Skip to content

Axis Atmos Packet Broker



Short for “Atmosphere,” Atmos is the first SSE platform to elegantly integrate ZTNA, SWG, CASB and Digital Experience into a single, easy to use, interface.

Product Details

Vendor URL: Axis

Product Type: SSE

Product Tier: Tier II

Integration Method: Syslog

Integration URL: n/a

Log Guide: n/a

Parser Details

Log Format: CEF

Expected Normalization Rate: near 100%

Data Label: AXIS_ATMOS

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
cef_description metadata.description
"Atmos" metadata.product_name
"Axis" metadata.vendor_name
cef_version metadata.product_version
cef_product metadata.product_event_type
cef_event_id metadata.product_log_id
observer observer.ip
suser principal.user.userid
src principal.ip
cs1 principal.application
cs4 principal.asset.location.country_or_region
cs6 principal.platform
dhost target.ip
port target.port
msg security_result.description
app security_result.detection_fields
cs5 security_result.detection_fields

Product Event Types

type UDM Event Classification

Log Sample

April 08 17:55:13 CEF:0|Axis Security|ActivityLog|v1.0.0|event_id|Agent Internal Destinations D10|4|app=Native dhost= src= suser=suser_name cs1Label=ApplicationId cs1=app_id_number cs2Label=ApplicationName cs2=Agent Internal Destinations D10 cs3Label=ConnectorPublicIP cs4Label=GeoLocation cs4=US cs5Label=IsDiscoverySession cs5=false cs6Label=OperationSystem cs6=Windows

Sample Parsing

metadata.event_type = GENERIC_EVENT
metadata.vendor_name = "Axis"
metadata.product_name = "Atmos"
metadata.product_version = "v1.0.0"
metadata.product_event_type = "ActivityLog"
metadata.description = "Agent Internal Destinations D10"
observer.ip = ""
principal.user.userid = "suser_name"
principal.asset.location.country_or_region = "US"
principal.ip =
principal.application = "app_id_number"
principal.platform = WINDOWS
target.ip =
target.port = 1
observer.ip =
security_result.detection_fields.key = "app"
security_result.detection_fields.value = "Native"
security_result.detection_fields.key = "isDiscoverySession"
security_result.detection_fields.value = "false"