Web attributes

Name Description Filter values
General
Action The action taken by the cloud service based on the category of the requested page. Options are Allowed, Authentication Required, Blocked, Confirmed, Quota. Check boxes
Category Web categories in your cloud service account. Autocompleted text
Direction Whether the traffic was inbound or outbound. Check boxes
Group Groups created in or synchronized to your account. Autocompleted text
Localized Country Where a virtual point of presence (vPoP) IP address is used, this field records the country to which the IP is registered for localization purposes. Check boxes
Parent Category Parent categories as defined in the Forcepoint URL Database. Autocompleted text
Policy The web policy used for filtering. Autocompleted text
Risk Class The type of risk posed to your organization. Options are Business Usage, Legal Liability, Network Bandwidth Loss, Productivity Loss, Security, or None. Check boxes
Search Term Search terms entered by your end users. Manual text
User

Users created in or synchronized to your account.

Note: this can show the value Not available for transactions where authentication has been bypassed.

Autocompleted text
Workstation Client workstations that have authenticated for web browsing. You can also choose to include authentication results that are not associated with a workstation. Manual text
URL
Domain Requested domains, for example google.com or bbc.co.uk. Manual text
Domain - Second Level The second-level part of requested domains, for example google or bbc. Manual text
Domain - Top Level The top-level part of requested domains, for example com, or co.uk. Manual text
Host Requested host names, for example news.bbc.co.uk, or mail.google.com. Manual text
Path Paths used in requested URLs. Manual text
Protocol Protocol used to request sites. Options are HTTP or HTTPS. Check boxes
Query Query entered by end user. Manual text
URL Requested URLs. Manual text
URL - Full Full requested URLs (including the http part). Manual text
Cloud Apps
Cloud App The name of the cloud app requested by end users. Autocompleted text
Cloud App Category The type of cloud app. Check boxes
Cloud App Forwarded Whether the request was forwarded to Forcepoint CASB by the Protected Cloud Apps feature. Check boxes
Cloud App Risk Level The risk level of the cloud app. (High risk, medium risk, or low risk.) Check boxes
IP Address
Connection IP IP address of connection to the cloud service. Manual text
Connection Name Name configured for the connection to the cloud service. Connections with no associated name are shown as “Unknown”. Autocompleted text
Connection IP Country Country in which connection IP address is located. Autocompleted text
Destination IP IP address of destination site. Manual text
Destination IP Country Country in which destination IP address is located. Autocompleted text
Source IP IP address of source requesting a site. Use the “contains” or “does not contain” option to search for the required IP address. Manual text
Security
Analytic Name Web analytics applied to sites. Options are Advanced Detection, Antivirus Scanning, Application Recognition, Content Categorization, Malicious iFrame Detection, PDF Scanner, Security Scanning, Zip Bomb Detection, or None. Check boxes
File Sandbox Status

Results returned for files analyzed by the file sandboxing service. Options are: Malicious, Safe, Failed to analyze, Pending analysis, and File not supported.

Requires the Forcepoint Advanced Malware Detection for Web module.

Check boxes
Severity The severity classification of a security threat. Options are Critical, High, Medium, or Low. Check boxes
Threat Name Names associated with a security threat. Manual text
Threat Type Types of security threat – for example spyware, exploits, trojans, or password stealers. Manual text
Time
Date Enables you to group report entries by date. Note that this attribute is not available for filtering as the Date Range field performs this function. N/A
Day of Week Enables you to group and filter report entries by days of the week. Check boxes
Hour Enables you to group and filter report entries by hour. 24 hour selection
Month Enables you to group and filter report entries by month. Check boxes

Mobile Device

Applies only to Forcepoint Mobile Security integrated with AirWatch Mobile Device Management

