Strata Logging Service
Remote Browser Isolation
Table of Contents
Expand All
|
Collapse All
Remote Browser Isolation
Remote Browser Isolation logs display information about
Remote Browser Isolation events.
REMOTE BROWSER ISOLATION Field
(Display Name)
|
Description
|
---|---|
action.value
(ACTION)
|
Action taken by Remote Browser Isolation. Possible values:
|
bh_name
(BH NAME)
|
The name of the browser host.
|
browser_type
(BROWSER TYPE)
|
Browser details.
|
client_id
(CLIENT ID)
|
The session or client ID. Uniquely identifies the user and browser.
|
client_ip.value
(CLIENT IP)
|
Public IP address of the session.
|
connected_duration
(SESSION DURATION)
|
Session duration in seconds.
|
customer_id
(CORTEX DATA LAKE TENANT ID)
|
The ID that uniquely identifies the Cortex Data Lake instance which received this log record.
|
data_size
(DATA SIZE)
|
Value depends on the event_sub_type:
|
disconnect_reason.value
(DISCONNECT REASON)
|
Disconnect reason upon the end of a session. Possible values:
|
edge_location
(EDGE LOCATION)
|
Name of the edge location region.
|
event_severity.value
(EVENT SEVERITY)
|
Severity of the event. Possible values are INFO or
WARN.
|
event_sub_type.value
(EVENT SUBTYPE)
|
Subtype of the event. The possible values depend on the
event_type.
event_type = POLICY:
event_type = SESSION:
event_type = AUTH:
event_type = ISSUE:
These event subtypes correspond to the security controls in the isolation profiles.
|
event_type.value
(EVENT TYPE)
|
Event type. Possible values:
|
file_name
(FILE NAME)
|
The names of files being uploaded or downloaded.
|
issue_details
(ISSUE DETAILS)
|
User-reported issue details.
|
log_source
(LOG SOURCE)
|
Identifies the origin of the data. That is, the system that produced the data.
|
log_source_group_id
(LOG SOURCE GROUP ID)
|
ID that uniquely identifies the logSourceGroupId of the log. That is, the log_source_id of the group.
|
log_source_id
(DEVICE SN)
|
ID that uniquely identifies the source of the log. That is, the serial number of the firewall that generated the log.
If the log is generated by Prisma Access, the serial number is not displayed.
|
log_source_name
(DEVICE NAME)
|
Name of the source of the log.
|
log_time
(TIME RECEIVED)
|
Time the log was received in . This string contains a
timestamp value that is the number of microseconds since the Unix epoch.
|
log_type.value
(LOG TYPE)
|
Identifies the log type.
|
os_type
(OS TYPE)
|
User's OS type.
|
platform_type
(PLATFORMTYPE)
|
The platform type (Valid types are PRISMA_ACCESS, CNGFW, VM, HWFW).
|
sub_type.value
(SUB TYPE)
|
Identifies the log subtype.
|
time_generated
(TIME GENERATED)
|
Time when the log was generated on the source. This string contains a timestamp value
that is the number of microseconds since the Unix epoch.
|
time_generated_high_res
(TIME GENERATED HIGH RESOLUTION)
|
Time the log was generated in data plane with millisec granularity in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
|
url
(URL)
|
URL where the isolation policy was applied. Populated only when
event-type = POLICY
.
|
user_id
(SOURCE USER)
|
User name.
|
vendor_name
(VENDOR NAME)
|
Identifies the vendor that produced the data.
|