Dimensions and Measures for Proxy Collections
This topic lists the Dimensions and Measures for the Proxy Collections.
Proxy - DLP File
The following table lists aggregated events related to files scanned as part of Data Security. Applies to both web browsing and inline access controls for protected applications.
| Field | Type | Description |
|---|---|---|
| Action | Dimension | The action Forcepoint ONE took per policy match. |
| Activity | Dimension | The activity the user was doing that generated the event. |
| App Name | Dimension | The managed application name. |
| Count | Dimension | The number of files in the specific Transaction. |
| Date | Dimension | Date of event—M/D/Y HH:MM:SS AM|PM For example: 7/25/2023, 3:33:31 AM |
| File Size | Dimension | The size of the file scan in bytes. Used to filter transactions based on size. |
| Group Id | Dimension | Internal ID of the user group that applies to this event. |
| Insert Time | Dimension | Timestamp when this event was inserted into the Forcepoint ONE Data lake—M/D/Y HH:MM:SS AM|PM For example: 7/25/2023, 3:33:31 AM |
| Managed | Dimension | Boolean indicating if the event refers to a managed application. |
| Sanctioned | Dimension | Boolean indicating if the application or web domain was sanctioned or not. |
| Time | Dimension | Timestamp of event—M/D/Y HH:MM:SS AM|PM For example: 7/25/2023, 3:33:31 AM |
| Type | Dimension | The source of the file that was scanned—SWG, CASB or None. |
| User First Name | Dimension | The user's first name if available. Otherwise set to Anonymous or none. |
| User Id | Dimension | The user ID. Contains the user's login (email address) in brackets. |
| User Last Name | Dimension | The user's last name if available. Otherwise set to Anonymous or none. |
| File Count | Measure | The count of files scanned based on the dimension criteria. |
Proxy - DLP Logs
The following table lists raw events related to content scanning including both Data Security and Threat. Applies to both web browsing and inline access controls for protected applications.
| Field | Type | Description |
|---|---|---|
| Agent Header | Dimension | The user agent header seen. |
| Apache Request Id | Dimension | Internal request ID generated by the Forcepoint ONE Dataplane. |
| App Name | Dimension | The managed application name. |
| Create Copy | Dimension | File path if the create copy policy was configured. |
| Date | Dimension | Date of event—M/D/Y HH:MM:SS AM|PM For example: 7/25/2023, 3:33:31 AM |
| Dlp Action | Dimension | The DLP action Forcepoint ONE applied per policy match. |
| Dlp Ip | Dimension | Client IP address captured during the content scanning. |
| Dlp Match Location | Dimension | If the object scanned was an email indicates if the DLP match applied to the Email subject or Email body. Blank otherwise. |
| Doc Ext | Dimension | The filename extension when a file is detected and DLP scanning is applied. |
| Doc Md5 | Dimension | The MD5 hash of the file scanned if available. |
| Doc Name | Dimension | The filename when a file is detected and DLP scanning is applied. Can include PII if the filename is named as such. |
| Doc Sha1 | Dimension | The Sha1 hash of the file scanned if available. |
| Doc Sha256 | Dimension | The Sha254 hash of the file scanned if available. |
| Doc Type | Dimension | The type of document - for example text, pdf, rawscan etc. |
| Domain | Dimension | The fully qualified domain name. |
| File Size | Dimension | The size of the file in bytes. |
| Group Id | Dimension | Internal ID of the user group that applies to this event. |
| Insert Time | Dimension | Timestamp when this event was inserted into the Forcepoint ONE Data lake—M/D/Y HH:MM:SS AM|PM For example: 7/25/2023, 3:33:31 AM |
| Keyword | Dimension | Keyword found during content scanning. |
| Managed | Dimension | Boolean indicating if the event refers to a managed application. |
| Pattern | Dimension | The name of the DLP classifier that matched. |
| Policy Id | Dimension | Internal ID of the policy applied. |
| Request Id | Dimension | Internal request ID (GUID) generated by the SmartEdge Agent or Cloud SWG. |
| Sanctioned | Dimension | Boolean indicating if the event was sanctioned or not. |
| Tags | Dimension | Comma separated list of Tag applied to this event. |
| Threat | Dimension | Indicates the malware engine applied if a threat was detected. Blank otherwise. |
| Time | Dimension | Timestamp of event—M/D/Y HH:MM:SS AM|PM For example: 7/25/2023, 3:33:31 AM |
| Type | Dimension | Object type. For example: File, Email, Message, Globalfile or Calendar. |
| Uri | Dimension | Full URI |
| User First Name | Dimension | The user's first name if available. Otherwise set to Anonymous or none. |
| User Full Name | Dimension | The user's full name if available. |
| User Id | Dimension | The user ID. Contains the user's login (email address) in brackets. |
| User Last Name | Dimension | The user's last name if available. Otherwise set to Anonymous or none. |
| Allowed Event Count | Measure | Allowed event count |
| Denied Event Count | Measure | Denied event count |
| Event Count | Measure | DLP Log event count |
| Malware Event Count | Measure | Malware event count |
| User Count | Measure | User count |
Proxy - DLP Pattern
The following table lists aggregated Data Security events based on DLP Patterns. Applies to both web browsing and inline access controls for protected applications.
| Field | Type | Description |
|---|---|---|
| Action | Dimension | The action Forcepoint ONE took per policy match. |
| Activity | Dimension | The activity the user was doing that generated the event. |
| App Name | Dimension | The managed application name. |
| Cloud App Id | Dimension | The internal ID of the managed application detected. Blank otherwise. |
| Count | Dimension | The number of DLP Patterns matched in the transaction. |
| Date | Dimension | Date of event—M/D/Y HH:MM:SS AM|PM For example: 7/25/2023, 3:33:31 AM |
| Domain | Dimension | The fully qualified domain name |
| Group Id | Dimension | Internal ID of the user group that applies to this event. |
| Insert Time | Dimension | Timestamp when this event was inserted into the Forcepoint ONE Data lake—M/D/Y HH:MM:SS AM|PM For example: 7/25/2023, 3:33:31 AM |
| Managed | Dimension | Boolean indicating if the event refers to a managed application. |
| Pattern | Dimension | The name of the DLP classifier that matched. |
| Sanctioned | Dimension | Boolean indicating if the event was sanctioned or not. |
| Time | Dimension | Timestamp of event—M/D/Y HH:MM:SS AM|PM For example: 7/25/2023, 3:33:31 AM |
| Type | Dimension | Object type. For example: File, Email, Message, Globalfile or Calendar. |
| Allowed Pattern Count | Measure | Total DLP Allows |
| Denied Pattern Count | Measure | Total DLP Block actions |
| Pattern Count | Measure | Total DLP Pattern match count |