>
    Strata Copilot
    AI Runtime Security API LEEF Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. AI Security Logs
    5. AI Runtime Security API
    6. AI Runtime Security API LEEF Fields
    Download PDF
    Strata Logging Service

    AI Runtime Security API LEEF Fields

    Table of Contents

    AI Runtime Security API LEEF Fields

    The following table identifies the AI Runtime Security API field names that the Log Forwarding app uses when you forward logs using the LEEF log format.
    When you create a syslog forwarding profile , you can optionally create a profile token that the Log Forwarding app uses when it sends logs to the syslog server. If you configure a profile token, it appears in the log line immediately after the log type information (for example, TRAFFIC, THREAT, HIPMATCH, and so forth). The token will appear on a parameter called profileToken.
    LEEF Name
    Query Name
    Field Type
    Action
    action
    Custom
    AgentFramework
    agent_framework
    Custom
    AgentID
    agent_id
    Custom
    AIAppCloudProvider
    ai_app_cloud_provider
    Custom
    AIAppCSPName
    ai_app_csp_name
    Custom
    AIAppEnvironment
    ai_app_environment
    Custom
    AIAppUserDomain
    ai_app_user_domain
    Custom
    AIAppUserGroupID
    ai_app_user_group_id
    Custom
    AIAppUserGroupName
    ai_app_user_group_name
    Custom
    AIApplicationUserName
    ai_app_user_name
    Custom
    AIApplicationName
    ai_application_name
    Custom
    AIIncidentReportID
    ai_incident_report_id
    Custom
    AIIncidentSubtype
    ai_incident_subtype
    Custom
    AIIncidentType
    ai_incident_type
    Custom
    AIModelName
    ai_model_name
    Custom
    AISecurityPolicyID
    ai_security_policy_id
    Custom
    AISecurityPolicyName
    ai_security_policy_name
    Custom
    AISecurityProfileID
    ai_security_profile_id
    Custom
    AISecurityProfileName
    ai_security_profile_name
    Custom
    AISubtypeDetails
    ai_subtype_details
    Custom
    APIKeyName
    api_key_name
    Custom
    APIRegion
    api_region
    Custom
    AppId
    app_id
    Custom
    AssetID
    asset_id
    Custom
    CompletedTS
    completed_ts
    Custom
    ContentMasked
    content_masked
    Custom
    ContentType
    content_type
    Custom
    CSPID
    csp_id
    Custom
    s
    customer_id
    Predefined
    DetectionServiceFlags
    detection_service_flags
    Custom
    FinalPromptAction
    final_prompt_action
    Custom
    FinalPromptVerdict
    final_prompt_verdict
    Custom
    FinalResponseAction
    final_response_action
    Custom
    FinalResponseVerdict
    final_response_verdict
    Custom
    IsCode
    is_code
    Custom
    IsPrompt
    is_prompt
    Custom
    IsPromptAgentRequested
    is_prompt_agent_requested
    Custom
    IsPromptDLPRequested
    is_prompt_dlp_requested
    Custom
    IsPromptMCRequested
    is_prompt_mc_requested
    Custom
    IsPromptPIRequested
    is_prompt_pi_requested
    Custom
    IsPromptTCRequested
    is_prompt_tc_requested
    Custom
    IsPromptTGRequested
    is_prompt_tg_requested
    Custom
    IsPromptURLFRequested
    is_prompt_urlf_requested
    Custom
    IsResponse
    is_response
    Custom
    IsResponseAgentRequested
    is_response_agent_requested
    Custom
    IsResponseCGRequested
    is_response_cg_requested
    Custom
    IsResponseDBSRequested
    is_response_dbs_requested
    Custom
    IsResponseDLPRequested
    is_response_dlp_requested
    Custom
    IsResponseMCRequested
    is_response_mc_requested
    Custom
    IsResponseTCRequested
    is_response_tc_requested
    Custom
    IsResponseTGRequested
    is_response_tg_requested
    Custom
    IsResponseURLFRequested
    is_response_urlf_requested
    Custom
    Latency
    latency
    Custom
    LogSource
    log_source
    Custom
    LogSourceGroupID
    log_source_group_id
    Custom
    DeviceSN
    log_source_id
    Custom
    DeviceName
    log_source_name
    Custom
    LogSourceTimeZoneOffset
    log_source_tz_offset
    Custom
    TimeReceived
    log_time
    Custom
    cat
    log_type.​value
    Predefined
    MaxLatencyHit
    max_latency_hit
    Custom
    MCPServer
    mcp_server
    Custom
    PlatformType
    platform_type
    Custom
    RequestResponse
    request_response
    Custom
    ScanID
    scan_id
    Custom
    ScanStartTime
    scan_start_time
    Custom
    ScanSUBRequestID
    scan_sub_req_id
    Custom
    ScanType
    scan_type
    Custom
    SessionUrl
    session_url
    Custom
    SubType
    sub_type.​value
    Custom
    TextRecords
    text_records
    Custom
    devTime
    time_generated
    Predefined
    TimeGeneratedHighResolution
    time_generated_high_res
    Custom
    Tokens64
    token_64
    Custom
    ToolName
    tool_name
    Custom
    TransactionID
    transaction_id
    Custom
    TSGID
    tsg_id
    Custom
    Vendor
    vendor_name
    Header
    VendorSeverity
    vendor_severity.​value
    Custom
    Verdict
    verdict
    Custom

    © 2026 Palo Alto Networks, Inc. All rights reserved.