Strata Logging Service
File CEF Fields
Table of Contents
Expand All
|
Collapse All
Strata Logging Service Docs
File CEF Fields
The following table identifies the File field names that the Log Forwarding app
uses when you forward logs using the CEF log format.
|
CEF Name
|
Field Details
|
|---|---|
|
act
|
Query Name: action.value
Header Type: Predefined
Max Length: 63
|
|
app
|
Query Name: app
Header Type: Predefined
Max Length: 31
|
|
PanOSApplicationCategory
|
Query Name: app_category
Header Type: Custom
|
|
PanOSApplicationSubcategory
|
Query Name: app_sub_category
Header Type: Custom
|
|
PanOSCloudHostname
|
Query Name: cloud_hostname
Header Type: Custom
|
|
PanOSCloudReportID
|
Query Name: cloud_reportid
Header Type: Custom
|
|
PanOSConfigVersion
|
Query Name: config_version.value
Header Type: Custom
|
|
PanOSContainerID
|
Query Name: container_id
Header Type: Custom
|
|
PanOSApplicationContainer
|
Query Name: container_of_app
Header Type: Custom
|
|
PanOSContentVersion
|
Query Name: content_version
Header Type: Custom
|
|
cnt
|
Query Name: count_of_repeats
Header Type: Predefined
|
|
PanOSCortexDataLakeTenantID
|
Query Name: customer_id
Header Type: Custom
|
|
PanOSDestinationDeviceCategory
|
Query Name: dest_device_category
Header Type: Custom
|
|
PanOSDestinationDeviceClass
|
Query Name: dest_device_class
Header Type: Custom
|
|
PanOSDestinationDeviceHost
|
Query Name: dest_device_host
Header Type: Custom
|
|
PanOSDestinationDeviceMac
|
Query Name: dest_device_mac
Header Type: Custom
|
|
PanOSDestinationDeviceModel
|
Query Name: dest_device_model
Header Type: Custom
|
|
PanOSDestinationDeviceOS
|
Query Name: dest_device_os
Header Type: Custom
|
|
PanOSDestinationDeviceOSFamily
|
Query Name: dest_device_osfamily
Header Type: Custom
|
|
PanOSDestinationDeviceOSVersion
|
Query Name: dest_device_osversion
Header Type: Custom
|
|
PanOSDestinationDeviceProfile
|
Query Name: dest_device_profile
Header Type: Custom
|
|
PanOSDestinationDeviceVendor
|
Query Name: dest_device_vendor
Header Type: Custom
|
|
PanOSDestinationDynamicAddressGroup
|
Query Name: dest_dynamic_address_group
Header Type: Custom
|
|
PanOSDestinationEDL
|
Query Name: dest_edl
Header Type: Custom
|
|
dst or c6a3
|
Query Name: dest_ip.value
Header Type: Predefined
Label: || c6a3Label
Label Text: || Destination IPv6 Address
|
|
PanOSDestinationLocation
|
Query Name: dest_location
Header Type: Custom
|
|
dpt
|
Query Name: dest_port
Header Type: Predefined
|
|
duser
|
Query Name: dest_user
Header Type: Predefined
Max Length: 1023
|
|
dntdom
|
Query Name: dest_user_info.domain
Header Type: Predefined
Max Length: 255
|
|
dusername
|
Query Name: dest_user_info.name
Header Type: Predefined
Max Length: 255
|
|
duid
|
Query Name: dest_user_info.uuid
Header Type: Predefined
Max Length: 255
|
|
PanOSDestinationUUID
|
Query Name: dest_uuid
Header Type: Custom
|
|
PanOSDGHierarchyLevel1
|
Query Name: dg_hier_level_1
Header Type: Custom
|
|
PanOSDGHierarchyLevel2
|
Query Name: dg_hier_level_2
Header Type: Custom
|
|
PanOSDGHierarchyLevel3
|
Query Name: dg_hier_level_3
Header Type: Custom
|
|
PanOSDGHierarchyLevel4
|
Query Name: dg_hier_level_4
Header Type: Custom
|
|
flexString2
|
Query Name: direction_of_attack.value
Header Type: Predefined
Label: flexString2Label
