RAVPN Push Security Events

Secure Access Key	Type	Description
specversion	string	The version of the Push Security Event schema.
type	string	The type of the security event.
source	string	The unique label that describes the source of the security event.
orgid	integer	The unique identifier of the organization.
integrationid	string	The unique identifier of the integration.
id	string	The unique identifier for the push security event.
time	string	The date and time when the system sent the event. The system formats the timestamp in the ISO 8601 format.
datacontenttype	string	The type of the content in the push security event.
data	object	The properties of the data for the push security events.

data

Secure Access Key	Type	Description
events	array	The list of push security event messages.

data.events

Secure Access Key	OCSF Key	Type	Description
activity_id		integer	The unique identifier of the activity that triggered the security event.
category_uid		integer	The unique identifier of the security event category.
cisco_event_id	Event ID	string	The unique identifier of the security event.
cisco_event_type		string	The type of the security event.
cisco_organization_id	Organization ID	number	The unique identifier of the organization.
cisco_asa		object
cisco_dtls_ipsec_tunnel		object
cisco_endpoint_posture		object	The properties of the endpoint posture profile.
cisco_origin		object	The properties of the origin.
cisco_ravpn_metadata		object	The properties of the Cisco metadata for the RAVPN connection.
cisco_ravpn_session		object	The properties of the RAVPN session.
cisco_ssl_ike_tunnel		object
class_uid		integer	The unique identifier of the class.
cloud		object	The properties of the cloud deployment.
device		object	The properties of the device.
metadata		object	The metadata for the security event.
policy		object	The properties of the components and profiles for the access rules in the Access policy.
severity_id		number	The unique identifier of the severity.
src_endpoint		object	The properties of the client endpoint.
time	Time	string	The date and time when the system recorded the security event. The system formats the timestamp in milliseconds since the Unix Epoch.
type_uid		integer	The unique identifier of the type for the security event.

data.events.cisco_asa

Secure Access Key	OCSF Key	Type
full_log_print_specifiers	ASA full log print specifiers	string
syslog_class	ASA syslog class	string
syslog_descriptor	ASA syslog Descriptor	string
syslog_id	ASA syslog ID	string
syslog_id_with_version	ASA syslog ID with version	string
syslog_severity	ASA syslog severity	string

data.events.cisco_dtls_ipsec_tunnel

Secure Access Key	OCSF Key	Type	Description
bytes_received	Bytes Received	number	The number of bytes received by the system on the network tunnel.
bytes_transmitted	Bytes Transmitted	number	The number of bytes transmitted by the system on the network tunnel.
cipher_suite	Cipher Suite	string	The cipher suite supported on the network tunnel.
compression	Compression Algorithm	string	The network compression algorithm used by the system on the network tunnel.
connection_timeout	Connection Timeout	string	The connection timeout supported on the network tunnel.
connection_timeout_left	Connection Timeout Left	string	The number of milliseconds left on the connection timeout.
destination_port	Destination Port	number	The port number of the destination.
dh_group	DH Group	string	The label for the Diffie Hellman group.
encapsulation	Encapsulation	string	The encapsulation supported for the messages on the IPsec tunnel.
encryption	Encryption	string	The encryption supported for the messages on the IPsec tunnel.
filter_name	Filter Name	string	The name used to filter the traffic on the IPsec tunnel.
hashing	Hashing	string	The type of hash function used with the IPsec traffic.
id	ID	string	The identifier of the Ipsec tunnel.
idle_timeout	Idle Timeout	string	The idle timeout set for the IPsec tunnel.
idle_timeout_left	Idle Timeout Left	string	The time remaining on the idle timeout for the IPsec tunnel.
ipv6_filter_name	IPv6 Filter Name	string	The IPv6 address used to filter for the name of the IPsec tunnel.
local_selector	Local selector	string	The local selector of the IPsec tunnel.
packets_received	Packets Received	number	The packets received on the IPsec tunnel.
packets_received_dropped	Packets Received Dropped	number	The packets received on the IPsec tunnel and then dropped by the system.
packets_transmitted	Packets Transmitted	number	The number of packets transmitted on the IPsec tunnel.
packets_transmitted_dropped	Packets Transmitted Dropped	number	The number of packets transmitted on the IPsec tunnel and then dropped by the system.
pfs_group	PFS Group	string	The Perfect Forward Secrecy (PFS) group used by the Internet Key Exchange (IKE) protocol with the IPsec tunnel.
prf	PRF algorithm	string	The Pseudo-Random Function (PRF) (cryptographic algorithm) used by the system to generate secrets for the IPsec tunnel.
rekey_data	Rekey data	string	The data transmitted before the system modifies the encryption key.
rekey_data_left	Rekey data left	string	The data remaining to be transmitted before the system modifies the encryption key.
rekey_interval	Rekey Interval	string	The time interval before the system modifies the the encryption key.
rekey_interval_left	Rekey Interval Left	string	The time remaining before the system modifies the the encryption key.
remote_selector	Remote Selector	string	The label of the remote selector.
source_port	Source Port	number	The port number of the client endpoint.

data.events.cisco_endpoint_posture

Secure Access Key	OCSF Key	Type	Description
dap_connection_type	DAP Connection Type	string	The type of the connection in use by the end user's device.
dap_record_name	DAP Record Name	string	The record name of connection in use by the end user's device.

