Strata Logging Service
Events
Table of Contents
Expand All
|
Collapse All
Strata Logging Service Docs
Events
The event logs contain information that the Prisma Access Browser collects for
investigating every activity within your Enterprise Browser deployment.
See the following for information related to supported log formats:
|
EVENTS Field
(Display Name)
|
Description
|
|---|---|
|
application.app_category
(APPLICATION - APP CATEGORY)
|
CEF field name: PanOSApplicationAppCategory
EMAIL field name: ApplicationAppCategory
HTTPS field name: ApplicationAppCategory
LEEF field name: ApplicationAppCategory
|
|
application.app_sub_category
(APPLICATION - APP SUBCATEGORY)
|
CEF field name: PanOSApplicationAppSubcategory
EMAIL field name: ApplicationAppSubcategory
HTTPS field name: ApplicationAppSubcategory
LEEF field name: ApplicationAppSubcategory
|
|
application.external_id
(APPLICATION - EXTERNAL ID)
|
CEF field name: PanOSApplicationExternalID
EMAIL field name: ApplicationExternalID
HTTPS field name: ApplicationExternalID
LEEF field name: ApplicationExternalID
|
|
application.external_name
(APPLICATION - EXTERNAL NAME)
|
CEF field name: PanOSApplicationExternalName
EMAIL field name: ApplicationExternalName
HTTPS field name: ApplicationExternalName
LEEF field name: ApplicationExternalName
|
|
application.id
(APPLICATION - ID)
|
Enumeration integer assigned to the application field value.
CEF field name: PanOSApplicationID
EMAIL field name: ApplicationID
HTTPS field name: ApplicationID
LEEF field name: ApplicationID
|
|
application.name
(APPLICATION - NAME)
|
CEF field name: PanOSApplicationName
EMAIL field name: ApplicationName
HTTPS field name: ApplicationName
LEEF field name: ApplicationName
|
|
application.protected_account
(APPLICATION - PROTECTED ACCOUNT)
|
CEF field name: PanOSApplicationProtectedAccount
EMAIL field name: ApplicationProtectedAccount
HTTPS field name: ApplicationProtectedAccount
LEEF field name: ApplicationProtectedAccount
|
|
application.risk_of_app
(APPLICATION - RISK OF APP)
|
CEF field name: PanOSApplicationRiskofApp
EMAIL field name: ApplicationRiskOfApp
HTTPS field name: ApplicationRiskOfApp
LEEF field name: ApplicationRiskOfApp
|
|
application.source
(APPLICATION - SOURCE)
|
CEF field name: PanOSApplicationSource
EMAIL field name: ApplicationSource
HTTPS field name: ApplicationSource
LEEF field name: ApplicationSource
|
|
application.username
(APPLICATION - USERNAME)
|
CEF field name: PanOSApplicationUsername
EMAIL field name: ApplicationUsername
HTTPS field name: ApplicationUsername
LEEF field name: ApplicationUsername
|
|
batch_id
(BATCH ID)
|
Undefined.
CEF field name: PanOSBatchID
EMAIL field name: BatchID
HTTPS field name: BatchID
LEEF field name: BatchID
|
|
browser_extension.app_launch_url
(BROWSER EXTENSION - APP LAUNCH URL)
|
CEF field name: PanOSBrowserExtensionAppLaunchURL
EMAIL field name: BrowserExtensionAppLaunchURL
HTTPS field name: BrowserExtensionAppLaunchURL
LEEF field name: BrowserExtensionAppLaunchURL
|
|
browser_extension.available_launch_types
(BROWSER EXTENSION - AVAILABLE LAUNCH TYPES)
|
CEF field name: PanOSBrowserExtensionAvailableLaunchTypes
EMAIL field name: BrowserExtensionAvailableLaunchTypes
HTTPS field name: BrowserExtensionAvailableLaunchTypes
LEEF field name: BrowserExtensionAvailableLaunchTypes
|
|
browser_extension.description
(BROWSER EXTENSION - DESCRIPTION)
|
CEF field name: PanOSBrowserExtensionDescription
EMAIL field name: BrowserExtensionDescription
HTTPS field name: BrowserExtensionDescription
LEEF field name: BrowserExtensionDescription
|
|
browser_extension.disabled_reason
(BROWSER EXTENSION - DISABLED REASON)
|
CEF field name: PanOSBrowserExtensionDisabledReason
EMAIL field name: BrowserExtensionDisabledReason
HTTPS field name: BrowserExtensionDisabledReason
LEEF field name: BrowserExtensionDisabledReason
|
|
browser_extension.enabled
(BROWSER EXTENSION - ENABLED)
|
CEF field name: PanOSBrowserExtensionEnabled
EMAIL field name: BrowserExtensionEnabled
HTTPS field name: BrowserExtensionEnabled
LEEF field name: BrowserExtensionEnabled
|
|
browser_extension.homepage_url
(BROWSER EXTENSION - HOMEPAGE URL)
|
CEF field name: PanOSBrowserExtensionHomepageURL
EMAIL field name: BrowserExtensionHomepageURL
HTTPS field name: BrowserExtensionHomepageURL
LEEF field name: BrowserExtensionHomepageURL
|
|
browser_extension.host_permissions
(BROWSER EXTENSION - HOST PERMISSIONS)
|
CEF field name: PanOSBrowserExtensionHostPermissions
EMAIL field name: BrowserExtensionHostPermissions
HTTPS field name: BrowserExtensionHostPermissions
LEEF field name: BrowserExtensionHostPermissions
|
|
browser_extension.id
(BROWSER EXTENSION - ID)
|
Enumeration integer assigned to the browser_extension field value.
