>
    Strata Copilot
    AI Security LEEF Fields
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. Network Logs
    5. AI Security
    6. AI Security LEEF Fields
    Download PDF
    Strata Logging Service

    AI Security LEEF Fields

    Table of Contents

    AI Security LEEF Fields

    The following table identifies the AI Security field names that the Log Forwarding app uses when you forward logs using the LEEF log format.
    When you create a syslog forwarding profile , you can optionally create a profile token that the Log Forwarding app uses when it sends logs to the syslog server. If you configure a profile token, it appears in the log line immediately after the log type information (for example, TRAFFIC, THREAT, HIPMATCH, and so forth). The token will appear on a parameter called profileToken.
    LEEF Name
    Query Name
    Field Type
    EventID
    action
    Header
    AIIncidentReportID
    ai_incident_report_id
    Custom
    AIIncidentSubtype
    ai_incident_subtype
    Custom
    AIIncidentType
    ai_incident_type
    Custom
    AIModelCSPName
    ai_model_csp_name
    Custom
    AIModelCSPRegionName
    ai_model_csp_region_name
    Custom
    AIModelName
    ai_model_name
    Custom
    AISecurityProfileName
    ai_security_profile_name
    Custom
    AISubtypeDetails
    ai_subtype_details
    Custom
    CortexDataLakeTenantID
    customer_id
    Custom
    dst
    dest_ip.​value
    Predefined
    dstPort
    dest_port
    Predefined
    KubernetesClusterID
    k8s_cluster_id
    Custom
    Latency
    latency
    Custom
    LogSource
    log_source
    Custom
    DeviceSN
    log_source_id
    Custom
    DeviceName
    log_source_name
    Custom
    TimeReceived
    log_time
    Custom
    cat
    log_type.​value
    Predefined
    MaxLatencyHit
    max_latency_hit
    Custom
    PlatformType
    platform_type
    Custom
    Protocol
    protocol.​value
    Custom
    ThreatinRequestorResponse
    request_response
    Custom
    SessionID
    session_id
    Custom
    SessionStartTime
    session_start_time
    Custom
    src
    source_ip.​value
    Predefined
    srcPort
    source_port
    Predefined
    TimeGenerated
    time_generated
    Custom
    TimeGeneratedHighResolution
    time_generated_high_res
    Custom
    TSGID
    tsg_id
    Custom
    Vendor
    vendor_name
    Header
    VendorSeverity
    vendor_severity.​value
    Custom

    © 2026 Palo Alto Networks, Inc. All rights reserved.