Detection LEEF Fields

Table of Contents

Detection LEEF Fields

The following table identifies the Detection field names that the Log Forwarding app uses when you forward logs using the LEEF log format.

When you create a syslog forwarding profile , you can optionally create a profile token that the Log Forwarding app uses when it sends logs to the syslog server. If you configure a profile token, it appears in the log line immediately after the log type information (for example, TRAFFIC, THREAT, HIPMATCH, and so forth). The token will appear on a parameter called profileToken.

LEEF Name	Query Name	Field Type
AgentID	agent_id	Custom
s	customer_id	Predefined
DetectionDetails	detection_details	Custom
DetectionID	detection_id	Custom
DetectionRiskScore	detection_risk_score	Custom
DetectorType	detector_type	Custom
FirstSeenAt	first_seen_at	Custom
LasSeenAt	last_seen_at	Custom
LogSource	log_source	Custom
LogSourceGroupID	log_source_group_id	Custom
DeviceSN	log_source_id	Custom
DeviceName	log_source_name	Custom
LogSourceTimeZoneOffset	log_source_tz_offset	Custom
TimeReceived	log_time	Custom
cat	log_type.value	Predefined
PlatformType	platform_type	Custom
SaaSAppID	saas_app_id	Custom
ScanID	scan_id	Custom
SubType	sub_type.value	Custom
devTime	time_generated	Predefined
TimeGeneratedHighResolution	time_generated_high_res	Custom
TSGID	tsg_id	Custom
Vendor	vendor_name	Header

Detection HTTPS Fields

Strata Logging Service Docs

Detection LEEF Fields

Strata Logging Service Docs

Detection LEEF Fields

Activation & Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner