Hi,
You should use sc-filter-result field.
Here is the possible values;
OBSERVED
Indicates that at some point, policy invoked a category lookup, ie, a "category=" trigger was evaluated.
DENIED
Indicates that the request was not served. Typically this means the user received some form of an exception.
PROXIED
The category was not a factor in the policy decision. Examples of this: The policy used to process the request did not include a category definition, such as source:any, destination:any, action:allow.
Original Message:
Sent: 10-16-2021 06:49 AM
From: Gurcan Gurkas
Subject: How do i see the decision on the access logs
Hello everyone,
We want to create a rule on siem. If a user gets allow from the file sharing category, we will generate an alarm for it.
When we examined the logs sent to the siem device, we could not see the results of the requests made to the sites.