Remote Browser Isolation
Focus
Focus
Strata Logging Service

Remote Browser Isolation

Table of Contents

Remote Browser Isolation

REMOTE BROWSER ISOLATION Field
(Display Name)
Description
action.​value
(ACTION)
Action taken by Remote Browser Isolation. Possible values:
  • Allow
  • Deny
bh_name
(BH NAME)
The name of the browser host.
browser_type
(BROWSER TYPE)
Browser details.
client_id
(CLIENT ID)
The session or client ID. Uniquely identifies the user and browser.
client_ip.​value
(CLIENT IP)
Public IP address of the session.
connected_duration
(SESSION DURATION)
Session duration in seconds.
customer_id
(CORTEX DATA LAKE TENANT ID)
The ID that uniquely identifies the Cortex Data Lake instance which received this log record.
data_size
(DATA SIZE)
Value depends on the event_sub_type:
  • If event_sub_type is UPLOAD or DOWNLOAD, then data_size is the size of the file being uploaded or downloaded.
  • If event_sub_type is COPY or PASTE, then data_size is the size of the data being copied or pasted.
disconnect_reason.​value
(DISCONNECT REASON)
Disconnect reason upon the end of a session. Possible values:
  • USER_INIT - The user ended the session.
  • SYS_INIT - The system ended the session.
  • IDLE - The session timed out.
  • OTHER - Other reason.
edge_location
(EDGE LOCATION)
Name of the edge location region.
event_severity.​value
(EVENT SEVERITY)
Severity of the event. Possible values are INFO or WARN.
event_sub_type.​value
(EVENT SUBTYPE)
Subtype of the event. The possible values depend on the event_type.
event_type = POLICY:
  • COPY
  • PASTE
  • PRINT
  • UPLOAD
  • DOWNLOAD
  • KEYB (Keyboard)
  • VII (View in Isolation)
event_type = SESSION:
  • START
  • STOP
event_type = AUTH:
  • SUCCESS
  • FAIL
event_type = ISSUE:
  • OTHER
  • ACCESS
  • PERFORM
  • AV
These event subtypes correspond to the security controls in the isolation profiles.
event_type.​value
(EVENT TYPE)
Event type. Possible values:
  • SESSION - A browser event. For example, a user started or ended an isolated browsing session.
  • POLICY - A policy event.
  • AUTH - An authentication event.
  • ISSUE
file_name
(FILE NAME)
The names of files being uploaded or downloaded.
issue_details
(ISSUE DETAILS)
User-reported issue details.
log_source
(LOG SOURCE)
Identifies the origin of the data. That is, the system that produced the data.
log_source_group_id
(LOG SOURCE GROUP ID)
ID that uniquely identifies the logSourceGroupId of the log. That is, the log_source_id of the group.
log_source_id
(DEVICE SN)
ID that uniquely identifies the source of the log. That is, the serial number of the firewall that generated the log.
If the log is generated by Prisma Access, the serial number is not displayed.
log_source_name
(DEVICE NAME)
Name of the source of the log.
log_time
(TIME RECEIVED)
Time the log was received in . This string contains a timestamp value that is the number of microseconds since the Unix epoch.
log_type.​value
(LOG TYPE)
Identifies the log type.
os_type
(OS TYPE)
User's OS type.
platform_type
(PLATFORMTYPE)
The platform type (Valid types are PRISMA_ACCESS, CNGFW, VM, HWFW).
sub_type.​value
(SUB TYPE)
Identifies the log subtype.
time_generated
(TIME GENERATED)
Time when the log was generated on the source. This string contains a timestamp value that is the number of microseconds since the Unix epoch.
time_generated_high_res
(TIME GENERATED HIGH RESOLUTION)
Time the log was generated in data plane with millisec granularity in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
url
(URL)
URL where the isolation policy was applied. Populated only when event-type = POLICY
.
user_id
(SOURCE USER)
User name.
vendor_name
(VENDOR NAME)
Identifies the vendor that produced the data.