{
"additionalProperties": false,
"description": "Identity Firewall user session data on a client machine (typically a VM). Multiple entries for the same user can be returned if the user logins to multiple sessions on the same VM.",
"id": "IdfwUserSessionData",
"module_id": "IdentityFirewall",
"properties": {
"domain_name": {
"description": "AD Domain of user.",
"required": true,
"title": "AD Domain",
"type": "string"
},
"id": {
"description": "Identifier of user session data.",
"readonly": true,
"required": false,
"title": "User session data Identifier",
"type": "string"
},
"login_time": {
"$ref": "EpochMsTimestamp,
"description": "Login time.",
"required": true,
"title": "Login time"
},
"logout_time": {
"$ref": "EpochMsTimestamp,
"description": "Logout time if applicable. An active user session has no logout time. Non-active user session is stored (up to last 5 most recent entries) per VM and per user.",
"required": false,
"title": "Logout time if applicable"
},
"session_source": {
"description": "User session source can be one of: - GI (Guest Introspection) - ELS (AD Event log server) - LI (Log Insight)",
"enum": [
"GI",
"ELS",
"LI"
],
"readonly": true,
"title": "Source for the user session",
"type": "string"
},
"user_id": {
"description": "AD user ID (may not exist).",
"readonly": true,
"required": false,
"title": "AD user ID (may not exist)",
"type": "string"
},
"user_name": {
"description": "AD user name.",
"required": true,
"title": "AD user name",
"type": "string"
},
"user_session_id": {
"description": "User session ID. This also indicates whether this is VDI / RDSH.",
"required": true,
"title": "User session ID",
"type": "int"
},
"vm_ext_id": {
"description": "Virtual machine (external ID or BIOS UUID) where login/logout events occurred.",
"readonly": true,
"required": true,
"title": "Virtual machine external ID or BIOS UUID",
"type": "string"
}
},
"title": "Identity Firewall user session data on client machine",
"type": "object"
}