Cisco
Login
Search
Software Secure Access
Activity Manage

Cisco Secure Access Help Manage Logging Log Formats and Versioning Reports and CSV Formats Activity Search Report

Last updated: Aug 07, 2025

Activity Search Report

You can export the results of the Activity Search Report to a CSV format. For more information, see Export Report Data to CSV and Activity Search Report.

Fields in the Activity Search Report:

  • Type—The type of request made, such as DNS.
  • Date—The date the request was made.
  • Time—The time the request was made, in UTC.
  • Action—Whether the request was Allowed or Blocked.
  • Errors—Any certificate or protocol errors in the request.
  • Ruleset ID—The ID number assigned to the ruleset.
  • Ruleset Name—The ruleset that was applied.
  • Rule ID—The ID number assigned to the rule.
  • Rule Name—The rule that was applied.
  • Destination List IDs—The ID number assigned to a destination list.
  • Signature List ID—The unique ID assigned to a Default or Custom Signature List.
  • IPS Signature—The threat detected in our IPS/IDS protection.
  • IPS Signature Severity—The severity of the IPS Signature.
  • IPS Signature CVE—Common vulnerabilities and exposures related to the IPS Signature.
  • Identities—All tunnel identities associated with this request.
  • Identity Types—The types of identity that were associated with the request. For example, Roaming Computers or Networks.
  • Policy or Ruleset Identity—The identity that made the request.
  • Policy or Ruleset Identity Type—The type of the identity that made the request.
  • Forwarding Method—The method used to forward the identity of the client to the proxy.
  • Internal IP—The internal IP address that made the request.
  • External IP—The external IP address that made the request.
  • Source IP—The IP of the computer making the request.
  • Destination IP—The destination IP requested.
  • Source Port—The port the request was made on.
  • Destination Port—The destination port the request was made on.
  • Destination—The domain of the request.
  • Hostname—The name of the host.
  • Categories—The content categories, if any, that matched against the destination IP address or port requested.
  • Integrations—Integration categories you set.
  • Blocked Categories—The category that resulted in the destination being blocked.
  • Application—The application associated with the request.
  • Application Category—The categories for any applications associated with the request.
  • Query Type—The type of DNS request that was made.
  • Content Type—The type of web content; typically text or html.
  • Protocol—The actual protocol of the traffic. For example, TCP, UDP, or ICMP.
  • Filename—The name of the file.
  • File Action (Remote Browser Isolation)—The action taken on a file during a Remote Browser Isolation session.
  • Total Size in Bytes—The total size in bytes.
  • Request Size—Request size in bytes.
  • Response Size—Response size in bytes.
  • Packet Size—Packet size in bytes.
  • Referrer—The referring domain or URL.
  • User Agent—The browser agent that made the request.
  • Status Code—The HTTP status code.
  • Direction—The direction of the packet. It is directed either towards the internet or to the customer's network.
  • Threats—Any threats associated with the request.
  • Threat Types—The types of threats associated with the request.
  • SHA256 Hash—The hex digest of the response content.
  • Cisco AMP Result—The malware detected by AMP.
  • Cisco AMP Disposition—What action was taken on the file download.
  • Cisco AMP Score—The risk score associated with the downloaded file. This field returns blank unless the verdict is Unknown, in which the value will be 0.
  • Antivirus Result—Threats detected by the antivirus.
  • Potentially Unwanted Applications—A list of all potentially unwanted application (PUA) results for the proxied file as returned by the antivirus scanner.
  • Detected Response File Type—The file type of the response, as detected by the file type control that blocked the request based on factors such as URL or content type header.
  • Isolated State—Whether the Remote Browser Isolation state was isolated or not.
  • Data Loss Prevention State—Whether the DLP status was allowed or blocked.
  • Tenant Controls—Whether the request is Tenant Application Access Control protected.
Previous topic Reports and CSV Formats Next topic Zero Trust Access Activity Search Fields