Forensic Data Using the API

Reports Available For Forensics Reporting "Application Flows"

"Address Pairs"
"MAC Address Pairs"
"Interfaces By Source"
"Interfaces By Dest"
"Interface Pairs"
"Sessions"
"Sessions Flows"
"Sessions With Ints"
"Protocols"
"Posture"
"Applications"
"URLs"
"Ports By Source"
"Ports By Dest"
"TCP Flags"
"FW Event"
"FW Ext Code"
"Class of Service"
"ASs Pairs"
"ASs By Source"
"ASs By Dest"
"Users"
"MAC Addresses By Source"
"MAC Addresses By Dest"
"Addresses By Source"
"Subnet Class A By Dest"
"Subnet Class B By Dest"
"Subnet Class C By Dest"
"Subnet Class A By Source"
"Subnet Class B By Source"
"Subnet Class C By Source"
"Addresses By Dest"

Key Fields For Each Report "Application Flows" srcadd, dstadd, appid

"Address Pairs"	srcadd, dstadd
"MAC Address Pairs"	srcmac, dstmac
"Interfaces By Source"	device, device||'_'||inif as difin
"Interfaces By Dest"	device, device||'_'||outif as difout
"Interface Pairs"	device, device||'_'||inif as difin, device||'_'||outif as difout
"Sessions"	srcadd, srcport, dstadd, dstport, appid
"Sessions Flows"	firstseen, srcadd, srcport, dstadd, dstport, appid, proto
"Sessions With Ints"	srcadd, srcport, inif, dstadd, dstport, outif, appid
"Protocols"	proto
"Posture"	postureid
"Applications"	appid
"URLs"	url
"Ports By Source"	srcport
"Ports By Dest"	dstport
"TCP Flags"	flags
"FW Event"	fwevent
"FW Ext Code"	fwextcode
"Class of Service"	tos
"ASs Pairs"	srcas, dstas
"ASs By Source"	srcas
"ASs By Dest"	dstas
"Users"	userid
"MAC Addresses By Source"	srcmac
"MAC Addresses By Dest"	dstmac
"Addresses By Source"	srcadd
"Subnet Class A By Dest"	dstadd-modulus(dstadd,16777216) as dstsubneta
"Subnet Class B By Dest"	dstadd-modulus(dstadd,65536) as dstsubnetb
"Subnet Class C By Dest"	dstadd-modulus(dstadd,256) as dstsubnetc
"Subnet Class A By Source"	srcadd-modulus(srcadd,16777216) as srcsubneta
"Subnet Class B By Source"	srcadd-modulus(srcadd,65536) as srcsubnetb
"Subnet Class C By Source"	srcadd-modulus(srcadd,256) as srcsubnetc
"Addresses By Dest"	dstadd