File HTTPS Fields

The following table identifies the File field names that the Log Forwarding app uses when you forward logs using the HTTPS log format.
HTTPS Name
Query Name
Action
Application
app
ApplicationCategory
ApplicationSubcategory
CloudHostname
CloudReportID
ConfigVersion
ContainerID
ApplicationContainer
ContentVersion
RepeatCount
CortexDataLakeTenantID
DestinationDeviceCategory
DestinationDeviceClass
DestinationDeviceHost
DestinationDeviceMac
DestinationDeviceModel
DestinationDeviceOS
DestinationDeviceOSFamily
DestinationDeviceOSVersion
DestinationDeviceProfile
DestinationDeviceVendor
DestinationDynamicAddressGroup
DestinationEDL
DestinationAddress
DestinationLocation
DestinationPort
DestinationUser
DestinationUserDomain
DestinationUserName
DestinationUserUUID
DestinationUUID
DGHierarchyLevel1
DGHierarchyLevel2
DGHierarchyLevel3
DGHierarchyLevel4
DirectionOfAttack
DLPVersionFlag
DomainEDL
DynamicUserGroup
EndpointSerialNumber
FileName
FileHash
FileType
FileURL
FromZone
HostID
HTTP2Connection
InboundInterface
InboundInterfaceDetailsPort
InboundInterfaceDetailsSlot
InboundInterfaceDetailsType
InboundInterfaceDetailsUnit
CaptivePortal
IsClienttoServer
IsContainer
IsDecryptMirror
IsDecrypted
IsDuplicateLog
IsEncrypted
LogExported
LogForwarded
IsIPV6
IsMptcpOn
NAT
IsNonStandardDestinationPort
IsPacketCapture
IsPhishing
IsPrismaNetwork
IsPrismaUsers
IsProxy
IsReconExcluded
IsSaaSApplication
IsServertoClient
IsSourceXForwarded
IsSystemReturn
IsTransaction
IsTunnelInspected
IsURLDenied
Justification
Location
LogSetting
LogSource
DeviceSN
DeviceName
LogSourceTimeZoneOffset
TimeReceived
LogType
IMEI
NATDestination
NATDestinationPort
NATSource
NATSourcePort
NonStandardDestinationPort
NSSAINetworkSliceType
OutboundInterface
OutboundInterfaceDetailsPort
OutboundInterfaceDetailsSlot
OutboundInterfaceDetailsType
OutboundInterfaceDetailsUnit
ParentSessionID
ParentStartTime
PartialHash
Packet
PacketID
ContainerName
ContainerNameSpace
ProfileName
Protocol
ReasonForDataFilteringAction
ReportID
ApplicationRisk
Rule
RuleUUID
SanctionedStateOfApp
SequenceNo
SessionID
Severity
SigFlags
SourceDeviceCategory
SourceDeviceClass
SourceDeviceHost
SourceDeviceMac
SourceDeviceModel
SourceDeviceOS
SourceDeviceOSFamily
SourceDeviceOSVersion
SourceDeviceProfile
SourceDeviceVendor
SourceDynamicAddressGroup
SourceEDL
SourceAddress
SourceLocation
SourcePort
SourceUser
SourceUserDomain
SourceUserName
SourceUserUUID
SourceUUID
SubType
ApplicationTechnology
ThreatCategory
ThreatNameFirewall
TimeGenerated
TimeGeneratedHighResolution
ToZone
Tunnel
TunneledApplication
IMSI
URLCategory
URL
Users
VendorName
VendorSeverity
VirtualLocation
VirtualSystemID
VirtualSystemName
X-Forwarded-ForIP

Recommended For You