Fields specific to the "l_sandboxing" log
The fields described below appear in the web administration interface of the firewall under the Monitoring > Logs - Audit logs module, in the views: All logs and Sandboxing.
|
hash |
Results of the file content hash (SHA2 method) String of characters in UTF-8 format. Example: "f4d1be410a6102b9ae7d1c32612bed4f12158df3cd1ab6440a9ac0cad417446d" |
| Hash | |
|
sandboxinglevel |
Indicates the level of the file's infection on a scale of 0 to 100. Value: "0" (clean) to "100" (malicious). |
| Sandboxing score | |
|
sandboxing |
Classification of the file according to the sandboxing option. Value: "clean", "suspicious", "malicious", "unknown", «forward", "failed".
The sandboxing option indicates a "clean", "suspicious" or "malicious" status if the file has already been scanned and classified. The "unknown" status is returned if sandboxing does not know the file concerned. In this case, the whole file will be sent to the firewall to be scanned. |
| Sandboxing | |
| msg |
Message associated with the results of the sandboxing scan. String of characters in UTF-8 format. Example: "Virus name: thisvirus". |
| Message | |
| dstcontinent |
Continent to which the destination IP address of the connection belongs. Value: continent's ISO code Example: dstcontinent="eu" Available from: SNS v3.0.0. |
| Destination continent | |
| dstcountry |
Country to which the destination IP address of the connection belongs. Format: country's ISO code Example: dstcountry="fr" Available from: SNS v3.0.0. |
| Destination country | |
| dsthostrep |
Reputation of the connection's target host. Available only if reputation management has been enabled for the relevant host. Format: unrestricted integer. Example: dsthostrep=506 Available from: SNS v3.0.0. |
| Destination host reputation | |
| dstiprep |
Reputation of the destination IP address. Available only if this IP address is public and listed in the IP address reputation base. Value: "anonymizer", "botnet", "malware", "phishing", "tor", "scanner" or "spam". Example: dstiprep="spam" Available from: SNS v3.0.0. |
| Reputation of the dest. | |
| risk |
Risk relating to the connection. This value contributes to the reputation score of the connection's source host. Value: between 1 (low risk) and 100 (very high risk). Example: risk=20 Available from: SNS v3.0.0. |
| Risk | |
| srccontinent |
Continent to which the source IP address of the connection belongs. Value: continent's ISO code Example: srccontinent="eu" Available from: SNS v3.0.0. |
| Source continent | |
| srccountry |
Country to which the source IP address of the connection belongs. Format: country's ISO code Example: srccountry="fr" Available from: SNS v3.0.0. |
| Source country | |
| srchostrep |
Reputation of the connection's source host. Available only if reputation management has been enabled for the relevant host. Format: unrestricted integer. Example: srchostrep=26123 Available from: SNS v3.0.0. |
| Source host reputation | |
| srciprep |
Reputation of the source IP address. Available only if this IP address is public and listed in the IP address reputation base. Value: "anonymizer", "botnet", "malware", "phishing", "tor", "scanner" or "spam". Example: srciprep="anonymizer,tor" Available from: SNS v3.0.0. |
| Reputation of the src. | |
|
proto |
Name of the associated plugin. If this is not available, the name of the standard service corresponding to the destination port. String of characters in UTF-8 format. Example: “http”, “ssh” Available from: SNS v1.0.0. |
|
Protocol |
|
| service |
Service (product with a dedicated port) on which the vulnerability was detected. String of characters in UTF-8 format. Example: “OpenSSH_5.4” |
| Vulnerability management / Service |