field identifier | Field Type | Field Name | Field description | Reference Value | Subcategory | Remark |
risk_id | uint64 | Risk Event ID | Risk Center - Risk Event Unique ID | 3898710204921198600 | CFWNdrSubjectRisk | - |
risk_type | string | Risk Type | - | dataleak | CFWNdrSubjectRisk | - |
vpc_id | string | VPC ID | VPC ID | vpc-f8hih961 | CFWNdrSubjectRisk | - |
app_protocol | string | Application Layer Protocol | Application Layer Protocol | http | CFWNdrSubjectRisk | - |
src_ins_id | string | Source Asset Instance ID | Source Asset Instance ID | ins-0rp6e3vm | CFWNdrSubjectRisk | - |
dst_ins_id | string | Destination Asset Instance ID | Destination Asset Instance ID | ins-0rp6e3vm | CFWNdrSubjectRisk | - |
src_ins_name | string | Source Asset Instance Name | Source Asset Instance Name | test-server | CFWNdrSubjectRisk | - |
dst_ins_name | string | Destination Asset Instance Name | Destination Asset Instance Name | test-server | CFWNdrSubjectRisk | - |
src_ins_type | string | Source Asset Instance Type | Source Asset Instance Type | CVM | CFWNdrSubjectRisk | - |
dst_ins_type | string | Destination Asset Instance Type | Destination Asset Instance Type | CVM | CFWNdrSubjectRisk | - |
src_region | string | Source Asset Instance Region | Source Asset Instance Region | Guangzhou | CFWNdrSubjectRisk | - |
dst_region | string | Destination Asset Instance Region | Destination Asset Instance Region | Guangzhou | CFWNdrSubjectRisk | - |
highest_level | string | highest sensitivity level (dedicated to data breach risks) | highest sensitivity level among the leaked sensitive data entries in this incident | S3 | CFWNdrSubjectRisk | - |
http_host | string | Hostname | Hostname | test.abc.com | CFWNdrSubjectRisk | - |
http_request_header | string | HTTP request header | HTTP request header (Base64 encoded) | 474554202f6170692f... | CFWNdrSubjectRisk | - |
http_request_body | string | HTTP request body | HTTP request body (Base64 encoded) | 7b226b6579223a2276... | CFWNdrSubjectRisk | - |
http_response_header | string | HTTP response header | HTTP response header (Base64 encoded) | 485454502f312e3120... | CFWNdrSubjectRisk | - |
http_response_body | string | HTTP response body | HTTP response body (Base64 encoded) | 3736393431333932... | CFWNdrSubjectRisk | - |
http_url | string | HTTP request URL | HTTP request URL | /api/v1/pods | CFWNdrSubjectRisk | - |
protocol | string | Protocol | Transport Layer Protocol | TCP | CFWNdrSubjectRisk | - |
quic_version | string | QUIC version | QUIC protocol version | 51303038 | CFWNetflowNta | - |
quic_sni | string | SNI | Server name indicated by the client during the QUIC handshake process | example.com | CFWNetflowNta | - |
rdp_event_type | string | RDP event type | RDP connection event type | initial_request | CFWNetflowNta | - |
rdp_initial_response_protocol | string | RDP Initial Response Protocol | RDP server initial response declared protocol version | rdp | CFWNetflowNta | - |
rdp_initial_request_cookie | string | RDP initial request Cookie | RDP client initial request carried Cookie value | A70067 | CFWNetflowNta | - |
rdp_connect_request_channels | string | RDP connection request channel | RDP connection request specified channel list | [\\"rdpdr\\",\\"rdpsnd\\",\\"drdynvc\\",\\"cliprdr\\"] | CFWNetflowNta | - |
rdp_connect_request_version | string | RDP connection request version | RDP client declared protocol version in the connection request | v10.6 | CFWNetflowNta | - |
rdp_connect_request_build | string | RDP connection request build version | RDP client build version number | Windows 7 SP1 | CFWNetflowNta | - |
rdp_connect_request_client_name | string | RDP connection request client name | RDP client device name | hapc | CFWNetflowNta | - |
Was this page helpful?
You can also Contact sales or Submit a Ticket for help.
Help us improve! Rate your documentation experience in 5 mins.
Feedback