This topic describes the names of available log fields in a Data Security
Behavior Threats log.
SaaS Security generates a Behavior Threats Log when it detects a Behavior Threats
incident. The log includes the following fields, which are available for ingestion by
your security information and event management (SIEM) system.
Fields are listed in the order that they are needed for push mode.
Field Name
Description
log_type
Type of log. In this case,
ba_incident_event.
description
Detailed description about the
incident.
date
The date and time when the incident occurred.
severity
Severity of the incident valued between
0 and
5.
policy_id
Policy rule ID for which this incident occurred.
user_email
Email of the user who caused this incident.
timestamp
The time when this incident is published to the user's syslog.
