| CEF Name | JSON Name | Description | Data Type | Example Value |
|---|---|---|---|---|
<CEF header> | | CEF version | Integer | 0 |
<CEF header> | metadata.vendor | Vendor identification | String | Jamf |
<CEF header> | metadata.product | Product identification | String | ZTNA Events Stream |
<CEF header> | metadata.schemaVersion | Formatted message version | String | 1.0 |
<CEF header> | signatureId.Id | Signature identification | Integer | 3 |
<CEF header> | signatureId.name | Signature identification name | String | ZTNA Event |
<CEF header> | <CEF header> only | Log severity | Integer | 1 |
CustomerId | account.customerId | Customer identifier | String | |
ParentId | account.parentId | Customer global account ID | String | |
AccountName | account.name | Customer account name | String | |
GUID | device.deviceId | Device identifier | String | a111111a-11a1-4266-9609-fbee82a8a4f9 |
DeviceName | device.deviceName | Human-readable device name | String, Null |
|
DeviceId | device.externalId | UEM device identifier or device unique device identifier (UDID) | String | |
OS | device.os | Device OS and version | String | IOS 11.2.5 |
OsType | device.osType | OS type | String | IOS |
UserEmail | user.email | User email address | String | |
UserName | user.name | User name | String | Mr. User |
App | application | App name | String | Outlook |
DestinationIP | destinationIp | Request destination server IP address | String | |
RouteName | routeName | Request route name | String | Nearest Data Center |
ACT | action | Policy action taken | String |
|
DeviceRiskIndex | riskDetails.deviceRiskIndex | Device risk index | String | 0.5 |
AppRiskIndexThreshold | riskDetails.appRiskIndexThreshold | Access policy risk index threshold | String | 0.6 |
BlockReason | blockReason | Reason for blocked request | String |
For more information about block reasons, see Zero Trust Network Access Reports. |
Timestamp | timestamp | Unix to ISO timestamp conversion | String | |