info

The following list represents the data available in the API Explorer Developer Relations sandbox. The sample, simulated data is derived from the following sources:

  • Traffic generators
  • Replayed PCAP files
  • User-ID scripts

The Developer Relations team curates and maintains the available data with the goal of (eventually) reaching 100% coverage.

firewall.traffic

Traffic logs contain entries for the end of each network session, as well as (optionally) the start of a network session. A network session can contain multiple messages sent and received by two communicating endpoints.

firewall.traffic

firewall.threat

Threat logs contain entries for when network traffic matches one of the security profiles attached to a next- generation firewall security rule.

firewall.threat

firewall.eal

EALs are Enhanced Application Logs. The data contained in these logs provide deeper analysis of network traffic than is available from ordinary traffic logs.

firewall.eal

firewall.file_data

Represents a file transfer across the network. These log records can represent either a successful transfer, or an attempted transfer that was blocked by the firewall.

firewall.file_data

firewall.url

URL logs are written by next-generation firewalls whenever network traffic matches a URL Filtering Profile attached to one or more security rules. For example, the firewall generates a log if a rule blocks access to specific web sites or web site categories, or the firewall is configured with a rule to generate an alert when a user accesses a web site.

firewall.url

firewall.userid

User ID logs contain IP address-to-username mappings, authentication timestamps, the sources of the IP- to-username mappings, and so forth.

firewall.userid
Last updated on by Steven Serrata