Strata Logging Service
Events CEF Fields
Table of Contents
Expand All
|
Collapse All
Events CEF Fields
The following table identifies the Events field names that the Log Forwarding app
uses when you forward logs using the CEF log format.
CEF Name
|
Field Details
|
|---|---|
PanOSApplicationAppCategory
| Query Name: application.app_categoryHeader Type: Custom |
PanOSApplicationAppSubcategory
| Query Name: application.app_sub_categoryHeader Type: Custom |
PanOSApplicationExternalID
| Query Name: application.external_idHeader Type: Custom |
PanOSApplicationExternalName
| Query Name: application.external_nameHeader Type: Custom |
PanOSApplicationID
| Query Name: application.idHeader Type: Custom |
PanOSApplicationName
| Query Name: application.nameHeader Type: Custom |
PanOSApplicationProtectedAccount
| Query Name: application.protected_accountHeader Type: Custom |
PanOSApplicationRiskofApp
| Query Name: application.risk_of_appHeader Type: Custom |
PanOSApplicationSource
| Query Name: application.sourceHeader Type: Custom |
PanOSApplicationUsername
| Query Name: application.usernameHeader Type: Custom |
PanOSBatchID
| Query Name: batch_idHeader Type: Custom |
PanOSBrowserExtensionAppLaunchURL
| Query Name: browser_extension.app_launch_urlHeader Type: Custom |
PanOSBrowserExtensionAvailableLaunchTypes
| Query Name: browser_extension.available_launch_typesHeader Type: Custom |
PanOSBrowserExtensionDescription
| Query Name: browser_extension.descriptionHeader Type: Custom |
PanOSBrowserExtensionDisabledReason
| Query Name: browser_extension.disabled_reasonHeader Type: Custom |
PanOSBrowserExtensionEnabled
| Query Name: browser_extension.enabledHeader Type: Custom |
PanOSBrowserExtensionHomepageURL
| Query Name: browser_extension.homepage_urlHeader Type: Custom |
PanOSBrowserExtensionHostPermissions
| Query Name: browser_extension.host_permissionsHeader Type: Custom |
PanOSBrowserExtensionID
| Query Name: browser_extension.idHeader Type: Custom |
PanOSBrowserExtensionInstallType
| Query Name: browser_extension.install_typeHeader Type: Custom |
PanOSBrowserExtensionIsApp
| Query Name: browser_extension.is_appHeader Type: Custom |
PanOSBrowserExtensionLaunchType
| Query Name: browser_extension.launch_typeHeader Type: Custom |
PanOSBrowserExtensionMayDisable
| Query Name: browser_extension.may_disableHeader Type: Custom |
PanOSBrowserExtensionName
| Query Name: browser_extension.nameHeader Type: Custom |
PanOSBrowserExtensionOfflineEnabled
| Query Name: browser_extension.offline_enabledHeader Type: Custom |
PanOSBrowserExtensionOptionsURL
| Query Name: browser_extension.options_urlHeader Type: Custom |
PanOSBrowserExtensionPermissions
| Query Name: browser_extension.permissionsHeader Type: Custom |
PanOSBrowserExtensionShortName
| Query Name: browser_extension.short_nameHeader Type: Custom |
PanOSBrowserExtensionType
| Query Name: browser_extension.typeHeader Type: Custom |
PanOSBrowserExtensionUpdateURL
| Query Name: browser_extension.update_urlHeader Type: Custom |
PanOSBrowserExtensionVersion
| Query Name: browser_extension.versionHeader Type: Custom |
PanOSCertificateCreatedTime
| Query Name: certificate.created_timeHeader Type: Custom |
PanOSCertificateExpirationTime
| Query Name: certificate.expiration_timeHeader Type: Custom |
PanOSCertificateFingerprints
