Table of Contents
Expand all | Collapse all
- Schema Overview
(AUTH COMPLETION TIME)
Time when the authentication was completed. This string contains a timestamp value that is the number of microseconds since the Unix epoch.
CEF field name: end
EMAIL field name: AuthCompletionTime
HTTPS field name: AuthCompletionTime
LEEF field name: AuthCompletionTime
(COUNT OF REPEATS)
(CORTEX DATA LAKE TENANT ID)
(DG HIERARCHY LEVEL 1)
(DG HIERARCHY LEVEL 2)
(DG HIERARCHY LEVEL 3)
(DG HIERARCHY LEVEL 4)
(IS DUPLICATE LOG)
(IS PRISMA NETWORKS)
(IS PRISMA USERS)
ID that uniquely identifies the source of the log. That is, the serial number of the firewall that generated the log.
If the log is generated by Prisma Access, the serial number is not displayed.
CEF field name: deviceExternalId
EMAIL field name: DeviceSN
HTTPS field name: DeviceSN
LEEF field name: DeviceSN
(MAPPING DATA SOURCE TYPE)
Time when the log was generated on the firewall's data plane. This string contains a timestamp value that is the number of microseconds since the Unix epoch.
CEF field name: start
EMAIL field name: TimeGenerated
HTTPS field name: TimeGenerated
LEEF field name: devTime
(TIME GENERATED HIGH RESOLUTION)
Time the log was generated in data plane with millisec granularity in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
CEF field name: PanOSTimeGeneratedHighResolution
EMAIL field name: TimeGeneratedHighResolution
HTTPS field name: TimeGeneratedHighResolution
LEEF field name: TimeGeneratedHighResolution
(USER IDENTIFIED BY SOURCE)