Directory sync CEF Fields

Table of Contents

Directory sync CEF Fields

The following table identifies the Directory sync field names that the Log Forwarding app uses when you forward logs using the CEF log format.

CEF Name	Field Details
PanOSCIETimeReceived	Query Name: cie_log_time Header Type: Custom
PanOSClientApplicationId	Query Name: client_application_id Header Type: Custom
PanOSCount	Query Name: count Header Type: Custom
PanOSCountSummaryApplication	Query Name: count_summary.application Header Type: Custom
PanOSCountSummaryComputer	Query Name: count_summary.computer Header Type: Custom
PanOSCountSummaryContainer	Query Name: count_summary.container Header Type: Custom
PanOSCountSummaryGroup	Query Name: count_summary.group Header Type: Custom
PanOSCountSummaryOU	Query Name: count_summary.ou Header Type: Custom
PanOSCountSummar RoleAssignment	Query Name: count_summary.roleassignments Header Type: Custom
PanOSCountSummaryUser	Query Name: count_summary.user Header Type: Custom
PanOSCortexDataLakeTenantID	Query Name: customer_id Header Type: Custom
PanOSDirectoryId	Query Name: directory_id Header Type: Custom
PanOSDirectoryName	Query Name: directory_name Header Type: Custom
PanOSDirectoryType	Query Name: directory_type Header Type: Custom
PanOSEventCategory	Query Name: event_category Header Type: Custom
PanOSEventSequenceId	Query Name: event_sequence_id Header Type: Custom
PanOSEventState	Query Name: event_state Header Type: Custom
PanOSEventType	Query Name: event_type Header Type: Custom
PanOSFailureReasonCode	Query Name: failure_reason_code Header Type: Custom
PanOSFlattenedMembershipCountCIE	Query Name: flattened_membership_count_cie Header Type: Custom
PanOSFlattenedMembershipCountCIEPreviousSync	Query Name: flattened_membership_count_cie_previous_sync Header Type: Custom
PanOSFlattenedMembershipCountIDP	Query Name: flattened_membership_count_idp Header Type: Custom
PanOSImmediateMembershipCountCIE	Query Name: immediate_membership_count_cie Header Type: Custom
PanOSImmediateMembershipCountCIEPreviousSync	Query Name: immediate_membership_count_cie_previous_sync Header Type: Custom
PanOSImmediateMembershipCountIDP	Query Name: immediate_membership_count_idp Header Type: Custom
PanOSLogSource	Query Name: log_source Header Type: Custom
LogSourceGroupID	Query Name: log_source_group_id Header Type: Custom
deviceExternalID	Query Name: log_source_id Header Type: Predefined
dvchost	Query Name: log_source_name Header Type: Predefined
PanOSLogSourceTimeZoneOffset	Query Name: log_source_tz_offset Header Type: Custom
rt	Query Name: log_time Header Type: Predefined
DeviceEventClassID	Query Name: log_type.value Header Type: Custom
PanOSPlatformType	Query Name: platform_type Header Type: Custom
PanOSRecommendedAction	Query Name: recommended_action Header Type: Custom
PanOSSourceType	Query Name: source_id Header Type: Custom
PanOSSourceType	Query Name: source_type Header Type: Custom
Name	Query Name: sub_type.value Header Type: Custom
PanOSSyncJobId	Query Name: sync_job_id Header Type: Custom
PanOSSyncType	Query Name: sync_type Header Type: Custom
PanOSTargetId	Query Name: target_id Header Type: Custom
PanOSTargetType	Query Name: target_type Header Type: Custom
start	Query Name: time_generated Header Type: Predefined
PanOSTimeGeneratedHighResolution	Query Name: time_generated_high_res Header Type: Custom
PanOSTSGID	Query Name: tsg_id Header Type: Custom
Device Vendor	Query Name: vendor_name Header Type: Custom

Directory sync

Directory sync EMAIL Fields

Strata Logging Service Docs

Directory sync CEF Fields

Strata Logging Service Docs

Directory sync CEF Fields

Activation & Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner