The following are details for various Silo log types:
• COOKIES
• DOWNLOAD
• ENC
• EXPLOIT
• HARVEST
• PRINT
• SESSION
Please refer to the Log Extract API guideline for information on how to programmatically retrieve the logs. The Splunk Enterprise Technical Add-on is also available as an alternative method
Log Type: URL
Log information pertaining to visited websites and navigation details
More Info:
- To enable the micro_category and macro_category fields, ensure that the URL Category Filtering policy is configured in the Silo Admin Console. No categories need to be selected for Allow or Block settings
Field Name | Definition | Sample Result |
| client_ip | The IP address of the local machine as seen as by Authentic8. This is frequently the NAT address of the local network rather than the actual IP address of the local machine | 50.247.80.185 |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1411481216.764143 |
| domain | The domain name of the URL | "example.com" in "https://example.com:81/path?p=v" |
| headers | Components of the header section of request and response messages | Host: login.example.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:30.0) Gecko/20100101 Firefox/30.0 Authentic8/1.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: https://login.example.com/config/login_verify2?&.src=ym\r\nDNT: 1\r\nConnection: keep-alive\r\n" |
| method | HTTP request method | GET, POST |
| org_id | The opaque string identifier of the Silo organization | 64bb2da94d49648b75e3b3b82338086e |
| page_title | The title of a web page, the text shown in the browser tab or search engine result | Submit a ticket: Authentic8 Support |
| path | The path of the URL | "/path" in "https://example.com:81/path?p=v" |
| port | The Network port of the URL | "81" in "https://example.com:81/path?p=v". If the Network port is set to 80 or 443, this value would be null |
| response_code | The HTTP response code from the website | usually 200 |
| response_headers | Components of the header section of request and response messages | Date: Tue, 23 July 2025 14:13:37 GMT\r\nP3P: policyref=\"http://info.example.com/w3c/p3p.xml\", CP=\"CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV\"\r\nX-Frame-Options: DENY\r\nCache-Control: private\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 32723\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Security-Policy-Report-Only: default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri http://b.login.example.com/beacon/csp\r\nAge: 0\r\nConnection: close\r\nStrict-Transport-Security: max-age=15552000\r\nServer: ATS\r\n" |
| response_size | If known, the size of the response in bytes. Otherwise, null | 3655 |
| scheme | The protocol specifier in a URL | usually http or https |
| seq_id | Sequence number of log entry | 12627567 |
| session_id | An opaque string that identifies the Silo for Safe Access or Silo for Research session | f1b3310c0422f847446fe7661d896c6a |
| primary_session_id | Unique identifier of the Silo for Safe Access session. If this is not null, the log entry was made in a subsession, so this identifies the primary session. This would typically be non-null in a Toolbox as an App subsession | "primary_session_id": "bd1dfccc8b4c98c79085d78b0aab96e6" Toolbox as an App session "session_id": "bd1dfccc8b4c98c79085d78b0aab96e6:1" |
| type | Log type | URL |
| url | Website address | https://login.example.com/ |
| user_id | The opaque string identifier of the Silo account | c8cd4252f8b15bdbc9c3e7c53d73f562 |
| username | The login name of the Silo account who initiated the session | silotestaccount |
| query | The query of the URL | "p=v" in "https://example.com:81/path?p=v" |
| micro_category | Specific filtering category reason | Social Networking |
| macro_category | General filtering category name | Productivity Drains |
Log Type: DOWNLOAD
Log information pertaining to file download activities, along with the file details
Field Name | Definition | Sample Result |
| client_ip | The IP address of the local machine as seen as by Authentic8. This is frequently the NAT address of the network rather than the actual IP address of the local machine | 50.247.80.185 |
| bytes | Downloaded file size in bytes | 92108 |
| target | Destination path of downloaded file | /tmp/download-0/Extract_Log_Samples.txt |