CEF field name: PanOSBrowserExtensionID
EMAIL field name: BrowserExtensionID
HTTPS field name: BrowserExtensionID
LEEF field name: BrowserExtensionID
|
|
browser_extension.install_type
(BROWSER EXTENSION - INSTALL TYPE)
|
CEF field name: PanOSBrowserExtensionInstallType
EMAIL field name: BrowserExtensionInstallType
HTTPS field name: BrowserExtensionInstallType
LEEF field name: BrowserExtensionInstallType
|
|
browser_extension.is_app
(BROWSER EXTENSION - IS APP)
|
CEF field name: PanOSBrowserExtensionIsApp
EMAIL field name: BrowserExtensionIsApp
HTTPS field name: BrowserExtensionIsApp
LEEF field name: BrowserExtensionIsApp
|
|
browser_extension.launch_type
(BROWSER EXTENSION - LAUNCH TYPE)
|
CEF field name: PanOSBrowserExtensionLaunchType
EMAIL field name: BrowserExtensionLaunchType
HTTPS field name: BrowserExtensionLaunchType
LEEF field name: BrowserExtensionLaunchType
|
|
browser_extension.may_disable
(BROWSER EXTENSION - MAY DISABLE)
|
CEF field name: PanOSBrowserExtensionMayDisable
EMAIL field name: BrowserExtensionMayDisable
HTTPS field name: BrowserExtensionMayDisable
LEEF field name: BrowserExtensionMayDisable
|
|
browser_extension.name
(BROWSER EXTENSION - NAME)
|
CEF field name: PanOSBrowserExtensionName
EMAIL field name: BrowserExtensionName
HTTPS field name: BrowserExtensionName
LEEF field name: BrowserExtensionName
|
|
browser_extension.offline_enabled
(BROWSER EXTENSION - OFFLINE ENABLED)
|
CEF field name: PanOSBrowserExtensionOfflineEnabled
EMAIL field name: BrowserExtensionOfflineEnabled
HTTPS field name: BrowserExtensionOfflineEnabled
LEEF field name: BrowserExtensionOfflineEnabled
|
|
browser_extension.options_url
(BROWSER EXTENSION - OPTIONS URL)
|
CEF field name: PanOSBrowserExtensionOptionsURL
EMAIL field name: BrowserExtensionOptionsURL
HTTPS field name: BrowserExtensionOptionsURL
LEEF field name: BrowserExtensionOptionsURL
|
|
browser_extension.permissions
(BROWSER EXTENSION - PERMISSIONS)
|
CEF field name: PanOSBrowserExtensionPermissions
EMAIL field name: BrowserExtensionPermissions
HTTPS field name: BrowserExtensionPermissions
LEEF field name: BrowserExtensionPermissions
|
|
browser_extension.short_name
(BROWSER EXTENSION - SHORT NAME)
|
CEF field name: PanOSBrowserExtensionShortName
EMAIL field name: BrowserExtensionShortName
HTTPS field name: BrowserExtensionShortName
LEEF field name: BrowserExtensionShortName
|
|
browser_extension.type
(BROWSER EXTENSION - TYPE)
|
Undefined.
CEF field name: PanOSBrowserExtensionType
EMAIL field name: BrowserExtensionType
HTTPS field name: BrowserExtensionType
LEEF field name: BrowserExtensionType
|
|
browser_extension.update_url
(BROWSER EXTENSION - UPDATE URL)
|
CEF field name: PanOSBrowserExtensionUpdateURL
EMAIL field name: BrowserExtensionUpdateURL
HTTPS field name: BrowserExtensionUpdateURL
LEEF field name: BrowserExtensionUpdateURL
|
|
browser_extension.version
(BROWSER EXTENSION - VERSION)
|
CEF field name: PanOSBrowserExtensionVersion
EMAIL field name: BrowserExtensionVersion
HTTPS field name: BrowserExtensionVersion
LEEF field name: BrowserExtensionVersion
|
|
certificate.created_time
(CERTIFICATE - CREATED TIME)
|
CEF field name: PanOSCertificateCreatedTime
EMAIL field name: CertificateCreatedTime
HTTPS field name: CertificateCreatedTime
LEEF field name: CertificateCreatedTime
|
|
certificate.expiration_time
(CERTIFICATE - EXPIRATION TIME)
|
CEF field name: PanOSCertificateExpirationTime
EMAIL field name: CertificateExpirationTime
HTTPS field name: CertificateExpirationTime
LEEF field name: CertificateExpirationTime
|
|
certificate.fingerprints
(CERTIFICATE - FINGERPRINTS)
|
CEF field name: PanOSCertificateFingerprints
EMAIL field name: CertificateFingerprints
HTTPS field name: CertificateFingerprints
LEEF field name: CertificateFingerprints
|
|
certificate.issuer
(CERTIFICATE - ISSUER)
|
CEF field name: PanOSCertificateIssuer
EMAIL field name: CertificateIssuer
HTTPS field name: CertificateIssuer
LEEF field name: CertificateIssuer
|
|
certificate.serial_number
(CERTIFICATE - SERIAL NUMBER)
|
CEF field name: PanOSCertificateSerialNumber
EMAIL field name: CertificateSerialNumber
HTTPS field name: CertificateSerialNumber
LEEF field name: CertificateSerialNumber
|
|
certificate.subject
(CERTIFICATE - SUBJECT)
|
CEF field name: PanOSCertificateSubject
EMAIL field name: CertificateSubject
HTTPS field name: CertificateSubject
LEEF field name: CertificateSubject
|
|
classification.category
(CLASSIFICATION - CATEGORY)
|
CEF field name: PanOSClassificationCategory
EMAIL field name: ClassificationCategory
HTTPS field name: ClassificationCategory
LEEF field name: ClassificationCategory
|
|
classification.malicious_categories
(CLASSIFICATION - MALICIOUS CATEGORIES)
|
CEF field name: PanOSClassificationMaliciousCategories
EMAIL field name: ClassificationMaliciousCategories
HTTPS field name: ClassificationMaliciousCategories
LEEF field name: ClassificationMaliciousCategories
|
|
classification.mitre
(CLASSIFICATION - MITRE)
|
CEF field name: PanOSClassificationMITRE
EMAIL field name: ClassificationMITRE
HTTPS field name: ClassificationMITRE
LEEF field name: ClassificationMITRE
|
|
classification.reputation
(CLASSIFICATION - REPUTATION)
|
CEF field name: PanOSClassificationReputation
EMAIL field name: ClassificationReputation
HTTPS field name: ClassificationReputation
LEEF field name: ClassificationReputation
|
|
classification.security_compliance
(CLASSIFICATION - SECURITY COMPLIANCE)
|
CEF field name: PanOSClassificationSecurityCompliance
EMAIL field name: ClassificationSecurityCompliance
HTTPS field name: ClassificationSecurityCompliance
LEEF field name: ClassificationSecurityCompliance
|
|
classification.severity
(CLASSIFICATION - SEVERITY )
|
CEF field name: PanOSClassificationSeverity
EMAIL field name: ClassificationSeverity
HTTPS field name: ClassificationSeverity
LEEF field name: ClassificationSeverity
|
|
clipboard.from_url
(CLIPBOARD - FROM URL)
|
CEF field name: PanOSClipboardFromURL
EMAIL field name: ClipboardFromURL
HTTPS field name: ClipboardFromURL
LEEF field name: ClipboardFromURL
|
|
clipboard.selected_element
(CLIPBOARD - SELECTED ELEMENT)
|
CEF field name: PanOSClipboardSelectedElement
EMAIL field name: ClipboardSelectedElement
HTTPS field name: ClipboardSelectedElement
LEEF field name: ClipboardSelectedElement
|
|
content.categories
(CONTENT - CATEGORIES)
|
CEF field name: PanOSContentCategories
EMAIL field name: ContentCategories
HTTPS field name: ContentCategories
LEEF field name: ContentCategories
|
|
content.length_bytes
(CONTENT - LENGTH BYTES)
|
CEF field name: PanOSContentLengthBytes
EMAIL field name: ContentLengthBytes
HTTPS field name: ContentLengthBytes
LEEF field name: ContentLengthBytes
|
|
content.mip_matched_label
(CONTENT - MIP MATCHED LABEL)
|
CEF field name: PanOSContentMIPMatchedLabel
EMAIL field name: ContentMIPMatchedLabel
HTTPS field name: ContentMIPMatchedLabel
LEEF field name: ContentMIPMatchedLabel
|
|
content.scan_engine
(CONTENT - SCAN ENGINE)
|
CEF field name: PanOSContentScanEngine
EMAIL field name: ContentScanEngine
HTTPS field name: ContentScanEngine
LEEF field name: ContentScanEngine
|
|
content.sensitive_data_categories
(CONTENT - SENSITIVE DATA CATEGORIES)
|
CEF field name: PanOSContentSensitiveDataCategories
EMAIL field name: ContentSensitiveDataCategories
HTTPS field name: ContentSensitiveDataCategories
LEEF field name: ContentSensitiveDataCategories
|
|
content.source_element_selector
(CONTENT - SOURCE ELEMENT SELECTOR)
|
CEF field name: PanOSContentSourceElementSelector
EMAIL field name: ContentSourceElementSelector
HTTPS field name: ContentSourceElementSelector
LEEF field name: ContentSourceElementSelector
|
|
content.source_url
(CONTENT - SOURCE URL)
|
CEF field name: PanOSContentSourceURL
EMAIL field name: ContentSourceURL
HTTPS field name: ContentSourceURL
LEEF field name: ContentSourceURL
|
|
customer_id
(CORTEX DATA LAKE TENANT ID)
|
The ID that uniquely identifies the Cortex Data Lake instance which received this log record.
