Column selection options

You can filter your firewall reports and choose which data to view from your firewall reports.

After you generate a report, you can filter the information shown in the report and change the information shown in the columns. To do this, click the column selection button Column selection button in the table area, on the column's right-hand side. Choose the columns for the information you want to see. This generates a new report with the filtered information shown.

There are different column selection options for each report template.

Note For each default report template, there's a column selection option called Firewall Device. If this option is selected, the table rows are combined by this field, rather than the default field.

For a list of options for the default report templates, see the tables below:

ATP

Heading

Column options

General

Date

Executable

Status

Component

Network

Source IP

Source Country

Source Port

Destination IP

Destination Country

Destination Port

Connection

User

Login User

Hits: Selected by default. The table rows are combined by this field. For example, if a website has 3 hits there is one row shown for this information.

Threats and Security

Threat

Process User

Event ID

Event Type

Endpoint ID

Web and Application

URL

Antivirus

Heading

Column options

General

Date

Status

Log Type

Component

Protocol

Recipient

Sender

Threats and Security

Malware

File

Web and Application

URL

Domain

Connection

User

Bytes Sent

Bytes Received

Bytes

Hits: Selected by default. The table rows are combined by this field. For example, if a website has 3 hits there is one row shown for this information.

Network

Source IP

Destination IP

Destination Port

Source Country

Destination Country

Bandwidth usage

Heading

Column options

General

Date

Component

Status

Firewall Rule ID

Network

Source IP

Source Port

Source Country

Destination IP

Destination Port

Destination Country

Source Zone

Destination Zone

Connection

User

User Group

Hits

Bytes Received

Bytes Sent

Bytes: Selected by default. The table rows are combined by this field. For example, if a website has 3 hits there is one row shown for this information.

Web and Application

Application

Risk

Technology

Category

App Resolver

Classification

Qualifier

Firewall

Heading

Column options

General

Date

Component

Firewall Rule ID

Firewall Rule Type

Status

Qualifier

Classification

Network

Source IP

Source Port

Destination IP

Destination Port

Protocol

Source Zone

Destination Zone

Source Country

Destination Country

Connection

Bytes

Bytes Received

Bytes Sent

Hits: Selected by default. The table rows are combined by this field. For example, if a website has 3 hits there is one row shown for this information.

User

Web and Application

Application

Risk

Category

App Resolver

Threats and Security

Heartbeat

IPS

Table 1.

Heading

Column options

General

Date

Log Subtype

Component

Firewall Rule ID

Message

Network

Source IP

Destination IP

Destination Port

OS

Source Zone

Destination Zone

Source Country

Destination Country

Connection

Hits: Selected by default. The table rows are combined by this field. For example, if a website has 3 hits there is one row shown for this information.

Bytes

User

User Group

Bytes Received

Bytes Sent

Threats and Security

Classification

Signature ID

Category

Severity

IPS Policy ID

Victim

Log viewer & search

Table 2.

Heading

Column options

General

Date: Selected by default. The table rows are combined by this field. For example, if a website has 3 hits there is one row shown for this information.

Log ID

Log Type

Component

Log Subtype

Firewall Rule ID

Firewall Rule Type

Message

Classification

OS

Reason

Message ID

Quarantine Reason

Status

End Time

User Full Name

System CPU Usage

User CPU Usage

Idle CPU Usage

Memory Usage Unit

Total Memory Usage

Free Memory Usage

Used Memory Usage

Configuration Disk Usage

Report Disk Usage

Signature Disk Usage

Temp Disk Usage

Threats and Security

Severity

IPS Policy ID

Heartbeat

Rule Priority

Signature ID

Category

Victim

Policy Name

Malware

File Name

File Type

SHA256

Source

Event ID

Event Type

Login User

Process User

Reported ID

Reported Host

Reported AT

Network

Duration

In Interface

Out Interface

Source Mac

Source IP

Source Port

Destination IP

Destination Port

Packets Sent

Packets Received

Source Zone Type

Source Zone

Destination Zone Type

Source Country

Destination Country

Destination Zone

Connection ID

Master Connection ID

Destination Mac

Download File

Download File Type

Upload File

Upload File Type

Source Host

Destination Host

Reported IP

Reported Port

Local Network

Remote Network

Lease Time

Interface

SSID

Web and Application

Web Policy ID

App Filter Policy ID

Application

Risk

APP Category

Technology

App Resolver

Qualifier

IS Cloud App

Parent Application

Parent Application Category

Parent Application Risk

HTTP Category

Category Type

URL

Content Type

Override Token

Override Name

Override Authorizer

Domain

Exceptions

Activity Name

Http User Agent

Http Status

Transaction ID

Http Referrer

Used Quota

Content Filter Key

Action

Context Prefix

Context Match

Context Suffix

File Size

Executable

Command

Http Query

Http Cookie

Http Method

Http Response Time

Search Key

Connection

User

User Group

Bytes Received

Bytes Sent

Bytes

Direction

Connection Event

Client Used

Auth Mechanism

Start Time

Access Type

Connection Name

Connection Type

Name

Received kbits

Transmitted Kbits

Received Errors

Transmitted Drops

Collisions

Transmitted Errors

Received Drops

Protocol

Protocol

ICMP Type

ICMP Code

Source Transaction IP

Source Transaction Port

Destination Transaction IP

Destination Transaction Port

Subject

Sender

Recipient

Email Size

SSL TLS Policy

Rule ID

Profile ID

Bitmask

Key Type

Resumed

Certificate Chain Served

Key Param

Fingerprint

Cipher Suite

SNI

Rule Name

Profile Name

Tls Version

Sandstorm events

Heading

Column options

General

Date

Log Subtype

Component

Reason

Network

Source IP

Destination IP

Destination Port

Source

Threats and Security

File Name

File Type

SHA256

Threat Intelligence

Connection

Hits: Selected by default. The table rows are combined by this field. For example, if a website has 3 hits there is one row shown for this information.

Bytes

User

User Group

Bytes Received

Bytes Sent

Web and Application

Domain

Application

Protocol

Subject

Threat geo activity

Heading

Column options

Network

Source Country

Destination Country

Threats and Security

ATP

Antivirus

IPS

Sandstorm

Total Hits: Selected by default. The table rows are combined by this field. For example, if a website has 3 hits there is one row shown for this information.

Threats & events blocked

Heading

Column options

Network

Source IP

Destination IP

Source Country

Destination Country

Connection

Antivirus

ATP

Firewall

IPS

Sandstorm events

web

Web application firewall

Total Threats: Selected by default. The table rows are combined by this field. For example, if a website has 3 hits there is one row shown for this information.

VPN usage

Heading

Column options

General

Date

Status

Component

Connection

User

User Group

Connection Name

Bytes Sent

Bytes Received

Bytes: Selected by default. The table rows are combined by this field. For example, if a website has 3 hits there is one row shown for this information.

Hits

Network

Duration

Source IP

Reported IP

Destination IP

Source Country

Destination Country

Threats and Security

RED ID

Web usage

Heading

Column options

General

Date

Status

Component

Connection

Hits: Selected by default. The table rows are combined by this field. For example, if a website has 3 hits there is one row shown for this information.

Bytes

User

User Group

Bytes Received

Bytes Sent

Connection Direction

Web and Application

Category

Category Type

Domain

URL

Application

Search Key

Threats and Security

Malware

File Name

File Path

Content Type

Network

Source IP

Destination IP