|
Field Name
|
Type
|
General Field
|
Description
|
Example
|
Products
|
|
act
|
-
|
-
|
The action
|
|
|
|
app
|
-
|
-
|
The network protocol
|
HTTP |
|
|
application
|
-
|
-
|
The name of the requested application
|
|
|
|
cnt
|
-
|
-
|
The total number of logs
|
|
Palo Alto Networks Next-Generation Firewalls
|
|
dOSName
|
-
|
-
|
The destination operating system (OS)
|
Windows |
Palo Alto Networks Next-Generation Firewalls
|
|
dUser1
|
-
|
UserAccount
|
The latest sign-in user of the destination
|
|
Palo Alto Networks Next-Generation Firewalls
|
|
dhost
|
-
|
DomainName
|
The destination hostname
|
|
Palo Alto Networks Next-Generation Firewalls
|
|
dmac
|
-
|
-
|
The destination media access control (MAC) address
|
a8:d0:e5:5c:cb:c5 |
Palo Alto Networks Next-Generation Firewalls
|
|
dpt
|
-
|
Port
|
The service destination port of the private application server (dstport)
|
443 |
|
|
dst
|
-
|
|
The destination internet protocol (IP) (dstaddr)
|
|
|
|
dstLocation
|
-
|
-
|
The destination country
|
Japan |
Palo Alto Networks Next-Generation Firewalls
|
|
dstZone
|
-
|
-
|
The destination zone of the Palo Alto Networks Next-Generation Firewalls session
|
LAB-Small |
Palo Alto Networks Next-Generation Firewalls
|
|
dvchost
|
-
|
-
|
The network device hostname
|
|
|
|
eventId
|
-
|
-
|
The event ID
|
|
|
|
eventName
|
-
|
-
|
The log type
|
|
|
|
eventSubName
|
-
|
-
|
The Zero Trust Secure Access - Internet Access cloud app action or the Palo Alto Networks
Next-Generation Firewalls log sub-type
|
|
|
|
eventTime
|
-
|
-
|
The time the agent or product detected the event
|
1657135700000 |
|
|
filterRiskLevel
|
-
|
-
|
The top level filter risk of the event
|
|
Security Analytics Engine
|
|
flowId
|
-
|
-
|
The network analysis flow ID
|
6837014561409730558 |
|
|
httpXForwardedFor
|
-
|
-
|
The hypertext transfer protocol (HTTP) X-Forwarded-For header
|
192.168.1.103, 192.168.1.104, 192.168.1.106 |
|
|
pname
|
-
|
-
|
The product name
|
|
|
|
policyName
|
-
|
-
|
The name of the triggered policy
|
|
Palo Alto Networks Next-Generation Firewalls
|
|
policyTreePath
|
-
|
-
|
The policy tree path (endpoint only)
|
policyname1/policyname2/policyname3 |
Security Analytics Engine
|
|
policyUuid
|
-
|
-
|
The policy universally unique identifier (UUID)
|
afef0518-abd7-43e1-9b73-2f55c4c95a8e |
|
|
productCode
|
-
|
-
|
The product which sent the log
|
|
|
|
pver
|
-
|
-
|
The product version
|
1 |
|
|
reqDataSize
|
-
|
-
|
The data volume transmitted over the transport layer by the client (in bytes)
|
15688 |
|
|
respDataSize
|
-
|
-
|
The data volume transmitted over the transport layer by the server (in bytes)
|
7856 |
|
|
sOSName
|
-
|
-
|
The source OS
|
Windows 10 |
Palo Alto Networks Next-Generation Firewalls
|
|
sUser1
|
-
|
UserAccount
|
The latest sign-in user of the source
|
|
Palo Alto Networks Next-Generation Firewalls
|
|
sessionEndReason
|
-
|
-
|
The reason why a session was terminated
|
|
Palo Alto Networks Next-Generation Firewalls
|
|
sessionStart
|
-
|
-
|
The session start time (in seconds)
|
1575462989 |
|
|
shost
|
-
|
DomainName
|
The source hostname
|
|
Palo Alto Networks Next-Generation Firewalls
|
|
smac
|
-
|
-
|
The source MAC address
|
|
Palo Alto Networks Next-Generation Firewalls
|
|
spt
|
-
|
Port
|
The virtual port of the source assigned to the Secure Access Module (srcport)
|
57763 |
|
|
src
|
-
|
|
The source IP (srcaddr)
|
|
|
|
srcLocation
|
-
|
-
|
The source country
|
Japan |
Palo Alto Networks Next-Generation Firewalls
|
|
srcZone
|
-
|
-
|
The source zone of the Palo Alto Networks Next-Generation Firewalls session
|
LAB-Small |
Palo Alto Networks Next-Generation Firewalls
|
|
tags
|
-
|
|
The detected technique ID based on the alert filter
|
|
Security Analytics Engine
|
|
uuid
|
-
|
-
|
The unique key of the log
|
|
Security Analytics Engine
|
|
vsysName
|
-
|
-
|
The Palo Alto Networks virtual system of the session
|
vsys1 |
Palo Alto Networks Next-Generation Firewalls
|
Views: