Files Dot Com¶
About¶
Files.com provides unified control and reporting for all the file transfers in your business, no matter how they occur technically. Files.com acts as both a client and a server for SFTP, FTP, and AS2, meaning you can easily connect to any partner, customer, or system.
Product Details¶
Vendor URL: Files
Product Type: SaaS
Product Tier: Tier II
Integration Method: N/A
Log Guide: Logging
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 100%
Data Label: FILES_DOT_COM
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| api_key_id | principal.resource.id |
| api_name | principal.resource.name |
| cc | network.email.cc |
| client_ip | principal.ip |
| delivery_method | additional.fields |
| dest_remote_server_id | target.asset_id |
| error_message | security_result.summary |
| error_type | security_result.description |
| interface | additional.fields |
| log_type | metadata.product_event_type |
| message | security_result.summary |
| operation | metadata.description |
| path | target.file.full_path |
| request_host | target.hostname |
| request_id | metadata.product_log_id |
| request_ip | principal.ip |
| request_method | network.http.method |
| request_path | target.url |
| response_code | network.http.response_code |
| smtp_hostname | principal.hostname |
| smtp_ip | principal.ip |
| src_remote_server_id | principal.asset_id |
| status | security_result.action |
| status | security_result.action_details |
| subject | network.email.subject |
| success | security_result.action |
| to | target.user.email_addresses |
| to | network.email.to |
| user_agent | network.http.user_agent |
| user_id | principal.user.userid |
| user_is_from_parent_site | principal.user.attribute.labels |
| username | principal.user.user_display_name |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| ApiRequestLog | NETWORK_HTTP |
| EmailLog | EMAIL_UNCATEGORIZED |
| OutboundConnectionLog | GENERIC_EVENT |
Log Sample¶
{"timestamp":"2025-02-26T23:50:45.644Z","api_key_id":null,"api_key_prefix":null,"user_id":1148891,"username":"123456@example.com","user_is_from_parent_site":null,"interface":"web","request_method":"GET","request_path":"/api/rest/v1/remote_servers/12345","request_ip":"10.226.82.178","request_host":"example.files.com","request_id":"c09d94dce0b8e787f40edcf2c1775b58","api_name":"RestAPI","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36","error_type":"not-authorized/site-admin-required","error_message":null,"response_code":403,"success":false,"duration_ms":16,"log_type":"ApiRequestLog"}
Sample Parsing¶
additional.fields["interface"] = "web"
metadata.event_type = "NETWORK_HTTP"
metadata.log_type = "FILES_DOT_COM"
metadata.product_event_type = "ApiRequestLog"
metadata.product_log_id = "c09d94dce0b8e787f40edcf2c1775b58"
metadata.vendor_name = "Files"
network.http.method = "GET"
network.http.response_code = 403
network.http.user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
principal.ip = "10.226.82.178"
principal.resource.name = "RestAPI"
principal.user.user_display_name = "123456@example.com"
principal.user.userid = "1148891"
security_result.action = "BLOCK"
security_result.description = "not-authorized/site-admin-required"
target.hostname = "example.files.com"
target.url = "/api/rest/v1/remote_servers/12345"