ICMP)ĭetailed information about the action performed by the firewall (There are 7 categories.):ġ0. Source port or session identifier for protocols without ports (e.g., ICMP)ĭestination port or session identifier for protocols without ports (e.g. "Inter": intermediate report, which is sent every 60s."AppBlock": application has been blocked (see apps field)."App": application has been detected (see apps field).(for Firewall Insights, type = ngfw-act) JSON Fields To receive and forward all events through your Logstash pipeline, use the following configuration. Make sure to use the PKSCS8 certificate key. ![]()
0 Comments
Leave a Reply. |