Web attributes
| Name | Description | Filter values |
|---|---|---|
| General | ||
| Action | The action taken by the cloud service based on the category of the requested page. Options are Allowed, Authentication Required, Blocked, Confirmed, Quota. | Check boxes |
| Category | Web categories in your cloud service account. | Autocompleted text |
| Direction | Whether the traffic was inbound or outbound. | Check boxes |
| Group | Groups created in or synchronized to your account. | Autocompleted text |
| Localized Country | Where a virtual point of presence (vPoP) IP address is used, this field records the country to which the IP is registered for localization purposes. | Check boxes |
| Parent Category | Parent categories as defined in the Forcepoint URL Database. | Autocompleted text |
| Policy | The web policy used for filtering. | Autocompleted text |
| Risk Class | The type of risk posed to your organization. Options are Business Usage, Legal Liability, Network Bandwidth Loss, Productivity Loss, Security, or None. | Check boxes |
| Search Term | Search terms entered by your end users. | Manual text |
| User |
Users created in or synchronized to your account. Note: this can show the value Not available for transactions where authentication has been bypassed. |
Autocompleted text |
| Workstation | Client workstations that have authenticated for web browsing. You can also choose to include authentication results that are not associated with a workstation. | Manual text |
| URL | ||
| Domain | Requested domains, for example google.com or bbc.co.uk. | Manual text |
| Domain - Second Level | The second-level part of requested domains, for example google or bbc. | Manual text |
| Domain - Top Level | The top-level part of requested domains, for example com, or co.uk. | Manual text |
| Host | Requested host names, for example news.bbc.co.uk, or mail.google.com. | Manual text |
| Path | Paths used in requested URLs. | Manual text |
| Protocol | Protocol used to request sites. Options are HTTP or HTTPS. | Check boxes |
| Query | Query entered by end user. | Manual text |
| URL | Requested URLs. | Manual text |
| URL - Full | Full requested URLs (including the http part). | Manual text |
| Cloud Apps | ||
| Cloud App | The name of the cloud app requested by end users. | Autocompleted text |
| Cloud App Category | The type of cloud app. | Check boxes |
| Cloud App Forwarded | Whether the request was forwarded to Forcepoint CASB by the Protected Cloud Apps feature. | Check boxes |
| Cloud App Risk Level | The risk level of the cloud app. (High risk, medium risk, or low risk.) | Check boxes |
| IP Address | ||
| Connection IP | IP address of connection to the cloud service. | Manual text |
| Connection Name | Name configured for the connection to the cloud service. Connections with no associated name are shown as “Unknown”. | Autocompleted text |
| Connection IP Country | Country in which connection IP address is located. | Autocompleted text |
| Destination IP | IP address of destination site. | Manual text |
| Destination IP Country | Country in which destination IP address is located. | Autocompleted text |
| Source IP | IP address of source requesting a site. Use the “contains” or “does not contain” option to search for the required IP address. | Manual text |
| Security | ||
| Analytic Name | Web analytics applied to sites. Options are Advanced Detection, Antivirus Scanning, Application Recognition, Content Categorization, Malicious iFrame Detection, PDF Scanner, Security Scanning, Zip Bomb Detection, or None. | Check boxes |
| File Sandbox Status |
Results returned for files analyzed by the file sandboxing service. Options are: Malicious, Safe, Failed to analyze, Pending analysis, and File not supported. Requires the Forcepoint Advanced Malware Detection for Web module. |
Check boxes |
| Severity | The severity classification of a security threat. Options are Critical, High, Medium, or Low. | Check boxes |
| Threat Name | Names associated with a security threat. | Manual text |
| Threat Type | Types of security threat – for example spyware, exploits, trojans, or password stealers. | Manual text |
| Time | ||
| Date | Enables you to group report entries by date. Note that this attribute is not available for filtering as the Date Range field performs this function. | N/A |
| Day of Week | Enables you to group and filter report entries by days of the week. | Check boxes |
| Hour | Enables you to group and filter report entries by hour. | 24 hour selection |
| Month | Enables you to group and filter report entries by month. | Check boxes |
|
Mobile Device Applies only to Forcepoint Mobile Security integrated with AirWatch Mobile Device Management |
||
| Mobile / Non- Mobile | Traffic on mobile devices that are secured by Forcepoint Mobile Security and traffic on other devices, such as laptops and desktop machines, secured by the cloud service. | Check boxes |
| Device Profile | Profiles defined as Corporate (individual), Corporate (shared), Personal, or Unknown. | Check boxes |
| Device Platform | Mobile operating systems defined as Android, iOS, or Unknown. | Check boxes |
| Device Type | Names of devices, such as iPhone, iPad, or Android. | Manual text |
| IMEI Number | Unique 17- or 15-digit codes used to identify individual mobile stations to mobile phone networks. | Manual text |
| Mobile App Name | Names of mobile apps being accessed, such as Facebook or Barcode Scanner. | Manual text |
