DNS Security LEEF Fields

The following table identifies the DNS Security field names that the Log Forwarding app uses when you forward logs using the LEEF log format.
When you create a syslog forwarding profile , you can optionally create a profile token that the Log Forwarding app uses when it sends logs to the syslog server. If you configure a profile token, it appears in the log line immediately after the log type information (for example,
TRAFFIC
,
THREAT
,
HIPMATCH
, and so forth). The token will appear on a parameter called
profileToken
.
LEEF Name
Query Name
Field Type
Action
Custom
CortexDataLakeTenantId
Custom
DNSResolverIP
Custom
DNSResponse
Custom
DNSResponseCode
Custom
DestinationUser
Custom
ToZone
Custom
url
Predefined
FromZone
Custom
ThreatID
Custom
LogSource
Custom
DeviceSN
Custom
TimeReceived
Custom
cat
Predefined
DNSSecurityVersion
Custom
RecordType
Custom
src
Predefined
UsrName
Custom
SubType
Custom
ThreatName
Custom
devTime
Predefined
SessionDuration
Custom
Vendor
Header
EventID
Header

Recommended For You