Log Field Reference
All of the fields available in the log data supplied by the SIEM log streaming integration.
Field | Type | Description |
|---|---|---|
| String containing RFC3339 Datetime | The time the query occurred |
| string | The domain queried, also called |
| string | The RR Type |
| string | The IP from which the request came |
| integer | The DNS status code |
| string (enum) | The DNS protocol used:
|
| object | |
| array | List of all answers provided. Currently only contains IPs. |
| object (optional) | GeoIP2 information about the first valid IP in the answers. |
| string (optional) | two-letter country code of the IP |
| string (optional) | Name of the city of the IP |
| string (optional) | Name of the ISP of the IP |
| integer (optional) | ASN number of the ISP |
| object | |
| string | the ID of the organisation account |
| name | the name of the organisation (currently not supplied) |
| object (null if organisation is not null) | |
| string | the ID of the user account |
| string | the name of the user (currently not supplied) |
| object | |
| string | the ID of the endpoint |
| string | the name of the endpoint |
| object (optional) | |
| string | the ID of the client |
| string | the name of the client (usually hostname or custom alias) |
| integer | The action taken by Control D
|
| string (optional) | The reason the action was taken
|
| string (optional) | The label for the trigger described above, if any.
|
| string (optional) | The target of a redirect, if any. Generally an IP, another domain, or an IATA code of a proxy location. |
| string (optional) | A broad category of the type of website, such as |
| object (optional) | Contains the same info as answers.geoip (see above), but for |
Updated about 9 hours ago