>
    Strata Copilot
    DNS Security (Resolver and SDWAN and Panos 12.1 or later) EMAIL Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. Network Logs
    5. DNS Security (Resolver and SDWAN and Panos 12.1 or later)
    6. DNS Security (Resolver and SDWAN and Panos 12.1 or later) EMAIL Fields
    Download PDF
    Strata Logging Service

    DNS Security (Resolver and SDWAN and Panos 12.1 or later) EMAIL Fields

    Table of Contents

    DNS Security (Resolver and SDWAN and Panos 12.1 or later) EMAIL Fields

    The following table identifies the DNS Security (Resolver and SDWAN and Panos 12.1 or later) field names that the Log Forwarding app uses when you forward logs using the EMAIL log format.
    EMAIL Name
    Query Name
    Action
    action.​value
    Application
    app
    ApplicationCategory
    app_category
    ApplicationSubcategory
    app_sub_category
    CloudHostname
    cloud_hostname
    ConfigVersion
    config_version.​value
    ContainerID
    container_id
    ApplicationContainer
    container_of_app
    ContentVersion
    content_version
    RepeatCount
    count_of_repeats
    CortexDataLakeTenantId
    customer_id
    DestinationDeviceCategory
    dest_device_category
    DestinationDeviceClass
    dest_device_class
    DestinationDeviceHost
    dest_device_host
    DestinationDeviceMac
    dest_device_mac
    DestinationDeviceModel
    dest_device_model
    DestinationDeviceOS
    dest_device_os
    DestinationDeviceOSFamily
    dest_device_osfamily
    DestinationDeviceOSVersion
    dest_device_osversion
    DestinationDeviceProfile
    dest_device_profile
    DestinationDeviceVendor
    dest_device_vendor
    DestinationDynamicAddressGroup
    dest_dynamic_address_group
    DestinationEDL
    dest_edl
    DestinationIP
    dest_ip.​value
    DestinationLocation
    dest_location
    DestinationPort
    dest_port
    DestinationUserInfoDomain
    dest_user_info.​domain
    DestinationUserInfoName
    dest_user_info.​name
    DestinationUserInfoUUID
    dest_user_info.​uuid
    DestinationUUID
    dest_uuid
    DGHierarchyLevel1
    dg_hier_level_1
    DGHierarchyLevel2
    dg_hier_level_2
    DGHierarchyLevel3
    dg_hier_level_3
    DGHierarchyLevel4
    dg_hier_level_4
    DirectionOfAttack
    direction_of_attack.​value
    DNSRequestName
    dns_request_name
    DNSRdata
    dns_response
    DNSResponseCode
    dns_response_code
    DNSResponseFlags
    dns_response_flags
    DNSResponseTTL
    dns_response_ttl
    DNSResponseType
    dns_response_type
    DomainEDL
    domain_edl
    DestinationUser
    dst_user
    ToZone
    dst_zone
    DynamicUserGroupName
    dynusergroup_name
    EndpointSerialNumber
    endpoint_serial_number
    FlowSources
    flow_type.​value
    DNSResponseName
    fqdn
    FromZone
    from_zone
    ThreatID
    gtid
    HostID
    host_id
    HTTP2Connection
    http2_connection
    HTTPMethod
    http_method.​value
    InboundInterface
    inbound_if.​value
    InboundInterfaceDetailsPort
    inbound_if_details.​port
    InboundInterfaceDetailsSlot
    inbound_if_details.​slot
    InboundInterfaceDetailsType
    inbound_if_details.​type.​value
    InboundInterfaceDetailsUnit
    inbound_if_details.​unit
    CaptivePortal
    is_captive_portal
    IsClienttoServer
    is_client_to_server
    IsContainer
    is_container
    IsDecryptMirror
    is_decrypt_mirror
    IsDecrypted
    is_decrypted
    IsDuplicateLog
    is_dup_log
    IsEncrypted
    is_encrypted
    LogExported
    is_exported
    LogForwarded
    is_forwarded
    IsIPV6
    is_ipv6
    IsMptcpOn
    is_mptcp_on
    NAT
    is_nat
    IsNonStandardDestinationPort
    is_non_std_dest_port
    IsPacketCapture
    is_packet_capture
    IsPhishing
    is_phishing
    IsPrismaNetwork
    is_prisma_branch
