Threat HTTPS Fields
Focus
Focus
Strata Logging Service

Threat HTTPS Fields

Table of Contents

Threat HTTPS Fields

The following table identifies the Threat field names that the Log Forwarding app uses when you forward logs using the HTTPS log format.
HTTPS Name
Query Name
Action
Application
app
ApplicationCategory
ApplicationSubcategory
ApplianceOrCloud
CloudHostname
CloudReportID
ConfigVersion
ContainerID
ApplicationContainer
ContentVersion
RepeatCount
CortexDataLakeTenantID
DestinationDeviceCategory
DestinationDeviceClass
DestinationDeviceHost
DestinationDeviceMac
DestinationDeviceModel
DestinationDeviceOS
DestinationDeviceOSFamily
DestinationDeviceOSVersion
DestinationDeviceProfile
DestinationDeviceVendor
DestinationDynamicAddressGroup
DestinationEDL
DestinationAddress
DestinationLocation
DestinationPort
DestinationUser
DestinationUserDomain
DestinationUserName
DestinationUserUUID
DestinationUUID
DGHierarchyLevel1
DGHierarchyLevel2
DGHierarchyLevel3
DGHierarchyLevel4
DirectionOfAttack
DomainEDL
DynamicUserGroupName
EndpointSerialNumber
FileName
FileHash
FileType
FileURL
FlowType
FromZone
HostID
HTTP2Connection
HTTPMethod
InboundInterface
InboundInterfaceDetailsPort
InboundInterfaceDetailsSlot
InboundInterfaceDetailsType
InboundInterfaceDetailsUnit
CaptivePortal
IsClienttoServer
IsContainer
IsDecryptMirror
IsDecrypted
IsDuplicateLog
IsEncrypted
LogExported
LogForwarded
IsIPV6
IsMptcpOn
NAT
IsNonStandardDestinationPort
IsPacketCapture
IsPhishing
IsPrismaNetwork
IsPrismaUsers
IsProxy
IsReconExcluded
IsSaaSApplication
IsServertoClient
IsSourceXForwarded
IsSystemReturn
IsTransaction
IsTunnelInspected
IsURLDenied
K8SClusterID
LocalDeepLearningAnalyzed
Location
LogSetting
LogSource
LogSourceGroupID
DeviceSN
DeviceName
LogSourceTimeZoneOffset
TimeReceived
LogType
IMEI
NATDestination
NATDestinationPort
NATSource
NATSourcePort
NonStandardDestinationPort
NSSAINetworkSliceType
OutboundInterface
OutboundInterfaceDetailsPort
OutboundInterfaceDetailsSlot
OutboundInterfaceDetailsType
OutboundInterfaceDetailsUnit
PanoramaSN
ParentSessionID
ParentStarttime
PartialHash
PayloadProtocolID
Packet
PacketID
PlatformType
ContainerName
ContainerNameSpace
Protocol
RecipientEmail
ReportID
ApplicationRisk
Rule
RuleUUID
SanctionedStateOfApp
SenderEmail
SequenceNo
SessionID
Severity
SigFlags
SourceDeviceCategory
SourceDeviceClass
SourceDeviceHost
SourceDeviceMac
SourceDeviceModel
SourceDeviceOS
SourceDeviceOSFamily
SourceDeviceOSVersion
SourceDeviceProfile
SourceDeviceVendor
SourceDynamicAddressGroup
SourceEDL
SourceAddress
SourceLocation
SourcePort
SourceUser
SourceUserDomain
SourceUserName
SourceUserUUID
SourceUUID
Subtype
EmailSubject
ApplicationTechnology
ThreatCategory
ThreatID
ThreatName
ThreatNameFirewall
TimeGenerated
TimeGeneratedHighResolution
ToZone
Tunnel
TunneledApplication
IMSI
URLDomain
URLCounter
Users
VendorName
VendorSeverity
Verdict
VirtualLocation
VirtualSystemID
VirtualSystemName
X-Forwarded-ForIP