tm-v1-schema

XDR for Cloud - AWS VPC Flow Logs

Layer: Cloud

This documentation provides detailed information about all fields available for XDR for Cloud - AWS VPC Flow Logs.

Field Name Type Searchable General Field Description Example Products
action string true - The traffic processing action
  • ACCEPT
  • REJECT
 XDR for Cloud - AWS VPC Flow Logs
azId string true - The Availability Zone ID apse2-az3 XDR for Cloud - AWS VPC Flow Logs
bytes string true - The number of transmitted data bytes 15044 XDR for Cloud - AWS VPC Flow Logs
dpt int true Port The service destination port of the private application server (dstport) 443
  • Zero Trust Secure Access - Private Access
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
dst string true
  • IPv4
  • IPv6
 The destination IP address (dstaddr) 10.10.10.10
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
end long false - The time when the last data packet was received (in Unix seconds) 1616729349 XDR for Cloud - AWS VPC Flow Logs
eventId string true - The event ID
  • 200139
  • 200140
  • Network Sensor
  • Trend Micro Deep Discovery Inspector
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
eventName string true - The name of the log event
  • SWG_ACTIVITY_LOG
  • FIREWALL_ACTIVITY_LOG
  • VPC_ACTIVITY_LOG
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
eventTime real true - The time the agent or product detected the event 1657135700000
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
flowDirection string true - The network interface traffic direction
  • ingress
  • egress
  • I
  • O
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
flowType string true - The type of traffic (type)
  • IPv4
  • IPv6
  • EFA
 XDR for Cloud - AWS VPC Flow Logs
instanceId string true - The instance ID i-01234567890abcdef XDR for Cloud - AWS VPC Flow Logs
logStatus string true - The VPC Flow Log status
  • OK
  • NODATA
  • SKIPDATA
 XDR for Cloud - AWS VPC Flow Logs
packets string true - The number of transmitted data packets 14 XDR for Cloud - AWS VPC Flow Logs
pktDstAddr string true
  • IPv4
  • IPv6
 The packet level destination IP 10.10.10.10 XDR for Cloud - AWS VPC Flow Logs
pktDstCloudServiceName string true - The subset IP address range name for cloud service destination IP (pkt-dst-aws-service)
  • AMAZON
  • EC2
  • ROUTE53
 XDR for Cloud - AWS VPC Flow Logs
pktSrcAddr string true
  • IPv4
  • IPv6
 The packet level source IP 10.10.10.10 XDR for Cloud - AWS VPC Flow Logs
pktSrcCloudServiceName string true - The subset IP address range name for cloud service source IP (pkt-src-aws-service)
  • AMAZON
  • EC2
  • ROUTE53
 XDR for Cloud - AWS VPC Flow Logs
pname string true - The product name
  • Secure Web Gateway
  • XDR for Cloud - AWS VPC Flow Logs
  • Zero Trust Secure Access - Internet Access
  • Trend Micro Deep Discovery Inspector
  • Network Sensor
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
spt int true Port The virtual port of the source assigned to the Secure Access Module (srcport) 57763
  • Zero Trust Secure Access - Private Access
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
src string true
  • IPv4
  • IPv6
 The source IP address (srcaddr) 10.10.10.10
  • Zero Trust Secure Access - Internet Access
  • Zero Trust Secure Access - Private Access
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
start real false - The time when the first data packet was received (in Unix seconds) 1616729292 XDR for Cloud - AWS VPC Flow Logs
subLocationId string true - The sublocation ID
  • lz-0abcd123efg4567h
  • op-0abcd123efg4567h
  • wz-0abcd123efg4567h
 XDR for Cloud - AWS VPC Flow Logs
subLocationType string true - The sublocation type
  • wavelength
  • outpost
  • localzone
 XDR for Cloud - AWS VPC Flow Logs
subnetId string true - The subnet ID subnet-01234567890abcdef XDR for Cloud - AWS VPC Flow Logs
tcpFlags int true - The bitmask value of the FIN/SYN/RST/SYN-ACK TCP flags
  • 1
  • 2
  • 4
  • 18
 XDR for Cloud - AWS VPC Flow Logs
trafficPath int true - The egress traffic path number
  • 1
  • 2
  • 8
 XDR for Cloud - AWS VPC Flow Logs
vpcFlowLogsVersion int false - The VPC Flow Logs version (version)
  • 2
  • 3
  • 4
  • 5
  • XDR for Cloud - AWS VPC Flow Logs
  • azv
vpcId string true - The VPC ID vpc-01234567890abcdef XDR for Cloud - AWS VPC Flow Logs

Field Statistics

Generated by XDR Common Schema Public Doc Generator V2

This site is open source. Improve this page.