Mobile / Non- Mobile Traffic on mobile devices that are secured by Forcepoint Mobile Security and traffic on other devices, such as laptops and desktop machines, secured by the cloud service. Check boxes
Device Profile Profiles defined as Corporate (individual), Corporate (shared), Personal, or Unknown. Check boxes
Device Platform Mobile operating systems defined as Android, iOS, or Unknown. Check boxes
Device Type Names of devices, such as iPhone, iPad, or Android. Manual text
IMEI Number Unique 17- or 15-digit codes used to identify individual mobile stations to mobile phone networks. Manual text
Mobile App Name Names of mobile apps being accessed, such as Facebook or Barcode Scanner. Manual text
Mobile App Category Categories of mobile apps, such as Entertainment or Business and Economy. The same categories used for URLs, except specific to the app. Manual text
Media
File Name Name of a downloaded file. Manual text
File Type Type associated with a downloaded file. Options are Archive, Document, Executable, Image, Multimedia, None, Rich Internet Application, Suspicious, Text, or Unknown Check boxes
Full MIME Type Full MIME type (for example text/html or image/ gif) of accessed or downloaded files. Manual text
MIME Subtype MIME subtype (for example html or gif) of accessed or downloaded files. Manual text
MIME Type MIME type (for example text or image) of accessed or downloaded files. Manual text
Referrer URL
Referrer Domain The domain of the previous item that led to the current transaction. Manual text
Referrer Host The host name of the previous item that led to the current transaction. Manual text
Referrer Path The full path of the previous item that led to the current transaction. Manual text
Referrer Port The port of the previous item that led to the current transaction. Manual text
Referrer Query The query on the previous page that led to the current transaction. Manual text
Referrer URL The URL of the previous item that led to the current transaction. Can also include results with no referrer URL. Manual text
Referrer URL - Full Full URL (including the http part) of the previous item that led to the current transaction. Can also include results with no full referrer URL. Manual text
User Agent
Browser The specific browser used, including type and version (for example, Internet Explorer 11). When filtering, if the browser you wish to report on is not shown in the filter check boxes, you can enter it manually. Check boxes/ manual text
Browser Type The type of browser used across all versions (for example Internet Explorer). When filtering, if the browser type you wish to report on is not shown in the filter check boxes, you can enter it manually. Check boxes/ manual text
Operating System The specific operating system used, including type and version (for example, Windows 7). When filtering, if the operating system you wish to report on is not shown in the filter check boxes, you can enter it manually. Check boxes/ manual text
Operating System Type

The general type of operating system used across all versions (for example, Windows or Linux).

When filtering, if the operating system type you wish to report on is not shown in the filter check boxes, you can enter it manually.

Check boxes/ manual text
User Agent

The specific user agent used to access sites. This is a string sent from your browser or Internet application to the server hosting the site that you are visiting. The string indicates which browser or application you are using, its version number, and details about your system, such as the operating system and version. The destination server then uses this information to provide content suitable for your specific browser or application.

For example, this is a user agent for Firefox:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en- US; rv:1.9.2.6)

In this example, Windows NT 5.1 indicates that the operating system is Windows XP, and the language it uses is US English.

Autocompleted text
User Agent Type The type of user agent used to access sites. Options are Browser, Email Client, Feed Reader, Library, Mobile Browser, Multimedia Player, Offline Browser, Robot, Validator, or Unknown. Check boxes
Advanced
Authentication Method Method of authentication used by end user to access sites. Options are Basic, Downstream Authentication, Endpoint, Form-based login, NTLM, Single sign-on, or None. Check boxes
Classification Type Category types as defined by Forcepoint URL Database for standard categories, and real-time analytics for dynamic categories. Enables you to filter on Static, Static Web 2.0, Real-time, and Dynamic real-time content. Check boxes
Data Center

The cloud service data center that processed the request.

Options are UK - Heathrow (A), Germany - Frankfurt (B), India - Mumbai (C), France - Paris (D), Germany - Düsseldorf (E), Switzerland - Geneva (F), USA - San Jose (G), USA - Ashburn (H), Turkey - Istanbul (I), UK - Slough (J), Hong Kong (K), Australia - Sydney (M), USA - Chicago (N), USA - Dallas (O), Brazil - São Paolo (P), USA

- Miami (Q), Singapore (R), South Africa - Johannesburg (S), Japan - Tokyo (T), and Netherlands - Amsterdam (X).

Check boxes
Filtering Source

Method used to direct client traffic for filtering.

Options are Cloud connection, Endpoint Web (Proxy), Endpoint Web (Direct), IPsec Advanced, IPsec, GRE, EasyConnect, Appliance (Cloud traffic), Appliance (Local traffic), Secured mobile traffic, Aerohive integration, Firewall redirect, or Dedicated port.

Check boxes
HTTP Status Code HTTP response code, for example 404 when a page does not exist. Manual text
Port Port used to access web pages, for example 80 or 443. Manual text
Request Method HTTP request method. Options are Connect, Delete, Get, Head, Options, Patch, Post, Purge, Put, Trace, or None. Check boxes
TLS Version (Downstream) For encrypted web connections, the version of TLS that was used for downstream connections (between the user device and the cloud proxy). Manual text
User Agent User agent used for requests. Manual text