| _BilledSize |
|
Double |
| _IsBillable |
|
String |
| AlertAction |
The action taken when an alert was triggered (e.g., allowed, dropped, rejected). |
String |
| AppProto |
The application layer protocol detected. |
String |
| AvailabilityZone |
The AWS Availability Zone where the firewall instance is located. |
String |
| Category |
The category of the detected threat or network activity. |
String |
| DestIp |
The destination IP address of the packet. |
String |
| DestPort |
The destination port to which the packet was sent. |
String |
| Direction |
The direction of the traffic (e.g., inbound, outbound). |
String |
| EventTimestamp |
The epoch timestamp of when the event occurred. |
DateTime |
| EventType |
The type of event recorded (e.g., alert, flow, drop, pass). |
String |
| FirewallName |
The name of the AWS Network Firewall instance generating the log. |
String |
| FlowId |
A unique identifier for the network flow related to this event. |
String |
| PktSrc |
The source of the packet (e.g., internal, external, firewall rule). |
String |
| Proto |
The protocol used (e.g., TCP, UDP, ICMP). |
String |
| Rev |
The revision number of the matched Suricata rule. |
String |
| Severity |
The severity level of the event, typically based on Suricata rule classifications. |
String |
| Signature |
The name or description of the Suricata rule that triggered the alert. |
String |
| SignatureId |
The unique identifier of the Suricata rule that matched the event. |
String |
| Sni |
The Server Name Indication (SNI) from TLS traffic. |
String |
| SourceSystem |
|
String |
| SrcIp |
The source port from which the packet originated. |
String |
| SrcPort |
The source port from which the packet originated. |
String |
| TenantId |
Unique identifier of the tenant into which the data connector ingests data. |
String |
| TimeGenerated |
The timestamp when the log entry was created in AWS Network Firewall. |
DateTime |
| Timestamp |
The exact timestamp when the event was captured. |
DateTime |
| TxId |
The transaction ID associated with the specific network flow. |
String |
| Type |
The name of the table |
String |
| VerdictAction |
The final decision made by the firewall (e.g., pass, drop, alert). |
String |
| Version |
The version of the log schema or Suricata rule format used. |
String |