Log Forwarding App Schema Reference
    : Audit CEF Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Security Operations
    3. Cortex Data Lake
    4. Log Forwarding App Schema Reference
    5. Common Logs
    6. Audit
    7. Audit CEF Fields
    Download PDF

    Log Forwarding App Schema Reference

    Audit CEF Fields

    Table of Contents

    Audit CEF Fields

    The following table identifies the Audit field names that the Log Forwarding app uses when you forward logs using the CEF log format.
    CEF Name
    Field Details
    Event Category
    Query Name:
     event_category
    Header Type:
     Custom
    Event Description
    Query Name:
     event_description
    Header Type:
     Custom
    Event Destination URL
    Query Name:
     event_dest_url
    Header Type:
     Custom
    Destination Vendor
    Query Name:
     event_dest_vendor
    Header Type:
     Custom
    Event Details
    Query Name:
     event_detail
    Header Type:
     Custom
    Event Name
    Query Name:
     event_name
    Header Type:
     Custom
    Event Result
    Query Name:
     event_result
    Header Type:
     Custom
    Event Time
    Query Name:
     event_time
    Header Type:
     Custom
    Log Source
    Query Name:
     log_source
    Header Type:
     Custom
    LogSourceGroupID
    Header Type:
     Custom
    Max Length:
     255
    Log Source ID
    Query Name:
     log_source_id
    Header Type:
     Custom
    Log Time
    Query Name:
     log_time
    Header Type:
     Custom
    Log Type
    Query Name:
     log_type.​value
    Header Type:
     Custom
    PlatformType
    Query Name:
     platform_type
    Header Type:
     Custom
    Subtype
    Query Name:
     sub_type.​value
    Header Type:
     Custom
    Vendor Name
    Query Name:
     vendor_name
    Header Type:
     Custom
    Vendor Severity
    Header Type:
     Custom

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.