Field Identifier | Field Type | Field Name | Field description | Reference Value | Subcategory | Remark |
appid | string | appid | - | 100011949846 | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | - |
instance_id | string | Asset Instance ID | - | ins-gpnr3uaw | CFWOnline,CFWNetflowNat | - |
src_ip | string | Source IP | - | 192.168.0.1 | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | - |
dst_ip | string | Destination IP | - | 192.168.0.1 | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | - |
src_port | uint16 | Source Port | - | 35074 | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | - |
dst_port | uint16 | Destination port | - | 53 | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | - |
protocol | string | Protocol | - | UDP | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | - |
direction | int8 | Traffic direction | 0: Outbound 1: Inbound | 0 | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | sd-wan |
dst_domain | string | Accessed destination domain name | - | www.example.com | CFWOnline,CFWNetflowNat | - |
in_pkt_count | uint64 | Inbound packet number | - | 7 | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | - |
in_pkt_len | uint64 | Inbound packet size | Inbound packet size, unit: B | 448 | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | - |
out_pkt_count | uint64 | Outbound packet number | - | 7 | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | - |
out_pkt_len | uint64 | Outbound packet size | Outbound packet size, unit: B | 4668 | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | - |
total_pkt_count | uint64 | Total number of packets | - | 14 | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | - |
total_pkt_len | uint64 | Total packet size | Total packet size, unit: B | 5116 | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | - |
ti_tag | string | Associated Intelligence Tag (included in alarms) | - | Malware | CFWOnline,CFWNetflowNat | - |
start_time | int64 | Session start time | Session start time (UTC+8) | 1708600000 | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | - |
end_time | int64 | Session end time | Session end time (UTC+8) | 1708603600 | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | - |
supplier | string | ISP | - | Tencent | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
supplier_en | string | ISP-English | - | tencent | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
src_country | string | Source Country | Source IP address country | Germany | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
src_country_en | string | Source Country-English | - | Germany | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
dst_country | string | Destination Country | Destination IP address country | China | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
dst_country_en | string | Destination Country-English | - | China | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
src_province | string | Source Province | - | Frankfurt | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
src_province_en | string | Source Province-English | - | Frankfurt | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
dst_province | string | Destination Province | - | Guangdong | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
dst_province_en | string | Destination Province-English | - | Guangdong | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
src_city | string | Source City | - | Guangzhou | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
dst_city | string | Destination City | - | Shenzhen | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
district | string | Region | - | North China | CFWOnline,CFWNetflowNat | - |
address | string | Detailed address | Inbound source detailed address Outbound destination detailed address | Frankfurt, Germany | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
address_en | string | Detailed address-English | Inbound source detailed address-English Outbound destination detailed address-English | Frankfurt, Germany | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
src_lat | float32 | Source latitude | - | 40.7128° N | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
dst_lat | float32 | Destination-Latitude | - | 48.8584° N | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
src_lon | float32 | Source-Longitude | - | 74.0060° W | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
dst_lon | float32 | Destination Longitude | - | 2.2945° E | CFWOnline,CFWNetflowVpc,CFWNetflowNat | sd-wan |
insert_time | int64 | Log ingestion time | Log ingestion time (UTC+8) | 1742110932 | CFWOnline,CFWNetflowNat | - |
count | uint64 | Number of alarms. | - | 1 | CFWOnline | - |
url | string | Layer 7 URL | - | /api/v1/login | CFWOnline | - |
domain_flag | uint8 | Whether a domain name exists | 1: Exists. 0: Not Exist | 1 | CFWOnline | - |
port_status | uint8 | Port Status | 1: Enabled. 0: Disabled. | 1 | CFWOnline | - |
bot_flag | uint8 | Reserved field. | - | - | CFWOnline | - |
mode | uint8 | Firewall property. | 1: Serial 0: Bypass | 1 | CFWOnline | - |
argus_ip | uint32 | Reserved field. | - | - | CFWOnline | - |
tcp_flag | uint8 | TCP flag | 1:OUTSyn 2:OUTRst 3:OutSynAck 4:OUTFin 5:INSyn 6:INRst 7:INSynAck 8:InFin | 1 | CFWOnline | - |
timestamp | string | Unified timestamp | Unified timestamp (UTC+8) | 2025-03-16 15:42:09 | CFWOnline,CFWNetflowVpc,CFWNetflowNat,CFWNetflowFl | sd-wan |
cvm_id | string | Reserved field. | - | ins-4enaxc89 | CFWNetflowVpc | - |
ew_ins_id | string | VPC firewall instance ID | - | cfwew-85fbe09c | CFWNetflowVpc | - |
fws_id | string | VPC firewall ID | - | cfws-97b4f6da31 | CFWNetflowVpc,CFWNetflowNat | - |
fws_name | string | VPC firewall name | - | [autotest] Automated Testing | CFWNetflowVpc | - |
log_type | uint8 | Log type (for internal use) | Current log type fixed value: 2 | 2 | CFWNetflowVpc | - |
if_pair_key | string | Reserved field. | - | - | CFWNetflowVpc | - |
uuid | int64 | Raw alarm log unique ID | - | 1257172971_0.0.0.0/0_1763825073255377 | CFWNetflowVpc | - |
flow_id | int64 | Internal field. | - | 364693810879269 | CFWNetflowVpc | - |
src_vpc | string | Attacker's asset VPC ID | - | vpc-msa9dvac | CFWNetflowVpc | - |
dst_vpc | string | Victim's asset VPC ID | - | vpc-q9h93ip4 | CFWNetflowVpc | - |
dst_vpc_name | string | Destination VPC name | - | [autotest][Do not delete] Automated Testing A | CFWNetflowVpc | - |
src_vpc_name | string | Source VPC name | - | [autotest][Do not delete] Automated Testing B | CFWNetflowVpc | - |
retans | int8 | Whether there is a retransmission | 1: Retransmission 0: Unretransmitted | 1 | CFWNetflowVpc,CFWNetflowNat | - |
timeout | int64 | Session duration | Session duration (UTC+8) | 30 | CFWNetflowVpc,CFWNetflowNat | - |
src_ins_id | string | Attacker-related asset ID | - | ins-17ye5faf | CFWNetflowVpc,CFWNetflowFl | - |
dst_ins_id | string | Victim-related asset ID | - | ins-p1jyrg75 | CFWNetflowVpc,CFWNetflowFl | - |
src_ins_name | string | Source asset name | - | web-server | CFWNetflowVpc | - |
dst_ins_name | string | Destination asset name | - | db-server | CFWNetflowVpc | - |
is_out | int8 | SDWAN firewall access public network tag | 1: Access public network 0: Normal access | 1 | CFWNetflowVpc | sd-wan |
ti_tag_en | string | Attacker IP address Threat Intelligence Tag - English | - | Malware | CFWNetflowNat | - |
fw_type | string | Alarm subtype | - | nat | CFWNetflowNat | - |
fw_region | string | Firewall region | - | ap-guangzhou | CFWNetflowNat | - |
nat_ip | string | NAT IP address | NAT IP address | 43.138.154.20 | CFWNetflowNat | - |
nat_port | uint16 | NAT port | - | 90 | CFWNetflowNat | - |
if_id | string | NIC ID | - | eni-abc12345 | CFWNetflowFl | - |
action | string | Alarm Action | Alarm Handling Action | Block, Allow | CFWNetflowFl | - |
Was this page helpful?
You can also Contact sales or Submit a Ticket for help.
Help us improve! Rate your documentation experience in 5 mins.
Feedback