menlo-web-logs
Get web access logs from Menlo Security service.
menlo-web-logs [profile=PROFILE] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
- profile=PROFILE
- Menlo Security connect profile code
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10smeans data from 10 seconds earlier. - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Time | |
| risk | String | Risk | e.g. LOW, MEDIUM, HIGH |
| risk_tally | Integer | Risk count | e.g. -1 |
| user | String | User | Email format |
| req_type | String | Request type | e.g. page_request, file_download |
| site_category | String | Site category | e.g. Malware Sites, Phishing and Other Frauds |
| domain | String | Domain | |
| src_ip | IP address | Source IP | |
| dst_ip | IP address | Destination IP | |
| dst_addrs | String | Destination addresses | Comma separated values. |
| egress_ip | IP address | Egress IP | Menlo Security gateway address. |
| category | String | Category | e.g. Malware, Phishing |
| signature | String | Signature | e.g. cats_Malware, cats_Phishing & Fraud |
| action | String | Action | e.g. allow, isolate |
| reason | String | Reason | e.g. file_download_LinuxEXE_isolated_site |
| status | Integer | Status | e.g. 200, 404 |
| method | String | Method | e.g. GET |
| url | String | URL | |
| top_url | String | Top URL | URL of parent browser frame |
| app | String | App | e.g. http, https |
| is_iframe | Bool | Is iframe | |
| has_password | Bool | Has password | |
| is_inconsistent_domain | Bool | Is inconsistent domain | |
| num_subfiles | Integer | File count | |
| file_size | Long | File size | |
| content_type | String | Content type | e.g. text/html;charset=utf-8 |
| browser_version | String | Browser version | e.g. Chrome_127 |
| user_agent_type | String | User agent type | e.g. supported_browser |
| user_agent | String | User agent | |
| referer | String | Referer | |
| full_session_id | String | Session ID | |
| vendor | String | Vendor | e.g. Menlo Security |
| product | String | Product | e.g. MSIP |
| version | String | Version | e.g. 2.0 |
| region | String | Region | e.g. ap-northeast-1c |
| tab_id | Integer | Tab ID | e.g. 1 |
| pe_rule_name | String | Rule name | e.g. Phishing Threat |
| rendering_mode | String | Rendering mode | e.g. ACR1 |