Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Schema for Cloudflare gateway #68

Open
schack opened this issue Apr 20, 2021 · 2 comments
Open

Schema for Cloudflare gateway #68

schack opened this issue Apr 20, 2021 · 2 comments

Comments

@schack
Copy link

schack commented Apr 20, 2021

Could you add a schema file for Cloudflare Gateway logpush data ?
@shagamemnon
Copy link
Contributor

Sorry for the radio silence here @schack. This will be added with #68/gateway-schemas

@bhargavmd
Copy link

latest schema generated from here: https://developers.cloudflare.com/logs/reference/log-fields/account/gateway_http/

[
  {
    "name": "AccountID",
    "type": "STRING",
    "description": "Cloudflare account tag."
  },
  {
    "name": "Action",
    "type": "STRING",
    "description": "Action performed by gateway on the HTTP request."
  },
  {
    "name": "ApplicationIDs",
    "type": "INTEGER",
    "mode": "REPEATED",
    "description": "IDs of the applications that matched the HTTP request parameters."
  },
  {
    "name": "ApplicationNames",
    "type": "STRING",
    "mode": "REPEATED",
    "description": "Names of the applications that matched the HTTP request parameters."
  },
  {
    "name": "BlockedFileHash",
    "type": "STRING",
    "description": "Hash of the file blocked in the response, if any."
  },
  {
    "name": "BlockedFileName",
    "type": "STRING",
    "description": "File name blocked in the request, if any."
  },
  {
    "name": "BlockedFileReason",
    "type": "STRING",
    "description": "Reason file was blocked in the response, if any."
  },
  {
    "name": "BlockedFileSize",
    "type": "STRING",
    "description": "File size (bytes) blocked in the response, if any."
  },
  {
    "name": "BlockedFileType",
    "type": "STRING",
    "description": "File type blocked in the response e.g., exe, bin, if any."
  },
  {
    "name": "CategoryIDs",
    "type": "INTEGER",
    "mode": "REPEATED",
    "description": "IDs of the categories that matched the HTTP request parameters."
  },
  {
    "name": "CategoryNames",
    "type": "STRING",
    "mode": "REPEATED",
    "description": "Names of the categories that matched the HTTP request parameters."
  },
  {
    "name": "Datetime",
    "type": "STRING",
    "description": "The date and time the corresponding HTTP request was made."
  },
  {
    "name": "DestinationIP",
    "type": "STRING",
    "description": "Destination IP of the request."
  },
  {
    "name": "DestinationIPContinentCode",
    "type": "STRING",
    "description": "Continent code of the destination IP of the HTTP request."
  },
  {
    "name": "DestinationIPCountryCode",
    "type": "STRING",
    "description": "Country code of the destination IP of the HTTP request."
  },
  {
    "name": "DestinationPort",
    "type": "STRING",
    "description": "Destination port of the request."
  },
  {
    "name": "DeviceID",
    "type": "STRING",
    "description": "UUID of the device where the HTTP request originated from."
  },
  {
    "name": "DeviceName",
    "type": "STRING",
    "description": "The name of the device where the HTTP request originated from."
  },
  {
    "name": "DownloadMatchedDlpProfileEntries",
    "type": "STRING",
    "mode": "REPEATED",
    "description": "List of matched DLP entries in the HTTP request."
  },
  {
    "name": "DownloadMatchedDlpProfiles",
    "type": "STRING",
    "mode": "REPEATED",
    "description": "List of matched DLP profiles in the HTTP request."
  },
  {
    "name": "DownloadedFileNames",
    "type": "STRING",
    "mode": "REPEATED",
    "description": "List of files downloaded in the HTTP request."
  },
  {
    "name": "Email",
    "type": "STRING",
    "description": "Email used to authenticate the client."
  },
  {
    "name": "FileInfo",
    "type": "RECORD",
    "description": "Information about files detected within the HTTP request.",
    "fields": [
      {
        "name": "action",
        "type": "STRING",
        "description": "Action taken on the file."
      },
      {
        "name": "content_type",
        "type": "STRING",
        "description": "The file’s content type, if applicable."
      },
      {
        "name": "direction",