Label Text: DirectionOfAttack
Max Length: 1023
|
|
PanOSDLPVersionFlag
|
Query Name: dlp_version_flag
Header Type: Custom
|
|
PanOSDomainEDL
|
Query Name: domain_edl
Header Type: Custom
|
|
PanOSDynamicUserGroup
|
Query Name: dynusergroup_name
Header Type: Custom
|
|
PanOSEndpointSerialNumber
|
Query Name: endpoint_serial_number
Header Type: Custom
|
|
filePath
|
Query Name: file_name
Header Type: Predefined
Max Length: 1023
|
|
PanOSFileHash
|
Query Name: file_sha_256
Header Type: Custom
|
|
PanOSFileType
|
Query Name: file_type
Header Type: Custom
|
|
PanOSFileURL
|
Query Name: file_url
Header Type: Custom
|
|
cs4
|
Query Name: from_zone
Header Type: Predefined
Label: cs4Label
Label Text: FromZone
Max Length: 4000
|
|
PanOSHostID
|
Query Name: gp_host_id
Header Type: Custom
|
|
PanOSHTTP2Connection
|
Query Name: http2_connection
Header Type: Custom
|
|
deviceInboundInterface
|
Query Name: inbound_if.value
Header Type: Predefined
Max Length: 128
|
|
PanOSInboundInterfaceDetailsPort
|
Query Name: inbound_if_details.port
Header Type: Custom
|
|
PanOSInboundInterfaceDetailsSlot
|
Query Name: inbound_if_details.slot
Header Type: Custom
|
|
PanOSInboundInterfaceDetailsType
|
Query Name: inbound_if_details.type.value
Header Type: Custom
|
|
PanOSInboundInterfaceDetailsUnit
|
Query Name: inbound_if_details.unit
Header Type: Custom
|
|
PanOSCaptivePortal
|
Query Name: is_captive_portal
Header Type: Custom
|
|
PanOSIsClienttoServer
|
Query Name: is_client_to_server
Header Type: Custom
|
|
PanOSIsContainer
|
Query Name: is_container
Header Type: Custom
|
|
PanOSIsDecryptMirror
|
Query Name: is_decrypt_mirror
Header Type: Custom
|
|
PanOSIsDecrypted
|
Query Name: is_decrypted
Header Type: Custom
|
|
PanOSIsDuplicateLog
|
Query Name: is_dup_log
Header Type: Custom
|
|
PanOSIsEncrypted
|
Query Name: is_encrypted
Header Type: Custom
|
|
PanOSLogExported
|
Query Name: is_exported
Header Type: Custom
|
|
PanOSLogForwarded
|
Query Name: is_forwarded
Header Type: Custom
|
|
PanOSIsIPV6
|
Query Name: is_ipv6
Header Type: Custom
|
|
PanOSIsMptcpOn
|
Query Name: is_mptcp_on
Header Type: Custom
|
|
PanOSNAT
|
Query Name: is_nat
Header Type: Custom
|
|
PanOSIsNonStandardDestinationPort
|
Query Name: is_non_std_dest_port
Header Type: Custom
|
|
PanOSIsPacketCapture
|
Query Name: is_packet_capture
Header Type: Custom
|
|
PanOSIsPhishing
|
Query Name: is_phishing
Header Type: Custom
|
|
PanOSIsPrismaNetwork
|
Query Name: is_prisma_branch
Header Type: Custom
|
|
PanOSIsPrismaUsers
|
Query Name: is_prisma_mobile
Header Type: Custom
|
|
PanOSIsProxy
|
Query Name: is_proxy
Header Type: Custom
|
|
PanOSIsReconExcluded
|
Query Name: is_recon_excluded
Header Type: Custom
|
|
PanOSIsSaaSApplication
|
Query Name: is_saas_app
Header Type: Custom
|
|
PanOSIsServertoClient
|
Query Name: is_server_to_client
Header Type: Custom
|
|
PanOSIsSourceXForwarded
|
Query Name: is_source_x_fwded
Header Type: Custom
|
|
PanOSIsSystemReturn
|
Query Name: is_sym_return
Header Type: Custom
|
|
PanOSIsTransaction
|
Query Name: is_transaction
Header Type: Custom
|
|
PanOSIsTunnelInspected
|
Query Name: is_tunnel_inspected
Header Type: Custom
|
|
PanOSIsURLDenied
|
Query Name: is_url_denied
Header Type: Custom
|
|
PanOSJustification
|
Query Name: justification
