KICS/KATA response

Event field name	Field value
`DeviceAction`	`KICS response`
`DeviceAssetID`	`asset fqdn`
`DeviceFacility`	`manual response` or `automatic response`
`EventOutcome`	`succeeded` or `failed`
`SourceTranslatedAddress`	This field contains the value of the HTTP header x-real-ip or x-forwarded-for. If these headers are absent, the field will be empty.
`SourceAddress`	The address from which the user logged in. If the user logged in using a proxy, there will be a proxy address.
`SourcePort`	Port from which the user logged in. If the user logged in using a proxy, there will be a port on the proxy side.
`SourceUserName`	Login of the user who sent the request.
`SourceUserID`	ID of the user who sent the request.
`DeviceCustomString3`	Response rule name: `Authorized`, `Not Authorized`.
`DeviceCustomString3Label`	`response rule name`
`DeviceCustomString5`	Tenant ID.
`DeviceCustomString5Label`	`tenant ID`
`DeviceCustomString6`	Tenant name.
`DeviceCustomString6Label`	`tenant name`
`DeviceExternalID`	Asset ID.
`SourceHostName`	Asset FQDN.
`Name`	Asset name.
`DeviceCustomString1`	List of IP addresses for the asset.
`DeviceCustomString1Label`	`addresses`
Message	If EventOutcome = failed, an error message is written to this field.
DeviceCustomString2	fdqn
DeviceCustomString2Label	fqdns