Skip to main content
Skyhigh Security

Reporting Fields

To configure the data fields you want to download from Security Service Edge (SSE) or Secure Web Gateway Cloud Service to your on-prem reporting solution, you add a suitable header name and version number to the command line. Fields are then downloaded according to the header information.

The format for specifying the header information is: <header name>-version: <version number>, for example, x-mwg-api-version: 1.

The following table shows the headers that are available, together with their fields. 

 

Header name and version Fields Remarks

x-mwg-api-version: 1

With this header, the following fields are downloaded:

user_id
username
source_ip
http_action
server_to_client_bytes
client_to_server_bytes
requested_host
requested_path
result
virus
request_timestamp_epoch
request_timestamp
uri_scheme
category (comma-separated list of categories)

This is the default header for downloading data fields.

 

x-mwg-api-version: 2

 

 

With this header, all fields from version 1 are downloaded, plus these fields:

media_type
application_type
 

x-mwg-api-version: 3
 

With this header, all fields from versions 1 and 2 are downloaded, plus this field:

reputation

 
x-mwg-api-version: 4

With this header, all fields from versions 1 – 3 are downloaded, plus these fields:

last_rule
http_status_code
client_ip
location
block_reason
user_agent_comment
user_agent_product
user_agent_version

 
x-mwg-api-version: 5
 

With this header, all fields from versions 1 – 4 are downloaded, plus these fields:

process_name
destination_ip
destination_port

 

x-mwg-api-version: 6
 

With this header, no new fields are introduced. All fields from versions 1 – 5 are downloaded. Starting with this header, an error message is sent with the response to a download request that has timed out.

x-mwg-api-version: 7

With this header, all fields from versions 1 – 6 are downloaded, plus these fields:

pop_country_code
referer
ssl_scanned
av_scanned_up
av_scanned_down
rbi

 

x-mwg-api-version: 8

 

With this header, all fields from versions 1 – 7 are downloaded, plus these fields:

dlp
client_system_name
filename
pop_egress_ip
pop_ingress_ip 
proxy_port

(The pop_ingress_ip field contains the ingress IP address or ingress IP/24 network of the PoP – Point of Presence where a request was received, depending on the type of PoP. When no ingress IP address or network could be retrieved, the value of the field is 0.0.0.0.)

 
x-mwg-api-version: 9 With this header, all fields from versions 1 – 8 are downloaded.

When using this version of the REST (Forensics) API, you can also download data originating from traffic that is isolated under Remote Browser Isolation (RBI), as well as from Private Access traffic and from traffic that goes through a firewall.

For more information, see Reporting Examples. 

 

  • Was this article helpful?