Threat HTTPS Fields
Focus
Focus
Strata Logging Service

Threat HTTPS Fields

Table of Contents

Threat HTTPS Fields

The following table identifies the Threat field names that the Log Forwarding app uses when you forward logs using the HTTPS log format.
HTTPS Name
Query Name
Field Type
Action
string
Application
string
ApplicationCategory
string
ApplicationSubcategory
string
ApplianceOrCloud
string
CloudHostname
string
CloudReportID
string
ConfigVersion
string
ContainerID
string
ApplicationContainer
string
ContentVersion
string
RepeatCount
int
CortexDataLakeTenantID
string
DestinationDeviceCategory
string
DestinationDeviceClass
string
DestinationDeviceHost
string
DestinationDeviceMac
string
DestinationDeviceModel
string
DestinationDeviceOS
string
DestinationDeviceOSFamily
string
DestinationDeviceOSVersion
string
DestinationDeviceProfile
string
DestinationDeviceVendor
string
DestinationDynamicAddressGroup
string
DestinationEDL
string
DestinationAddress
ip
DestinationLocation
string
DestinationPort
int
DestinationUser
string
DestinationUserInfoDomain
string
DestinationUserInfoName
string
DestinationUserInfoUUID
long
DestinationUUID
string
DGHierarchyLevel1
int
DGHierarchyLevel2
int
DGHierarchyLevel3
int
DGHierarchyLevel4
int
DirectionOfAttack
string
DomainEDL
string
DynamicUserGroupName
string
EndpointSerialNumber
string
FileName
string
FileHash
string
FileType
string
FileURL
string
FlowType
string
FromZone
string
HostID
string
HTTP2Connection
int
HTTPMethod
string
InboundInterface
string
InboundInterfaceDetailsPort
int
InboundInterfaceDetailsSlot
int
InboundInterfaceDetailsType
string
InboundInterfaceDetailsUnit
int
CaptivePortal
boolean
IsClienttoServer
boolean
IsContainer
boolean
IsDecryptMirror
boolean
IsDecrypted
boolean
IsDuplicateLog
boolean
IsEncrypted
boolean
LogExported
boolean
LogForwarded
boolean
IsIPV6
boolean
IsMptcpOn
boolean
NAT
boolean
IsNonStandardDestinationPort
boolean
IsPacketCapture
boolean
IsPhishing
boolean
IsPrismaNetwork
boolean
IsPrismaUsers
boolean
IsProxy
boolean
IsReconExcluded
boolean
IsSaaSApplication
boolean
IsServertoClient
boolean
IsSourceXForwarded
boolean
IsSystemReturn
boolean
IsTransaction
boolean
IsTunnelInspected
boolean
IsURLDenied
boolean
K8SClusterID
int
LocalDeepLearningAnalyzed
boolean
Location
string
LogSetting
string
LogSource
string
LogSourceGroupID
string
DeviceSN
string
DeviceName
string
LogSourceTimeZoneOffset
int
TimeReceived
timestamp
LogType
string
IMEI
string
NATDestination
ip
NATDestinationPort
int
NATSource
ip
NATSourcePort
int
NonStandardDestinationPort
int
NSSAINetworkSliceType
string
OutboundInterface
string
OutboundInterfaceDetailsPort
int
OutboundInterfaceDetailsSlot
int
OutboundInterfaceDetailsType
string
OutboundInterfaceDetailsUnit
int
PanoramaSN
string
ParentSessionID
int
ParentStarttime
timestamp
PartialHash
long
PayloadProtocolID
int
Packet
string
PacketID
long
PlatformType
string
ContainerName
string
ContainerNameSpace
string
Protocol
string
RecipientEmail
string
ReportID
long
ApplicationRisk
int
Rule
string
RuleUUID
string
SanctionedStateOfApp
boolean
SenderEmail
string
SequenceNo
long
SessionID
int
Severity
enum
SigFlags
int
SourceDeviceCategory
string
SourceDeviceClass
string
SourceDeviceHost
string
SourceDeviceMac
string
SourceDeviceModel
string
SourceDeviceOS
string
SourceDeviceOSFamily
string
SourceDeviceOSVersion
string
SourceDeviceProfile
string
SourceDeviceVendor
string
SourceDynamicAddressGroup
string
SourceEDL
string
SourceAddress
ip
SourceLocation
string
SourcePort
int
SourceUser
string
SourceUserInfoDomain
string
SourceUserInfoName
string
SourceUserInfoUUID
long
SourceUUID
string
Subtype
string
EmailSubject
string
ApplicationTechnology
string
ThreatCategory
string
ThreatID
long
ThreatName
string
ThreatNameFirewall
string
TimeGenerated
timestamp
TimeGeneratedHighResolution
timestamp_high_res
ToZone
string
Tunnel
string
TunneledApplication
string
IMSI
long
URLDomain
string
URLCounter
int
Users
string
VendorName
string
VendorSeverity
string
Verdict
string
VirtualLocation
string
VirtualSystemID
int
VirtualSystemName
string
X-Forwarded-ForIP
ip