>
    Strata Copilot
    SNMP Network Discovery Attribute Reference
    Focus
    Download PDF
    Focus
    1. Home
    2. Device Security
    3. Device Security Integration Guide
    4. Attribute Reference
    5. SNMP Network Discovery Attribute Reference
    Download PDF
    Device Security

    SNMP Network Discovery Attribute Reference

    Table of Contents

    SNMP Network Discovery Attribute Reference

    This reference lists the attributes that Device Security collects from SNMP Network Discovery, their names as stored in Device Security, and the Device Security fields they map to.
    When Device Security uses SNMP to discover network topology from switches, it learns device and network details that enrich the inventory. The attributes in this reference cover SNMP endpoints, IP/MAC binding records, neighbor discovery data, network interfaces, and subnet information.
    The third-party attribute name in Device Security refers to the attribute name as it appears in the Assets Inventory table and in Query Engine. This follows the format of third-party-name.attribute-name. When viewing the attribute name in the Assets Inventory table column selector or on a Device Details page, where the third-party name can be found as a header for the attributes section, then the third-party name is removed from the attribute name.
    For example, micrsoft_defender_xdr.macAddress would appear in the Query Builder and in the Assets Inventory table, but under Device DetailsAttributesIntegration Specific AttributesMicrosoft Defender, the attribute would appear as macAddress.

    Endpoint Attributes

    Device Security collects endpoint attributes discovered via SNMP neighbor discovery. Each record describes a client or end device detected on the network.
    SNMP Network Discovery Attribute
    Device Security Attribute Name
    Device Security Common Attribute*
    Description
    site_name
    network_segment_id; site_name
    Site name
    switch_mac
    snmp_nd.endpoint_list.switch_mac
    Switch MAC
    Switch MAC
    discovery_scope
    snmp_nd.endpoint_list.discovery_scope
    Discovery scope
    snmp_version
    snmp_nd.endpoint_list.snmp_version
    SNMP version
    max_discovery_depth
    snmp_nd.endpoint_list.max_discovery_depth
    Max discovery depth
    discovery_time
    snmp_nd.endpoint_list.discovery_time
    Discovery time
    current_depth
    snmp_nd.endpoint_list.current_depth
    Current depth
    mac_address
    snmp_nd.endpoint_list.mac_address
    id; MAC
    MAC address
    switch_ip
    snmp_nd.endpoint_list.switch_ip
    Switch IP
    Switch IP
    ipv4_address
    snmp_nd.endpoint_list.ipv4_address
    ipv4_address
    IPv4 address
    switch_port
    snmp_nd.endpoint_list.switch_port
    Switch Port
    Switch port
    last_vlan_id
    snmp_nd.endpoint_list.last_vlan_id
    VLAN ID
    Last VLAN ID
    vlan_ids
    snmp_nd.endpoint_list.vlan_ids
    VLAN IDs
    port_status
    snmp_nd.endpoint_list.port_status
    Port status
    port_index
    snmp_nd.endpoint_list.port_index
    Port index
    discovery_source
    snmp_nd.endpoint_list.discovery_source
    Discovery source

    IP/MAC Binding Attributes

    Device Security collects IP-to-MAC binding attributes from SNMP ARP table data. Each record maps an IP address to the MAC address of the associated device.
    SNMP Network Discovery Attribute
    Device Security Attribute Name
    Device Security Common Attribute*
    Description
    mac_address
    id; MAC
    MAC address
    ipv4_address
    IP Address
    IPv4 address

    Neighbor Discovery Attributes

    Device Security collects neighbor attributes from SNMP neighbor discovery protocols such as CDP and LLDP. Each record describes a network device identified as a neighbor of a managed switch or router.
    SNMP Network Discovery Attribute
    Device Security Attribute Name
    Device Security Common Attribute*
    Description
    site_name
    snmp_nd.neighbor_list.site_name
    network_segment_id
    Site name
    vtp_domain
    snmp_nd.neighbor_list.vtp_domain
    VTP domain
    last_change
    snmp_nd.neighbor_list.last_change
    Last change
    address_type
    snmp_nd.neighbor_list.address_type
    Address type
    native_vlan
    snmp_nd.neighbor_list.native_vlan
    Native VLAN
    device_platform
    snmp_nd.neighbor_list.device_platform
    Device platform
    duplex
    snmp_nd.neighbor_list.duplex
    Duplex
    snmp_version
    snmp_nd.neighbor_list.snmp_version
    SNMP version
    max_discovery_depth
    snmp_nd.neighbor_list.max_discovery_depth
    Max discovery depth
    discovery_time
    snmp_nd.neighbor_list.discovery_time
    Discovery time
    discovery_scope
    snmp_nd.neighbor_list.discovery_scope
    Discovery scope
    current_depth
    snmp_nd.neighbor_list.current_depth
    Current depth
    ipv4_address
    snmp_nd.neighbor_list.ipv4_address
    ipv4_address
    IPv4 address
    mac_address
    snmp_nd.neighbor_list.mac_address
    id; MAC
    MAC address
    device_id
    snmp_nd.neighbor_list.device_id
    switch_name
    Device ID
    vendor
    Vendor
    Vendor
    switch_mac
    Switch MAC
    Switch MAC
    switch_ip
    Switch IP
    Switch IP
    switch_port
    Switch Port
    Switch port
    is_virtual_machine
    snmp_nd.neighbor_list.is_virtual_machine
    Indicates whether the device is a virtual machine
    device_type
    snmp_nd.neighbor_list.device_type
    Device type
    device_category
    snmp_nd.neighbor_list.device_category
    Device category
    discovery_source
    snmp_nd.neighbor_list.discovery_source
    Discovery source
    cache_version
    snmp_nd.neighbor_list.cache_version
    Cache version
    rem_man_addr_ifid
    snmp_nd.neighbor_list.rem_man_addr_ifid
    Remote management address interface ID
    port_id_subtype
    snmp_nd.neighbor_list.port_id_subtype
    Port ID subtype
    port_id
    snmp_nd.neighbor_list.port_id
    Port ID
    port_description
    snmp_nd.neighbor_list.port_description
    Port description
    chassis_subtype
    snmp_nd.neighbor_list.chassis_subtype
    Chassis subtype
    capabilities_supported
    snmp_nd.neighbor_list.capabilities_supported
    Capabilities supported
    capabilities_enabled
    snmp_nd.neighbor_list.capabilities_enabled
    Capabilities enabled

    Interface Attributes

    Device Security collects network interface attributes discovered via SNMP. Each record describes a physical or logical network interface on a discovered device.
    SNMP Network Discovery Attribute
    Device Security Attribute Name
    Device Security Common Attribute*
    Description
    switch_mac
    id; MAC
    Switch MAC
    switch_ip
    ipv4_address
    Switch IP
    interface_list
    third_party_learned_network_interfaces
    Interface list

    Subnet Attributes

    Device Security collects subnet attributes from SNMP neighbor discovery. Each record describes a network subnet identified during discovery.
    SNMP Network Discovery Attribute
    Device Security Attribute Name
    Device Security Common Attribute*
    Description
    prefix
    id
    Prefix
    type
    Type
    Type
    site
    Site
    Site
    * Only some attributes map to a Device Security Common Attribute.

    © 2026 Palo Alto Networks, Inc. All rights reserved.