Events CEF Fields
Focus
Focus
Strata Logging Service

Events CEF Fields

Table of Contents

Events CEF Fields

The following table identifies the Events field names that the Log Forwarding app uses when you forward logs using the CEF log format.
CEF Name
Field Details
PanOSApplicationAppCategory
Header Type: Custom
PanOSApplicationAppSubcategory
Header Type: Custom
PanOSApplicationExternalID
Header Type: Custom
PanOSApplicationExternalName
Header Type: Custom
PanOSApplicationID
Query Name: application.​id
Header Type: Custom
PanOSApplicationName
Header Type: Custom
PanOSApplicationProtectedAccount
Header Type: Custom
PanOSApplicationRiskofApp
Header Type: Custom
PanOSApplicationSource
Header Type: Custom
PanOSApplicationUsername
Header Type: Custom
PanOSBatchID
Query Name: batch_id
Header Type: Custom
PanOSBrowserExtensionAppLaunchURL
Header Type: Custom
PanOSBrowserExtensionAvailableLaunchTypes
Header Type: Custom
PanOSBrowserExtensionDescription
Header Type: Custom
PanOSBrowserExtensionDisabledReason
Header Type: Custom
PanOSBrowserExtensionEnabled
Header Type: Custom
PanOSBrowserExtensionHomepageURL
Header Type: Custom
PanOSBrowserExtensionHostPermissions
Header Type: Custom
PanOSBrowserExtensionID
Header Type: Custom
PanOSBrowserExtensionInstallType
Header Type: Custom
PanOSBrowserExtensionIsApp
Header Type: Custom
PanOSBrowserExtensionLaunchType
Header Type: Custom
PanOSBrowserExtensionMayDisable
Header Type: Custom
PanOSBrowserExtensionName
Header Type: Custom
PanOSBrowserExtensionOfflineEnabled
Header Type: Custom
PanOSBrowserExtensionOptionsURL
Header Type: Custom
PanOSBrowserExtensionPermissions
Header Type: Custom
PanOSBrowserExtensionShortName
Header Type: Custom
PanOSBrowserExtensionType
Header Type: Custom
PanOSBrowserExtensionUpdateURL
Header Type: Custom
PanOSBrowserExtensionVersion
Header Type: Custom
PanOSCertificateCreatedTime
Header Type: Custom
PanOSCertificateExpirationTime
Header Type: Custom
PanOSCertificateFingerprints
Header Type: Custom
PanOSCertificateIssuer
Header Type: Custom
PanOSCertificateSerialNumber
Header Type: Custom
PanOSCertificateSubject
Header Type: Custom
PanOSClassificationCategory
Header Type: Custom
PanOSClassificationMaliciousCategories
Header Type: Custom
PanOSClassificationMITRE
Header Type: Custom
PanOSClassificationReputation
Header Type: Custom
PanOSClassificationSecurityCompliance
Header Type: Custom
PanOSClassificationSeverity
Header Type: Custom
PanOSClipboardFromURL
Header Type: Custom
PanOSClipboardSelectedElement
Header Type: Custom
PanOSContentCategories
Header Type: Custom
PanOSContentLengthBytes
Header Type: Custom
PanOSContentMIPMatchedLabel
Header Type: Custom
PanOSContentScanEngine
Header Type: Custom
PanOSContentSensitiveDataCategories
Header Type: Custom
PanOSContentSourceElementSelector
Header Type: Custom
PanOSContentSourceURL
Header Type: Custom
PanOSCortexDataLakeTenantID
Query Name: customer_id
Header Type: Custom
PanOSDeviceBrowserBrand
Header Type: Custom
PanOSDeviceBrowserType
Header Type: Custom
PanOSDeviceBrowserVersion
Header Type: Custom
PanOSDeviceUUID
Header Type: Custom
PanOSDeviceDiskEncryptionStatus
Header Type: Custom
PanOSDeviceEPPStatus
Header Type: Custom
PanOSDeviceExtensionVersion
Header Type: Custom
PanOSDeviceFirewallStatus
Header Type: Custom
PanOSDeviceGeoIPFromCityName
Header Type: Custom
PanOSDeviceGeoIPFromCountryName
Header Type: Custom
PanOSDeviceGeoIPFromLocationLatitude
Header Type: Custom
PanOSDeviceGeoIPFromLocationLongitude
Header Type: Custom
PanOSDeviceGroupsIDs
Header Type: Custom
PanOSDeviceGroupsNames
Header Type: Custom
PanOSDeviceHostname
Query Name: device.​hostname
Header Type: Custom
PanOSDeviceIPAddress
Header Type: Custom
PanOSMACAddresses
Header Type: Custom
PanOSDeviceModel
Query Name: device.​model
Header Type: Custom
PanOSDeviceOSAndroidBuild
Header Type: Custom
PanOSDeviceOSAndroidPatch
Header Type: Custom
PanOSDeviceOSAndroidRelease
Header Type: Custom
PanOSDeviceOSAndroidSDK
Header Type: Custom
PanOSDeviceOSiOSMajor
Header Type: Custom
PanOSDeviceOSiOSMinor
Header Type: Custom
PanOSDeviceOSiOSPatch
Header Type: Custom
PanOSDeviceOSmacOSBugfix
Header Type: Custom
PanOSDeviceOSmacOSBuild
Header Type: Custom
PanOSDeviceOSmacOSMajor