CEF field name: PanOSCortexDataLakeTenantID
EMAIL field name: CortexDataLakeTenantID
HTTPS field name: CortexDataLakeTenantID
LEEF field name: CortexDataLakeTenantID
|
|
device.browser_brand
(DEVICE - BROWSER BRAND)
|
CEF field name: PanOSDeviceBrowserBrand
EMAIL field name: DeviceBrowserBrand
HTTPS field name: DeviceBrowserBrand
LEEF field name: DeviceBrowserBrand
|
|
device.browser_type
(DEVICE - BROWSER TYPE)
|
CEF field name: PanOSDeviceBrowserType
EMAIL field name: DeviceBrowserType
HTTPS field name: DeviceBrowserType
LEEF field name: DeviceBrowserType
|
|
device.browser_version
(DEVICE - BROWSER VERSION)
|
CEF field name: PanOSDeviceBrowserVersion
EMAIL field name: DeviceBrowserVersion
HTTPS field name: DeviceBrowserVersion
LEEF field name: DeviceBrowserVersion
|
|
device.device_uuid
(DEVICE - UUID )
|
CEF field name: PanOSDeviceUUID
EMAIL field name: DeviceUUID
HTTPS field name: DeviceUUID
LEEF field name: DeviceUUID
|
|
device.disk_encryption_status
(DEVICE - DISK ENCRYPTION STATUS)
|
CEF field name: PanOSDeviceDiskEncryptionStatus
EMAIL field name: DeviceDiskEncryptionStatus
HTTPS field name: DeviceDiskEncryptionStatus
LEEF field name: DeviceDiskEncryptionStatus
|
|
device.epp_status
(DEVICE - EPP STATUS)
|
CEF field name: PanOSDeviceEPPStatus
EMAIL field name: DeviceEPPStatus
HTTPS field name: DeviceEPPStatus
LEEF field name: DeviceEPPStatus
|
|
device.extension_version
(DEVICE - EXTENSION VERSION)
|
CEF field name: PanOSDeviceExtensionVersion
EMAIL field name: DeviceExtensionVersion
HTTPS field name: DeviceExtensionVersion
LEEF field name: DeviceExtensionVersion
|
|
device.firewall_status
(DEVICE - FIREWALL STATUS)
|
CEF field name: PanOSDeviceFirewallStatus
EMAIL field name: DeviceFirewallStatus
HTTPS field name: DeviceFirewallStatus
LEEF field name: DeviceFirewallStatus
|
|
device.geoip_from_city_name
(DEVICE - GEO IP FROM CITY NAME)
|
CEF field name: PanOSDeviceGeoIPFromCityName
EMAIL field name: DeviceGeoIPFromCityName
HTTPS field name: DeviceGeoIPFromCityName
LEEF field name: DeviceGeoIPFromCityName
|
|
device.geoip_from_country_name
(DEVICE - GEO IP FROM COUNTRY NAME)
|
CEF field name: PanOSDeviceGeoIPFromCountryName
EMAIL field name: DeviceGeoIPFromCountryName
HTTPS field name: DeviceGeoIPFromCountryName
LEEF field name: DeviceGeoIPFromCountryName
|
|
device.geoip_from_location_latitude
(DEVICE - GEO IP FROM LOCATION LATITUDE)
|
CEF field name: PanOSDeviceGeoIPFromLocationLatitude
EMAIL field name: DeviceGeoIPFromLocationLatitude
HTTPS field name: DeviceGeoIPFromLocationLatitude
LEEF field name: DeviceGeoIPFromLocationLatitude
|
|
device.geoip_from_location_longitude
(DEVICE - GEO IP FROM LOCATION LONGITUDE)
|
CEF field name: PanOSDeviceGeoIPFromLocationLongitude
EMAIL field name: DeviceGeoIPFromLocationLongitude
HTTPS field name: DeviceGeoIPFromLocationLongitude
LEEF field name: DeviceGeoIPFromLocationLongitude
|
|
device.groups.ids
(DEVICE - GROUPS IDS)
|
Enumeration integer assigned to the device.groups field value.
CEF field name: PanOSDeviceGroupsIDs
EMAIL field name: DeviceGroupsIDs
HTTPS field name: DeviceGroupsIDs
LEEF field name: DeviceGroupsIDs
|
|
device.groups.names
(DEVICE - GROUPS NAMES)
|
CEF field name: PanOSDeviceGroupsNames
EMAIL field name: DeviceGroupsNames
HTTPS field name: DeviceGroupsNames
LEEF field name: DeviceGroupsNames
|
|
device.hostname
(DEVICE - HOSTNAME)
|
CEF field name: PanOSDeviceHostname
EMAIL field name: DeviceHostname
HTTPS field name: DeviceHostname
LEEF field name: DeviceHostname
|
|
device.ip_address
(DEVICE - IP ADDRESS)
|
CEF field name: PanOSDeviceIPAddress
EMAIL field name: DeviceIPAddress
HTTPS field name: DeviceIPAddress
LEEF field name: DeviceIPAddress
|
|
device.mac_addresses
(DEVICE - MAC ADDRESSES)
|
CEF field name: PanOSMACAddresses
EMAIL field name: DeviceMACAddresses
HTTPS field name: DeviceMACAddresses
LEEF field name: DeviceMACAddresses
|
|
device.model
(DEVICE - MODEL)
|
CEF field name: PanOSDeviceModel
EMAIL field name: DeviceModel
HTTPS field name: DeviceModel
LEEF field name: DeviceModel
|
|
device.os.android.build
(DEVICE - OS ANDROID BUILD)
|
CEF field name: PanOSDeviceOSAndroidBuild
EMAIL field name: DeviceOSAndroidBuild
HTTPS field name: DeviceOSAndroidBuild
LEEF field name: DeviceOSAndroidBuild
|
|
device.os.android.patch
(DEVICE - OS ANDROID PATCH)
|
CEF field name: PanOSDeviceOSAndroidPatch