| Query Name: certificate.fingerprintsHeader Type: Custom |
PanOSCertificateIssuer
| Query Name: certificate.issuerHeader Type: Custom |
PanOSCertificateSerialNumber
| Query Name: certificate.serial_numberHeader Type: Custom |
PanOSCertificateSubject
| Query Name: certificate.subjectHeader Type: Custom |
PanOSClassificationCategory
| Query Name: classification.categoryHeader Type: Custom |
PanOSClassificationMaliciousCategories
| Query Name: classification.malicious_categoriesHeader Type: Custom |
PanOSClassificationMITRE
| Query Name: classification.mitreHeader Type: Custom |
PanOSClassificationReputation
| Query Name: classification.reputationHeader Type: Custom |
PanOSClassificationSecurityCompliance
| Query Name: classification.security_complianceHeader Type: Custom |
PanOSClassificationSeverity
| Query Name: classification.severityHeader Type: Custom |
PanOSClipboardFromURL
| Query Name: clipboard.from_urlHeader Type: Custom |
PanOSClipboardSelectedElement
| Query Name: clipboard.selected_elementHeader Type: Custom |
PanOSContentCategories
| Query Name: content.categoriesHeader Type: Custom |
PanOSContentLengthBytes
| Query Name: content.length_bytesHeader Type: Custom |
PanOSContentMIPMatchedLabel
| Query Name: content.mip_matched_labelHeader Type: Custom |
PanOSContentScanEngine
| Query Name: content.scan_engineHeader Type: Custom |
PanOSContentSensitiveDataCategories
| Query Name: content.sensitive_data_categoriesHeader Type: Custom |
PanOSContentSourceElementSelector
| Query Name: content.source_element_selectorHeader Type: Custom |
PanOSContentSourceURL
| Query Name: content.source_urlHeader Type: Custom |
PanOSCortexDataLakeTenantID
| Query Name: customer_idHeader Type: Custom |
PanOSDeviceBrowserBrand
| Query Name: device.browser_brandHeader Type: Custom |
PanOSDeviceBrowserType
| Query Name: device.browser_typeHeader Type: Custom |
PanOSDeviceBrowserVersion
| Query Name: device.browser_versionHeader Type: Custom |
PanOSDeviceUUID
| Query Name: device.device_uuidHeader Type: Custom |
PanOSDeviceDiskEncryptionStatus
| Query Name: device.disk_encryption_statusHeader Type: Custom |
PanOSDeviceEPPStatus
| Query Name: device.epp_statusHeader Type: Custom |
PanOSDeviceExtensionVersion
| Query Name: device.extension_versionHeader Type: Custom |
PanOSDeviceFirewallStatus
| Query Name: device.firewall_statusHeader Type: Custom |
PanOSDeviceGeoIPFromCityName
| Query Name: device.geoip_from_city_nameHeader Type: Custom |
PanOSDeviceGeoIPFromCountryName
| Query Name: device.geoip_from_country_nameHeader Type: Custom |
PanOSDeviceGeoIPFromLocationLatitude
| Query Name: device.geoip_from_location_latitudeHeader Type: Custom |
PanOSDeviceGeoIPFromLocationLongitude
| Query Name: device.geoip_from_location_longitudeHeader Type: Custom |
PanOSDeviceGroupsIDs
| Query Name: device.groups.idsHeader Type: Custom |
PanOSDeviceGroupsNames
| Query Name: device.groups.namesHeader Type: Custom |
PanOSDeviceHostname
| Query Name: device.hostnameHeader Type: Custom |
PanOSDeviceIPAddress
| Query Name: device.ip_addressHeader Type: Custom |
PanOSMACAddresses
| Query Name: device.mac_addressesHeader Type: Custom |
PanOSDeviceModel
| Query Name: device.modelHeader Type: Custom |
PanOSDeviceOSAndroidBuild
| Query Name: device.os.android.buildHeader Type: Custom |
PanOSDeviceOSAndroidPatch
| Query Name: device.os.android.patchHeader Type: Custom |