| contentType | Data type of the downloaded file | text/plain |
| hash | SHA-256 hash of the file in hex | d262d17ab180800703ad2a65a29643c72c7ebfeb1a6431d34e19561c0e50cc41 |
| url | Source of the downloaded file | https://mail-attachment.googleusercontent.com/attachment/u/0/? ui=2&ik=9f0c44d8c2&view= att&th=1489b4c8d5929ac4&attid=0.1 &disp=safe&realattid= f_i0d86brx0&zw&saduie=AG9B_P_EV24vE6QEP8oX6jRL1kF -&sadet=1411404392213&sads=M8j4UFPeIEoD7EnKT_iP5IFQspk |
| username | The login name of the Silo account who initiated the session | silotestaccount |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1411408790.093198 |
| org_id | The opaque string identifier of the Silo organization | 64bb2da94d49648b75e3b3b82338086e |
| seq_id | Sequence number of log entry | 12625480 |
| session_id | An opaque string that identifies the Silo for Safe Access session | 9d1d78fe0c999429fcce590358ec5ca5 |
| type | Log type | DOWNLOAD |
| scheme | The protocol specifier of the source site | usually http or https |
| domain | The domain of the source web site | mail-attachment.googleusercontent.com |
| port | Network port of the source website | 443 |
| path | Source path of the website | /attachment/u/0/ |
| query | Source query of the downloaded file | ui=2&ik=9f0c44d8c2&view=att&th=1489b4c8d5929ac4&attid=0.1 &disp=safe&realattid=f_i0d86brx0&zw&saduie=AG9B_ P_EV24vE6QEP8oX6jRL1kF-&sadet=1411404392213&sads=M8j4UFPeIEoD7EnKT_iP5IFQspk |
Log Type: UPLOAD
Log information pertaining to file upload activities, along with the file details
Field Name | Definition | Sample Result |
| client_ip | The IP address of the local machine as seen as by Authentic8. This is frequently the NAT address of the network rather than the actual IP address of the local machine | 50.247.80.185 |
| bytes | Uploaded file size in bytes | 4403457 |
| target | Path of the temporary transfer destination on the Authentic8 server | /tmp/upload-0/37a9be56c22de501a6fee0d6bd70cf26-Logs.txt" |
| contentType | Data type of the uploaded file | image/png |
| hash | SHA-256 hash of the file in hex | c7ebfeb1a6431d34e19561c0e50cc41d262d17ab180800703ad2a65a29643c72 |
| url | Destination of the uploaded file | https://mail.google.com/mail/u/0/?ui=2&ik=9f0c44d8c2&view=up&fcid=i0d86bs2dkg5&rt=j&act= fup&oauth=AG9B_P_EV24vE6QEP8oX6jRL1kF-%7Cb54078f6cd20dc2a&attid=f_i0d86brx0 |
| username | The login name of the Silo account who initiated the session | silotestaccount |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1411408790.093198 |
| org_id | The opaque string identifier of the Silo organization | 64bb2da94d49648b75e3b3b82338086e |
| seq_id | Sequence number of log entry | 12625195 |
| session_id | An opaque string that identifies the Silo for Safe Access or Silo for Research session | f9567c931b7dc6a4e5299e8c862011fe |
| type | Log type | UPLOAD |
| scheme | The protocol specifier of the destination site | https |
| domain | The domain of the web site file uploaded to | mail.google.com |
| port | Network port of the source website | 443 |
| path | Source path of the website | /attachment/u/0/ |
| query | Source query of the uploaded file | ui=2&ik=9f0c44d8c2&view=up&fcid=i0d86bs2dkg5&rt=j& act=fup&oauth=AG9B_P_EV24vE6QEP8oX6jRL1kF-%7Cb54078f6cd20dc2a&attid=f_i0d86brx0 |
Log Type: SESSION
Log information pertaining to Silo for Safe Access and Silo for Research (Toolbox) sessions
Field Name | Definition | Sample Result |
| client_ip | The IP address of the user's machine as seen as by Authentic8. This is frequently the NAT address of the network rather than the actual IP address of the local machine | 50.247.80.185 |
| client_machine_name | System name retrieved from local machine factors (if a system has obscured machine factors, the obscured name will be shown) | MacBook Pro |
| client_timezone | The timezone of either the host session and Toolbox session | America/New_York |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1411568275.720287 |
| egress_ip | IP address of the egress location | 179.48.248.22 |
| egress_location | Region identifier for the egress location | Costa Rica (cr) |
| execution_location | Region identifier for the Toolbox as an App session | Singapore (sg) |
| execution_server_ip | IP address of the server hosting the session | 119.81.23.187 |
| execution_server_name | Hostname of the server hosting the Toolbox as an App session | app-sng-54.authentic8.com |
