Acceptable use policy event details

The AUP Events report allows you to review specific Acceptable Use Policy (AUP) events and event details.

AUP events appear in a table. After you select a filter and dimension, you can select the type of data that you want to show in the table. In addition to data listed in the Event Dimensions topic, you can show this data in the events table.

Event Table Column/Attribute Description
Detected Time The time when the event was detected in your local time.
Action Action taken on event based on a policy configuration.
Confidence Indicates whether an event is a known or suspected threat.
Detection Shows Inline or Lookback as a value. Inline indicates that the event was detected at the time of access, while lookback indicates that the event was discovered in log data based on behavior.
Request Time Date and time the user made the request
Response Time Date and time when a response to a request was provided.

This attribute is available only when ETP Proxy is enabled.

URI Uniform Resource Identifier. Characters or string that identify a resource. For example, a URL is a URI.

This attribute is available only when ETP Proxy is enabled.

Source Port The TCP/UDP port of the user’s machine.
HTTP Request Method The actions that's performed during a request.

This attribute is available only when ETP Proxy is enabled.

Request Query String(s) Part of URL that defines parameters in a request, such as language or country code.
Request Header(s) Header fields in an HTTP request.
Response Header(s) Header fields in an HTTP response.
Source IP IP address of traffic. This is likely the IP address that is assigned to a location as a result of Network Address Translation (NAT).
Destination IP IP address of the destination (origin) website.

This attribute is available only when ETP Proxy is enabled.

Destination Port Destination port of web traffic. This attribute is available only when ETP Proxy is enabled.
Reason Informs how an AUP event was identified. Any of these reasons may appear:
  • Akamai Intelligence: Indicates event was identified by Akamai or an Akamai Security category.
  • Customer Intelligence: Indicates event was found based on an administrator's custom list configuration.
  • Document Static Analysis: Indicates event was found based on inline payload analysis of a document.
  • Executable Static Analysis: Indicates event was found based on inline payload analysis of a document.
  • AV scan: Indicates event was found by an antivirus scan.
Machine Name If ETP Client is deployed in an organization, this criteria identifies the client host or machine.
Autonomous System A unique identifier for a network.
Query Type DNS resource record type associated with the request.
Resolved IP IP address that is resolved from a domain name.