Netskope Help

Custom Report Queries

These are the custom query options for reports as of the Sprint 61 release. Currently, custom reports do not support all the queries that SkopeIT supports. Use these query fields to generate reports of SkopeIT events.

Note

In prior versions, Event type Page used to be listed as Connection.

Event Type

Summarizable Query Field

Description

Alert

app-cci-contacts-data

Search events for apps with 'Does this application access contacts, calendar data and messages?'

Alert

app-cci-data-per-tenant

Search events for apps with 'Data segregated by tenant'

Alert

total_collaborator_count

Number of Total Collaborators

Alert

dlp_profile

Search events for a specific dlp profile applied to the content (e.g., dlp_profile = dlp-pci)

Alert

count

Search for activities with event count greater than 1 to search for events that are suppressed (e.g count gt 1)

Alert

dst_latitude

Search events for a specific destination latitude (e.g. dst_latitude > 0)

Alert

timestamp

the time the event is generated

Alert

src_region

Search events from a specific source state or region (e.g. src_region eq CA)

Alert

traffic_type

Search for specific traffic type

Alert

app-cci-sso

Search events for apps with 'SSO/AD hooks'

Alert

instance_id

Search events based on the instance of the app (e.g. for Salesforce, instance_id = production)

Alert

activity

Search for events or alerts for a specific user activity (e.g. activity eq Create)

Alert

malware_type

This variable holds value for malware type.

Alert

app-cci-encrypt-tenant-managed-key

Search events for apps with 'Does the app allow customer-managed encryption keys?'

Alert

malsite_id

This variable holds hash of malsite url.

Alert

app-cci-is-weak-cipher

Search events for apps with 'Does the app increase the risk of data exposure by supporting weak cipher suites?'

Alert

category

Search events for category (e.g. category = 'Cloud Storage')

Alert

app-cci-compliance-cert

Search events for apps with 'What compliance certifications does the app have?'

Alert

app-cci-file-sharing

Search events for apps with 'Does the app enable file sharing?  '

Alert

app-cci-spf

Search events for apps with 'Does the app vendor use a Sender Policy Framework to protect customers from spam and phishing emails?'

Alert

app-cci-erase-cust-data

Search events for apps with 'Is all customer data erased upon cancellation of service? If so, when?'

Alert

app-cci-cc-signup

Search events for apps with 'Does the app allow signup without a credit card?'

Alert

app_session_id

Search for events with specific application session id (e.g app_session_id eq <app-session-id-number>)

Alert

app-gdpr-level

GDPR Readiness level of an application

Alert

app-cci-system-operations

Search events for apps with 'Does this application perform system operations?'

Alert

app-cci-device-based-access

Search events for apps with 'Does the app support the following device types?'

Alert

app-cci-app-tag

Search events for apps with 'App Type'

Alert

app-cci-action-based-auth

Search events for apps with 'Does the app enforce authorization policies on user activities?'

Alert

organization_unit

Search for events from a specific organization unit. Organization name is derived from user id(e.g. org eq 'netskope.com')

Alert

app-cci-vuln-exploit

Search events for apps with 'Vulnerabilities & Exploits'

Alert

dst_longitude

Search events for a specific destination longitude (e.g. dst_longitude > 0)

Alert

app-cci-securityheaders

Search events for apps with 'Which HTTP security headers does the app use?'

Alert

app-cci-business-risk

The business risk level of apps (low,medium,high)

Alert

app-cci-allow-classify-data

Search events for apps with 'Does the app allow data classification (e.g., public, confidential, proprietary)?'

Alert

org

Search for events from a specific organization. Organization name is derived from user id(e.g. org eq 'netskope.com')

Alert

src_country

Search events from a specific source country (e.g. src_country eq IN)

Alert

to_user

Search events based on the destination user ids (e.g. to_user like Adam)

Alert

app-cci-audit-logs

Search events for apps with 'Does the app provide admin audit logs?'

Alert

app-cci-app-type

The type of the app - Consumer, Departmental, or Enterprise

Alert

app-cci-allow-proxy

Search events for apps with 'The list of platforms through which the app traffic can be proxied:'

Alert

app-cci-allow-download-data

Search events for apps with 'Is the customer data available for download upon cancellation of service?'