PanOSDeviceOSAndroidRelease
| Query Name: device.os.android.releaseHeader Type: Custom |
PanOSDeviceOSAndroidSDK
| Query Name: device.os.android.sdkHeader Type: Custom |
PanOSDeviceOSiOSMajor
| Query Name: device.os.ios.majorHeader Type: Custom |
PanOSDeviceOSiOSMinor
| Query Name: device.os.ios.minorHeader Type: Custom |
PanOSDeviceOSiOSPatch
| Query Name: device.os.ios.patchHeader Type: Custom |
PanOSDeviceOSmacOSBugfix
| Query Name: device.os.macos.bugfixHeader Type: Custom |
PanOSDeviceOSmacOSBuild
| Query Name: device.os.macos.buildHeader Type: Custom |
PanOSDeviceOSmacOSMajor
| Query Name: device.os.macos.majorHeader Type: Custom |
PanOSDeviceOSmacOSMinor
| Query Name: device.os.macos.minorHeader Type: Custom |
PanOSDeviceOSmacOSServer
| Query Name: device.os.macos.serverHeader Type: Custom |
PanOSDeviceOSType
| Query Name: device.os.typeHeader Type: Custom |
PanOSDeviceOSWindowsBuild
| Query Name: device.os.windows.buildHeader Type: Custom |
PanOSDeviceOSWindowsMajor
| Query Name: device.os.windows.majorHeader Type: Custom |
PanOSDeviceOSWindowsMinor
| Query Name: device.os.windows.minorHeader Type: Custom |
PanOSDeviceOSWindowsPatch
| Query Name: device.os.windows.patchHeader Type: Custom |
PanOSDeviceOSWindowsProduct
| Query Name: device.os.windows.productHeader Type: Custom |
PanOSDeviceOSDisplayName
| Query Name: device.os_display_nameHeader Type: Custom |
PanOSDeviceRawUniversalID
| Query Name: device.raw_universal_idHeader Type: Custom |
PanOSDeviceScreenLockStatus
| Query Name: device.screen_lock_statusHeader Type: Custom |
PanOSDeviceSerialNumber
| Query Name: device.serial_numberHeader Type: Custom |
PanOSDeviceType
| Query Name: device.typeHeader Type: Custom |
PanOSDeviceUserAgent
| Query Name: device.user_agentHeader Type: Custom |
PanOSFileExtension
| Query Name: file.extensionHeader Type: Custom |
PanOSFileIsEncrypted
| Query Name: file.is_encryptedHeader Type: Custom |
PanOSFileLocalPath
| Query Name: file.local_pathHeader Type: Custom |
PanOSFileMimeType
| Query Name: file.mime_typeHeader Type: Custom |
PanOSFileName
| Query Name: file.nameHeader Type: Custom |
PanOSFileOperation
| Query Name: file.operationHeader Type: Custom |
PanOSFileOriginDownloadURL
| Query Name: file.origin_download_urlHeader Type: Custom |
PanOSFileSHA256
| Query Name: file.sha256Header Type: Custom |
PanOSFileURL
| Query Name: file.urlHeader Type: Custom |
PanOSID
| Query Name: idHeader Type: Custom |
PanOSLogSource
| Query Name: log_sourceHeader Type: Custom |
PanOSLogSourceGroupID
| Query Name: log_source_group_idHeader Type: Custom |
deviceExternalID
| Query Name: log_source_idHeader Type: Predefined |
dvchost
| Query Name: log_source_nameHeader Type: Predefined |
rt
| Query Name: log_timeHeader Type: Predefined |
Device Event Class ID
| Query Name: log_type.valueHeader Type: Custom |
PanOSNetworkClassifications
| Query Name: network.classificationsHeader Type: Custom |
PanOSNetworkFrameURL
| Query Name: network.frame_urlHeader Type: Custom |
PanOSNetworkHTTPMethod
| Query Name: network.http.methodHeader Type: Custom |
PanOSNetworkHTTPStatus
| Query Name: network.http.statusHeader Type: Custom |
PanOSNetworkProtocol
| Query Name: network.protocolHeader Type: Custom |
PanOSNetworkTabURL
| Query Name: network.tab_urlHeader Type: Custom |
PanOSNetworkURL
