FIREWALL


The firewall data model provided below aligns with the most commonly used firewalls and their log formats. Read more about how to use the DNIF Data Model

$SubSystem $Action Description
FIREWALL PACK_BLKD Packets blocked by the firewall
FIREWALL PACK_ALLWD Packets Allowed by the firewall
FIREWALL LOGIN_FAIL Failed authentications detected by the firewall
FIREWALL CONN_DISC Successful disconnections of services detected by the firewall
FIREWALL URL_BLKD URLs blocked by the firewall
FIREWALL CONN_EST Successful connections detected by firewall
FIREWALL RESOURCE_ALERT Resources utilized by firewall
FIREWALL ATK_DETECT Type of attack detected by the firewall
FIREWALL PACK_BLKD_GEO Packets blocked by the firewall based on the source location
FIREWALL VPN_DISCON Disconnection of VPN services
FIREWALL VPN_CNNCTD Successful VPN connection established
FIREWALL PACK_BLKD Packets blocked by the firewall
FIREWALL PACK_ALLWD Packets allowed by the firewall