| exit_reason | The reason for the session termination | User Exit |
| languages | The language set under Browser Fingerprint Management | en |
| org_id | The opaque string identifier of the Silo organization | 64bb2da94d49648b75e3b3b82338086e |
| seq_id | Sequence number of log entry | 12630308 |
| session_end_time | UNIX Epoch time of session end | 1411568275 |
| session_id | An opaque string that identifies the Silo for Safe Access ession | bd1dfccc8b4c98c79085d78b0aab96e6 |
| session_start_time | UNIX Epoch time of session start | 1411567938 |
| session_type | Type of sessions logged | Silo; Toolbox |
| type | Log type | SESSION |
| toolbox_name | Name of the Toolbox | Miami Toolbox |
| user_agent_label | The selected User Agent | Chrome (Windows) |
| user_agent_value | The complete Browser Fingerprint information | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome /125.0.0.0 Safari/537.36 |
| user_id | The opaque string identifier of the Silo account | dbc9c3e7c5c8cd4252f8b15b3d73f562 |
| user_type | Indicator of standard user or Silo Administrator | admin |
| username | The login name of the Silo account who initiated the session | silotestaccount |
| primary_session_id | Unique identifier of the Authentic8 session. If this is not null, the log entry was made in a subsession, so this identifies the primary session. This would typically be non-null in a Toolbox as an App subsession | "primary_session_id": "bd1dfccc8b4c98c79085d78b0aab96e6" Toolbox as an App session "session_id": "bd1dfccc8b4c98c79085d78b0aab96e6:1" |
Log Type: AUTH
Log information pertaining to authentication attempts such as SAML, PIN, OOB (out of band), and Reset user login with temporary password
Field Name | Definition | Sample Result |
| action | Type of authentication actions | PIN; PIC (grandfathered authentication method for users created prior since early 2013); SAML SSO |
| client_ip | The IP address of the user's machine as seen as by Authentic8. This is frequently the NAT address of the network rather than the actual IP address of the local machine | 50.247.80.185 |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1411567747.400867 |
| org_id | The opaque string identifier of the Silo organization | 4a6ca40fc47ab8655f85b4cc6d6139e0 |
| reason | Any available detail reason for authentication action results | Incorrect credentials; "Signature data missing" |
| result | Result of authentication actions | success; failure |
| seq_id | Sequence number of log entry | 23686753 |
| session_id | An opaque string that identifies the Silo for Safe Access session | ec3d9b11ff7eb00d6f55f773ba057583 |
| type | Log type | AUTH |
| user_id | The opaque string identifier of the Silo account | a62f8860f76650380e09d366557e3751 |
| username | The login name of the Silo account who initiated the session | silotestaccount |
Authentication Summary:
Action | Result | Reason |
| PIN Auth | success | |
| failure | Incorrect credentials | |
| failure | Booted after three failed attempts | |
| failure | Locked out after three login failures over two consecutive sessions | |
| SAML Auth | success | |
| failure | Signature expired | |
| failure | Signature invalid | |
| failure | Signature data missing | |
| OOB (out of band) | success | |
| failure | Incorrect OOB code | |
| failure | Phone modification disabled after three failed attempts | |
| failure | Unable to send code, incorrect phone number: 9999999999 | |
| Reset (user login using temporary password) | success | |
| failure | Invalid reset code | |
| failure | Booting user after three failed attempts | |
| failure | Locked out after three reset code failures over two consecutive sessions | |
| New User Create PIN | success | Created new pin code |
| User changed PIN | success | Changed pin code |
Log Type: ADMIN_AUDIT
Log information pertaining to Silo Administrator changes performed within the Silo Admin Console
The data logged includes:
- Who made the change (username)
- When the change was made (timestamp)
- What was changed (including before and after values)
More Info:
- Credential changes will be tracked and listed but actual data will NOT be logged
- Admin Audit logs usually contain any of the 4 audit_type USER, WEB_APP, POLICY, ORG
Field Name | Definition | Sample Result |
| admin_fullname | Full name of Silo Admin who made the changes | Silo Admin |
