Column selection options
You can filter your firewall reports and choose which data to view from your firewall reports.
After you generate a report, you can filter the information shown in the report and change the information shown in the columns. To do this, click the column selection button in the table area, on the column's right-hand side. Choose the columns for the information you want to see. This generates a new report with the filtered information shown.
There are different column selection options for each report template. There is a default field for each report template that you can't deselect. The table rows are combined by this field. For example, if the default field is Hits, and a website has 3 hits, there is one row shown for this information.
Note
For each default report template, there's a column selection option called Firewall Device. If this option is selected, the table rows are combined by this field, rather than the default field.
For a list of options for the default report templates, see the tables below:
ATP
Heading | Column options |
---|---|
General | Date Executable Status Component |
Network | Source IP Source Country Source Port Destination IP Destination Country Destination Port |
Connection | User Login User Hits: Selected by default. The table rows are combined by this field. You can't deselect this field. |
Threats and Security | Threat Process User Event ID Event Type Endpoint ID |
Web and Application | URL |
Antivirus
Heading | Column options |
---|---|
General | Date Status Log Type Component |
Protocol | Recipient Sender |
Threats and Security | Malware File |
Web and Application | URL Domain |
Connection | User Bytes Sent Bytes Received Bytes Hits: Selected by default. The table rows are combined by this field. You can't deselect this field. |
Network | Source IP Destination IP Destination Port Source Country Destination Country |
Bandwidth usage
Heading | Column options |
---|---|
General | Date Component Status Firewall Rule ID |
Network | Source IP Source Port Source Country Destination IP Destination Port Destination Country Source Zone Destination Zone |
Connection | User User Group Hits Bytes Received Bytes Sent Bytes: Selected by default. The table rows are combined by this field. You can't deselect this field. |
Web and Application | Application Risk Technology Category App Resolver Classification Qualifier |
Cloud app risks and usage
Heading | Column options |
---|---|
General | Date Firewall Rule ID Status Firewall device |
Network | Source IP Source Port Source Country Destination IP Destination Port Destination Country Source Zone Destination Zone |
Connection | User User Group Hits Bytes Received Bytes Sent Bytes: Selected by default. The table rows are combined by this field. You can't deselect this field. |
Web and Application | Application Category Risk Parent Application Parent Application Category Parent Application Risk Classification |
Firewall
Heading | Column options |
---|---|
General | Date Component Firewall Rule ID Firewall Rule Type Status Qualifier Classification |
Network | Source IP Source Port Destination IP Destination Port Protocol Source Zone Destination Zone Source Country Destination Country |
Connection | Bytes Bytes Received Bytes Sent Hits: Selected by default. The table rows are combined by this field. You can't deselect this field. User |
Web and Application | Application Risk Category App Resolver |
Threats and Security | Heartbeat |
IPS
Heading | Column options |
---|---|
General | Date Log Subtype Component Firewall Rule ID Message |
Network | Source IP Destination IP Destination Port OS Source Zone Destination Zone Source Country Destination Country |
Connection | Hits: Selected by default. The table rows are combined by this field. You can't deselect this field. Bytes User User Group Bytes Received Bytes Sent |
Threats and Security | Classification Signature ID Category Severity IPS Policy ID Victim |
Log viewer & search
Heading | Column options |
---|---|
General | Date: Selected by default. The table rows are combined by this field. You can't deselect this field. Log ID Log Type Component Log Subtype Firewall Rule ID Firewall Rule Type Message Classification OS Verdict Message ID Quarantine Reason Status End Time User Full Name System CPU Usage User CPU Usage Idle CPU Usage Memory Usage Unit Total Memory Usage Free Memory Usage Used Memory Usage Configuration Disk Usage Report Disk Usage Signature Disk Usage Temp Disk Usage |
Threats and Security | Severity IPS Policy ID Heartbeat Rule Priority Signature ID Category Victim Policy Name Malware File Name File Type SHA256 Source Event ID Event Type Login User Process User Reported ID Reported Host Reported AT |
Network | Duration In Interface Out Interface Source Mac Source IP Source Port Destination IP Destination Port Packets Sent Packets Received Source Zone Type Source Zone Destination Zone Type Source Country Destination Country Destination Zone Connection ID Master Connection ID Destination Mac Download File Download File Type Upload File Upload File Type Source Host Destination Host Reported IP Reported Port Local Network Remote Network Lease Time Interface SSID |
Web and Application | Web Policy ID App Filter Policy ID Application Risk APP Category Technology App Resolver Qualifier IS Cloud App Parent Application Parent Application Category Parent Application Risk HTTP Category Category Type URL Content Type Override Token Override Name Override Authorizer Domain Exceptions Activity Name HTTP User Agent HTTP Status Transaction ID HTTP Referrer Used Quota Content Filter Key Action Context Prefix Context Match Context Suffix File Size Executable Command HTTP Query HTTP Cookie HTTP Method HTTP Response Time Search Key |
Connection | User User Group Bytes Received Bytes Sent Bytes Direction Connection Event Client Used Auth Mechanism Start Time Access Type Connection Name Connection Type Name Received kbits Transmitted Kbits Received Errors Transmitted Drops Collisions Transmitted Errors Received Drops |
Protocol | Protocol ICMP Type ICMP Code Source Transaction IP Source Transaction Port Destination Transaction IP Destination Transaction Port Subject Sender Recipient Email Size |
SSL TLS Policy | Rule ID Profile ID Bitmask Key Type Resumed Certificate Chain Served Key Param Fingerprint Cipher Suite SNI Rule Name Profile Name TLS Version |
Zero-day protection events
Heading | Column options |
---|---|
General | Date Log Subtype Component Verdict |
Network | Source IP Destination IP Destination Port Source |
Threats and Security | File Name File Type SHA256 Threat Intelligence |
Connection | Hits: Selected by default. The table rows are combined by this field. You can't deselect this field. Bytes User User Group Bytes Received Bytes Sent |
Web and Application | Domain Application |
Protocol | Subject |
Threat geo activity
Heading | Column options |
---|---|
Network | Source Country Destination Country |
Threats and Security | ATP Antivirus IPS Zero-day protection Total Hits: Selected by default. The table rows are combined by this field. You can't deselect this field. |
Threats & events blocked
Heading | Column options |
---|---|
Network | Source IP Destination IP Source Country Destination Country |
Connection | Antivirus ATP Firewall IPS Zero-day protection events Web Web application firewall Total Threats: Selected by default. The table rows are combined by this field. You can't deselect this field. |
VPN usage
Heading | Column options |
---|---|
General | Date Status Component |
Connection | User User Group Connection Name Bytes Sent Bytes Received Bytes: Selected by default. The table rows are combined by this field. You can't deselect this field. Hits |
Network | Duration Source IP Reported IP Destination IP Source Country Destination Country |
Threats and Security | RED ID |
Web usage
Heading | Column options |
---|---|
General | Date Status Component |
Connection | Hits: Selected by default. The table rows are combined by this field. You can't deselect this field. Bytes User User Group Bytes Received Bytes Sent Connection Direction |
Web and Application | Category Category Type Domain URL Application Search Key |
Threats and Security | Malware File Name File Path Content Type |
Network | Source IP Destination IP |