SaaS Security
Remediation Activity Log Fields
Table of Contents
Expand All
|
Collapse All
SaaS Security Docs
Remediation Activity Log Fields
The descriptions and names of available log fields in
a Data Security remediation log.
A remediation log is generated when an incident is manually
remediated or if automatic remediation has been applied. The log
includes the following fields, which are available for ingestion
by your Security information and event management (SIEM) system.
Fields are listed in the order that they are needed for push
mode.
Field Name | Description |
---|---|
timestamp | Time the remediation action occurred. Values
are in YYYY-MM-DD HH:MM:SS format. |
serial | Serial number of the organization using
the service (tenant). |
log_type | Type of log. In this case, remediation. |
cloud_app_instance | Instance name of the cloud application (not
the type of cloud application) associated with the remediation of
the incident. |
severity | Policy violation or incident severity valued
between 0 and 5. |
incident_id | Unique ID number for the incident. Can be
null (no value). |
asset_id | Unique ID number for the asset associated
with the remediation of the incident. |
item_name | Name of the file, folder, or user associated
with the remediation of the incident. |
item_type | Values are File, Folder,
or User. |
item_owner | User who owns the asset associated with
the remediation. |
container_name | Value is the bucketname for AWS
S3, Google Cloud Platform, and Microsoft Azure assets. The value
is null for the remaining applications. |
item_creator | User who created the asset associated with
the remediation. |
policy_rule_name | Names of one or more policy rules (not policy
type) that were matched. |
future_use | Not currently implemented. |
action_taken | Remediation action taken on Data Security. (Admin Quarantine, User Quarantine,
or Remove Public Links). |
action_taken_by | User who performed the remediation.
For automated remediation, the value is Aperture. |
item_creator_email | Email address of the item creator. |
item_owner_email | Email address of the item owner. |