        "type": "STRING",
        "description": "Direction of the file transfer."
      },
      {
        "name": "file_name",
        "type": "STRING",
        "description": "The file’s name, if known."
      },
      {
        "name": "file_hash",
        "type": "STRING",
        "description": "The file’s sha256 hash, if known."
      },
      {
        "name": "file_size",
        "type": "INTEGER",
        "description": "The file’s size, in bytes."
      },
      {
        "name": "file_type",
        "type": "STRING",
        "description": "The file’s type, if known."
      }
    ]
  },
  {
    "name": "ForensicCopyStatus",
    "type": "STRING",
    "description": "Status of any associated forensic copies that may have been captured during the request."
  },
  {
    "name": "HTTPHost",
    "type": "STRING",
    "description": "Content of the host header in the HTTP request."
  },
  {
    "name": "HTTPMethod",
    "type": "STRING",
    "description": "HTTP request method."
  },
  {
    "name": "HTTPStatusCode",
    "type": "INTEGER",
    "description": "HTTP status code gateway returned to the user."
  },
  {
    "name": "HTTPVersion",
    "type": "STRING",
    "description": "Version name for the HTTP request."
  },
  {
    "name": "IsIsolated",
    "type": "BOOLEAN",
    "description": "If the request was isolated with Cloudflare Browser Isolation."
  },
  {
    "name": "PolicyID",
    "type": "STRING",
    "description": "The gateway policy UUID applied to the request."
  },
  {
    "name": "PolicyName",
    "type": "STRING",
    "description": "The name of the gateway policy applied to the request."
  },
  {
    "name": "PrivateAppAUD",
    "type": "STRING",
    "description": "The private app AUD, if any."
  },
  {
    "name": "ProxyEndpoint",
    "type": "STRING",
    "description": "The proxy endpoint used on the HTTP request."
  },
  {
    "name": "Quarantined",
    "type": "BOOLEAN",
    "description": "If the request content was quarantined."
  },
  {
    "name": "Referer",
    "type": "STRING",
    "description": "Contents of the referer header in the HTTP request."
  },
  {
    "name": "RequestID",
    "type": "STRING",
    "description": "Cloudflare request ID."
  },
  {
    "name": "SessionID",
    "type": "STRING",
    "description": "Network session ID."
  },
  {
    "name": "SourceIP",
    "type": "STRING",
    "description": "Source IP of the request."
  },
  {
    "name": "SourceIPContinentCode",
    "type": "STRING",
    "description": "Continent code of the source IP."
  },
  {
    "name": "SourceIPCountryCode",
    "type": "STRING",
    "description": "Country code of the source IP."
  },
  {
    "name": "SourceInternalIP",
    "type": "STRING",
    "description": "Local LAN IP of the device."
  },
  {
    "name": "SourcePort",
    "type": "STRING",
    "description": "Source port of the request."
  },
  {
    "name": "URL",
    "type": "STRING",
    "description": "HTTP request URL."
  },
  {
    "name": "UntrustedCertificateAction",
    "type": "STRING",
    "description": "Action taken when an untrusted origin certificate error occurs."
  },
  {
    "name": "UploadMatchedDlpProfileEntries",
    "type": "STRING",
    "mode": "REPEATED",
    "description": "List of matched DLP entries in the HTTP request."
  },
  {
    "name": "UploadMatchedDlpProfiles",
    "type": "STRING",
    "mode": "REPEATED",
    "description": "List of matched DLP profiles in the HTTP request."
  },
  {
    "name": "UploadedFileNames",
    "type": "STRING",
    "mode": "REPEATED",
    "description": "List of files uploaded in the HTTP request."
  },
  {
    "name": "UserAgent",
    "type": "STRING",
    "description": "Contents of the user agent header in the HTTP request."
  },
  {
    "name": "UserID",
    "type": "STRING",
    "description": "User identity where the HTTP request originated from."
  },
  {
    "name": "VirtualNetworkID",
    "type": "STRING",
    "description": "Identifier of the virtual network."
  },
  {
    "name": "VirtualNetworkName",
    "type": "STRING",
    "description": "Name of the virtual network."
  }
]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@schack @shagamemnon @bhargavmd