| audit_type | Type of changes made | POLICY |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1411623446.621668 |
| message | Any Silo Admin executed action details | Changed org name from \"Untitled Org\" to \"test\" |
| org_id | The opaque string identifier of the Silo organization | 4a6ca40fc47ab8655f85b4cc6d6139e0 |
| org_name | Name of the Silo organization | Admin Org |
| seq_id | Sequence number of log entry | 23691402 |
| source | Source of the Silo Admin changes | Admin Console |
| type | Log type | ADMIN_AUDIT |
| username | The login name of the Silo Admin who made the changes | silotestaccount |
| old_values | Value before change | "email": "user@email.com” |
| new_values | Value after change | "email": "user@new-email.com” |
Log Type: ENC
Field Name | Definition | Sample Result |
| enc | Payload of encrypted logs | base64 encoded encrypted serialized JSON object |
| key_name | Name of Asymmetric Key used to encrypt symmetric key | Test Public Key |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1411623446.621668 |
| org_id | The opaque string identifier of the Authentic8 org | 4a6ca40fc47ab8655f85b4cc6d6139e0 |
| org_name | Name of the Silo organization | Admin Org |
| seq_id | Sequence number of log entry | 23691402 |
| type | Log type | ENC |
Log Type: COOKIES
Web cookies may contain confidential and sensitive information — Log Encryption must be enabled in order to record this log type
Field Name | Definition | Sample Result |
| client_ip | The IP address of the local machine as seen as by Authentic8. This is frequently the NAT address of the network rather than the actual IP address of the local machine | 50.247.80.185 |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1411481216.764143 |
| data | Cookie data log entries | actual data blog |
| domain | The domain name of the URL | "example.com" in "https://example.com:81/path?p=v" |
| method | HTTP request method | GET, POST |
| org_id | The opaque string identifier of the Silo organization | 64bb2da94d49648b75e3b3b82338086e |
| path | The path of the URL | "/path" in "https://example.com:81/path?p=v" |
| port | The Network port of the URL | "81" in "https://example.com:81/path?p=v". If the Network port is 80 or 443, this value would be null |
| response_code | The HTTP response code from the website | usually 200 |
| scheme | The protocol specifier in a URL | usually http or https |
| seq_id | Sequence number of log entry | 12627567 |
| session_id | An opaque string that identifies the Silo for Safe Access session | f1b3310c0422f847446fe7661d896c6a |
| type | Log type | COOKIES |
| url | Website address | https://login.example.com/ |
| username | The login name of the Silo account who initiated the session | silotestaccount |
Log Type: POST DATA
POST data (form posts only) may contain confidential and sensitive information — Log Encryption must be enabled in order to record this log type. The POST method specifies a destination, but the response page is usually different than the target of the POST. Not all form posts result in a traditional post, and it may not always map to a URL entry. By design, Silo for Safe Access does not record all XHR posts because this would result in a large amount of irrelevant data
Field Name | Definition | Sample Result |
| client_ip | The IP address of the local machine as seen as by Authentic8. This is frequently the NAT address of the network rather than the actual IP address of the local machine | 50.247.80.185 |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1411481216.764143 |
| data | POST data log entries | actual data blog |
| domain | The domain name of the URL | "example.com" in "https://example.com:81/path?p=v" |
| org_id | The opaque string identifier of the Silo organization | 64bb2da94d49648b75e3b3b82338086e |
| path | The path of the URL | "/path" in "https://example.com:81/path?p=v" |
| port | The Network port of the URL | "81" in "https://example.com:81/path?p=v". If port would have been 80 or 443, this is null. |
| query | The query of the URL | "p=v" in "https://example.com:81/path?p=v" |
| scheme | The protocol specifier in a URL | usually http or https |
| seq_id | Sequence number of log entry | 12627567 |
| session_id | An opaque string that identifies the Silo for Safe Access or Silo for Research session | f1b3310c0422f847446fe7661d896c6a |
