>
    Strata Copilot
    Events HTTPS Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. Endpoint Logs
    5. Events
    6. Events HTTPS Fields
    Download PDF
    Strata Logging Service

    Events HTTPS Fields

    Table of Contents

    Events HTTPS Fields

    The following table identifies the Events field names that the Log Forwarding app uses when you forward logs using the HTTPS log format.
    HTTPS Name
    Query Name
    ApplicationAppCategory
    application.​app_category
    ApplicationAppSubcategory
    application.​app_sub_category
    ApplicationExternalID
    application.​external_id
    ApplicationExternalName
    application.​external_name
    ApplicationID
    application.​id
    ApplicationName
    application.​name
    ApplicationProtectedAccount
    application.​protected_account
    ApplicationRiskOfApp
    application.​risk_of_app
    ApplicationSource
    application.​source
    ApplicationUsername
    application.​username
    BatchID
    batch_id
    BrowserExtensionAppLaunchURL
    browser_extension.​app_launch_url
    BrowserExtensionAvailableLaunchTypes
    browser_extension.​available_launch_types
    BrowserExtensionDescription
    browser_extension.​description
    BrowserExtensionDisabledReason
    browser_extension.​disabled_reason
    BrowserExtensionEnabled
    browser_extension.​enabled
    BrowserExtensionHomepageURL
    browser_extension.​homepage_url
    BrowserExtensionHostPermissions
    browser_extension.​host_permissions
    BrowserExtensionID
    browser_extension.​id
    BrowserExtensionInstallType
    browser_extension.​install_type
    BrowserExtensionIsApp
    browser_extension.​is_app
    BrowserExtensionLaunchType
    browser_extension.​launch_type
    BrowserExtensionMayDisable
    browser_extension.​may_disable
    BrowserExtensionName
    browser_extension.​name
    BrowserExtensionOfflineEnabled
    browser_extension.​offline_enabled
    BrowserExtensionOptionsURL
    browser_extension.​options_url
    BrowserExtensionPermissions
    browser_extension.​permissions
    BrowserExtensionShortName
    browser_extension.​short_name
    BrowserExtensionType
    browser_extension.​type
    BrowserExtensionUpdateURL
    browser_extension.​update_url
    BrowserExtensionVersion
    browser_extension.​version
    CertificateCreatedTime
    certificate.​created_time
    CertificateExpirationTime
    certificate.​expiration_time
    CertificateFingerprints
    certificate.​fingerprints
    CertificateIssuer
    certificate.​issuer
    CertificateSerialNumber
    certificate.​serial_number
    CertificateSubject
    certificate.​subject
    ClassificationCategory
    classification.​category
    ClassificationMaliciousCategories
    classification.​malicious_categories
    ClassificationMITRE
    classification.​mitre
    ClassificationReputation
    classification.​reputation
    ClassificationSecurityCompliance
    classification.​security_compliance
    ClassificationSeverity
    classification.​severity
    ClipboardFromURL
    clipboard.​from_url
    ClipboardSelectedElement
    clipboard.​selected_element
    ContentCategories
    content.​categories
    ContentLengthBytes
    content.​length_bytes
    ContentMIPMatchedLabel
    content.​mip_matched_label
    ContentScanEngine
    content.​scan_engine
    ContentSensitiveDataCategories
    content.​sensitive_data_categories
    ContentSourceElementSelector
    content.​source_element_selector
    ContentSourceURL
    content.​source_url
    CortexDataLakeTenantID
    customer_id
    DeviceBrowserBrand
    device.​browser_brand
    DeviceBrowserType
    device.​browser_type
    DeviceBrowserVersion
    device.​browser_version
    DeviceUUID
    device.​device_uuid
    DeviceDiskEncryptionStatus
    device.​disk_encryption_status
    DeviceEPPStatus
    device.​epp_status
    DeviceExtensionVersion
    device.​extension_version
    DeviceFirewallStatus
    device.​firewall_status
    DeviceGeoIPFromCityName
    device.​geoip_from_city_name
    DeviceGeoIPFromCountryName
    device.​geoip_from_country_name
    DeviceGeoIPFromLocationLatitude
    device.​geoip_from_location_latitude
    DeviceGeoIPFromLocationLongitude
    device.​geoip_from_location_longitude
    DeviceGroupsIDs
    device.​groups.​ids
