Detection CEF Fields

Table of Contents

Detection CEF Fields

The following table identifies the Detection field names that the Log Forwarding app uses when you forward logs using the CEF log format.

CEF Name	Field Details
PanOSAgentID	Query Name: agent_id Header Type: Custom
PanOSCortexDataLakeTenantID	Query Name: customer_id Header Type: Custom
PanOSDetectionDetails	Query Name: detection_details Header Type: Custom
PanOSDetectionID	Query Name: detection_id Header Type: Custom
PanOSDetectionRiskScore	Query Name: detection_risk_score Header Type: Custom
PanOSDetectorType	Query Name: detector_type Header Type: Custom
PanOSFirstSeenAt	Query Name: first_seen_at Header Type: Custom
PanOSLasSeenAt	Query Name: last_seen_at Header Type: Custom
PanOSLogSource	Query Name: log_source Header Type: Custom
LogSourceGroupID	Query Name: log_source_group_id Header Type: Custom
deviceExternalID	Query Name: log_source_id Header Type: Predefined
dvchost	Query Name: log_source_name Header Type: Predefined
PanOSLogSourceTimeZoneOffset	Query Name: log_source_tz_offset Header Type: Custom
rt	Query Name: log_time Header Type: Predefined
DeviceEventClassID	Query Name: log_type.value Header Type: Custom
PlatformType	Query Name: platform_type Header Type: Custom
PanOSSaaSAppID	Query Name: saas_app_id Header Type: Custom
PanOSScanID	Query Name: scan_id Header Type: Custom
Name	Query Name: sub_type.value Header Type: Custom
start	Query Name: time_generated Header Type: Predefined
PanOSTimeGeneratedHighResolution	Query Name: time_generated_high_res Header Type: Custom
PanOSTSGID	Query Name: tsg_id Header Type: Custom
Device Vendor	Query Name: vendor_name Header Type: Custom

Detection

Detection EMAIL Fields

Strata Logging Service Docs

Detection CEF Fields

Strata Logging Service Docs

Detection CEF Fields

Activation & Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner