Home
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
>
Clear
Strata Copilot
Activity Monitoring Log Fields
Updated on
Sep 24, 2025
Focus
Download PDF
Updated on
Sep 24, 2025
Focus
Home
SaaS Security
Syslog and API Client Integration on Data Security
Syslog Integration on Data Security
Activity Monitoring Log Fields
Download PDF
SaaS Security
Activity Monitoring Log Fields
Table of Contents
Filter
Expand All
|
Collapse All
SaaS Security Docs
Activation & Onboarding
Getting Started
Data Security
SaaS Security Inline
SSPM
Behavior Threats
Release Notes
Activity Monitoring Log Fields
The descriptions and names of available log fields in a
Data Security
activity monitoring log.
The activity monitoring log is generated when a
user activity policy
is matched.
Field Name
Description
timestamp
Time the activity occurred. Values are in
YYYY-MM-DD HH:MM:SS
format.
serial
Serial number of the organization using the service (tenant).
log_type
Type of log. In this case,
activity_monitoring
.
cloud_app_instance
Instance name of the cloud application (not the type of cloud application) associated with the activity.
severity
Policy violation or incident severity valued between
0
and
5
.
item_name
Name of the file, folder, or user associated with the activity.
item_type
Values are
File
,
Folder
, or
User
.
user
Cloud app user who performed the activity.
source_ip
Source IP address where the activity was performed.
location
Location where the activity was performed.
action
Activity that occurred. For example,
Login
or
Upload
.
target_name
Field name updated or target of the activity.
target_type
Target type. For example,
FieldName
,
Report
, or
File
.
item_unique_id
Unique ID number for an asset’s related asset.
