DeviceId | Jamf's unique identifier for the device | String | 79fbd274-23eb-42cc-8dd8-a88acdc02e0b |
CustomerId | Customer account ID | String | 8d0f5344-7488-469c-9b06-61d0990565e9 |
ParentId | Customer global account ID | String | 5555defa-1042-4a85-9fff-763ae00c8354 |
SourceIp | Public-facing IP address of the device where the request originated | String | 123.45.6.789 |
NetworkInterface | The network interface that the request is taking place over | String possible values: WIFI, CELLULAR, UNKNOWN | CELLULAR |
Request | Full URL of the request | String | http://website.com/exa_mple1 |
Domain | Second-level domain of the request | String | website |
Tld | Top-level domain of the request | String | com |
DestinationIp | IP address of the destination server where the request is going | String | 123.45.6.789 |
DnsResponseStatus | The response code given by a DNS service when doing a DNS query | String | NOERROR |
Timestamp | Time that the request took place | String (ISO 8601) | 2019-11-01T02:04:56.084Z |
Ttl | DNS record ttl | String | 298 |
DnsRecordType | DNS record type | String | AAAA |
UpstreamSize | Total bytes read from upstream connection (upload from device) | String | 9816 |
UserAgent | User agent header from request | String | Dalvik/2.1.0 (Linux; U; Android 9; SM-G390F Build/PPR1.180610.011) |
HostName | Fully Qualified Domain Name (FQDN) of the request | String | website.com |
ThreatResult | Indicator of whether the request was found to be malicious or not | String, possible values: CLEAN, DIRTY | CLEAN |
ThreatTypes | Threat type of the request if classified as malicious | Array of Strings OR empty OR "-" | malware, cryptojacking |
Category | Content classification of the request | String | News |
Method | HTTP request method | String, possible values: GET, POST | GET |
spt | Port where the request originated | String | 1234 |
dpt | Port of the destination server where the request is going | String | 80 |
HttpProtocolVersion | Version of HTTP protocol used by the client | String | HTTP/1.1 |
TotalSize | Total bytes transferred from the connection (downstream + upstream) | String | 20933728 |
DownstreamSize | Total bytes transferred from downstream connection | String | 229700 |
UserEmail | Device user email address | String | john.smith@megacorp.com |
suser | Also known as sourceUserName – Identifies the source user by name | String | John Smith |
rt | Time that the request took place | String (Unix epoch time in ms) | 1615889489063 |
blocked | Indicates whether the request was blocked or not. This could be due to security policy, data management policy, or content filtering policy. | String, possible values: true, false | false |
OsType | Information about the device OS (ANDROID/IOS/...) | String | IOS |
referer | Optional HTTP header field that identifies the address of the web page | String | www.google.com |
refererSite | Domain name of the HTTP referrer | String | google |
externalId | Optional field or fields containing identifying information from an external system, such as a UEM or MDM solution. | String | Can be any piece of identifying information, such as a UUID. |