Header Type: Custom
|
|
PanOSK8SClusterID
|
Query Name: k8s_cluster_id
Header Type: Custom
|
|
PanOSLocation
|
Query Name: location
Header Type: Custom
|
|
cs6
|
Query Name: log_set
Header Type: Predefined
Label: cs6Label
Label Text: LogSetting
Max Length: 4000
|
|
PanOSLogSource
|
Query Name: log_source
Header Type: Custom
|
|
LogSourceGroupID
|
Query Name: log_source_group_id
Header Type: Custom
|
|
deviceExternalId
|
Query Name: log_source_id
Header Type: Predefined
Max Length: 255
|
|
dvchost
|
Query Name: log_source_name
Header Type: Predefined
Max Length: 100
|
|
PanOSLogSourceTimeZoneOffset
|
Query Name: log_source_tz_offset
Header Type: Custom
|
|
rt
|
Query Name: log_time
Header Type: Predefined
|
|
Device Event Class ID
|
Query Name: log_type.value
Header Type: Custom
|
|
PanOSIMEI
|
Query Name: monitor_tag_imei
Header Type: Custom
|
|
destinationTranslatedAddress
|
Query Name: nat_dest.value
Header Type: Predefined
|
|
destinationTranslatedPort
|
Query Name: nat_dest_port
Header Type: Predefined
|
|
sourceTranslatedAddress
|
Query Name: nat_source.value
Header Type: Predefined
|
|
sourceTranslatedPort
|
Query Name: nat_source_port
Header Type: Predefined
|
|
PanOSNonStandardDestinationPort
|
Query Name: non_standard_dest_port
Header Type: Custom
|
|
PanOSNSSAINetworkSliceType
|
Query Name: nssai_network_slice_type.value
Header Type: Custom
|
|
deviceOutboundInterface
|
Query Name: outbound_if.value
Header Type: Predefined
Max Length: 128
|
|
PanOSOutboundInterfaceDetailsPort
|
Query Name: outbound_if_details.port
Header Type: Custom
|
|
PanOSOutboundInterfaceDetailsSlot
|
Query Name: outbound_if_details.slot
Header Type: Custom
|
|
PanOSOutboundInterfaceDetailsType
|
Query Name: outbound_if_details.type.value
Header Type: Custom
|
|
PanOSOutboundInterfaceDetailsUnit
|
Query Name: outbound_if_details.unit
Header Type: Custom
|
|
PanOSPanoramaSN
|
Query Name: panorama_serial
Header Type: Custom
|
|
PanOSParentSessionID
|
Query Name: parent_session_id
Header Type: Custom
|
|
PanOSParentStartTime
|
Query Name: parent_start_time
Header Type: Custom
|
|
PanOSPartialHash
|
Query Name: partial_hash
Header Type: Custom
|
|
PanOSPacket
|
Query Name: pcap
Header Type: Custom
|
|
fileId
|
Query Name: pcap_id
Header Type: Predefined
Max Length: 1023
|
|
PlatformType
|
Query Name: platform_type
Header Type: Custom
|
|
PanOSContainerName
|
Query Name: pod_name
Header Type: Custom
|
|
PanOSContainerNameSpace
|
Query Name: pod_namespace
Header Type: Custom
|
|
PanOSProfileName
|
Query Name: profile_name
Header Type: Custom
|
|
proto
|
Query Name: protocol.value
Header Type: Predefined
Max Length: 31
|
|
PanOSReasonForDataFilteringAction
|
Query Name: reason_data_filtering
Header Type: Custom
|
|
PanOSReportID
|
Query Name: report_id
Header Type: Custom
|
|
PanOSApplicationRisk
|
Query Name: risk_of_app
Header Type: Custom
|
|
cs1
|
Query Name: rule_matched
Header Type: Predefined
Label: cs1Label
Label Text: Rule
Max Length: 4000
|
|
PanOSRuleUUID
|
Query Name: rule_matched_uuid
Header Type: Custom
|
|
PanOSSanctionedStateOfApp
|
Query Name: sanctioned_state_of_app
Header Type: Custom
|
|
externalId
|
Query Name: sequence_no
Header Type: Predefined
Max Length: 40
|
|
cn1
|
Query Name: session_id
Header Type: Predefined
Label: cn1Label
