The table below lists the keys and values in a message with the URL Web Antivirus event type.
Information about an event with the URL Web Antivirus event type
Key |
Value |
|---|---|
cs4 cs4Label |
Event priority.
This value is displayed by default. |
devicePayloadId |
Session ID. |
deviceDirection |
Connection direction from the raw event. Possible values:
This value is displayed by default. |
cs1 cs1Label |
Detected object. Possible values:
This value is displayed by default. |
|
Action performed when the domain was visited. This value is displayed by default. |
cs3 cs3Label |
Sources of the detection. One or more values can be specified. If there are multiple detection sources, the entire chain of sources involved in the detection (list) is indicated. Possible values (in the order of display):
|
rt |
Date and time when the event was generated on the Kaspersky NGFW device (the session was removed and ended up in the Kaspersky NGFW Session manager). Format: |
dtz |
Time zone on the device |
dvchost |
Host name of the Kaspersky NGFW device. This value is displayed by default. |
src |
Source IP address. This value is displayed by default. |
dst |
Destination IP address. This value is displayed by default. |
proto |
L3–L4 protocol. This value is displayed by default. |
spt |
Source port. |
|
Destination port. |
app |
L7 protocol from the Application Control detection. For all protocols excluding UDP and TCP, but including unrecognized UDP and TCP, the value is This value is displayed by default. |
request |
Visited URL (full path). This value is displayed by default. |
msg |
Body of the message. Event variant: URL exclusion was triggered. Message text: " This value is displayed by default. |
KasperskyNgfwAvProfile |
Triggered Anti-Virus security profile. This value is displayed by default. |
externalId |
Session ID. |