    DeviceGroupsNames
    device.​groups.​names
    DeviceHostname
    device.​hostname
    DeviceIPAddress
    device.​ip_address
    DeviceMACAddresses
    device.​mac_addresses
    DeviceModel
    device.​model
    DeviceOSAndroidBuild
    device.​os.​android.​build
    DeviceOSAndroidPatch
    device.​os.​android.​patch
    DeviceOSAndroidRelease
    device.​os.​android.​release
    DeviceOSAndroidSDK
    device.​os.​android.​sdk
    DeviceOSiOSMajor
    device.​os.​ios.​major
    DeviceOSiOSMinor
    device.​os.​ios.​minor
    DeviceOSiOSPatch
    device.​os.​ios.​patch
    DeviceOSmacOSBugfix
    device.​os.​macos.​bugfix
    DeviceOSmacOSBuild
    device.​os.​macos.​build
    DeviceOSmacOSMajor
    device.​os.​macos.​major
    DeviceOSmacOSMinor
    device.​os.​macos.​minor
    DeviceOSmacOSServer
    device.​os.​macos.​server
    DeviceOSType
    device.​os.​type
    DeviceOSWindowsBuild
    device.​os.​windows.​build
    DeviceOSWindowsMajor
    device.​os.​windows.​major
    DeviceOSWindowsMinor
    device.​os.​windows.​minor
    DeviceOSWindowsPatch
    device.​os.​windows.​patch
    DeviceOSWindowsProduct
    device.​os.​windows.​product
    DeviceOSDisplayName
    device.​os_display_name
    DeviceRawUniversalID
    device.​raw_universal_id
    DeviceScreenLockStatus
    device.​screen_lock_status
    DeviceSerialNumber
    device.​serial_number
    DeviceType
    device.​type
    DeviceUserAgent
    device.​user_agent
    FileExtension
    file.​extension
    FileIsEncrypted
    file.​is_encrypted
    FileLocalPath
    file.​local_path
    FileMimeType
    file.​mime_type
    FileName
    file.​name
    FileOperation
    file.​operation
    FileOriginDownloadURL
    file.​origin_download_url
    FileSHA256
    file.​sha256
    FileURL
    file.​url
    ID
    id
    LogSource
    log_source
    LogSourceGroupID
    log_source_group_id
    DeviceSN
    log_source_id
    DeviceName
    log_source_name
    TimeReceived
    log_time
    LogType
    log_type.​value
    NetworkClassifications
    network.​classifications
    NetworkFrameURL
    network.​frame_url
    NetworkHTTPMethod
    network.​http.​method
    NetworkHTTPStatus
    network.​http.​status
    NetworkProtocol
    network.​protocol
    NetworkTabURL
    network.​tab_url
    NetworkURL
    network.​url
    PageCaptureIsSecureScreenshot
    page.​capture.​is_secure_screenshot
    PageCaptureTriggeredByURL
    page.​capture.​triggered_by_url
    PageDevtoolsBlockReason
    page.​devtools.​block_reason
    PageTitle
    page.​title
    PincodeFailedAttempts
    pincode.​failed_attempts
    PincodeRegistrationTime
    pincode.​registration_time
    PlatformType
    platform_type
    PolicyAction
    policy.​action
    PolicyBlockReason
    policy.​block_reason
    PolicyBypassReason
    policy.​bypass_reason
    PolicyIsMonitor
    policy.​is_monitor
    PolicyIsSessionRecorded
    policy.​is_session_recorded
    PolicyRuleDescription
    policy.​rule_description
    PolicyRuleID
    policy.​rule_id
    PostureBlockReason
    posture.​block_reason
    PostureBlockType
    posture.​block_type
    PostureError
    posture.​error
    PrintPrinterLocation
    print.​printer_location
    PrintPrinterName
    print.​printer_name
    ProcessCLIArgs
    process.​cli_args
    ProcessImagePath
    process.​image_path
    ProcessParentProcess
    process.​parent_process
    ProcessPID
    process.​pid
    StateDeviceGroupEvaluation
    state.​device_group_evaluation
    StateSignInRules
    state.​sign_in_rules
    SubtenantID
    sub_tenant_id
    Subtype
    sub_type.​value
    TamperingType
    tampering.​type
    TenantID
    tenant_id
    TimeGenerated
    time_generated
    TimeGeneratedHighResolution
    time_generated_high_res
    Timestamp
    timestamp
    TSGID
    tsg_id
    Type
    type
    UserEmail
    user.​email
    UserExternalID
    user.​external_id
    UserGroupsIDs
    user.​groups.​ids
    UserGroupsNames
    user.​groups.​names
    UserID
    user.​id
    UserName
    user.​name
    UserTenantExternalID
    user.​tenant_external_id
    UserTenantID
    user.​tenant_id
    UserTenantName
    user.​tenant_name
    UserTSGID
    user.​tsg_id
    VendorName
    vendor_name

    © 2025 Palo Alto Networks, Inc. All rights reserved.