Cisco Cisco Web Security Appliance S170 Guia Do Utilizador

%XZ

x-resp-dvs-verdictname

Unified response-side anti-malware scanning 
verdict that provides the malware category 
independent of which scanning engines are 
enabled. Applies to transactions blocked or 
monitored due to server response scanning.

This field is written with double-quotes in the 
access logs.

%X#1# 

x-amp-verdict

Verdict from Advanced Malware Protection 
file scanning:

“0” indicates the file is clean.

“1” indicates the file was not scanned 
due to its file type.

“2” or greater indicates the file is not 
clean.

%X#2#

x-amp-malware-name

Threat name, as determined by Advanced 
Malware Protection file scanning. "-" 
indicates no threat.

%X#3# 

x-amp-score

Reputation score from Advanced Malware 
Protection file scanning. 

This score is used only if the cloud reputation 
service is unable to determine a clear verdict 
for the file. 

For details, see information about the Threat 
Score and the reputation threshold in 

%X#4#

x-amp-upload

Indicator of upload and analysis request: 

“0” indicates that Advanced Malware 
Protection did not request upload of the file 
for analysis. 

“1” indicates that Advanced Malware 
Protection did request upload of the file for 
analysis.

%X#5#

x-amp-filename

The name of the file being downloaded and 
analyzed.

%X#6#

x-amp-sha

The SHA-256 identifier for this file.

%y

cs-method

Method 

%Y

cs-url

The entire URL 

N/A

x-hierarchy-origin

Code that describes which server was 
contacted for the retrieving the request 
content.   (e.g. DIRECT/www.example.com) 

N/A

x-resultcode-httpstatus

Result code and the HTTP response code, 
with a slash (/) in between.