| Mobile App Category | Categories of mobile apps, such as Entertainment or Business and Economy. The same categories used for URLs, except specific to the app. | Manual text |
| Media | ||
| File Name | Name of a downloaded file. | Manual text |
| File Type | Type associated with a downloaded file. Options are Archive, Document, Executable, Image, Multimedia, None, Rich Internet Application, Suspicious, Text, or Unknown | Check boxes |
| Full MIME Type | Full MIME type (for example text/html or image/ gif) of accessed or downloaded files. | Manual text |
| MIME Subtype | MIME subtype (for example html or gif) of accessed or downloaded files. | Manual text |
| MIME Type | MIME type (for example text or image) of accessed or downloaded files. | Manual text |
| Referrer URL | ||
| Referrer Domain | The domain of the previous item that led to the current transaction. | Manual text |
| Referrer Host | The host name of the previous item that led to the current transaction. | Manual text |
| Referrer Path | The full path of the previous item that led to the current transaction. | Manual text |
| Referrer Port | The port of the previous item that led to the current transaction. | Manual text |
| Referrer Query | The query on the previous page that led to the current transaction. | Manual text |
| Referrer URL | The URL of the previous item that led to the current transaction. Can also include results with no referrer URL. | Manual text |
| Referrer URL - Full | Full URL (including the http part) of the previous item that led to the current transaction. Can also include results with no full referrer URL. | Manual text |
| User Agent | ||
| Browser | The specific browser used, including type and version (for example, Internet Explorer 11). When filtering, if the browser you wish to report on is not shown in the filter check boxes, you can enter it manually. | Check boxes/ manual text |
| Browser Type | The type of browser used across all versions (for example Internet Explorer). When filtering, if the browser type you wish to report on is not shown in the filter check boxes, you can enter it manually. | Check boxes/ manual text |
| Operating System | The specific operating system used, including type and version (for example, Windows 7). When filtering, if the operating system you wish to report on is not shown in the filter check boxes, you can enter it manually. | Check boxes/ manual text |
| Operating System Type |
The general type of operating system used across all versions (for example, Windows or Linux). When filtering, if the operating system type you wish to report on is not shown in the filter check boxes, you can enter it manually. |
Check boxes/ manual text |
| User Agent |
The specific user agent used to access sites. This is a string sent from your browser or Internet application to the server hosting the site that you are visiting. The string indicates which browser or application you are using, its version number, and details about your system, such as the operating system and version. The destination server then uses this information to provide content suitable for your specific browser or application. For example, this is a user agent for Firefox: Mozilla/5.0 (Windows; U; Windows NT 5.1; en- US; rv:1.9.2.6) In this example, Windows NT 5.1 indicates that the operating system is Windows XP, and the language it uses is US English. |
Autocompleted text |
| User Agent Type | The type of user agent used to access sites. Options are Browser, Email Client, Feed Reader, Library, Mobile Browser, Multimedia Player, Offline Browser, Robot, Validator, or Unknown. | Check boxes |
| Advanced | ||
| Authentication Method | Method of authentication used by end user to access sites. Options are Basic, Downstream Authentication, Endpoint, Form-based login, NTLM, Single sign-on, or None. | Check boxes |
| Classification Type | Category types as defined by Forcepoint URL Database for standard categories, and real-time analytics for dynamic categories. Enables you to filter on Static, Static Web 2.0, Real-time, and Dynamic real-time content. | Check boxes |
| Data Center |
The cloud service data center that processed the request. Options are UK - Heathrow (A), Germany - Frankfurt (B), India - Mumbai (C), France - Paris (D), Germany - Düsseldorf (E), Switzerland - Geneva (F), USA - San Jose (G), USA - Ashburn (H), Turkey - Istanbul (I), UK - Slough (J), Hong Kong (K), Australia - Sydney (M), USA - Chicago (N), USA - Dallas (O), Brazil - São Paolo (P), USA - Miami (Q), Singapore (R), South Africa - Johannesburg (S), Japan - Tokyo (T), and Netherlands - Amsterdam (X). |
Check boxes |
| Filtering Source |
Method used to direct client traffic for filtering. Options are Cloud connection, Endpoint Web (Proxy), Endpoint Web (Direct), IPsec Advanced, IPsec, GRE, EasyConnect, Appliance (Cloud traffic), Appliance (Local traffic), Secured mobile traffic, Aerohive integration, Firewall redirect, or Dedicated port. |
Check boxes |
| HTTP Status Code | HTTP response code, for example 404 when a page does not exist. | Manual text |
| Port | Port used to access web pages, for example 80 or 443. | Manual text |
| Request Method | HTTP request method. Options are Connect, Delete, Get, Head, Options, Patch, Post, Purge, Put, Trace, or None. | Check boxes |
| TLS Version (Downstream) | For encrypted web connections, the version of TLS that was used for downstream connections (between the user device and the cloud proxy). | Manual text |
| User Agent | User agent used for requests. | Manual text |