Alert

action

Search for action taken by the user (e.g. Block, Bypass, Alert)

Alert

os

Search for events from a specific operating system (e.g. os = Windows)

Alert

dst_region

Search events for a specific destination state (e.g. dst_region eq GA)

Alert

dstip

Search events for a specific destination IP address (e.g. dstip eq 2.2.2.2)

Alert

email_source

The source of the email used in finding compromised credentials.

Alert

app

Search events for a specific cloud app (e.g. app = Dropbox)

Alert

app-cci-data-center-cert

Search events for apps with 'To what data center standards does the app adhere?'

Alert

srcip

Search events from a specific source-ip address (e.g. srcip eq 1.1.1.1)

Alert

usergroup

when a user group is searched, it includes every user within the group.

Alert

first_accessed

Search for first seen time of app

Alert

app-cci-app-hosting-location

Search events for apps with 'From which countries does this app serve data?'

Alert

access_method

Search for events generated from specific access methods such as Client, Secure Forwarder, Logs, Mobile profile etc. (e.g. access_method eq 'Client')

Alert

app-cci-secure-pass-policy

Search events for apps with 'Does the app enforce password best practices as policy?'

Alert

app-cci-anonymous-sharing

Search events for apps with 'Does the app allow anonymous sharing of data?'

Alert

app-cci-upgrade-notification

Search events for apps with 'Does the app vendor provide notifications to customers about upgrades and changes (e.g., scheduled maintenance, new releases, software/hardware changes)?'

Alert

dlp_rule

Search events for a dlp rule within the profile that matches the content (e.g., dlp_rule = cc_num)

Alert

external_collaborator_count

Number of External Collaborators

Alert

app-cci-published-dr-plan

Search events for apps with 'Does the app vendor provide disaster recovery services?'

Alert

from_user

Search events for activities based on login ids for cloud apps (e.g. from_user like john)

Alert

src_location

Search events from a specific source city (e.g. src_location eq 'San Francisco')

Alert

app-cci-access-other-apps

Search events for apps with 'Does this application access other apps on the device?'

Alert

app-cci-cookies-3rd-party

Search events for apps with 'Does this application use third-party cookies?'

Alert

app-cci-apphosting-provider

Search events for apps with 'Which infrastructure or hosting provider is the app hosted on?'

Alert

app-cci-weak-algorithm-keysize

Search events for apps with 'Does the app increase the risk of data exposure by supporting weak signature algorithm or key size ?'

Alert

browser

Search for events from a specific browser (e.g. browser eq Chrome)

Alert

alert_type

Search for alerts triggered by policy action, watchlist, quarantine or dlp (e.g. alert_type eq policy)

Alert

app-cci-recent-breach

Search events for apps with 'Has this application been recently breached (in the past year)?'

Alert

dst_location

Search events for a specific destination location (e.g. dst_location = 'San Jose')

Alert

app-cci-encrypt-in-transit

Search events for apps with 'Does the app encrypt data-in-transit?'

Alert

site

Search for specific site

Alert

app-cci-who-owns-data

Search events for apps with 'Who owns the data/content uploaded to the application site? Does the customer own the data or does the application vendor own the data?'

Alert

app-cci-src-ip-enforcement

Search events for apps with 'Does the app support access control by IP address or range?'

Alert

device_classification

How the device has been classified

Alert

hostname

Search for events from a specific device hostname

Alert

object_id

Search events for a specific object id such as activity specific value etc. (e.g. object_id = f_12787234)

Alert

dlp_rule_count

Search events that number of rules matches the content (e.g., dlp_rule_count = 10)

Alert

app-cci-file-capacity

Search events for apps with 'File Sharing Capacity'

Alert

dst_country

Search events for a specific destination country (e.g. dst_country = US)

Alert

src_zipcode

Search for events from a specific source zipcode (e.g. src_zipcode eq 94043)

Alert

dstport

Search events for a specific destination port (e.g. dstport = 443)

Alert

app-cci-dispersed-data-center

Search events for apps with 'Does the application vendor utilize geographically dispersed data centers to serve customers?'