Label Text: SessionID
|
|
PanOSSeverity
|
Query Name: severity
Header Type: Custom
|
|
PanOSSigFlags
|
Query Name: sig_flags
Header Type: Custom
|
|
PanOSSourceDeviceCategory
|
Query Name: source_device_category
Header Type: Custom
|
|
PanOSSourceDeviceClass
|
Query Name: source_device_class
Header Type: Custom
|
|
PanOSSourceDeviceHost
|
Query Name: source_device_host
Header Type: Custom
|
|
PanOSSourceDeviceMac
|
Query Name: source_device_mac
Header Type: Custom
|
|
PanOSSourceDeviceModel
|
Query Name: source_device_model
Header Type: Custom
|
|
PanOSSourceDeviceOS
|
Query Name: source_device_os
Header Type: Custom
|
|
PanOSSourceDeviceOSFamily
|
Query Name: source_device_osfamily
Header Type: Custom
|
|
PanOSSourceDeviceOSVersion
|
Query Name: source_device_osversion
Header Type: Custom
|
|
PanOSSourceDeviceProfile
|
Query Name: source_device_profile
Header Type: Custom
|
|
PanOSSourceDeviceVendor
|
Query Name: source_device_vendor
Header Type: Custom
|
|
PanOSSourceDynamicAddressGroup
|
Query Name: source_dynamic_address_group
Header Type: Custom
|
|
PanOSSourceEDL
|
Query Name: source_edl
Header Type: Custom
|
|
src or c6a2
|
Query Name: source_ip.value
Header Type: Predefined
Label: || c6a2Label
Label Text: || Source IPv6 Address
|
|
PanOSSourceLocation
|
Query Name: source_location
Header Type: Custom
|
|
spt
|
Query Name: source_port
Header Type: Predefined
|
|
suser
|
Query Name: source_user
Header Type: Predefined
Max Length: 1023
|
|
sntdom
|
Query Name: source_user_info.domain
Header Type: Predefined
Max Length: 1023
|
|
susername
|
Query Name: source_user_info.name
Header Type: Predefined
Max Length: 1023
|
|
suid
|
Query Name: source_user_info.uuid
Header Type: Predefined
Max Length: 1023
|
|
PanOSSourceUUID
|
Query Name: source_uuid
Header Type: Custom
|
|
Name
|
Query Name: sub_type.value
Header Type: Custom
|
|
PanOSApplicationTechnology
|
Query Name: technology_of_app
Header Type: Custom
|
|
PanOSThreatCategory
|
Query Name: threat_category.value
Header Type: Custom
|
|
PanOSThreatNameFirewall
|
Query Name: threat_name_firewall
Header Type: Custom
|
|
start
|
Query Name: time_generated
Header Type: Predefined
|
|
PanOSTimeGeneratedHighResolution
|
Query Name: time_generated_high_res
Header Type: Custom
|
|
cs5
|
Query Name: to_zone
Header Type: Predefined
Label: cs5Label
Label Text: ToZone
Max Length: 4000
|
|
PanOSTunnel
|
Query Name: tunnel.value
Header Type: Custom
|
|
PanOSTunneledApplication
|
Query Name: tunneled_app
Header Type: Custom
|
|
PanOSIMSI
|
Query Name: tunnelid_imsi
Header Type: Custom
|
|
cs2
|
Query Name: url_category.value
Header Type: Predefined
Label: cs2Label
Label Text: URLCategory
Max Length: 4000
|
|
PanOSURL
|
Query Name: url_domain
Header Type: Custom
|
|
PanOSUsers
|
Query Name: users
Header Type: Custom
|
|
Device Vendor
|
Query Name: vendor_name
Header Type: Custom
|
|
PanOSVendorSeverity
|
Query Name: vendor_severity.value
Header Type: Custom
|
|
cs3
|
Query Name: vsys
Header Type: Predefined
Label: cs3Label
Label Text: VirtualLocation
Max Length: 4000
|
|
PanOSVirtualSystemID
|
Query Name: vsys_id
Header Type: Custom
|
|
PanOSVirtualSystemName
|
Query Name: vsys_name
Header Type: Custom
|
|
PanOSX-Forwarded-ForIP
|
Query Name: xff_ip.value
Header Type: Custom
|