>
    Strata Copilot
    Application Security CEF Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. Network Logs
    5. Application Security
    6. Application Security CEF Fields
    Download PDF
    Strata Logging Service

    Application Security CEF Fields

    Table of Contents

    Application Security CEF Fields

    The following table identifies the Application Security field names that the Log Forwarding app uses when you forward logs using the CEF log format.
    CEF Name
    Field Details
    Action
    Query Name: action.​value
    Header Type: Custom
    Application
    Query Name: app
    Header Type: Custom
    CortexDataLakeTenantID
    Query Name: customer_id
    Header Type: Custom
    DestinationAddress
    Query Name: dest_ip.​value
    Header Type: Custom
    DestinationPort
    Query Name: dest_port
    Header Type: Custom
    FQDNApplicationName
    Query Name: fqdn_app_name
    Header Type: Custom
    InternalSourceAddress
    Query Name: internal_source_ip.​value
    Header Type: Custom
    LogSource
    Query Name: log_source
    Header Type: Custom
    LogSourceGroupID
    Query Name: log_source_group_id
    Header Type: Custom
    DeviceSN
    Query Name: log_source_id
    Header Type: Custom
    DeviceName
    Query Name: log_source_name
    Header Type: Custom
    LogSourceTimeZoneOffset
    Query Name: log_source_tz_offset
    Header Type: Custom
    TimeReceived
    Query Name: log_time
    Header Type: Custom
    DeviceEventClassID
    Query Name: log_type.​value
    Header Type: Custom
    PlatformType
    Query Name: platform_type
    Header Type: Custom
    ApplicationSecurityPolicyRuleAdditionalDetails
    Query Name: policy_rule_additional_details
    Header Type: Custom
    ApplicationSecurityPolicyRuleName
    Query Name: policy_rule_name
    Header Type: Custom
    ApplicationSecurityPolicyRuleType
    Query Name: policy_rule_type.​value
    Header Type: Custom
    HTTPResponseCode
    Query Name: response_code
    Header Type: Custom
    SessionID
    Query Name: session_id
    Header Type: Custom
    SourceAddress
    Query Name: source_ip.​value
    Header Type: Custom
    SourcePort
    Query Name: source_port
    Header Type: Custom
    SourceUser
    Query Name: source_user
    Header Type: Custom
    Subtype
    Query Name: sub_type.​value
    Header Type: Custom
    TimeGenerated
    Query Name: time_generated
    Header Type: Custom
    TimeGeneratedHighResolution
    Query Name: time_generated_high_res
    Header Type: Custom
    TraceID
    Query Name: trace_id
    Header Type: Custom
    TSGID
    Query Name: tsg_id
    Header Type: Custom
    URL
    Query Name: url
    Header Type: Custom
    VendorName
    Query Name: vendor_name
    Header Type: Custom

    © 2026 Palo Alto Networks, Inc. All rights reserved.