EMAIL field name: DeviceOSAndroidPatch
HTTPS field name: DeviceOSAndroidPatch
LEEF field name: DeviceOSAndroidPatch
|
|
device.os.android.release
(DEVICE - OS ANDROID RELEASE)
|
CEF field name: PanOSDeviceOSAndroidRelease
EMAIL field name: DeviceOSAndroidRelease
HTTPS field name: DeviceOSAndroidRelease
LEEF field name: DeviceOSAndroidRelease
|
|
device.os.android.sdk
(DEVICE - OS ANDROID SDK)
|
CEF field name: PanOSDeviceOSAndroidSDK
EMAIL field name: DeviceOSAndroidSDK
HTTPS field name: DeviceOSAndroidSDK
LEEF field name: DeviceOSAndroidSDK
|
|
device.os.ios.major
(DEVICE - OS IOS MAJOR)
|
CEF field name: PanOSDeviceOSiOSMajor
EMAIL field name: DeviceOSiOSMajor
HTTPS field name: DeviceOSiOSMajor
LEEF field name: DeviceOSiOSMajor
|
|
device.os.ios.minor
(DEVICE - OS IOS MINOR)
|
CEF field name: PanOSDeviceOSiOSMinor
EMAIL field name: DeviceOSiOSMinor
HTTPS field name: DeviceOSiOSMinor
LEEF field name: DeviceOSiOSMinor
|
|
device.os.ios.patch
(DEVICE - OS IOS PATCH)
|
CEF field name: PanOSDeviceOSiOSPatch
EMAIL field name: DeviceOSiOSPatch
HTTPS field name: DeviceOSiOSPatch
LEEF field name: DeviceOSiOSPatch
|
|
device.os.macos.bugfix
(DEVICE - OS MACOS BUGFIX)
|
CEF field name: PanOSDeviceOSmacOSBugfix
EMAIL field name: DeviceOSmacOSBugfix
HTTPS field name: DeviceOSmacOSBugfix
LEEF field name: DeviceOSmacOSBugfix
|
|
device.os.macos.build
(DEVICE - OS MACOS BUILD)
|
CEF field name: PanOSDeviceOSmacOSBuild
EMAIL field name: DeviceOSmacOSBuild
HTTPS field name: DeviceOSmacOSBuild
LEEF field name: DeviceOSmacOSBuild
|
|
device.os.macos.major
(DEVICE - OS MACOS MAJOR)
|
CEF field name: PanOSDeviceOSmacOSMajor
EMAIL field name: DeviceOSmacOSMajor
HTTPS field name: DeviceOSmacOSMajor
LEEF field name: DeviceOSmacOSMajor
|
|
device.os.macos.minor
(DEVICE - OS MACOS MINOR)
|
CEF field name: PanOSDeviceOSmacOSMinor
EMAIL field name: DeviceOSmacOSMinor
HTTPS field name: DeviceOSmacOSMinor
LEEF field name: DeviceOSmacOSMinor
|
|
device.os.macos.server
(DEVICE - OS MACOS SERVER)
|
CEF field name: PanOSDeviceOSmacOSServer
EMAIL field name: DeviceOSmacOSServer
HTTPS field name: DeviceOSmacOSServer
LEEF field name: DeviceOSmacOSServer
|
|
device.os.type
(DEVICE - OS TYPE)
|
CEF field name: PanOSDeviceOSType
EMAIL field name: DeviceOSType
HTTPS field name: DeviceOSType
LEEF field name: DeviceOSType
|
|
device.os.windows.build
(DEVICE - OS WINDOWS BUILD)
|
CEF field name: PanOSDeviceOSWindowsBuild
EMAIL field name: DeviceOSWindowsBuild
HTTPS field name: DeviceOSWindowsBuild
LEEF field name: DeviceOSWindowsBuild
|
|
device.os.windows.major
(DEVICE - OS WINDOWS MAJOR)
|
CEF field name: PanOSDeviceOSWindowsMajor
EMAIL field name: DeviceOSWindowsMajor
HTTPS field name: DeviceOSWindowsMajor
LEEF field name: DeviceOSWindowsMajor
|
|
device.os.windows.minor
(DEVICE - OS WINDOWS MINOR)
|
CEF field name: PanOSDeviceOSWindowsMinor
EMAIL field name: DeviceOSWindowsMinor
HTTPS field name: DeviceOSWindowsMinor
LEEF field name: DeviceOSWindowsMinor
|
|
device.os.windows.patch
(DEVICE - OS WINDOWS PATCH)
|
CEF field name: PanOSDeviceOSWindowsPatch
EMAIL field name: DeviceOSWindowsPatch
HTTPS field name: DeviceOSWindowsPatch
LEEF field name: DeviceOSWindowsPatch
|
|
device.os.windows.product
(DEVICE - OS WINDOWS PRODUCT)
|
CEF field name: PanOSDeviceOSWindowsProduct
EMAIL field name: DeviceOSWindowsProduct
HTTPS field name: DeviceOSWindowsProduct
LEEF field name: DeviceOSWindowsProduct
|
|
device.os_display_name
(DEVICE - OS DISPLAY NAME)
|
CEF field name: PanOSDeviceOSDisplayName
EMAIL field name: DeviceOSDisplayName
HTTPS field name: DeviceOSDisplayName
LEEF field name: DeviceOSDisplayName
|
|
device.raw_universal_id
(DEVICE - RAW UNIVERSAL ID)
|
CEF field name: PanOSDeviceRawUniversalID
EMAIL field name: DeviceRawUniversalID
HTTPS field name: DeviceRawUniversalID
LEEF field name: DeviceRawUniversalID
|
|
device.screen_lock_status
(DEVICE - SCREEN LOCK STATUS)
|
CEF field name: PanOSDeviceScreenLockStatus
EMAIL field name: DeviceScreenLockStatus
HTTPS field name: DeviceScreenLockStatus
LEEF field name: DeviceScreenLockStatus
|
|
device.serial_number
(DEVICE - SERIAL NUMBER)
|
CEF field name: PanOSDeviceSerialNumber
EMAIL field name: DeviceSerialNumber
HTTPS field name: DeviceSerialNumber
LEEF field name: DeviceSerialNumber
|
|
device.type
(DEVICE - TYPE)
|
Undefined.