| Query Name: network.urlHeader Type: Custom |
PanOSPageCaptureIsSecureScreenshot
| Query Name: page.capture.is_secure_screenshotHeader Type: Custom |
PanOSPageCaptureTriggeredByURL
| Query Name: page.capture.triggered_by_urlHeader Type: Custom |
PanOSPageDevtoolsBlockReason
| Query Name: page.devtools.block_reasonHeader Type: Custom |
PanOSPageTitle
| Query Name: page.titleHeader Type: Custom |
PanOSPincodeFailedAttempts
| Query Name: pincode.failed_attemptsHeader Type: Custom |
PanOSPincodeRegistrationTime
| Query Name: pincode.registration_timeHeader Type: Custom |
PlatformType
| Query Name: platform_typeHeader Type: Custom |
PanOSPolicyAction
| Query Name: policy.actionHeader Type: Custom |
PanOSPolicyBlockReason
| Query Name: policy.block_reasonHeader Type: Custom |
PanOSPolicyBypassReason
| Query Name: policy.bypass_reasonHeader Type: Custom |
PanOSPolicyIsMonitor
| Query Name: policy.is_monitorHeader Type: Custom |
PanOSPolicyIsSessionRecorded
| Query Name: policy.is_session_recordedHeader Type: Custom |
PanOSPolicyRuleDescription
| Query Name: policy.rule_descriptionHeader Type: Custom |
PanOSPolicyRuleID
| Query Name: policy.rule_idHeader Type: Custom |
PanOSPostureBlockReason
| Query Name: posture.block_reasonHeader Type: Custom |
PanOSPostureBlockType
| Query Name: posture.block_typeHeader Type: Custom |
PanOSPostureError
| Query Name: posture.errorHeader Type: Custom |
PanOSPrintPrinterLocation
| Query Name: print.printer_locationHeader Type: Custom |
PanOSPrintPrinterName
| Query Name: print.printer_nameHeader Type: Custom |
PanOSProcessCLIArgs
| Query Name: process.cli_argsHeader Type: Custom |
PanOSProcessImagePath
| Query Name: process.image_pathHeader Type: Custom |
PanOSProcessParentProcess
| Query Name: process.parent_processHeader Type: Custom |
PanOSProcessPID
| Query Name: process.pidHeader Type: Custom |
PanOSStateDeviceGroupEvaluation
| Query Name: state.device_group_evaluationHeader Type: Custom |
PanOSStateSignInRules
| Query Name: state.sign_in_rulesHeader Type: Custom |
PanOSSubtenantID
| Query Name: sub_tenant_idHeader Type: Custom |
Name
| Query Name: sub_type.valueHeader Type: Custom |
PanOSTamperingType
| Query Name: tampering.typeHeader Type: Custom |
PanOSTenantID
| Query Name: tenant_idHeader Type: Custom |
start
| Query Name: time_generatedHeader Type: Predefined |
PanOSTimeGeneratedHighResolution
| Query Name: time_generated_high_resHeader Type: Custom |
PanOSTimestamp
| Query Name: timestampHeader Type: Custom |
PanOSTSGID
| Query Name: tsg_idHeader Type: Custom |
PanOSType
| Query Name: typeHeader Type: Custom |
PanOSUserEmail
| Query Name: user.emailHeader Type: Custom |
PanOSUserExternalID
| Query Name: user.external_idHeader Type: Custom |
PanOSUserGroupsIDs
| Query Name: user.groups.idsHeader Type: Custom |
PanOSUserGroupsNames
| Query Name: user.groups.namesHeader Type: Custom |
PanOSUserID
| Query Name: user.idHeader Type: Custom |
PanOSUserName
| Query Name: user.nameHeader Type: Custom |
PanOSUserTenantExternalID
| Query Name: user.tenant_external_idHeader Type: Custom |
PanOSUserTenantID
| Query Name: user.tenant_idHeader Type: Custom |
PanOSUserTenantName
| Query Name: user.tenant_nameHeader Type: Custom |
PanOSUserTSGID
| Query Name: user.tsg_idHeader Type: Custom |
Device Vendor
| Query Name: vendor_nameHeader Type: Custom |