>
    Strata Copilot
    AI Runtime Security API CEF Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. AI Security Logs
    5. AI Runtime Security API
    6. AI Runtime Security API CEF Fields
    Download PDF
    Strata Logging Service

    AI Runtime Security API CEF Fields

    Table of Contents

    AI Runtime Security API CEF Fields

    The following table identifies the AI Runtime Security API field names that the Log Forwarding app uses when you forward logs using the CEF log format.
    CEF Name
    Field Details
    PanOSAction
    Query Name: action
    Header Type: Custom
    PanOSAgentFramework
    Query Name: agent_framework
    Header Type: Custom
    PanOSAgentID
    Query Name: agent_id
    Header Type: Custom
    PanOSAIAppCloudProvider
    Query Name: ai_app_cloud_provider
    Header Type: Custom
    PanOSAIAppCSPName
    Query Name: ai_app_csp_name
    Header Type: Custom
    PanOSAIAppEnvironment
    Query Name: ai_app_environment
    Header Type: Custom
    PanOSAIAppUserDomain
    Query Name: ai_app_user_domain
    Header Type: Custom
    PanOSAIAppUserGroupID
    Query Name: ai_app_user_group_id
    Header Type: Custom
    PanOSAIAppUserGroupName
    Query Name: ai_app_user_group_name
    Header Type: Custom
    PanOSAIApplicationUserName
    Query Name: ai_app_user_name
    Header Type: Custom
    PanOSAIApplicationName
    Query Name: ai_application_name
    Header Type: Custom
    PanOSAIIncidentReportID
    Query Name: ai_incident_report_id
    Header Type: Custom
    PanOSAIIncidentSubtype
    Query Name: ai_incident_subtype
    Header Type: Custom
    PanOSAIIncidentType
    Query Name: ai_incident_type
    Header Type: Custom
    PanOSAIModelName
    Query Name: ai_model_name
    Header Type: Custom
    PanOSAISecurityPolicyID
    Query Name: ai_security_policy_id
    Header Type: Custom
    PanOSAISecurityPolicyName
    Query Name: ai_security_policy_name
    Header Type: Custom
    PanOSAISecurityProfileID
    Query Name: ai_security_profile_id
    Header Type: Custom
    PanOSAISecurityProfileName
    Query Name: ai_security_profile_name
    Header Type: Custom
    PanOSAISubtypeDetails
    Query Name: ai_subtype_details
    Header Type: Custom
    PanOSAPIKeyName
    Query Name: api_key_name
    Header Type: Custom
    PanOSAPIRegion
    Query Name: api_region
    Header Type: Custom
    PanOSAppId
    Query Name: app_id
    Header Type: Custom
    PanOSAssetID
    Query Name: asset_id
    Header Type: Custom
    PanOSCompletedTS
    Query Name: completed_ts
    Header Type: Custom
    PanOSContentMasked
    Query Name: content_masked
    Header Type: Custom
    PanOSContentType
    Query Name: content_type
    Header Type: Custom
    PanOSCSPID
    Query Name: csp_id
    Header Type: Custom
    PanOSCortexDataLakeTenantID
    Query Name: customer_id
    Header Type: Custom
    PanOSDetectionServiceFlags
    Query Name: detection_service_flags
    Header Type: Custom
    PanOSFinalPromptAction
    Query Name: final_prompt_action
    Header Type: Custom
    PanOSFinalPromptVerdict
    Query Name: final_prompt_verdict
    Header Type: Custom
    PanOSFinalResponseAction
    Query Name: final_response_action
    Header Type: Custom
    PanOSFinalResponseVerdict
    Query Name: final_response_verdict
    Header Type: Custom
    PanOSIsCode
    Query Name: is_code
    Header Type: Custom
    PanOSIsPrompt
    Query Name: is_prompt
    Header Type: Custom
    PanOSIsPromptAgentRequested
    Query Name: is_prompt_agent_requested
    Header Type: Custom
    PanOSIsPromptDLPRequested
    Query Name: is_prompt_dlp_requested
    Header Type: Custom
    PanOSIsPromptMCRequested
    Query Name: is_prompt_mc_requested
    Header Type: Custom
    PanOSIsPromptPIRequested
    Query Name: is_prompt_pi_requested
    Header Type: Custom
    PanOSIsPromptTCRequested
    Query Name: is_prompt_tc_requested
    Header Type: Custom
    PanOSIsPromptTGRequested
    Query Name: is_prompt_tg_requested
    Header Type: Custom
    PanOSIsPromptURLFRequested
    Query Name: is_prompt_urlf_requested
    Header Type: Custom
    PanOSIsResponse
    Query Name: is_response
    Header Type: Custom
    PanOSIsResponseAgentRequested
    Query Name: is_response_agent_requested
    Header Type: Custom
    PanOSIsResponseCGRequested
    Query Name: is_response_cg_requested
    Header Type: Custom
    PanOSIsResponseDBSRequested
    Query Name: is_response_dbs_requested
    Header Type: Custom
    PanOSIsResponseDLPRequested
    Query Name: is_response_dlp_requested
    Header Type: Custom
    PanOSIsResponseMCRequested
    Query Name: is_response_mc_requested
    Header Type: Custom
    PanOSIsResponseTCRequested
    Query Name: is_response_tc_requested
    Header Type: Custom
    PanOSIsResponseTGRequested
    Query Name: is_response_tg_requested
    Header Type: Custom
    PanOSIsResponseURLFRequested
    Query Name: is_response_urlf_requested
    Header Type: Custom
    PanOSLatency
    Query Name: latency
    Header Type: Custom
    PanOSLogSource
    Query Name: log_source
    Header Type: Custom
    LogSourceGroupID
    Query Name: log_source_group_id
    Header Type: Custom
    deviceExternalID
    Query Name: log_source_id
    Header Type: Predefined
    dvchost
    Query Name: log_source_name
    Header Type: Predefined
    PanOSLogSourceTimeZoneOffset
    Query Name: log_source_tz_offset
    Header Type: Custom
    rt
    Query Name: log_time
    Header Type: Predefined
    DeviceEventClassID
    Query Name: log_type.​value
    Header Type: Custom
    PanOSMaxLatencyHit
    Query Name: max_latency_hit
    Header Type: Custom
    PanOSMCPServer
    Query Name: mcp_server
    Header Type: Custom
    PlatformType
    Query Name: platform_type
    Header Type: Custom
    PanOSRequestResponse
    Query Name: request_response
    Header Type: Custom
    PanOSScanID
    Query Name: scan_id
    Header Type: Custom
    PanOSScanStartTime
    Query Name: scan_start_time
    Header Type: Custom
    PanOSScanSUBRequestID
    Query Name: scan_sub_req_id
    Header Type: Custom
    PanOSScanType
    Query Name: scan_type
    Header Type: Custom
    PanOSSessionUrl
    Query Name: session_url
    Header Type: Custom
    Name
    Query Name: sub_type.​value
    Header Type: Custom
    PanOSTextRecords
    Query Name: text_records
    Header Type: Custom
    start
    Query Name: time_generated
    Header Type: Predefined
    PanOSTimeGeneratedHighResolution
    Query Name: time_generated_high_res
    Header Type: Custom
    PanOSTokens64
    Query Name: token_64
    Header Type: Custom
    PanOSToolName
    Query Name: tool_name
    Header Type: Custom
    PanOSTransactionID
    Query Name: transaction_id
    Header Type: Custom
    PanOSTSGID
    Query Name: tsg_id
    Header Type: Custom
    Device Vendor
    Query Name: vendor_name
    Header Type: Custom
    PanOSVendorSeverity
    Query Name: vendor_severity.​value
    Header Type: Custom
    PanOSVerdict
    Query Name: verdict
    Header Type: Custom

    © 2026 Palo Alto Networks, Inc. All rights reserved.