data.events.cisco_origin

Secure Access Key	OCSF Key	Type	Description
id	Origin ID	integer	The unique identifier of the endpoint.
type	Origin Type	string	The type of the endpoint, for example: Networks or AD Computer.
user_id	User ID	number	The identifier of the end user.

data.events.cisco_ravpn_metadata

Secure Access Key	OCSF Key	Type	Description
anyconnect_version	Any Connect Version	string	The version of the AnyConnect client on the device.
event_type	Event Type	string	The type of the event observed on the device with the AnyConnect client.

data.events.cisco_ravpn_session

Secure Access Key	OCSF Key	Type	Description
assigned_ip	Assigned IP	string	The IPv4 address assigned to the RAVPN session.
assigned_ipv6	Assigned IPv6	string	The IPv6 address assigned to the RAVPN session.
audit_session_id	Audit Session ID	string	The identifier of the session for the audit log.
connected_at	Connected At	number	The time and date when the client connected to the system.
disconnection_reason	Disconnection Reason	string	The reason that explains why the session disconnected from the system.
duration	Duration	string	The length of time that the client session was in progress.
id	Session ID	string	The identifier of the client session.
inactivity	Inactivity	string	The time and date of the inactivity on the client session.
public_ip	Public IP	string	The public IPv4 address associated with the client session.
public_ipv6	Public IPv6	string	The public IPv6 address associated with the client session.
redirect_acl	Redirect ACL	string	The access control list used by the system to redirect traffic.
redirect_url	Redirect URL	string	The URL used by the system to redirect traffic.
security_group_tag	Security Group Tag	string	The security group tag associated with the client.
session_type	Session Type	string	The type of the client session.
vpn_profile	VPN Profile	string	The name of the VPN profile in use by the client session.
warning_reason	Warning Reason	string	The reason that explains why the system recorded a warning about the client session.

data.events.cisco_ssl_ike_tunnel

Secure Access Key	OCSF Key	Type	Description
bytes_received	Bytes Received	number	The number of bytes received on the network tunnel.
bytes_transmitted	Bytes Transmitted	number	The number of bytes transmitted on the network tunnel.
cipher_suite	Cipher Suite	string	The cipher suite supported on the network tunnel.
compression	Compression Algorithm	string	The network compression algorithm used by the system on the network tunnel.
connection_timeout	Connection Timeout	string	The connection timeout supported on the network tunnel.
connection_timeout_left	Connection Timeout Left	string	The number of milliseconds left on the connection timeout.
destination_port	Destination Port	number
dh_group	DH Group	string	The label for the Diffie Hellman group.
encapsulation	Encapsulation	string	The encapsulation supported for the messages on the network tunnel.
encryption	Encryption	string	The encryption supported for the messages on the network tunnel.
filter_name	Filter Name	string	The name used to filter the traffic on the network tunnel.
hashing	Hashing	string	The type of hash function used with the network traffic.
id	ID	string	The identifier of the Ipsec tunnel.
idle_timeout	Idle Timeout	string	The idle timeout set for the IPsec tunnel.
idle_timeout_left	Idle Timeout Left	string	The time remaining on the idle timeout for the network tunnel.
ipv6_filter_name	IPv6 Filter Name	string	The IPv6 address used to filter for the name of the network tunnel.
local_selector	Local selector	string	The local selector of the network tunnel.
packets_received	Packets Received	number	The packets received on the network tunnel.
packets_received_dropped	Packets Received Dropped	number	The packets received on the network tunnel and then dropped by the system.
packets_transmitted	Packets Transmitted	number	The number of packets transmitted on the network tunnel.
packets_transmitted_dropped	Packets Transmitted Dropped	number	The number of packets transmitted on the network tunnel and then dropped by the system.
pfs_group	PFS Group	string	The Perfect Forward Secrecy (PFS) group used by the Internet Key Exchange (IKE) protocol with the network tunnel.
prf	PRF algorithm	string	The Pseudo-Random Function (PRF) (cryptographic algorithm) used by the system to generate secrets for the network tunnel.
rekey_data	Rekey data	string	The data transmitted before the system modifies the encryption key.
rekey_data_left	Rekey data left	string	The data remaining to be transmitted before the system modifies the encryption key.
rekey_interval	Rekey Interval	string	The time interval before the system modifies the the encryption key.
rekey_interval_left	Rekey Interval Left	string	The time remaining before the system modifies the the encryption key.
remote_selector	Remote Selector	string	The label of the remote selector.
source_port	Source Port	number	The port number of the client endpoint.

data.events.cloud

Secure Access Key	OCSF Key	Type	Description
region	Aws Region	string	The region where the system deployed the firewall service.

data.events.device

Secure Access Key	OCSF Key	Type	Description
os	OS Version	object	The properties of the operating system installed on the device.

data.events.device.os

Secure Access Key	OCSF Key	Type	Description
version		string	The version of the operating system installed on the device.

data.events.metadata

Secure Access Key	OCSF Key	Type	Description
product		object	The properties of the product.
version		string	The version of the product.

data.events.metadata.product

Secure Access Key	OCSF Key	Type	Description
name		string	The name of the product.

data.events.policy

Secure Access Key	OCSF Key	Type	Description
data		object	The properties of the data in the organization's Access policy.

data.events.policy.data

Secure Access Key	OCSF Key	Type	Description
failed_reasons	Failed Reasons	array(string)	The reason that describes the failure connecting to the destination.

data.events.src_endpoint

Secure Access Key	OCSF Key	Type	Description
name		string	The hostname of the client endpoint.