Type the name of the security context identifying the virtual firewall group through which the traffic
passed. Note that the system only populates this field for ASA FirePOWER devices in multi-context
mode.

Interface (Ingress, Egress)

Type the name of an interface associated with the packet that triggered the event; see

Configuring

Sensing Interfaces, page 6-59

Intrusion Policy

Type the name of the intrusion policy associated with the event; see

Configuring Intrusion Policies,

page 20-1

Access Control Policy

Type the name of the access control policy associated with the event; see

Using Access Control

Policies, page 13-1

Access Control Rule

Type the name of the access control policy associated with the event; see

Understanding and Writing

Access Control Rules, page 14-1

HTTP Hostname

Specify a single host name that was extracted from the HTTP request Host header.

To associate host names with intrusion events for HTTP client traffic, you must enable the HTTP
Inspect preprocessor

Log Hostname

option. See

Selecting Server-Level HTTP Normalization Options,

page 25-33

for more information.

HTTP URI

Specify a single URI associated with the HTTP request packet that triggered the intrusion event.

To associate URIs with intrusion events for HTTP traffic, you must enable the HTTP Inspect
preprocessor

Log URI

option. See

Selecting Server-Level HTTP Normalization Options, page 25-33

for more information.

Email Sender

Specify the address of the email sender that was extracted from the SMTP MAIL FROM command.
You can also enter a comma-separated list to search for events associated with all specified
addresses. See

Understanding Intrusion Events, page 18-7

for more information.