Alert

app-cci-backup-user-data

Search events for apps with 'Does the app vendor back up customer data in a separate location from the main data center?'

Alert

app-cci-sharing-personal-info-3rd-party

Search events for apps with 'Does this app share users' personal information (e.g., name, email, address) with third parties?'

Alert

http_transaction_count

Search for http transaction count

Alert

object

Search events for a specific object name. Object name displays the actual filename, folder name, report name, document name etc. (e.g. object like xls)

Alert

app-cci-multi-fact-auth

Search events for apps with 'Does the app support multi-factor authentication?'

Alert

app-cci-user-audit-logs

Search events for apps with 'Does the app provide user audit logs?'

Alert

user

Search events from a specific user e.g user eq john@abc.com

Alert

internal_collaborator_count

Number of Internal Collaborators

Alert

device

Search for events from a specific device (e.g. device = Windows)

Alert

app-cci-status-report

Search events for apps with 'Does the app vendor provide infrastructure status reports?'

Alert

acked

Search for alerts that have been acknowledged or not (e.g. acked eq true/false)

Alert

dst_zipcode

Search events for a specific zip code (e.g. dst_zipcode eq 94043)

Alert

url

Search URL accessed by user

Alert

ccl

cloud confidence level of an application

Alert

alert_name

Search for alerts triggered by specific policy, watchlist or dlp (e.g. alert_name eq 'Cloud storage Policy')

Alert

app-cci-encrypt-at-rest

Search events for apps with 'Does the app encrypt data-at-rest?'

Alert

cci

Search for CCI score

Alert

workspace

Workspace Name

Alert

enterprise

Enterprise Name

Alert

app-cci-treat-classify-data

Search events for apps with 'If yes, does the app allow admins to take action on classified data (e.g., encrypt, control access)?'

Alert

app-cci-role-based-access

Search events for apps with 'Does the app support role-based authorization?'

Alert

app-cci-access-logs

Search events for apps with 'Does the app provide data access audit logs?'

Application

app-cci-contacts-data

Search events for apps with 'Does this application access contacts, calendar data and messages?'

Application

app-cci-data-per-tenant

Search events for apps with 'Data segregated by tenant'

Application

total_collaborator_count

Number of Total Collaborators

Application

dlp_profile

Search events for a specific dlp profile applied to the content (e.g., dlp_profile = dlp-pci)

Application

dst_latitude

Search events for a specific destination latitude (e.g. dst_latitude > 0)

Application

timestamp

the time the event is generated

Application

src_region

Search events from a specific source state or region (e.g. src_region eq CA)

Application

traffic_type

Search for specific traffic type

Application

app-cci-sso

Search events for apps with 'SSO/AD hooks'

Application

instance_id

Search events based on the instance of the app (e.g. for Salesforce, instance_id = production)

Application

app-cci-encrypt-tenant-managed-key

Search events for apps with 'Does the app allow customer-managed encryption keys?'

Application

app-cci-is-weak-cipher

Search events for apps with 'Does the app increase the risk of data exposure by supporting weak cipher suites?'

Application

category

Search events for category (e.g. category = 'Cloud Storage')

Application

app-cci-compliance-cert

Search events for apps with 'What compliance certifications does the app have?'

Application

app-cci-file-sharing

Search events for apps with 'Does the app enable file sharing?  '

Application

app-cci-spf

Search events for apps with 'Does the app vendor use a Sender Policy Framework to protect customers from spam and phishing emails?'

Application

app-cci-erase-cust-data

Search events for apps with 'Is all customer data erased upon cancellation of service? If so, when?'

Application

app-cci-cc-signup

Search events for apps with 'Does the app allow signup without a credit card?'

Application

app_session_id

Search for events with specific application session id (e.g app_session_id eq <app-session-id-number>)

Application

app-gdpr-level

GDPR Readiness level of an application

Application

app-cci-system-operations

Search events for apps with 'Does this application perform system operations?'

Application

app-cci-device-based-access

Search events for apps with 'Does the app support the following device types?'

