>
    Strata Copilot
    Detection
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. Detection
    Download PDF
    Strata Logging Service

    Detection

    Table of Contents

    Detection

    Learn about the Detection log type, the schema fields and their description under SaaS Security log type.
    Detection logging records the results of running security detectors on agents, typically during scheduled security scans of SaaS applications and low-code agents. The purpose is to capture and store the specific security detections identified in each scan.
    DETECTION FIELD
    Display Name
    		Description
    agent_id
    (AGENT ID)
    Unique identifier for the agent at the endpoint.
    detection_details
    (DETECTION DETAILS)
    Detector-specific details encoded as JSON string. Content varies based on the detector_type.
    detection_id
    (DETECTION ID)
    Unique identifier for this detection instance (used for correlation).
    detection_risk_score
    (DETECTION RISK SCORE)
    Risk score associated with the detection.
    detector_type
    (DETECTOR TYPE)
    Identifier for the specific detector that was triggered.
    first_seen_at
    (FIRST SEEN AT)
    First time this detection instance was observed (ISO 8601 / RFC 3339 timestamp format).
    last_seen_at
    (LAST SEEN AT)
    Most recent time this detection instance was observed (ISO 8601 / RFC 3339 timestamp format).
    log_source
    (LOG SOURCE)
    Identifies the system that produced the data.
    log_source_id
    (DEVICE SN)
    Source of the record, represented as a platform and region combination (e.g., agentic-platform-us-west-2).
    log_type
    (LOG TYPE)
    Identifies the log type.
    saas_app_id
    (SAAS APP ID)
    Unique identifier of the specific connected application.
    scan_id
    (SCAN ID)
    Scan ID that produced the detection.
    sub_type
    (SUB TYPE)
    Category of detection (e.g., Posture, Identity, Onboarding).
    time_generated
    (TIME GENERATED)
    Time the log was generated on the data plane in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
    tsg_id
    (TSG ID)
    The Tenant Service Group that uniquely identifies the Strata Logging Service instance which received this log record.
    vendor_name
    (VENDOR NAME)
    Identifies the vendor that produced the data.

    © 2025 Palo Alto Networks, Inc. All rights reserved.