Skip to main content
Skyhigh Security

Reporting Fields

To configure the data fields you want to download from Security Service Edge (SSE) or Secure Web Gateway Cloud Service to your on-prem reporting solution, you add a suitable header name and version number to the command line. Fields are then downloaded according to the header information.

The format for specifying the header information is: <header name>-version: <version number>, for example, x-mwg-api-version: 1

The following table shows the headers that are available, together with their fields. Beginning with version 7, the SSE version that a version of the REST (Forensics) API was introduced with is also stated. For example, version 7 was introduced with SSE 6.0.0. 

For examples of how header information is specified in a download command and fields are filled with values in the output, see Reporting Examples.

 

Header name and version Fields Remarks

x-mwg-api-version: 1

With this header, the following fields are downloaded:

user_id
username
source_ip
http_action
server_to_client_bytes
client_to_server_bytes
requested_host
requested_path
result
virus
request_timestamp_epoch
request_timestamp
uri_scheme
category (comma-separated list of categories)

This is the default header for downloading data fields.

 

x-mwg-api-version: 2

 

 

With this header, all fields from version 1 are downloaded, plus these fields:

media_type
application_type
 

x-mwg-api-version: 3
 

With this header, all fields from versions 1 and 2 are downloaded, plus this field:

reputation

 
x-mwg-api-version: 4

With this header, all fields from versions 1 – 3 are downloaded, plus these fields:

last_rule
http_status_code
client_ip
location
block_reason
user_agent_product
user_agent_version
user_agent_comment

 
x-mwg-api-version: 5
 

With this header, all fields from versions 1 – 4 are downloaded, plus these fields:

process_name
destination_ip
destination_port

 

x-mwg-api-version: 6
 

With this header, no new fields are added. All fields from versions 1 – 5 are downloaded. Beginning with this version of the REST (Forensics) API, an error message is sent with the response to a download request that has timed out.

x-mwg-api-version: 7

With this header, all fields from versions 1 – 6 are downloaded, plus these fields:

pop_country_code
referer
ssl_scanned
av_scanned_up
av_scanned_down
rbi


Introduced with: SSE 6.0.0

x-mwg-api-version: 8

 

With this header, all fields from versions 1 – 7 are downloaded, plus these fields:

dlp
client_system_name
filename
pop_egress_ip
pop_ingress_ip 
proxy_port

(The pop_ingress_ip field contains the ingress IP address or ingress IP/24 network of the PoP – Point of Presence where a request was received, depending on the type of PoP. When no ingress IP address or network could be retrieved, the value of the field is 0.0.0.0.)


Introduced with: SSE 6.0.2
x-mwg-api-version: 9 With this header, no new fields are added. All fields from versions 1 – 8 are downloaded. Introduced with: SSE 6.2.1

Beginning with this version of the REST (Forensics) API, you can also download data originating from traffic that is isolated under Remote Browser Isolation (RBI), as well as from Private Access traffic and from traffic that goes through a firewall.

For more information, see Reporting Examples.
x-mwg-api-version: 10 With this header, all fields from versions 1 – 9 are downloaded, plus these fields:

mw_probability
discarded_host
ssl_client_prot
ssl_server_prot
Introduced with: SSE 6.2.0

The new fields in this version are only downloaded for the following types of traffic:
  • Web
  • Remote Browser Isolation (RBI) 

 

  • Was this article helpful?