| type | Log type | POST DATA |
| url | Website address | https://login.example.com/ |
| username | The login name of the Silo account who initiated the session | silotestaccount |
Log Type: LOCATION CHANGE
Log information pertaining to location changes detected in the address bar. Websites accessed via Google search queries are also tracked
Field Name | Definition | Sample Result |
| client_ip | The IP address of the local machine as seen as by Authentic8. This is frequently the NAT address of the network rather than the actual IP address of the local machine | 50.247.80.185 |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1411481216.764143 |
| user_id | The opaque string identifier of the Silo account | db51b9038ddc66641381c4628bcb8ee1 |
| domain | The domain name of the URL | www.google.com |
| org_id | The opaque string identifier of the Silo organization | 64bb2da94d49648b75e3b3b82338086e |
| path | The path of the URL | /maps/search/news/@34.736297,-84.007953,5z/data=!3m1!4b1 |
| port | The Network port of the URL | 80 or 443 |
| query | The query of the URL | gws_rd=ssl#q=cats |
| scheme | The protocol specifier in a URL | usually http or https |
| seq_id | Sequence number of log entry | 12988378 |
| session_id | An opaque string that identifies the Silo for Safe Access session | c516a4417c72673478dea4186ea6d35e |
| type | Log type | LOCATION CHANGE |
| url | Website address | https://www.google.com/?gws_rd=ssl#q=cats |
| username | The login name of the Silo account who initiated the session | silotestaccount |
Log Type: BLOCKED URL
Log information pertaining to blocked URLs or domains per the URL Category or Domain Filtering policies
Field Name | Definition | Sample Result |
| client_ip | The IP address of the local machine as seen as by Authentic8. This is frequently the NAT address of the network rather than the actual IP address of the local machine | 50.247.80.185 |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1411481216.764143 |
| user_id | The opaque string identifier of the Silo account | db51b9038ddc66641381c4628bcb8ee1 |
| domain | The domain name of the URL | www.google.com |
| org_id | The opaque string identifier of the Silo organization | 64bb2da94d49648b75e3b3b82338086e |
| path | The path of the URL | /maps/search/news/@34.736297,-84.007953,5z/data=!3m1!4b1 |
| port | The Network port of the URL | 80 or 443 |
| scheme | The protocol specifier in a URL | usually http or https |
| seq_id | Sequence number of log entry | 12988378 |
| session_id | An opaque string that identifies the Silo for Safe Acccess session | c516a4417c72673478dea4186ea6d35e |
| type | Log type | BLOCKED URL |
| url | Web site address | https://www.google.com/?gws_rd=ssl#q=cats |
| username | The login name of the Silo account who initiated the session | silotestaccount |
| reject_type | The policy reason access was prevented | url block list or category |
| micro_category | Specific filtering category reason | Social Networking |
| macro_category | General filtering category name | Productivity Drains |
Log Type: TRANSLATION
Log information pertaining to page or context translation within Silo for Safe Access and Silo for Research sessions
Field Name | Definition | Sample Result |
| client_ip | The IP address of the local machine as seen as by Authentic8. This is frequently the NAT address of the network rather than the actual IP address of the local machine | 69.181.241.203 |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1427175692.787294 |
| length | Number of characters translated | 28283 |
| service | Translation service/api used | |
| org_id | The opaque string identifier of the Silo organization | 64bb2da94d49648b75e3b3b82338086e |
| source | Source language translated from | null or English |
| target | Destination language translated to | null or Foreign Language |
| translation_type | Type of translation processed | selection, ad hoc or full_page |
| seq_id | Sequence number of log entry | 24744695 |
| session_id | An opaque string that identifies the Silo for Safe Access or Silo for Research session | 20d33f188fe56351dd451d7819da2681 |
| type | Log type | TRANSLATION |
| url | Website address OR empty for text selection | http://www.cnbc.com/id/102528156 |
| username | The login name of the user who initiated the session | silotestaccount |