Header Type: Custom
PanOSDeviceOSmacOSMinor
Header Type: Custom
PanOSDeviceOSmacOSServer
Header Type: Custom
PanOSDeviceOSType
Header Type: Custom
PanOSDeviceOSWindowsBuild
Header Type: Custom
PanOSDeviceOSWindowsMajor
Header Type: Custom
PanOSDeviceOSWindowsMinor
Header Type: Custom
PanOSDeviceOSWindowsPatch
Header Type: Custom
PanOSDeviceOSWindowsProduct
Header Type: Custom
PanOSDeviceOSDisplayName
Header Type: Custom
PanOSDeviceRawUniversalID
Header Type: Custom
PanOSDeviceScreenLockStatus
Header Type: Custom
PanOSDeviceSerialNumber
Header Type: Custom
PanOSDeviceType
Query Name: device.​type
Header Type: Custom
PanOSDeviceUserAgent
Header Type: Custom
PanOSFileExtension
Query Name: file.​extension
Header Type: Custom
PanOSFileIsEncrypted
Header Type: Custom
PanOSFileLocalPath
Query Name: file.​local_path
Header Type: Custom
PanOSFileMimeType
Query Name: file.​mime_type
Header Type: Custom
PanOSFileName
Query Name: file.​name
Header Type: Custom
PanOSFileOperation
Query Name: file.​operation
Header Type: Custom
PanOSFileOriginDownloadURL
Header Type: Custom
PanOSFileSHA256
Query Name: file.​sha256
Header Type: Custom
PanOSFileURL
Query Name: file.​url
Header Type: Custom
PanOSID
Query Name: id
Header Type: Custom
PanOSLogSource
Query Name: log_source
Header Type: Custom
PanOSLogSourceGroupID
Header Type: Custom
deviceExternalID
Query Name: log_source_id
Header Type: Predefined
dvchost
Query Name: log_source_name
Header Type: Predefined
rt
Query Name: log_time
Header Type: Predefined
Device Event Class ID
Query Name: log_type.​value
Header Type: Custom
PanOSNetworkClassifications
Header Type: Custom
PanOSNetworkFrameURL
Header Type: Custom
PanOSNetworkHTTPMethod
Header Type: Custom
PanOSNetworkHTTPStatus
Header Type: Custom
PanOSNetworkProtocol
Header Type: Custom
PanOSNetworkTabURL
Query Name: network.​tab_url
Header Type: Custom
PanOSNetworkURL
Query Name: network.​url
Header Type: Custom
PanOSPageCaptureIsSecureScreenshot
Header Type: Custom
PanOSPageCaptureTriggeredByURL
Header Type: Custom
PanOSPageDevtoolsBlockReason
Header Type: Custom
PanOSPageTitle
Query Name: page.​title
Header Type: Custom
PanOSPincodeFailedAttempts
Header Type: Custom
PanOSPincodeRegistrationTime
Header Type: Custom
PlatformType
Query Name: platform_type
Header Type: Custom
PanOSPolicyAction
Query Name: policy.​action
Header Type: Custom
PanOSPolicyBlockReason
Header Type: Custom
PanOSPolicyBypassReason
Header Type: Custom
PanOSPolicyIsMonitor
Header Type: Custom
PanOSPolicyIsSessionRecorded
Header Type: Custom
PanOSPolicyRuleDescription
Header Type: Custom
PanOSPolicyRuleID
Query Name: policy.​rule_id
Header Type: Custom
PanOSPostureBlockReason
Header Type: Custom
PanOSPostureBlockType
Header Type: Custom
PanOSPostureError
Query Name: posture.​error
Header Type: Custom
PanOSPrintPrinterLocation
Header Type: Custom
PanOSPrintPrinterName
Header Type: Custom
PanOSProcessCLIArgs
Header Type: Custom
PanOSProcessImagePath
Header Type: Custom
PanOSProcessParentProcess
Header Type: Custom
PanOSProcessPID
Query Name: process.​pid
Header Type: Custom
PanOSStateDeviceGroupEvaluation
Header Type: Custom
PanOSStateSignInRules
Header Type: Custom
PanOSSubtenantID
Query Name: sub_tenant_id
Header Type: Custom
Name
Query Name: sub_type.​value
Header Type: Custom
PanOSTamperingType
Query Name: tampering.​type
Header Type: Custom
PanOSTenantID
Query Name: tenant_id
Header Type: Custom
start
Query Name: time_generated
Header Type: Predefined
PanOSTimeGeneratedHighResolution
Header Type: Custom
PanOSTimestamp
Query Name: timestamp
Header Type: Custom
PanOSTSGID
Query Name: tsg_id
Header Type: Custom
PanOSType
Query Name: type
Header Type: Custom
PanOSUserEmail
Query Name: user.​email
Header Type: Custom
PanOSUserExternalID
Header Type: Custom
PanOSUserGroupsIDs
Header Type: Custom
PanOSUserGroupsNames
Header Type: Custom
PanOSUserID
Query Name: user.​id
Header Type: Custom
PanOSUserName
Query Name: user.​name
Header Type: Custom
PanOSUserTenantExternalID
Header Type: Custom
PanOSUserTenantID
Query Name: user.​tenant_id
Header Type: Custom
PanOSUserTenantName
Header Type: Custom
PanOSUserTSGID
Query Name: user.​tsg_id
Header Type: Custom
Device Vendor
Query Name: vendor_name
Header Type: Custom