Changing table properties
After clicking Table Properties, select the properties to display in the table and specify the column width for each property.
| Column | Description |
|---|---|
| Action Taken | The online action that was performed (allow or block). |
| Analysis Canceled | Displays whether analysis was canceled. |
| Analysis Failed | Displays whether analysis failure occurred. |
| Analyzed By | Displays the name of the policy engine that analyzed the event. |
| Channel | Channel on which the event was intercepted, for example SMTP, HTTP, or FTP. |
| Classifier Time | Time spent analyzing all classifiers, in milliseconds. Includes the time spent processing dictionaries, scripts, key phrases, patterns, and fingerprints. |
| Database Fingerprint Latency | Time in milliseconds that the transaction spent in the policy engine waiting for structured fingerprint analysis. |
| Database Fingerprint Search Time | Time in milliseconds spent on searching for structured fingerprint data in this transaction’s content. |
| Destination | The destination of the event, for example an IP address or an email address. |
| Details | Header details from the event. For example, if the breach is in an email message, this column contains the message subject. If the breach was detected in an FTP transfer, this column lists the file name. |
| Detected By | Displays the protector or agent that caught the event. |
| Dictionary Latency | Time in milliseconds that the event spent in the policy engine waiting for dictionary analysis. |
| Dictionary Search Time | Time in milliseconds spent on searching for dictionary phrases in this event’s content. |
| Event ID | Unique traffic log event number. |
| Event Time | Date and time the event was detected. |
| Extraction Time | Time spent extracting text from the event, in milliseconds. |
| File Fingerprint Latency | Time in milliseconds that the event spent in the policy engine waiting for unstructured fingerprint analysis. |
| File Fingerprint Search Time | Time in milliseconds spent on searching for unstructured fingerprint data in this event’s content. |
| Column | Description |
|---|---|
| Host Name Resolution Time | Time in milliseconds spent on performing external resolution from IP to hostname on this event’s source or destination. |
| Incident | Displays a check mark if the event was determined to be an incident (a policy violation). |
| Incident Creation Time | Time spent creating an incident when a breach is detected, in milliseconds. If no incident was created, this field is “0”. |
| Key Phrase Latency | Time in milliseconds that the event spent in the policy engine waiting for key phrase analysis. |
| Key Phrase Search Time | Time in milliseconds spent on searching for key phrases in this event’s content. |
| Latency | Time the event spent in the policy engine waiting for analysis, in milliseconds—in other words, Processing Time + Incident Creation Time + Queue Time. |
| Regular Expression Latency | Time in milliseconds that the event spent in the policy engine waiting for regular expression analysis. |
| Regular Expression Processing Time | Time in milliseconds spent on all regular expression calculations performed on this event’s content. |
| Resolution Time | Time spent resolving user names for all sources and destinations in the event, in milliseconds. |
| Script Search Time | Time in milliseconds spent on all script classifications performed on this event’s content. |
| Search Time | Time it took to search the event for breaches, in milliseconds—in other words, Classifier Time + Extraction Time + Resolution Time. |
| Size | The size of the event content, for example a file or an email message. |
| Source | The source from which the event originated. This could be an email address or IP address or other source. |
| Text Extraction Latency | Time in milliseconds that the event spent in the policy engine waiting for text extraction. |
| Timeout | Displays whether analysis was stopped due to a timeout restriction. |
| Total Queue Time | Total amount of idle time, in milliseconds, that the event spent in internal queues. |
|
URL Categorization Time |
Time in milliseconds spent on categorizing the destination URL of this event. |
| User Name Resolution Time | Time in milliseconds spent on performing external resolution from IP to user name on this event’s source. |
| User Resolution Latency | Time in milliseconds that the event spent in the policy engine waiting for user name resolution. |