Application

audit_type

Search audit events for a specific audit type. audit_type displays the actual audit event name we get from SaaS app

Application

app-cci-app-tag

Search events for apps with 'App Type'

Application

app-cci-action-based-auth

Search events for apps with 'Does the app enforce authorization policies on user activities?'

Application

organization_unit

Search for events from a specific organization unit. Organization name is derived from user id(e.g. org eq 'netskope.com')

Application

app-cci-vuln-exploit

Search events for apps with 'Vulnerabilities & Exploits'

Application

dst_longitude

Search events for a specific destination longitude (e.g. dst_longitude > 0)

Application

app-cci-securityheaders

Search events for apps with 'Which HTTP security headers does the app use?'

Application

app-cci-business-risk

The business risk level of apps (low,medium,high)

Application

app-cci-allow-classify-data

Search events for apps with 'Does the app allow data classification (e.g., public, confidential, proprietary)?'

Application

userkey

Search events from a specific user/email e.g userkey eq john@abc.com

Application

org

Search for events from a specific organization. Organization name is derived from user id(e.g. org eq 'netskope.com')

Application

src_country

Search events from a specific source country (e.g. src_country eq IN)

Application

to_user

Search events based on the destination user ids (e.g. to_user like Adam)

Application

app-cci-audit-logs

Search events for apps with 'Does the app provide admin audit logs?'

Application

app-cci-app-type

The type of the app - Consumer, Departmental, or Enterprise

Application

app-cci-allow-proxy

Search events for apps with 'The list of platforms through which the app traffic can be proxied:'

Application

app-cci-allow-download-data

Search events for apps with 'Is the customer data available for download upon cancellation of service?'

Application

action

Search for action taken by the user (e.g. Block, Bypass, Alert)

Application

os

Search for events from a specific operating system (e.g. os = Windows)

Application

dst_region

Search events for a specific destination state (e.g. dst_region eq GA)

Application

dstip

Search events for a specific destination IP address (e.g. dstip eq 2.2.2.2)

Application

app

Search events for a specific cloud app (e.g. app = Dropbox)

Application

app-cci-data-center-cert

Search events for apps with 'To what data center standards does the app adhere?'

Application

srcip

Search events from a specific source-ip address (e.g. srcip eq 1.1.1.1)

Application

usergroup

When a user group is searched, it includes every user within the group.

Application

app-cci-app-hosting-location

Search events for apps with 'From which countries does this app serve data?'

Application

access_method

Search for events generated from specific access methods such as Client, Secure Forwarder, Logs, Mobile profile etc. (e.g. access_method eq 'Client')

Application

app-cci-secure-pass-policy

Search events for apps with 'Does the app enforce password best practices as policy?'

Application

app-cci-anonymous-sharing

Search events for apps with 'Does the app allow anonymous sharing of data?'

Application

app-cci-upgrade-notification

Search events for apps with 'Does the app vendor provide notifications to customers about upgrades and changes (e.g., scheduled maintenance, new releases, software/hardware changes)?'

Application

dlp_rule

Search events for a dlp rule within the profile that matches the content (e.g., dlp_rule = cc_num)

Application

external_collaborator_count

Number of External Collaborators

Application

app-cci-published-dr-plan

Search events for apps with 'Does the app vendor provide disaster recovery services?'

Application

from_user

Search events for activities based on login ids for cloud apps (e.g. from_user like john)

Application

src_location

Search events from a specific source city (e.g. src_location eq 'San Francisco')

Application

app-cci-access-other-apps

Search events for apps with 'Does this application access other apps on the device?'

Application

count

Search for activities with event count greater than 1 to search for events that are suppressed (e.g count gt 1)

Application

app-cci-cookies-3rd-party

Search events for apps with 'Does this application use third-party cookies?'

Application

app-cci-apphosting-provider

Search events for apps with 'Which infrastructure or hosting provider is the app hosted on?'

Application

app-cci-weak-algorithm-keysize

Search events for apps with 'Does the app increase the risk of data exposure by supporting weak signature algorithm or key size ?'

Application

browser

Search for events from a specific browser (e.g. browser eq Chrome)

Application

app-cci-recent-breach

Search events for apps with 'Has this application been recently breached (in the past year)?'

