Web Control events

The table below lists the keys and values in a message with the Web Control event type.

Information about an event with the Web Control event type

Key

Value

cs4

cs4Label

Event priority.

Always Medium.

This value is displayed by default.

devicePayloadId

Session ID.

deviceDirection

Connection direction from the raw event. Possible values:

  • 0 – request
  • 1 – response

This value is displayed by default.

KasperskyNgfwWebCat

Name of the web category of the visited URL.

If multiple web categories apply, the value that appears in the list first is recorded.

If no category was chosen, the value is Uncategorized.

This value is displayed by default.

act

Action performed when the URL was visited.

This value is displayed by default.

cs3

cs3Label

Sources of the detection.

If a detection is made, the entire chain of sources involved in the detection (list) is indicated.

If no detection is made (the URL is not found anywhere, it belongs to the group of URLs without a category), this field is left empty.

Possible values (one or more):

  • Local
  • KSN
  • Custom

rt

Date and time when the event was generated on the Kaspersky NGFW device (the session was removed and ended up in the Kaspersky NGFW Session manager).

Format: 2023-12-26T12:31:54Z.

dtz

Time zone on the device

dvchost

Host name of the Kaspersky NGFW device.

This value is displayed by default.

src

Source IP address.

This value is displayed by default.

dst

Destination IP address.

This value is displayed by default.

proto

L3–L4 protocol.

This value is displayed by default.

spt

For TCP and UDP, the source port.

For ICMP, the ICMP ID.

For other protocols, this field is left empty.

dpt

For TCP and UDP, the destination port.

For ICMP, the ICMP ID.

For other protocols, this field is left empty.

app

L7 protocol from the Application Control detection.

For all protocols excluding UDP and TCP, but including unrecognized UDP and TCP, the value is Unknown.

request

The visited URL (only one per transaction).

This value is displayed by default.

cat

List of all categories that the visited URL matched.

If no category was determined, the value is Uncategorized.

This value is displayed by default.

msg

Body of the message.

Event variant:

Domain URL exclusion was triggered. Message text: "Exception by trusted URL".

This value is displayed by default.

KasperskyNgfwWebControlProfile

Triggered Web Control security profile.

This value is displayed by default.

externalId

Session ID.

Page top