>
    Strata Copilot
    Application Security
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Log Reference
    4. Network Logs
    5. Application Security
    Download PDF
    Strata Logging Service

    Application Security

    Table of Contents

    Application Security

    The Application Security logs contain information to help you monitor and investigate threats found in your Applicatio network traffic.
    See the following for information related to supported log formats:
    APPLICATION SECURITY Field
    (Display Name)
    Description
    action.​value
    (ACTION)
    Identifies the action that the app-sec policy took on the request.
    CEF field name: Action
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Custom
    app
    (APPLICATION)
    AppID associated with the application.
    CEF field name: Application
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Custom
    customer_id
    (CORTEX DATA LAKE TENANT ID)
    The ID that uniquely identifies the Cortex Data Lake instance which received this log record.
    CEF field name: CortexDataLakeTenantID
    EMAIL field name: FALSE
    HTTPS field name: FALSE
    LEEF field name: Custom
    dest_ip.​value
    (DESTINATION ADDRESS)
    Original destination IP address.
    CEF field name: DestinationAddress
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Predefined
    dest_port
    (DESTINATION PORT)
    Network traffic's destination port. If this value is 0, then the app is using its standard port.
    CEF field name: DestinationPort
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Predefined
    fqdn_app_name
    (FQDN APPLICATION NAME)
    App name defined in the app definition, corresponding to the fqdn in the request.
    CEF field name: FQDNApplicationName
    EMAIL field name: FALSE
    HTTPS field name: FALSE
    LEEF field name: Custom
    internal_source_ip.​value
    (INTERNAL SOURCE ADDRESS)
    Internal source IP address.
    CEF field name: InternalSourceAddress
    EMAIL field name: FALSE
    HTTPS field name: FALSE
    LEEF field name: Custom
    log_source
    (LOG SOURCE)
    Identifies the origin of the data - the system that produced the data.
    CEF field name: LogSource
    EMAIL field name: FALSE
    HTTPS field name: FALSE
    LEEF field name: Custom
    log_source_group_id
    (LOG SOURCE GROUP ID)
    ID that uniquely identifies the logSourceGroupId of the log. That is, the log_source_id of the group.
    CEF field name: LogSourceGroupID
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Custom
    log_source_id
    (DEVICE SN)
    ID that uniquely identifies the source of the log - serial number of the firewall that generated the log.
    If the log is generated by Prisma Access, the serial number is not displayed.
    CEF field name: DeviceSN
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Custom
    log_source_name
    (DEVICE NAME)
    Name of the source of the log - hostname of the firewall that logged the network traffic.
    CEF field name: DeviceName
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Custom
    log_source_tz_offset
    (LOG SOURCE TIMEZONE OFFSET)
    Time Zone offset from GMT of the source of the log.
    CEF field name: LogSourceTimeZoneOffset
    EMAIL field name: FALSE
    HTTPS field name: FALSE
    LEEF field name: Custom
    log_time
    (TIME RECEIVED)
    Time the log was received in Strata Logging Service. This string contains a timestamp value that is the number of microseconds since the Unix epoch.
    CEF field name: TimeReceived
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Custom
    log_type.​value
    (LOG TYPE)
    Identifies the log type.
    CEF field name: DeviceEventClassID
    EMAIL field name: LogType
    HTTPS field name: LogType
    LEEF field name: cat
    platform_type
    (PLATFORM TYPE)
    Identifies the platform that generated the log.
    CEF field name: PlatformType
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Custom
    policy_rule_additional_details
    (APPLICATION SECURITY POLICY RULE ADDITIONAL DETAILS)
    Policy rule additional details.
    CEF field name: ApplicationSecurityPolicyRuleAdditionalDetails
    EMAIL field name: FALSE
    HTTPS field name: FALSE
    LEEF field name: Custom
    policy_rule_name
    (APPLICATION SECURITY POLICY RULE NAME)
    App-sec policy rule name.
    CEF field name: ApplicationSecurityPolicyRuleName
    EMAIL field name: FALSE
    HTTPS field name: FALSE
    LEEF field name: Custom
    policy_rule_type.​value
    (APPLICATION SECURITY POLICY RULE TYPE)
    Type of the policy rule.
    CEF field name: ApplicationSecurityPolicyRuleType
    EMAIL field name: FALSE
    HTTPS field name: FALSE
    LEEF field name: Custom
    response_code
    (HTTP RESPONSE CODE)
    HTTP response code.
    CEF field name: HTTPResponseCode
    EMAIL field name: FALSE
    HTTPS field name: FALSE
    LEEF field name: Custom
    session_id
    (SESSION ID)
    Identifies the firewall's internal identifier for a specific network session.
    CEF field name: SessionID
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Custom
    source_ip.​value
    (SOURCE ADDRESS)
    Original source IP address.
    CEF field name: SourceAddress
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Predefined
    source_port
    (SOURCE PORT)
    Source port utilized by the session.
    CEF field name: SourcePort
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Predefined
    source_user
    (SOURCE USER)
    The username that initiated the network traffic.
    CEF field name: SourceUser
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Predefined
    sub_type.​value
    (SUBTYPE)
    Identifies the log subtype.
    CEF field name: Subtype
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Custom
    time_generated
    (TIME GENERATED)
    Time when the log was generated on the firewall's data plane. This string contains a timestamp value that is the number of microseconds since the Unix epoch.
    CEF field name: TimeGenerated
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Predefined
    time_generated_high_res
    (TIME GENERATED HIGH RESOLUTION)
    Time the log was generated in data plane with millisec granularity in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
    CEF field name: TimeGeneratedHighResolution
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Custom
    trace_id
    (TRACE ID)
    Trace ID associated with the http request.
    CEF field name: TraceID
    EMAIL field name: FALSE
    HTTPS field name: FALSE
    LEEF field name: Custom
    tsg_id
    (TSG ID)
    The ID that uniquely identifiers a Tenant Sevice Group (TSG) that this log record should be associated with.
    CEF field name: TSGID
    EMAIL field name: FALSE
    HTTPS field name: FALSE
    LEEF field name: Custom
    url
    (URL)
    URL in the request.
    CEF field name: URL
    EMAIL field name: FALSE
    HTTPS field name: FALSE
    LEEF field name: Custom
    vendor_name
    (VENDOR NAME)
    Identifies the vendor that produced the data.
    CEF field name: VendorName
    EMAIL field name: TRUE
    HTTPS field name: TRUE
    LEEF field name: Header

    © 2026 Palo Alto Networks, Inc. All rights reserved.