Strata Logging Service
Events CEF Fields
Table of Contents
Expand All
|
Collapse All
Events CEF Fields
The following table identifies the Events field names that the Log Forwarding app
uses when you forward logs using the CEF log format.
CEF Name
|
Field Details
|
---|---|
PanOSApplicationAppCategory
|
Query Name: application.app_category
Header Type: Custom
|
PanOSApplicationAppSubcategory
|
Query Name: application.app_sub_category
Header Type: Custom
|
PanOSApplicationExternalID
|
Query Name: application.external_id
Header Type: Custom
|
PanOSApplicationExternalName
|
Query Name: application.external_name
Header Type: Custom
|
PanOSApplicationID
|
Query Name: application.id
Header Type: Custom
|
PanOSApplicationName
|
Query Name: application.name
Header Type: Custom
|
PanOSApplicationProtectedAccount
|
Query Name: application.protected_account
Header Type: Custom
|
PanOSApplicationRiskofApp
|
Query Name: application.risk_of_app
Header Type: Custom
|
PanOSApplicationSource
|
Query Name: application.source
Header Type: Custom
|
PanOSApplicationUsername
|
Query Name: application.username
Header Type: Custom
|
PanOSBatchID
|
Query Name: batch_id
Header Type: Custom
|
PanOSBrowserExtensionAppLaunchURL
|
Query Name: browser_extension.app_launch_url
Header Type: Custom
|
PanOSBrowserExtensionAvailableLaunchTypes
|
Query Name: browser_extension.available_launch_types
Header Type: Custom
|
PanOSBrowserExtensionDescription
|
Query Name: browser_extension.description
Header Type: Custom
|
PanOSBrowserExtensionDisabledReason
|
Query Name: browser_extension.disabled_reason
Header Type: Custom
|
PanOSBrowserExtensionEnabled
|
Query Name: browser_extension.enabled
Header Type: Custom
|
PanOSBrowserExtensionHomepageURL
|
Query Name: browser_extension.homepage_url
Header Type: Custom
|
PanOSBrowserExtensionHostPermissions
|
Query Name: browser_extension.host_permissions
Header Type: Custom
|
PanOSBrowserExtensionID
|
Query Name: browser_extension.id
Header Type: Custom
|
PanOSBrowserExtensionInstallType
|
Query Name: browser_extension.install_type
Header Type: Custom
|
PanOSBrowserExtensionIsApp
|
Query Name: browser_extension.is_app
Header Type: Custom
|
PanOSBrowserExtensionLaunchType
|
Query Name: browser_extension.launch_type
Header Type: Custom
|
PanOSBrowserExtensionMayDisable
|
Query Name: browser_extension.may_disable
Header Type: Custom
|
PanOSBrowserExtensionName
|
Query Name: browser_extension.name
Header Type: Custom
|
PanOSBrowserExtensionOfflineEnabled
|
Query Name: browser_extension.offline_enabled
Header Type: Custom
|
PanOSBrowserExtensionOptionsURL
|
Query Name: browser_extension.options_url
Header Type: Custom
|
PanOSBrowserExtensionPermissions
|
Query Name: browser_extension.permissions
Header Type: Custom
|
PanOSBrowserExtensionShortName
|
Query Name: browser_extension.short_name
Header Type: Custom
|
PanOSBrowserExtensionType
|
Query Name: browser_extension.type
Header Type: Custom
|
PanOSBrowserExtensionUpdateURL
|
Query Name: browser_extension.update_url
Header Type: Custom
|
PanOSBrowserExtensionVersion
|
Query Name: browser_extension.version
Header Type: Custom
|
PanOSCertificateCreatedTime
|
Query Name: certificate.created_time
Header Type: Custom
|
PanOSCertificateExpirationTime
|
Query Name: certificate.expiration_time
Header Type: Custom
|
PanOSCertificateFingerprints