CEF field name: PanOSDeviceType
EMAIL field name: DeviceType
HTTPS field name: DeviceType
LEEF field name: DeviceType
|
|
device.user_agent
(DEVICE - USER AGENT)
|
CEF field name: PanOSDeviceUserAgent
EMAIL field name: DeviceUserAgent
HTTPS field name: DeviceUserAgent
LEEF field name: DeviceUserAgent
|
|
file.extension
(FILE - EXTENSION)
|
CEF field name: PanOSFileExtension
EMAIL field name: FileExtension
HTTPS field name: FileExtension
LEEF field name: FileExtension
|
|
file.is_encrypted
(FILE - IS ENCRYPTED)
|
CEF field name: PanOSFileIsEncrypted
EMAIL field name: FileIsEncrypted
HTTPS field name: FileIsEncrypted
LEEF field name: FileIsEncrypted
|
|
file.local_path
(FILE - LOCAL PATH)
|
CEF field name: PanOSFileLocalPath
EMAIL field name: FileLocalPath
HTTPS field name: FileLocalPath
LEEF field name: FileLocalPath
|
|
file.mime_type
(FILE - MIME TYPE)
|
CEF field name: PanOSFileMimeType
EMAIL field name: FileMimeType
HTTPS field name: FileMimeType
LEEF field name: FileMimeType
|
|
file.name
(FILE - NAME)
|
CEF field name: PanOSFileName
EMAIL field name: FileName
HTTPS field name: FileName
LEEF field name: FileName
|
|
file.operation
(FILE - OPERATION)
|
CEF field name: PanOSFileOperation
EMAIL field name: FileOperation
HTTPS field name: FileOperation
LEEF field name: FileOperation
|
|
file.origin_download_url
(FILE - ORIGIN DOWNLOAD URL)
|
CEF field name: PanOSFileOriginDownloadURL
EMAIL field name: FileOriginDownloadURL
HTTPS field name: FileOriginDownloadURL
LEEF field name: FileOriginDownloadURL
|
|
file.sha256
(FILE - SHA256)
|
CEF field name: PanOSFileSHA256
EMAIL field name: FileSHA256
HTTPS field name: FileSHA256
LEEF field name: FileSHA256
|
|
file.url
(FILE - URL)
|
CEF field name: PanOSFileURL
EMAIL field name: FileURL
HTTPS field name: FileURL
LEEF field name: FileURL
|
|
log_source
(LOG SOURCE)
|
Identifies the origin of the data. That is, the system that produced the data.
CEF field name: PanOSLogSource
EMAIL field name: LogSource
HTTPS field name: LogSource
LEEF field name: LogSource
|
|
log_source_group_id
(LOG SOURCE GROUP ID)
|
ID that uniquely identifies the logSourceGroupId of the log. That is, the log_source_id of the group.
CEF field name: PanOSLogSourceGroupID
EMAIL field name: LogSourceGroupID
HTTPS field name: LogSourceGroupID
LEEF field name: LogSourceGroupID
|
|
log_source_id
(DEVICE SN)
|
ID that uniquely identifies the source of the log. That is, the serial number of the firewall that generated the log.
CEF field name: deviceExternalID
EMAIL field name: DeviceSN
HTTPS field name: DeviceSN
LEEF field name: DeviceSN
|
|
log_source_name
(DEVICE NAME)
|
Name of the source of the log. That is, the hostname of the firewall that logged the network traffic.
CEF field name: dvchost
EMAIL field name: DeviceName
HTTPS field name: DeviceName
LEEF field name: DeviceName
|
|
log_time
(TIME RECEIVED)
|
Time the log was received in Cortex Data Lake. This is populated by the platform.
CEF field name: rt
EMAIL field name: TimeReceived
HTTPS field name: TimeReceived
LEEF field name: TimeReceived
|
|
log_type.value
(LOG TYPE)
|
Identifies the log type.
CEF field name: Device Event Class ID
EMAIL field name: LogType
HTTPS field name: LogType
LEEF field name: cat
|
|
network.classifications
(NETWORK - CLASSIFICATIONS)
|
CEF field name: PanOSNetworkClassifications
EMAIL field name: NetworkClassifications
HTTPS field name: NetworkClassifications
LEEF field name: NetworkClassifications
|
|
network.frame_url
(NETWORK - FRAME URL)
|
CEF field name: PanOSNetworkFrameURL
EMAIL field name: NetworkFrameURL
HTTPS field name: NetworkFrameURL
LEEF field name: NetworkFrameURL
|
|
network.http.method
(NETWORK - HTTP METHOD)
|
CEF field name: PanOSNetworkHTTPMethod
EMAIL field name: NetworkHTTPMethod
HTTPS field name: NetworkHTTPMethod
LEEF field name: NetworkHTTPMethod
|
|
network.http.status
(NETWORK - HTTP STATUS)
|
CEF field name: PanOSNetworkHTTPStatus
EMAIL field name: NetworkHTTPStatus
HTTPS field name: NetworkHTTPStatus
LEEF field name: NetworkHTTPStatus
|
|
network.protocol
(NETWORK - PROTOCOL)
|
CEF field name: PanOSNetworkProtocol
EMAIL field name: NetworkProtocol
HTTPS field name: NetworkProtocol
LEEF field name: NetworkProtocol
|
|
network.tab_url
(NETWORK - TAB URL )
|
CEF field name: PanOSNetworkTabURL
EMAIL field name: NetworkTabURL
HTTPS field name: NetworkTabURL
LEEF field name: NetworkTabURL
|
|
network.url
(NETWORK - URL)
|
CEF field name: PanOSNetworkURL
EMAIL field name: NetworkURL
HTTPS field name: NetworkURL
LEEF field name: NetworkURL
|
|
page.capture.is_secure_screenshot
(PAGE - CAPTURE IS SECURE SCREENSHOT)
|
CEF field name: PanOSPageCaptureIsSecureScreenshot
EMAIL field name: PageCaptureIsSecureScreenshot
HTTPS field name: PageCaptureIsSecureScreenshot
LEEF field name: PageCaptureIsSecureScreenshot
|
|
page.capture.triggered_by_url
