophos.xg.signature_id
: Signature ID
type: keyword
sophos.xg.signature_msg
: Signature messsage
type: keyword
sophos.xg.site_category
: Site Category
type: keyword
sophos.xg.source
: Source
type: keyword
sophos.xg.sourceip
: Original source IP address of traffic
type: ip
sophos.xg.spamaction
: Spam Action
type: keyword
sophos.xg.sqli
: related SQLI caught by the WAF
type: keyword
sophos.xg.src_country_code
: Code of the country to which the source IP belongs
type: keyword
sophos.xg.src_domainname
: Sender domain name
type: keyword
sophos.xg.src_ip
: Original source IP address of traffic
type: ip
sophos.xg.src_mac
: Original source MAC address of traffic
type: keyword
sophos.xg.src_port
: Original source port of TCP and UDP traffic
type: integer
sophos.xg.src_zone_type
: Type of source zone
type: keyword
sophos.xg.ssid
: Configured SSID name.
type: keyword
sophos.xg.start_time
: Start time
type: date
sophos.xg.starttime
: Starttime
type: date
sophos.xg.status
: Ultimate status of traffic – Allowed or Denied
type: keyword
sophos.xg.status_code
: Status code
type: keyword
sophos.xg.subject
: Email subject
type: keyword
sophos.xg.syslog_server_name
: Syslog server name.
type: keyword
sophos.xg.system_cpu
: system
type: float
sophos.xg.target
: Platform of the traffic.
type: keyword
sophos.xg.temp
: Temp
type: float
sophos.xg.threatname
: ATP threatname
type: keyword
sophos.xg.timestamp
: timestamp
type: date
sophos.xg.timezone
: Time (hh:mm:ss) when the event occurred
type: keyword
sophos.xg.to_email_address
: Receipeint email address
type: keyword
sophos.xg.total_memory
: Total Memory
type: integer
sophos.xg.trans_dst_ip
: Translated destination IP address for outgoing traffic
type: ip
sophos.xg.trans_dst_port
: Translated destination port for outgoing traffic
type: integer
sophos.xg.trans_src_ip
: Translated source IP address for outgoing traffic
type: ip
sophos.xg.trans_src_port
: Translated source port for outgoing traffic
type: integer
sophos.xg.transaction_id
: Transaction ID
type: keyword
sophos.xg.transactionid
: Transaction ID of the AV scan.
type: keyword
sophos.xg.transmitteddrops
: transmitted drops
type: long
sophos.xg.transmittederrors
: transmitted errors
type: keyword
sophos.xg.transmittedkbits
: transmitted kbits
type: long
sophos.xg.unit
: unit
type: keyword
sophos.xg.updatedip
: updatedip
type: ip
sophos.xg.upload_file_name
: Upload file name
type: keyword
sophos.xg.upload_file_type
: Upload file type
type: keyword
sophos.xg.url
: URL from which virus was downloaded
type: keyword
sophos.xg.used
: used
type: integer
sophos.xg.used_quota
: Used Quota
type: keyword
sophos.xg.user
: User
type: keyword
sophos.xg.user_cpu
: system
type: float
sophos.xg.user_gp
: Group name to which the user belongs.
type: keyword
sophos.xg.user_group
: Group name to which the user belongs
type: keyword
sophos.xg.user_name
: user_name
type: keyword
sophos.xg.users
: Number of users from System Health / Live User events.
type: long
sophos.xg.vconn_id
: Connection ID of the master connection
type: integer
sophos.xg.virus
: virus name
type: keyword
sophos.xg.web_policy_id
: Web policy ID
type: keyword
sophos.xg.website
: Website
type: keyword
sophos.xg.xss
: related XSS caught by the WAF
type: keyword