Log Type: A8SS
Log information pertaining to events involving Cloud Secure Storage
Field Name | Definition | Sample Result |
| action | File Action values can be: create bucket, create directory, create file, create file, delete directory, delete file, download to client machine, move directory, move file, rename file, update file, upload from client machine | rename file |
| bucket_id | The storage bucket ID where the action was performed | 5113d1da4e4d0c523b170310341b7415 |
| client_ip | IP address of the Silo client which originated the request | 98.138.253.109 |
| content_type | the file type | image/tiff |
| create_ts | timestamp of the create time of the file | 1436215447.527693 |
| create_user | The internal user ID who created the file | d0dd8b47b28057322925v428d9d07a58 |
| file_id | the unique Cloud Secure Storage file identifier | 3b94ae0ebcdc7e926ddddcddfd8cf18c |
| file_size | Size of the file in bytes | 1002365 |
| name | the regular name of the file | TestFile.tiff |
| new_name | Name file was renamed to | TestFile_renamed.tiff |
| org_id | The opaque string identifier of the Silo organization | 4ca51853dcfef8c08a4bbbf168af7f3e |
| seq_id | log entry sequence ID | 13382766 |
| session_id | An opaque string that identifies the Silo for Safe Access or Silo for Research session | f1b3310c0422f847446fe7661d896c6a |
| type | Log Type | A8SS |
| uploading_until | Indication of file save status. If a file save action is complete, this field will be null. If the file is currently being written, or is in some incomplete state, you will see a time stamp | "2015-07-06 21:00:26" or 'Null' |
| user_id | The opaque string identifier of the Silo account | “c8cd4252f8b15bdbc9c3e7c53d73f562” |
| username | The login name of the Silo account who initiated the session | silotestaccount |
Log Type: PRINT
Log information pertaining to printing activities
Field Name | Definition | Sample Result |
| client_ip | The IP address of the local machine as seen by Authentic8. This is frequently the NAT address of the network rather than the actual IP address of the local machine | 98.138.253.109 |
| mime_type | the file mime type | text/html |
| create_ts | timestamp of the create time of the file | 1436215447.527693 |
| org_id | The opaque string identifier of the Silo organization | 4ca51853dcfef8c08a4bbbf168af7f3e |
| seq_id | log entry sequence ID | 13382766 |
| session_id | An opaque string that identifies the Silo for Safe Access or Silo for Research session | f1b3310c0422f847446fe7661d896c6a |
| type | Log type | |
| username | The login name of the Silo account who initiated the session | silotestaccount |
| url | Website address | https://login.example.com/ |
| domain | The domain name of the URL | "example.com" in "https://example.com:81/path?p=v" |
| path | The path of the URL | "/path" in "https://example.com:81/path?p=v" |
| path | The operation performed | direct print, PDF to storage, PDF to device |
| scheme | The protocol specifier in a URL | usually http or https |
| port | The Network port of the URL | "81" in "https://example.com:81/path?p=v". If the Network port is 80 or 443, this value would be null |
Log Type: EXPLOIT
Log information pertaining to malicious files detected before files are downloaded to the local machine
Field Name | Definition | Sample Result |
| origin | Not Applicable | N/A |
| delivered | The file delivered to the Silo account | false |
| client_ip | The IP address of the local machine as seen by Authentic8. This is frequently the NAT address of the network rather than the actual IP address of the local machine | 98.138.253.089 |
| user_id | The opaque string identifier of the Silo account | dbc9c3e7c5c8cd4252f8b15b3d73f562 |
| seq_id | Sequence number of the log entry | 40f33f186fe56351dd451d7819db2681 |
| filetype | The type of file | CL_TYPE_TEXT_ASCII |
| org_id | The opaque string identifier of the Silo organization | 5db51853edgff8c08a4bbbf168af7f3e |
| exploit_name | The name of the malicious file | Eicar-Test-Signature |
| session_id | An opaque string that identifies the Silo for Safe Acccess or Silo for Research session | 20c33d188fd56351cc451d7819cb2681 |
| filename | The name of the downloaded file | "eicar.com test" |
| username | The login name of the Silo account who initiated the session | silotestaccount |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1427175692.787294 |