(PAGE - CAPTURE TRIGGERED BY URL)
|
CEF field name: PanOSPageCaptureTriggeredByURL
EMAIL field name: PageCaptureTriggeredByURL
HTTPS field name: PageCaptureTriggeredByURL
LEEF field name: PageCaptureTriggeredByURL
|
|
page.devtools.block_reason
(PAGE - DEVTOOLS BLOCK REASON)
|
CEF field name: PanOSPageDevtoolsBlockReason
EMAIL field name: PageDevtoolsBlockReason
HTTPS field name: PageDevtoolsBlockReason
LEEF field name: PageDevtoolsBlockReason
|
|
page.title
(PAGE - TITLE)
|
CEF field name: PanOSPageTitle
EMAIL field name: PageTitle
HTTPS field name: PageTitle
LEEF field name: PageTitle
|
|
pincode.failed_attempts
(PINCODE - FAILED ATTEMPTS)
|
CEF field name: PanOSPincodeFailedAttempts
EMAIL field name: PincodeFailedAttempts
HTTPS field name: PincodeFailedAttempts
LEEF field name: PincodeFailedAttempts
|
|
pincode.registration_time
(PINCODE - REGISTRATION TIME)
|
CEF field name: PanOSPincodeRegistrationTime
EMAIL field name: PincodeRegistrationTime
HTTPS field name: PincodeRegistrationTime
LEEF field name: PincodeRegistrationTime
|
|
platform_type
(PLATFORM TYPE)
|
The platform type (Valid types are PRISMA_ACCESS, CNGFW, VM, HWFW).
CEF field name: PlatformType
EMAIL field name: PlatformType
HTTPS field name: PlatformType
LEEF field name: PlatformType
|
|
policy.action
(POLICY - ACTION)
|
CEF field name: PanOSPolicyAction
EMAIL field name: PolicyAction
HTTPS field name: PolicyAction
LEEF field name: PolicyAction
|
|
policy.block_reason
(POLICY - BLOCK REASON)
|
CEF field name: PanOSPolicyBlockReason
EMAIL field name: PolicyBlockReason
HTTPS field name: PolicyBlockReason
LEEF field name: PolicyBlockReason
|
|
policy.bypass_reason
(POLICY - BYPASS REASON)
|
CEF field name: PanOSPolicyBypassReason
EMAIL field name: PolicyBypassReason
HTTPS field name: PolicyBypassReason
LEEF field name: PolicyBypassReason
|
|
policy.is_monitor
(POLICY - IS MONITOR)
|
CEF field name: PanOSPolicyIsMonitor
EMAIL field name: PolicyIsMonitor
HTTPS field name: PolicyIsMonitor
LEEF field name: PolicyIsMonitor
|
|
policy.is_session_recorded
(POLICY - IS SESSION RECORDED)
|
CEF field name: PanOSPolicyIsSessionRecorded
EMAIL field name: PolicyIsSessionRecorded
HTTPS field name: PolicyIsSessionRecorded
LEEF field name: PolicyIsSessionRecorded
|
|
policy.rule_description
(POLICY - RULE DESCRIPTION)
|
CEF field name: PanOSPolicyRuleDescription
EMAIL field name: PolicyRuleDescription
HTTPS field name: PolicyRuleDescription
LEEF field name: PolicyRuleDescription
|
|
policy.rule_id
(POLICY - RULE ID)
|
CEF field name: PanOSPolicyRuleID
EMAIL field name: PolicyRuleID
HTTPS field name: PolicyRuleID
LEEF field name: PolicyRuleID
|
|
posture.block_reason
(POSTURE - BLOCK REASON)
|
CEF field name: PanOSPostureBlockReason
EMAIL field name: PostureBlockReason
HTTPS field name: PostureBlockReason
LEEF field name: PostureBlockReason
|
|
posture.block_type
(POSTURE - BLOCK TYPE)
|
CEF field name: PanOSPostureBlockType
EMAIL field name: PostureBlockType
HTTPS field name: PostureBlockType
LEEF field name: PostureBlockType
|
|
posture.error
(POSTURE - ERROR)
|
CEF field name: PanOSPostureError
EMAIL field name: PostureError
HTTPS field name: PostureError
LEEF field name: PostureError
|
|
print.printer_location
(PRINT - PRINTER LOCATION)
|
CEF field name: PanOSPrintPrinterLocation
EMAIL field name: PrintPrinterLocation
HTTPS field name: PrintPrinterLocation
LEEF field name: PrintPrinterLocation
|
|
print.printer_name
(PRINT - PRINTER NAME)
|
CEF field name: PanOSPrintPrinterName
EMAIL field name: PrintPrinterName
HTTPS field name: PrintPrinterName
LEEF field name: PrintPrinterName
|
|
process.cli_args
(PROESS - CLI ARGS)
|
CEF field name: PanOSProcessCLIArgs
EMAIL field name: ProcessCLIArgs
HTTPS field name: ProcessCLIArgs
LEEF field name: ProcessCLIArgs
|
|
process.image_path
(PROCESS - IMAGE PATH)
|
CEF field name: PanOSProcessImagePath
EMAIL field name: ProcessImagePath
HTTPS field name: ProcessImagePath
LEEF field name: ProcessImagePath
|
|
process.parent_process
(PROCESS - PARENT PROCESS)
|
CEF field name: PanOSProcessParentProcess
EMAIL field name: ProcessParentProcess
HTTPS field name: ProcessParentProcess
LEEF field name: ProcessParentProcess
|
|
process.pid
(PROCESS - PID)
|
CEF field name: PanOSProcessPID
EMAIL field name: ProcessPID
HTTPS field name: ProcessPID
LEEF field name: ProcessPID
|
|
state.device_group_evaluation
(STATE - DEVICE GROUP EVALUATION)
|
CEF field name: PanOSStateDeviceGroupEvaluation
EMAIL field name: StateDeviceGroupEvaluation
HTTPS field name: StateDeviceGroupEvaluation
LEEF field name: StateDeviceGroupEvaluation
|
|
state.sign_in_rules
(STATE - SIGN IN RULES)
|
CEF field name: PanOSStateSignInRules
EMAIL field name: StateSignInRules
HTTPS field name: StateSignInRules
LEEF field name: StateSignInRules
|
|
sub_tenant_id
(SUBTENANT ID)
|
Undefined.
