File EMAIL Fields

Example File log in EMAIL:
TimeReceived=2021-02-22T05:27:37.000000Z DeviceSN=xxxxxxxxxxxxx LogType=THREAT SubType=file ConfigVersion=10.0 TimeGenerated=2021-02-22T05:27:21.000000Z SourceAddress=xxx.xx.x.xx DestinationAddress=xxx.xx.x.xx NATSource=xxx.xx.x.xx NATDestination=xxx.xx.x.xx Rule=deny-time-wasters SourceUser="paloaltonetwork\xxxxx" DestinationUser="paloaltonetwork\xxxxx" Application=groupwise VirtualLocation=vsys1 FromZone=untrust ToZone=ethernet4Zone-test2 InboundInterface=unknown OutboundInterface=unknown LogSetting=rs-logging SessionID=644314 RepeatCount=1 SourcePort=15810 DestinationPort=19884 NATSourcePort=11883 NATDestinationPort=6753 Protocol=tcp Action=reset-client FileName=0123456789012345678901234567890123456789012345678901234 URLCategory=sports VendorSeverity=Critical DirectionOfAttack=server to client SequenceNo=2638705012 SourceLocation=dallas DestinationLocation=BR PacketID=0 FileHash= ReportID=0 DGHierarchyLevel1=11 DGHierarchyLevel2=0 DGHierarchyLevel3=0 DGHierarchyLevel4=0 VirtualSystemName= DeviceName=xxxxx SourceUUID= DestinationUUID= IMSI=0 IMEI= ParentSessionID=0 ParentStartTime=1970-01-01T00:00:00.000000Z Tunnel=N/A ContentVersion=50194 SigFlags=4 RuleUUID=2fb8efd4-2f01-421d-a113-097992777432 HTTP2Connection=0 DynamicUserGroup= X-Forwarded-ForIP= SourceDeviceCategory=N-Phone SourceDeviceProfile=n-profile SourceDeviceModel=Nexus SourceDeviceVendor=Google SourceDeviceOSFamily=LG-H790 SourceDeviceOSVersion=Android v6 SourceDeviceHost=pan-301 SourceDeviceMac=839147449905 DestinationDeviceCategory=N-Phone DestinationDeviceProfile=n-profile DestinationDeviceModel=Nexus DestinationDeviceVendor=Google DestinationDeviceOSFamily=H1511 DestinationDeviceOSVersion=Android v7 DestinationDeviceHost=pan-355 DestinationDeviceMac=530589561221 ContainerID=1873cc5c-0d31 ContainerNameSpace=pns_default ContainerName=pan-dp-77754f4 SourceEDL= DestinationEDL= HostID=3030303030 EndpointSerialNumber=xxxxxxxxxxxxxx DomainEDL= SourceDynamicAddressGroup= DestinationDynamicAddressGroup= red_dag PartialHash=0 TimeGeneratedHighResolution=2021-02-22T05:27:21.528000Z ReasonForDataFilteringAction= Justification= NSSAINetworkSliceType=bf
The following table identifies the File field names that the Log Forwarding app uses when you forward logs using the EMAIL log format.
EMAIL Name
Query Name
Action
Application
app
ApplicationCategory
ApplicationSubcategory
CloudHostname
CloudReportID
ConfigVersion
ContainerID
ApplicationContainer
ContentVersion
RepeatCount
CortexDataLakeTenantID
DestinationDeviceCategory
DestinationDeviceClass
DestinationDeviceHost
DestinationDeviceMac
DestinationDeviceModel
DestinationDeviceOS
DestinationDeviceOSFamily
DestinationDeviceOSVersion
DestinationDeviceProfile
DestinationDeviceVendor
DestinationDynamicAddressGroup
DestinationEDL
DestinationAddress
DestinationLocation
DestinationPort
DestinationUser
DestinationUserDomain
DestinationUserName
DestinationUserUUID
DestinationUUID
DGHierarchyLevel1
DGHierarchyLevel2
DGHierarchyLevel3
DGHierarchyLevel4
DirectionOfAttack
DLPVersionFlag
DomainEDL
DynamicUserGroup
EndpointSerialNumber
FileName
FileHash
FileType
FileURL
FromZone
HostID
HTTP2Connection
InboundInterface
InboundInterfaceDetailsPort
InboundInterfaceDetailsSlot
InboundInterfaceDetailsType
InboundInterfaceDetailsUnit
CaptivePortal
IsClienttoServer
IsContainer
IsDecryptMirror
IsDecrypted
IsDuplicateLog
IsEncrypted
LogExported
LogForwarded
IsIPV6
IsMptcpOn
NAT
IsNonStandardDestinationPort
IsPacketCapture
IsPhishing
IsPrismaNetwork
IsPrismaUsers
IsProxy
IsReconExcluded
IsSaaSApplication
IsServertoClient
IsSourceXForwarded
IsSystemReturn
IsTransaction
IsTunnelInspected
IsURLDenied
Justification
Location
LogSetting
LogSource
DeviceSN
DeviceName
LogSourceTimeZoneOffset
TimeReceived
LogType
IMEI
NATDestination
NATDestinationPort
NATSource
NATSourcePort
NonStandardDestinationPort
NSSAINetworkSliceType
OutboundInterface
OutboundInterfaceDetailsPort
OutboundInterfaceDetailsSlot
OutboundInterfaceDetailsType
OutboundInterfaceDetailsUnit
ParentSessionID
ParentStartTime
PartialHash
Packet
PacketID
ContainerName
ContainerNameSpace
ProfileName
Protocol
ReasonForDataFilteringAction
ReportID
ApplicationRisk
Rule
RuleUUID
SanctionedStateOfApp
SequenceNo
SessionID
Severity
SigFlags
SourceDeviceCategory
SourceDeviceClass
SourceDeviceHost
SourceDeviceMac
SourceDeviceModel
SourceDeviceOS
SourceDeviceOSFamily
SourceDeviceOSVersion
SourceDeviceProfile
SourceDeviceVendor
SourceDynamicAddressGroup
SourceEDL
SourceAddress
SourceLocation
SourcePort
SourceUser
SourceUserDomain
SourceUserName
SourceUserUUID
SourceUUID
SubType
ApplicationTechnology
ThreatCategory
ThreatNameFirewall
TimeGenerated
TimeGeneratedHighResolution
ToZone
Tunnel
TunneledApplication
IMSI
URLCategory
URL
Users
VendorName
VendorSeverity
VirtualLocation
VirtualSystemID
VirtualSystemName
X-Forwarded-ForIP

Recommended For You