| type: | Log type | ISOLATION BYPASS |
Log Type: ISOLATION BYPASS
Log information pertaining to website navigation details as designated in the Isolation Bypass policy
Field Name | Definition | Sample Result |
| type | Not Applicable | ISOLATE_BYPASS |
| user_id | The opaque string identifier of the Silo account | db51b9038ddcxyz12345c4628bcb8ee1 |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1411481216.764143 |
| username | The login name of the user who initiated the session | silotestaccount |
| scheme | The protocol specifier in a URL | usually "http" or "https" |
| port | The Network port of the URL | "81" in "https://example.com:81/path?p=v". If the Network port is 80 or 443, this value would be null |
| client_ip | The IP address of the local machine as seen by Authentic8. This is frequently the NAT address of the network rather than the actual IP address of the local machine | 50.247.80.185 |
| headers | Components of the header section of request and response messages | Host: login.example.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:30.0) Gecko/20100101 Firefox/30.0 Authentic8/1.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: https://login.example.com/config/login_verify2?&.src=ym\r\nDNT: 1\r\nConnection: keep-alive\r\n" |
| bypass_type | Type of URL bypass | Isolate list OR Bypass list |
| domain | The domain of the source web site | "example.com" in "https://example.com:81/path?p=v" |
| session_id | An opaque string that identifies the Silo for Safe Access or Silo for Research session | 20c33d188fd56351cc451d7819cb2681 |
| org_id | The opaque string identifier of the Silo organization | db51b9038ddcxyz12345c4628bcb8ee1 |
| path | The path of the URL | "/path" in "https://example.com:81/path?p=v" |
| seq_id | Sequence number of log entry | Sequence number of log entry |
| url | Web site address | https://login.example.com/ |
Log Type: SMS
Log information pertaining to SMS Inbox activities
Field Name | Definition | Sample Result |
| receive_ts | Not Applicable | 2023-02-11 16:22:27 |
| action | Status of SMS Inbox activity | Message received" |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1427175692.787294 |
| seq_id | Sequence number of log entry | 219995045627 |
| org_id | The opaque string identifier of the Silo organization | db51b9038ddcxyz12345c4628bcb8ee1 |
Log Type: HARVEST
Log information pertaining to Harvester API and Collector activities
| Field Name | Definition | Sample Result |
| type | Log type | HARVEST |
| create_ts | The floating point UNIX Epoch time of the log event creation | 1411481216.764143 |
| seq_id | Sequence number of the log entry | 3676798503 |
| org_name | Name of the Silo organization | Test Org |
| username | The login name of the user who initiated the session | silotestaccount |
| user_id | The opaque string identifier of the Silo account | dbc9c3e7c5c8cd4252f8b15b3d73f562 |
| session_id | An opaque string that identifies the Silo for Safe Access or Silo for Research session | 20c33d188fd56351cc451d7819cb2681 |
| egress_info | Egress location type: Datacenter, Wireless, ISP | {"availability":null,"connectivity":"datacenter","protocol":"direct"} |
| action | Harvester/Collector action type | create, completed |
| egress | Egress location | San Jose, CA |
| task_id | Harvester/Collector identifier value | de7af08fade751fed33b6126a01e8e4b |
| task_params | Harvester/Collector task parameters | {"request_type":"visual","urls":["https://www.authentic8.com"],"vis_params":[{"name":"user_agent","value":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36"},{"name":"output_pdf"},{"name":"scale","value":"1.0"}],"vid_params":[],"wget_params":[]} |
| url | Target URL | https://www.authentic8.com |
| destination_bucket | Cloud Secure Storage identifier of the target storage bucket | 5113d1da4e4d0c523b170310341b7415 |
| destination_name | Filename of Harvester/Collector task output | Collector.zip |
| destination_path | Cloud Secure Storage folder path | / |
| started | Harvester/Collector task start time in UNIX Epoch | 1753983509 |
| duration | Task duration measured in seconds | 28.0476954 |
| file_id | Unique Cloud Secure Storage file identifier | 3b94ae0ebcdc7e926ddddcddfd8cf18c |
Please contact Support for any additional questions