CEF field name: PanOSSubtenantID
EMAIL field name: SubtenantID
HTTPS field name: SubtenantID
LEEF field name: SubtenantID
|
|
tampering.type
(TAMPERING - TYPE)
|
Undefined.
CEF field name: PanOSTamperingType
EMAIL field name: TamperingType
HTTPS field name: TamperingType
LEEF field name: TamperingType
|
|
tenant_id
(TENANT ID)
|
Undefined.
CEF field name: PanOSTenantID
EMAIL field name: TenantID
HTTPS field name: TenantID
LEEF field name: TenantID
|
|
time_generated
(TIME GENERATED)
|
Time the log was generated on the data plane in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
CEF field name: start
EMAIL field name: TimeGenerated
HTTPS field name: TimeGenerated
LEEF field name: devTime
|
|
time_generated_high_res
(TIME GENERATED HIGH RESOLUTION)
|
Time the log was generated in data plane with millisec granularity in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
CEF field name: PanOSTimeGeneratedHighResolution
EMAIL field name: TimeGeneratedHighResolution
HTTPS field name: TimeGeneratedHighResolution
LEEF field name: TimeGeneratedHighResolution
|
|
timestamp
(TIMESTAMP)
|
Undefined.
CEF field name: PanOSTimestamp
EMAIL field name: Timestamp
HTTPS field name: Timestamp
LEEF field name: Timestamp
|
|
tsg_id
(TSG ID)
|
The Tenant Service Group that uniquely identifies the Cortex Data Lake instance which received this log record.
CEF field name: PanOSTSGID
EMAIL field name: TSGID
HTTPS field name: TSGID
LEEF field name: TSGID
|
|
user.email
(USER - EMAIL)
|
CEF field name: PanOSUserEmail
EMAIL field name: UserEmail
HTTPS field name: UserEmail
LEEF field name: UserEmail
|
|
user.external_id
(USER - EXTERNAL ID)
|
CEF field name: PanOSUserExternalID
EMAIL field name: UserExternalID
HTTPS field name: UserExternalID
LEEF field name: UserExternalID
|
|
user.groups.ids
(USER - GROUPS IDS)
|
Enumeration integer assigned to the user.groups field value.
CEF field name: PanOSUserGroupsIDs
EMAIL field name: UserGroupsIDs
HTTPS field name: UserGroupsIDs
LEEF field name: UserGroupsIDs
|
|
user.groups.names
(USER - GROUPS NAMES)
|
CEF field name: PanOSUserGroupsNames
EMAIL field name: UserGroupsNames
HTTPS field name: UserGroupsNames
LEEF field name: UserGroupsNames
|
|
user.id
(USER ID)
|
Enumeration integer assigned to the user field value.
CEF field name: PanOSUserID
EMAIL field name: UserID
HTTPS field name: UserID
LEEF field name: UserID
|
|
user.name
(USER - NAME)
|
CEF field name: PanOSUserName
EMAIL field name: UserName
HTTPS field name: UserName
LEEF field name: UserName
|
|
user.tenant_external_id
(USER - TENANT EXTERNAL ID)
|
CEF field name: PanOSUserTenantExternalID
EMAIL field name: UserTenantExternalID
HTTPS field name: UserTenantExternalID
LEEF field name: UserTenantExternalID
|
|
user.tenant_id
(USER - TENANT ID)
|
CEF field name: PanOSUserTenantID
EMAIL field name: UserTenantID
HTTPS field name: UserTenantID
LEEF field name: UserTenantID
|
|
user.tenant_name
(USER - TENANT NAME)
|
CEF field name: PanOSUserTenantName
EMAIL field name: UserTenantName
HTTPS field name: UserTenantName
LEEF field name: UserTenantName
|
|
user.tsg_id
(USER - TSG ID)
|
CEF field name: PanOSUserTSGID
EMAIL field name: UserTSGID
HTTPS field name: UserTSGID
LEEF field name: UserTSGID
|
|
vendor_name
(VENDOR NAME)
|
Identifies the vendor that produced the data.
CEF field name: Device Vendor
EMAIL field name: VendorName
HTTPS field name: VendorName
LEEF field name: Vendor
|