DLP Push Security Events
| Secure Access Key | Type | Description |
|---|---|---|
| specversion | string | The version of the Push Security Event schema. |
| type | string | The type of the security event. |
| source | string | The unique label that describes the source of the security event. |
| orgid | integer | The unique identifier of the organization. |
| integrationid | string | The unique identifier of the integration. |
| id | string | The unique identifier for the push security event. |
| time | string | The date and time when the system sent the event. The system formats the timestamp in the ISO 8601 format. |
| datacontenttype | string | The type of the content in the push security event. |
| data | object | The properties of the data for the push security events. |
data
| Secure Access Key | Type | Description |
|---|---|---|
| events | array | The list of push security event messages. |
data.events
| Secure Access Key | OCSF Key | Type | Description |
|---|---|---|---|
| activity_id | integer | The unique identifier of the activity that triggered the security event. | |
| category_uid | integer | The unique identifier of the security event category. | |
| cisco_event_id | Event ID | string | The unique identifier of the security event. |
| cisco_event_type | string | The type of the security event. | |
| cisco_organization_id | Organization ID | number | The unique identifier of the organization. |
| cisco_dlp_metadata | object | The properties of the Cisco DLP metadata. | |
| cisco_origins | array | The list of the origins. | |
| class_uid | integer | The unique identifier of the class. | |
| dst_endpoint | object | The properties of the destination. | |
| metadata | object | The metadata for the security event. | |
| policy | object | The properties of the components and profiles for the access rules in the Access policy. | |
| severity_id | number | The unique identifier of the severity. | |
| time | Time | string | The date and time when the system recorded the security event. The system formats the timestamp in milliseconds since the Unix Epoch. |
| type_uid | integer | The unique identifier of the type for the security event. |
data.events.cisco_dlp_metadata
| Secure Access Key | OCSF Key | Type | Description |
|---|---|---|---|
| action | Action | string | The label that describes the action taken by the system for the application. |
| application_name | Application Name | string | The name of the application. |
| content_type | Content Type | string | The type of the content associated with the application. |
| destination_protocol | Destination Protocol | string | The protocol of the application. |
| destination_url | Destination | string | The URL of the application. |
| event_type | Event Type | string | The type of the event observed by the system. |
| file_name | File Name | string | The name of the file associated with the application. |
| owner_email | Owner Email | string | The email address associated with the owner of the application. |
| severity | Severity | string | The descriptive label of the severity. |
| taac_profile_id | Taac Profile ID | string | The identifier of the profile associated with the application. |
| taac_tenant_id | Taac Tenant ID | string | The identifier of the tenant associated with the application. |
| traffic_direction | Traffic Direction | string | The direction of the traffic flow. |
| unique_event_id | string | The unique identifier of the event. |
data.events.cisco_origins
| Secure Access Key | OCSF Key | Type | Description |
|---|---|---|---|
| id | integer | The unique identifier of the endpoint. | |
| type | string | The type of the endpoint. |
data.events.dst_endpoint
| Secure Access Key | OCSF Key | Type | Description |
|---|---|---|---|
| name | string | The hostname of the destination. |
data.events.metadata
| Secure Access Key | OCSF Key | Type | Description |
|---|---|---|---|
| correlation_id | string | The unique identifier of the correlation. | |
| product | object | The properties of the product. | |
| version | string | The version of the product. |
data.events.metadata.product
| Secure Access Key | OCSF Key | Type | Description |
|---|---|---|---|
| name | string | The name of the product. |
data.events.policy
| Secure Access Key | OCSF Key | Type | Description |
|---|---|---|---|
| data | object | The properties of the data in the organization's Access policy. | |
| name | Rule Name | string | The name of the rule in the Access policy. |
data.events.policy.data
| Secure Access Key | OCSF Key | Type | Description |
|---|---|---|---|
| application_category_name | Application Category Name | string | The name of the application category. |
| classification | Classification Name | string | The classification of the application. |
| classifier_name | Classifier Name | string | The name of the classifier. |
| file_hash | File Hash | string | The hash of the file associated with the application. |
| file_label | File Label | string | The label of the file associated with the application. |
| file_size | File Size | number | The size of the file associated with the application. |
| private_resource_group_name | string | The name of the private resource group. | |
| private_resource_name | Private Resource Name | string | The name of the private resource. |