Domain-Blocked Log Event JSON Format
Abstract
This document describes the JSON log event fields of the Log Streaming Test Message and provides an example.
The domain-blocked log event is generated when Cyber Shield Domain Filtering blocks a domain name resolution.
The log event JSON contains the Header fields and a log JSON object. The fields in the log JSON object for when the eventName in the Header is set to domain-blocked are described in the table below. For more information on the Header, refer to Log Event Header Fields.
Table 7. JSON fields present in the log object for the domain-blocked log event
Field Name | Type | Description |
|---|---|---|
domain | String | The name of the domain that was blocked. |
category | String | The content filtering category of the blocked domain. |
queryType | String | The type of DNS query used for domain resolution. |
protocol | String | The DNS protocol used. |
{
"CloudConnexaLogVersion": 1,
"timestamp": "2023-11-10T15:52:11.000000Z",
"cloudId": "test",
"service": "CloudConnexa",
"traceId": "e8387be6-7a05-4c73-8dae-34047b414194",
"initiator": "521572bc-fcc2-4c05-a78c-d2a9654cc676",
"initiatorType": "Device",
"initiatorName": "My Main Device",
"parentEntity": "43efdaaa-d8a1-4af1-acc1-d96b77313f42",
"parentEntityType": "User",
"parentEntityName": "My User",
"category": "Security.CyberShieldBlockedDomains",
"eventName": "domain-blocked",
"log": {
"domain": "c2c-test-domain.openvpn.com",
"category": "Command and Control",
"queryType": "A",
"protocol": "UDP"
}
}