Reporting Fields
To configure the data fields you want to download from Security Service Edge (SSE) or Secure Web Gateway Cloud Service to your on-prem reporting solution, you add a suitable header name and version number to the command line. Fields are then downloaded according to the header information.
The format for specifying the header information is: <header name>-version: <version number>, for example, x-mwg-api-version: 1.
The following table shows the headers that are available, together with their fields. Beginning with version 7, the SSE version that a version of the REST (Forensics) API was introduced with is also stated. For example, version 7 was introduced with SSE 6.0.0.
For examples of how header information is specified in a download command and fields are filled with values in the output, see Reporting Examples.
| Header name and version | Fields | Remarks |
|---|---|---|
|
x-mwg-api-version: 1 |
With this header, the following fields are downloaded: |
This is the default header for downloading data fields.
|
|
x-mwg-api-version: 2
|
With this header, all fields from version 1 are downloaded, plus these fields: media_type application_type |
|
|
x-mwg-api-version: 3 |
With this header, all fields from versions 1 and 2 are downloaded, plus this field: reputation |
|
| x-mwg-api-version: 4 |
With this header, all fields from versions 1 – 3 are downloaded, plus these fields: last_rule |
|
| x-mwg-api-version: 5 |
With this header, all fields from versions 1 – 4 are downloaded, plus these fields: |
|
|
x-mwg-api-version: 6 |
With this header, no new fields are added. All fields from versions 1 – 5 are downloaded. | Beginning with this version of the REST (Forensics) API, an error message is sent with the response to a download request that has timed out. |
|
x-mwg-api-version: 7 |
With this header, all fields from versions 1 – 6 are downloaded, plus these fields: pop_country_code |
Introduced with: SSE 6.0.0 |
|
x-mwg-api-version: 8
|
With this header, all fields from versions 1 – 7 are downloaded, plus these fields: dlp (The pop_ingress_ip field contains the ingress IP address or ingress IP/24 network of the PoP – Point of Presence where a request was received, depending on the type of PoP. When no ingress IP address or network could be retrieved, the value of the field is 0.0.0.0.) |
Introduced with: SSE 6.0.2 |
| x-mwg-api-version: 9 | With this header, no new fields are added. All fields from versions 1 – 8 are downloaded. | Introduced with: SSE 6.2.1 Beginning with this version of the REST (Forensics) API, you can also download data originating from traffic that is isolated under Remote Browser Isolation (RBI), as well as from Private Access traffic and from traffic that goes through a firewall. For more information, see Reporting Examples. |
| x-mwg-api-version: 10 | With this header, all fields from versions 1 – 9 are downloaded, plus these fields: mw_probability discarded_host ssl_client_prot ssl_server_prot |
Introduced with: SSE 6.2.0 The new fields in this version are only downloaded for the following types of traffic:
|
| x-mwg-api-version: 11 | With this header, fields from versions 1 – 10 are downloaded, plus this field: domain_fronting_url |
Introduced with: SSE 6.3.1 The new field in this version is only downloaded for the following types of traffic:
For more information, see Reporting Examples. |
| x-mwg-api-version: 12 | With this header, fields from versions 1 – 11 are downloaded, plus these fields:
|
Introduced with SSE 6.4.0 The new fields in this version are only downloaded for the types of traffic that are specified here. For more information, see Reporting Examples. |