    IsPrismaUsers
    is_prisma_mobile
    IsProxy
    is_proxy
    IsReconExcluded
    is_recon_excluded
    IsSaaSApplication
    is_saas_app
    IsServertoClient
    is_server_to_client
    IsSourceXForwarded
    is_source_x_fwded
    IsSystemReturn
    is_sym_return
    IsTransaction
    is_transaction
    IsTunnelInspected
    is_tunnel_inspected
    IsURLDenied
    is_url_denied
    K8SClusterID
    k8s_cluster_id
    LocalDeepLearningAnalyzed
    local_deep_learning
    Location
    location
    LogSetting
    log_set
    LogSource
    log_source
    LogSourceGroupID
    log_source_group_id
    DeviceSN
    log_source_id
    DeviceName
    log_source_name
    LogSourceTimeZoneOffset
    log_source_tz_offset
    TimeReceived
    log_time
    LogType
    log_type.​value
    IMEI
    monitor_tag_imei
    NATDestination
    nat_dest.​value
    NATDestinationPort
    nat_dest_port
    NATSource
    nat_source.​value
    NATSourcePort
    nat_source_port
    NonStandardDestinationPort
    non_standard_dest_port
    NSSAINetworkSliceType
    nssai_network_slice_type.​value
    EgressInterface
    outbound_if.​value
    OutboundInterfaceDetailsPort
    outbound_if_details.​port
    OutboundInterfaceDetailsSlot
    outbound_if_details.​slot
    OutboundInterfaceDetailsType
    outbound_if_details.​type.​value
    OutboundInterfaceDetailsUnit
    outbound_if_details.​unit
    PanoramaSN
    panorama_serial
    ParentSessionID
    parent_session_id
    ParentStarttime
    parent_start_time
    PartialHash
    partial_hash
    PayloadProtocolID
    payload_protocol_id
    PlatformType
    platform_type
    ContainerName
    pod_name
    ContainerNameSpace
    pod_namespace
    Protocol
    protocol.​value
    DNSRequestType
    record_type
    ReportID
    report_id
    ApplicationRisk
    risk_of_app
    SecurityRule
    rule_matched
    RuleUUID
    rule_matched_uuid
    SanctionedStateOfApp
    sanctioned_state_of_app
    SequenceNo
    sequence_no
    SessionID
    session_id
    Severity
    severity
    SigFlags
    sig_flags
    SourceDeviceCategory
    source_device_category
    SourceDeviceClass
    source_device_class
    SourceDeviceHost
    source_device_host
    SourceDeviceMac
    source_device_mac
    SourceDeviceModel
    source_device_model
    SourceDeviceOS
    source_device_os
    SourceDeviceOSFamily
    source_device_osfamily
    SourceDeviceOSVersion
    source_device_osversion
    SourceDeviceProfile
    source_device_profile
    SourceDeviceVendor
    source_device_vendor
    SourceDynamicAddressGroup
    source_dynamic_address_group
    SourceEDL
    source_edl
    SourceIP
    source_ip.​value
    SourceLocation
    source_location
    SourcePort
    source_port
    SourceUser
    source_user
    SourceUserInfoDomain
    source_user_info.​domain
    SourceUserInfoName
    source_user_info.​name
    SourceUserInfoUUID
    source_user_info.​uuid
    SourceUUID
    source_uuid
    SubType
    sub_type.​value
    ApplicationTechnology
    technology_of_app
    DNSCategory
    threat_category.​value
    DNSThreatName
    threat_name
    TimeGenerated
    time_generated
    TimeGeneratedHighResolution
    time_generated_high_res
    SessionDuration
    total_time_elapsed
    TSGID
    tsg_id
    Tunnel
    tunnel.​value
    TunneledApplication
    tunneled_app
    IMSI
    tunnelid_imsi
    URLCategory
    url_category.​value
    URLDomain
    url_domain
    URLCounter
    url_idx
    Users
    users
    VendorName
    vendor_name
    VendorSeverity
    vendor_severity.​value
    Verdict
    verdict.​value
    VirtualLocation
    vsys
    VirtualSystemID
    vsys_id
    VirtualSystemName
    vsys_name
    X-Forwarded-ForIP
    xff_ip.​value

    © 2026 Palo Alto Networks, Inc. All rights reserved.