Example
This is an example of a v12 Zero Trust Access log event:
timestamp,identity email,identity labels,identity type labels,hostname,verdict,client os,client browser,client geo location,client ip,ruleset id,rule id,private app group id,private app id,private resource id,private resource group id,step up auth type,step up auth result,step up auth token life,posture id,requested id fqdn,resolved ip,app connector group id,headend type,duo device id,duo device id string,system password,client firewall,disk encryption,anti malware agents,transaction id,block reason,application port,application protocol,tunnel type,secure client version,possible match ruleset id,possible match rule id,possible match posture,source process id,source process name,source process hash,source process user name,organization id,ad joined id,enforced by,ftd enforcement id,ftd enforcement name,mdm source,mdm device id,mdm is managed,mdm is compliant,mdm last updated
"2017-10-02 23:52:53","network@example.com","Network. AD Computer","Networks","ts-auto.com","ALLOW","Mac OS 10.9.5","Chrome 9.9","Canada","10.10.10.10","56","12","25","129","200","756","SAML_SSO","SUCCESS","6000","256","prod.example.com","1.1.1.1","45","CLAP",,"921c9ab4123456789aa5d6e814b90","enabled\[1000\]","SYS","THIRDPARTY","\[cisco-amp 1.20.0.877, windows-defender 1.20.0.877\]","ne2OJA4jNFM2J2LSVKJXvNguHW2bFqUd","","80","TCP","HTTP2","","[]","[]","[]","[]","[]","[]","[]","8151514","","FTD","12321321312","","JAMF","2131ABC2312","true","true","1643746051341"