Application

dst_location

Search events for a specific destination location (e.g. dst_location = 'San Jose')

Application

app-cci-encrypt-in-transit

Search events for apps with 'Does the app encrypt data-in-transit?'

Application

app-cci-who-owns-data

Search events for apps with 'Who owns the data/content uploaded to the application site? Does the customer own the data or does the application vendor own the data?'

Application

app-cci-src-ip-enforcement

Search events for apps with 'Does the app support access control by IP address or range?'

Application

activity

Search for events or alerts for a specific user activity (e.g. activity eq Create)

Application

device_classification

How the device has been classified

Application

hostname

Search for events from a specific device hostname

Application

dlp_rule_count

Search events that number of rules matches the content (e.g., dlp_rule_count = 10)

Application

app-cci-file-capacity

Search events for apps with 'File Sharing Capacity'

Application

dst_country

Search events for a specific destination country (e.g. dst_country = US)

Application

src_zipcode

Search for events from a specific source zipcode (e.g. src_zipcode eq 94043)

Application

dstport

Search events for a specific destination port (e.g. dstport = 443)

Application

app-cci-dispersed-data-center

Search events for apps with 'Does the application vendor utilize geographically dispersed data centers to serve customers?'

Application

app-cci-backup-user-data

Search events for apps with 'Does the app vendor back up customer data in a separate location from the main data center?'

Application

app-cci-sharing-personal-info-3rd-party

Search events for apps with 'Does this app share users' personal information (e.g., name, email, address) with third parties?'

Application

object

Search events for a specific object name. Object name displays the actual filename, folder name, report name, document name etc. (e.g. object like xls)

Application

app-cci-multi-fact-auth

Search events for apps with 'Does the app support multi-factor authentication?'

Application

app-cci-user-audit-logs

Search events for apps with 'Does the app provide user audit logs?'

Application

user

Search events from a specific user e.g user eq john@abc.com

Application

internal_collaborator_count

Number of Internal Collaborators

Application

device

Search for events from a specific device (e.g. device = Windows)

Application

app-cci-status-report

Search events for apps with 'Does the app vendor provide infrastructure status reports?'

Application

first_accessed

Search for first seen time of app

Application

dst_zipcode

Search events for a specific zip code (e.g. dst_zipcode eq 94043)

Application

ccl

cloud confidence level of an application

Application

app-cci-encrypt-at-rest

Search events for apps with 'Does the app encrypt data-at-rest?'

Application

cci

Search for CCI score

Application

workspace

Workspace Name

Application

enterprise

Enterprise Name

Application

app-cci-treat-classify-data

Search events for apps with 'If yes, does the app allow admins to take action on classified data (e.g., encrypt, control access)?'

Application

app-cci-role-based-access

Search events for apps with 'Does the app support role-based authorization?'

Application

app-cci-access-logs

Search events for apps with 'Does the app provide data access audit logs?'

Network

action

Search events for a specific action (e.g. action = block)

Network

app

Search events for a specific cloud app (e.g. app = Dropbox)

Network

dstip

Search events for a specific destination IP address (e.g. dstip eq 2.2.2.2)

Network

usergroup

When a user group is searched, it includes every user within the group.

Network

ip_protocol

Search events based on IP protocol.

Network

os

Search for events from a specific operating system (e.g. os = Windows)

Network

os_version

Search for a specific OS version.

Network

organization_unit

Search for events from a specific organization unit. Organization name is derived from user id (e.g. organization_unit eq 'netskope.com')

Network

port

Search events based on port (e.g. port = 443)

Network

src_country

Search events from a specific source country (e.g. src_country eq IN)

Network

srcip

Search events from a specific source IP address (e.g. srcip eq 1.1.1.1)

Network

src_location

Search events from a specific source city (e.g. src_location eq 'San Francisco')

Network

timestamp

Search events based on the time the event is generated

Network

user

Search events from a specific user (e.g user eq john@abc.com)

Page

app-cci-contacts-data

Search events for apps with 'Does this application access contacts, calendar data and messages?'

Page

app-cci-data-per-tenant

Search events for apps with 'Data segregated by tenant'

Page

count

Search for activities with event count greater than 1 to search for events that are suppressed (e.g count gt 1)

Page

dst_latitude

Search events for a specific destination latitude (e.g. dst_latitude > 0)

Page

timestamp

Search events based on the time the event is generated

Page

src_region

Search events from a specific source state or region (e.g. src_region eq CA)

Page

app-cci-sso

Search events for apps with 'SSO/AD hooks'

Page

domain

Search for specific domain

Page

app-cci-encrypt-tenant-managed-key

Search events for apps with 'Does the app allow customer-managed encryption keys?'

Page

aggregated_user

Search events where the user field is a network location (e.g. aggregated_user eq True)

Page

app-cci-is-weak-cipher

Search events for apps with 'Does the app increase the risk of data exposure by supporting weak cipher suites?'

Page

category

Search events for category (e.g. category = 'Cloud Storage')

Page

app-cci-compliance-cert

Search events for apps with 'What compliance certifications does the app have?'

Page

app-cci-file-sharing

Search events for apps with 'Does the app enable file sharing?  '

Page

app-cci-spf

Search events for apps with 'Does the app vendor use a Sender Policy Framework to protect customers from spam and phishing emails?'

Page

network

Search events from a network (e.g. network eq NET24:172.16.168.0)

Page

user_generated

Search for events for user generated page events

Page

app-cci-erase-cust-data

Search events for apps with 'Is all customer data erased upon cancellation of service? If so, when?'

Page

app-cci-cc-signup

Search events for apps with 'Does the app allow signup without a credit card?'

Page

app-gdpr-level

GDPR Readiness level of an application

Page

traffic_type

Search for specific traffic type

Page

app-cci-system-operations

Search events for apps with 'Does this application perform system operations?'

Page

app-cci-device-based-access

Search events for apps with 'Does the app support the following device types?'

Page

app-cci-app-tag

Search events for apps with 'App Type'

Page

app-cci-action-based-auth

Search events for apps with 'Does the app enforce authorization policies on user activities?'

Page

organization_unit

Search for events from a specific organization unit. Organization name is derived from user id(e.g. org eq 'netskope.com')

Page

app-cci-vuln-exploit

Search events for apps with 'Vulnerabilities & Exploits'

Page

dst_longitude

Search events for a specific destination longitude (e.g. dst_longitude > 0)

Page

app-cci-securityheaders

Search events for apps with 'Which HTTP security headers does the app use?'

Page

app-cci-business-risk

The business risk level of apps (low,medium,high)

Page

app-cci-allow-classify-data

Search events for apps with 'Does the app allow data classification (e.g., public, confidential, proprietary)?'

Page

org

Search for events from a specific organization. Organization name is derived from user id (e.g. org eq 'netskope.com')

Page

src_country

Search events from a specific source country (e.g. src_country eq IN)

Page

app-cci-audit-logs

Search events for apps with 'Does the app provide admin audit logs?'

Page

app-cci-app-type

The type of the app - Consumer, Departmental, or Enterprise

Page

app-cci-allow-proxy

Search events for apps with 'The list of platforms through which the app traffic can be proxied:'

Page

app-cci-allow-download-data

Search events for apps with 'Is the customer data available for download upon cancellation of service?'

Page

os

Search for events from a specific operating system (e.g. os = Windows)

Page

dst_region

Search events for a specific destination state (e.g. dst_region eq GA)

Page

dstip

Search events for a specific destination IP address (e.g. dstip eq 2.2.2.2)

Page

app

Search events for a specific cloud app (e.g. app = Dropbox)

Page

app-cci-data-center-cert

Search events for apps with 'To what data center standards does the app adhere?'

Page

srcip

Search events from a specific source-ip address (e.g. srcip eq 1.1.1.1)

Page

usergroup

When a user group is searched, it includes every user within the group.

Page

app-cci-app-hosting-location

Search events for apps with 'From which countries does this app serve data?'

Page

conn_duration

Search events based on how long the connection was established in seconds (e.g conn_duration > 10000)

Page

access_method

Search for events generated from specific access methods such as Client, Secure Forwarder, Logs, Mobile profile etc. (e.g. access_method eq 'Client')

Page

app-cci-secure-pass-policy

Search events for apps with 'Does the app enforce password best practices as policy?'

