Log Forwarding App Schema Reference
    : DNS Security CEF Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Security Operations
    3. Cortex Data Lake
    4. Log Forwarding App Schema Reference
    5. Network Logs
    6. DNS Security
    7. DNS Security CEF Fields
    Download PDF

    Log Forwarding App Schema Reference

    DNS Security CEF Fields

    Table of Contents

    DNS Security CEF Fields

    The following table identifies the DNS Security field names that the Log Forwarding app uses when you forward logs using the CEF log format.
    CEF Name
    Field Details
    act
    Query Name:
     action.​value
    Header Type:
     Predefined
    Max Length:
     63
    PanOSCortexDataLakeTenantID
    Query Name:
     customer_id
    Header Type:
     Custom
    PanOSDNSResolverIP
    Query Name:
     dest_ip.​value
    Header Type:
     Custom
    PanOSDNSResponse
    Query Name:
     dns_response
    Header Type:
     Custom
    PanOSDNSResponseCode
    Query Name:
     dns_response_code
    Header Type:
     Custom
    duser
    Query Name:
     dst_user
    Header Type:
     Predefined
    Max Length:
     1023
    cs5
    Query Name:
     dst_zone
    Header Type:
     Predefined
    Max Length:
     4000
    request
    Query Name:
     fqdn
    Header Type:
     Predefined
    Max Length:
     1023
    cs4
    Query Name:
     from_zone
    Header Type:
     Predefined
    Max Length:
     4000
    PanOSThreatID
    Query Name:
     gtid
    Header Type:
     Custom
    PanOSLogSource
    Query Name:
     log_source
    Header Type:
     Custom
    LogSourceGroupID
    Header Type:
     Custom
    Max Length:
     255
    deviceExternalID
    Query Name:
     log_source_id
    Header Type:
     Predefined
    Max Length:
     255
    rt
    Query Name:
     log_time
    Header Type:
     Predefined
    DeviceEventClassID
    Query Name:
     log_type.​value
    Header Type:
     Custom
    PanOSPanoramaSN
    Query Name:
     panorama_serial
    Header Type:
     Custom
    PlatformType
    Query Name:
     platform_type
    Header Type:
     Custom
    PanOSDNSSecuityVersion
    Query Name:
     protocol
    Header Type:
     Custom
    PanOSRecordType
    Query Name:
     record_type
    Header Type:
     Custom
    src
    Query Name:
     source_ip.​value
    Header Type:
     Predefined
    suser
    Query Name:
     source_user
    Header Type:
     Predefined
    Max Length:
     1023
    Name
    Query Name:
     sub_type.​value
    Header Type:
     Custom
    cat
    Query Name:
     threat_name
    Header Type:
     Predefined
    Max Length:
     1023
    start
    Query Name:
     time_generated
    Header Type:
     Predefined
    cn3
    Query Name:
     total_time_elapsed
    Header Type:
     Predefined
    Device Vendor
    Query Name:
     vendor_name
    Header Type:
     Custom
    PanOSDNSCategory
    Query Name:
     verdict.​value
    Header Type:
     Custom

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.