- Release Notes and Announcements
- Getting Started
- Product Introduction
- Purchase Guide
- Operation Guide
- Practical Tutorial
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Access Control APIs
- AddNatAcRule
- DescribeNatAcRule
- ModifyNatAcRule
- ModifyEnterpriseSecurityDispatchStatus
- ModifyTableStatus
- ModifySequenceRules
- ModifyAllRuleStatus
- ModifyAcRule
- DescribeTableStatus
- DescribeRuleOverview
- DescribeAcLists
- CreateAcRules
- SetNatFwDnatRule
- ExpandCfwVertical
- DescribeNatFwVpcDnsLst
- DescribeNatFwInstancesInfo
- DescribeNatFwInstance
- DescribeNatFwInfoCount
- AddAcRule
- Enterprise Security Group APIs
- Firewall Status APIs
- Intrusion Defense APIs
- Other APIs
- DescribeBlockIgnoreList
- ModifyStorageSetting
- ModifyNatSequenceRules
- DescribeGuideScanInfo
- ModifyBlockTop
- DescribeUnHandleEventTabList
- DescribeTLogIpList
- DescribeTLogInfo
- DescribeBlockStaticList
- DescribeBlockByIpTimesList
- SetNatFwEip
- ModifyResourceGroup
- ModifyNatFwSwitch
- ModifyNatFwReSelect
- ModifyAssetScan
- DescribeSourceAsset
- DescribeNatFwInstanceWithRegion
- DeleteResourceGroup
- CreateNatFwInstance
- DescribeResourceGroupNew
- CreateNatFwInstanceWithDomain
- DescribeIPStatusList
- Data Types
- Error Codes
- FAQs
- Service Level Agreement
- CFW Policy
- Release Notes and Announcements
- Getting Started
- Product Introduction
- Purchase Guide
- Operation Guide
- Practical Tutorial
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Access Control APIs
- AddNatAcRule
- DescribeNatAcRule
- ModifyNatAcRule
- ModifyEnterpriseSecurityDispatchStatus
- ModifyTableStatus
- ModifySequenceRules
- ModifyAllRuleStatus
- ModifyAcRule
- DescribeTableStatus
- DescribeRuleOverview
- DescribeAcLists
- CreateAcRules
- SetNatFwDnatRule
- ExpandCfwVertical
- DescribeNatFwVpcDnsLst
- DescribeNatFwInstancesInfo
- DescribeNatFwInstance
- DescribeNatFwInfoCount
- AddAcRule
- Enterprise Security Group APIs
- Firewall Status APIs
- Intrusion Defense APIs
- Other APIs
- DescribeBlockIgnoreList
- ModifyStorageSetting
- ModifyNatSequenceRules
- DescribeGuideScanInfo
- ModifyBlockTop
- DescribeUnHandleEventTabList
- DescribeTLogIpList
- DescribeTLogInfo
- DescribeBlockStaticList
- DescribeBlockByIpTimesList
- SetNatFwEip
- ModifyResourceGroup
- ModifyNatFwSwitch
- ModifyNatFwReSelect
- ModifyAssetScan
- DescribeSourceAsset
- DescribeNatFwInstanceWithRegion
- DeleteResourceGroup
- CreateNatFwInstance
- DescribeResourceGroupNew
- CreateNatFwInstanceWithDomain
- DescribeIPStatusList
- Data Types
- Error Codes
- FAQs
- Service Level Agreement
- CFW Policy
Field Identifier | Field Type | Field Name | Field Description | Reference Values | Specific Types | Remarks |
appid | string | appid | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | - |
instance_id | string | Asset instance ID | - | - | CFWOnline, CFWNetflowNat | - |
src_ip | string | Source IP | - | 192.168.0.1 | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | - |
dst_ip | string | Destination IP | - | 192.168.0.1 | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | - |
src_port | uint16 | Source port | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | - |
dst_port | uint16 | Destination port | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | - |
protocol | string | Protocol | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | - |
direction | int8 | Direction | Traffic direction | Outbound | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | sd-wan |
dst_domain | string | Access destination domain name | - | - | CFWOnline, CFWNetflowNat | - |
in_pkt_count | uint64 | Number of inbound packets | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | - |
in_pkt_len | uint64 | Inbound packet size | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | - |
out_pkt_count | uint64 | Number of outbound packets | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | - |
out_pkt_len | uint64 | Outbound packet size | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | - |
total_pkt_count | uint64 | Number of total packets | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | - |
total_pkt_len | uint64 | Total packet size | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | - |
ti_tag | string | Associated intelligence tags (included in the alarm) | - | - | CFWOnline, CFWNetflowNat | - |
start_time | int64 | Session start time | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | - |
end_time | int64 | Session end time | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | - |
supplier | string | ISP | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
supplier_en | string | ISP - English | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
src_country | string | Source country | The country where the source IP is located | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
src_country_en | string | Source country - English | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
dst_country | string | Destination country | The country where the destination IP is located | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
dst_country_en | string | Destination country - English | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
src_province | string | Source province | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
src_province_en | string | Source province - English | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
dst_province | string | Destination province | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
dst_province_en | string | Destination province - English | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
src_city | string | Source city | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
dst_city | string | Destination city | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
district | string | Region | - | - | CFWOnline, CFWNetflowNat | - |
address | string | Detailed address | Inbound is the source detailed address Outbound is the destination detailed address | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
address_en | string | Detailed address - English | Inbound is the source detailed address - English Outbound is the destination detailed address - English | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
src_lat | float32 | Source dimension | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
dst_lat | float32 | Destination dimension | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
src_lon | float32 | Source longitude | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
dst_lon | float32 | Destination longitude | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat | sd-wan |
insert_time | int64 | The time when the log is generated and written into the database | - | - | CFWOnline, CFWNetflowNat | - |
count | uint64 | Number of alarms | - | - | CFWOnline | - |
url | string | Layer-7 URL | - | - | CFWOnline | - |
domain_flag | uint8 | Whether the domain name exists | 1: exist 0: not exist | - | CFWOnline | - |
port_status | uint8 | Port status | 1: open 0: close | - | CFWOnline | - |
bot_flag | uint8 | Reserved field | - | - | CFWOnline | - |
mode | uint8 | Firewall attributes | 1: serial 0: bypass | - | CFWOnline | - |
argus_ip | uint32 | Reserved field | - | - | CFWOnline | - |
tcp_flag | uint8 | TCP label | 1: OUTSyn 2: OUTRst 3: OutSynAck 4: OUTFin 5: INSyn 6: INRst 7: INSynAck 8: InFin | - | CFWOnline | - |
timestamp | string | Unified timestamp | - | - | CFWOnline, CFWNetflowVpc, CFWNetflowNat, CFWNetflowFl | sd-wan |
cvm_id | string | Reserved field | - | - | CFWNetflowVpc | - |
ew_ins_id | string | VPC Firewall instance ID | - | - | CFWNetflowVpc | - |
fws_id | string | VPC Firewall edge ID | - | - | CFWNetflowVpc, CFWNetflowNat | - |
fws_name | string | VPC Firewall name | - | - | CFWNetflowVpc | - |
log_type | uint8 | Log type (for internal use) | Current log type fixed value: 2 | - | CFWNetflowVpc | - |
if_pair_key | string | Reserved field | - | - | CFWNetflowVpc | - |
uuid | int64 | Unique ID of original alarm log | - | - | CFWNetflowVpc | - |
flow_id | int65 | Internal field | - | - | CFWNetflowVpc | - |
src_vpc | string | ID of the VPC where the attacker asset is located | - | - | CFWNetflowVpc | - |
dst_vpc | string | ID of the VPC where the victim asset is located | - | - | CFWNetflowVpc | - |
dst_vpc_name | string | Destination VPC name | - | - | CFWNetflowVpc | - |
src_vpc_name | string | Source VPC name | - | - | CFWNetflowVpc | - |
retans | int8 | Is there a retransmission | 1: retransmission 0: no retransmission | - | CFWNetflowVpc, CFWNetflowNat | - |
status | uint8 | Disposition status | - | - | CFWNetflowVpc, CFWNetflowNat | - |
timeout | int64 | Session duration | - | - | CFWNetflowVpc, CFWNetflowNat | - |
src_ins_id | string | Attacker-related asset ID | - | - | CFWNetflowVpc, CFWNetflowFl | - |
dst_ins_id | string | Victim-related asset ID | - | - | CFWNetflowVpc, CFWNetflowFl | - |
src_ins_name | string | Source asset name | - | - | CFWNetflowVpc | - |
dst_ins_name | string | Destination asset name | - | - | CFWNetflowVpc | - |
is_out | int8 | Identifier of SD-WAN firewall accessing the public network | 1: access public network 0: normal access | - | CFWNetflowVpc | sd-wan |
ti_tag_en | string | Attacker IP intelligence tag - English | - | - | CFWNetflowNat | - |
fw_type | string | Alarm sub-type | - | - | CFWNetflowNat | - |
fw_region | string | Region where the firewall is located | - | - | CFWNetflowNat | - |
nat_ip | string | NAT IP | NAT IP address | - | CFWNetflowNat | - |
nat_port | uint16 | NAT port | - | - | CFWNetflowNat | - |
if_id | string | Network interface ID | - | - | CFWNetflowFl | - |
action | string | Alarm action | Alarm handling action | Block, allow | CFWNetflowFl | - |
Yes
No
Was this page helpful?