Page

app-cci-anonymous-sharing

Search events for apps with 'Does the app allow anonymous sharing of data?'

Page

app-cci-upgrade-notification

Search events for apps with 'Does the app vendor provide notifications to customers about upgrades and changes (e.g., scheduled maintenance, new releases, software/hardware changes)?'

Page

app-cci-published-dr-plan

Search events for apps with 'Does the app vendor provide disaster recovery services?'

Page

src_location

Search events from a specific source city (e.g. src_location eq 'San Francisco')

Page

app-cci-access-other-apps

Search events for apps with 'Does this application access other apps on the device?'

Page

latency_min

Search events based on the min latency values from proxy to app in ms (e.g. latency_min > 200)

Page

app-cci-cookies-3rd-party

Search events for apps with 'Does this application use third-party cookies?'

Page

app-cci-apphosting-provider

Search events for apps with 'Which infrastructure or hosting provider is the app hosted on?'

Page

latency_max

Search events based on the max latency values from proxy to app in ms (e.g. latency_max > 200)

Page

app-cci-weak-algorithm-keysize

Search events for apps with 'Does the app increase the risk of data exposure by supporting weak signature algorithm or key size ?'

Page

userkey

Search events from a specific user/email e.g userkey eq john@abc.com

Page

browser

Search for events from a specific browser (e.g. browser eq Chrome)

Page

app-cci-recent-breach

Search events for apps with 'Has this application been recently breached (in the past year)?'

Page

dst_location

Search events for a specific destination location (e.g. dst_location = 'San Jose')

Page

app-cci-encrypt-in-transit

Search events for apps with 'Does the app encrypt data-in-transit?'

Page

latency_total

Search events based on the total latency values from proxy to app in ms (e.g. latency_total gt 200)

Page

site

Search for specific site

Page

app-cci-who-owns-data

Search events for apps with 'Who owns the data/content uploaded to the application site? Does the customer own the data or does the application vendor own the data?'

Page

app-cci-src-ip-enforcement

Search events for apps with 'Does the app support access control by IP address or range?'

Page

hostname

Search for events from a specific device hostname

Page

app-cci-file-capacity

Search events for apps with 'File Sharing Capacity'

Page

dst_country

Search events for a specific destination country (e.g. dst_country = US)

Page

src_zipcode

Search for events from a specific source zipcode (e.g. src_zipcode eq 94043)

Page

dstport

Search events for a specific destination port (e.g. dstport = 443)

Page

app-cci-dispersed-data-center

Search events for apps with 'Does the application vendor utilize geographically dispersed data centers to serve customers?'

Page

app-cci-backup-user-data

Search events for apps with 'Does the app vendor back up customer data in a separate location from the main data center?'

Page

app-cci-sharing-personal-info-3rd-party

Search events for apps with 'Does this app share users' personal information (e.g., name, email, address) with third parties?'

Page

http_transaction_count

Search for http transaction count

Page

app-cci-multi-fact-auth

Search events for apps with 'Does the app support multi-factor authentication?'

Page

app-cci-user-audit-logs

Search events for apps with 'Does the app provide user audit logs?'

Page

user

Search events from a specific user e.g user eq john@abc.com

Page

device

Search for events from a specific device (e.g. device = Windows)

Page

app-cci-status-report

Search events for apps with 'Does the app vendor provide infrastructure status reports?'

Page

first_accessed

Search for first seen time of app

Page

dst_zipcode

Search events for a specific zip code (e.g. dst_zipcode eq 94043)

Page

ccl

cloud confidence level of an application

Page

app-cci-encrypt-at-rest

Search events for apps with 'Does the app encrypt data-at-rest?'

Page

cci

Search for CCI score

Page

app-cci-treat-classify-data

Search events for apps with 'If yes, does the app allow admins to take action on classified data (e.g., encrypt, control access)?'

Page

app-cci-role-based-access

Search events for apps with 'Does the app support role-based authorization?'

Page

app-cci-access-logs

Search events for apps with 'Does the app provide data access audit logs?'