|
Query Name: certificate.fingerprints
Header Type: Custom
|
PanOSCertificateIssuer
|
Query Name: certificate.issuer
Header Type: Custom
|
PanOSCertificateSerialNumber
|
Query Name: certificate.serial_number
Header Type: Custom
|
PanOSCertificateSubject
|
Query Name: certificate.subject
Header Type: Custom
|
PanOSClassificationCategory
|
Query Name: classification.category
Header Type: Custom
|
PanOSClassificationMaliciousCategories
|
Query Name: classification.malicious_categories
Header Type: Custom
|
PanOSClassificationMITRE
|
Query Name: classification.mitre
Header Type: Custom
|
PanOSClassificationReputation
|
Query Name: classification.reputation
Header Type: Custom
|
PanOSClassificationSecurityCompliance
|
Query Name: classification.security_compliance
Header Type: Custom
|
PanOSClassificationSeverity
|
Query Name: classification.severity
Header Type: Custom
|
PanOSClipboardFromURL
|
Query Name: clipboard.from_url
Header Type: Custom
|
PanOSClipboardSelectedElement
|
Query Name: clipboard.selected_element
Header Type: Custom
|
PanOSContentCategories
|
Query Name: content.categories
Header Type: Custom
|
PanOSContentLengthBytes
|
Query Name: content.length_bytes
Header Type: Custom
|
PanOSContentMIPMatchedLabel
|
Query Name: content.mip_matched_label
Header Type: Custom
|
PanOSContentScanEngine
|
Query Name: content.scan_engine
Header Type: Custom
|
PanOSContentSensitiveDataCategories
|
Query Name: content.sensitive_data_categories
Header Type: Custom
|
PanOSContentSourceElementSelector
|
Query Name: content.source_element_selector
Header Type: Custom
|
PanOSContentSourceURL
|
Query Name: content.source_url
Header Type: Custom
|
PanOSCortexDataLakeTenantID
|
Query Name: customer_id
Header Type: Custom
|
PanOSDeviceBrowserBrand
|
Query Name: device.browser_brand
Header Type: Custom
|
PanOSDeviceBrowserType
|
Query Name: device.browser_type
Header Type: Custom
|
PanOSDeviceBrowserVersion
|
Query Name: device.browser_version
Header Type: Custom
|
PanOSDeviceUUID
|
Query Name: device.device_uuid
Header Type: Custom
|
PanOSDeviceDiskEncryptionStatus
|
Query Name: device.disk_encryption_status
Header Type: Custom
|
PanOSDeviceEPPStatus
|
Query Name: device.epp_status
Header Type: Custom
|
PanOSDeviceExtensionVersion
|
Query Name: device.extension_version
Header Type: Custom
|
PanOSDeviceFirewallStatus
|
Query Name: device.firewall_status
Header Type: Custom
|
PanOSDeviceGeoIPFromCityName
|
Query Name: device.geoip_from_city_name
Header Type: Custom
|
PanOSDeviceGeoIPFromCountryName
|
Query Name: device.geoip_from_country_name
Header Type: Custom
|
PanOSDeviceGeoIPFromLocationLatitude
|
Query Name: device.geoip_from_location_latitude
Header Type: Custom
|
PanOSDeviceGeoIPFromLocationLongitude
|
Query Name: device.geoip_from_location_longitude
Header Type: Custom
|
PanOSDeviceGroupsIDs
|
Query Name: device.groups.ids
Header Type: Custom
|
PanOSDeviceGroupsNames
|
Query Name: device.groups.names
Header Type: Custom
|
PanOSDeviceHostname
|
Query Name: device.hostname
Header Type: Custom
|
PanOSDeviceIPAddress
|
Query Name: device.ip_address
Header Type: Custom
|
PanOSMACAddresses
|
Query Name: device.mac_addresses
Header Type: Custom
|
PanOSDeviceModel
|
Query Name: device.model
Header Type: Custom
|
PanOSDeviceOSAndroidBuild
|
Query Name: device.os.android.build
Header Type: Custom
|
PanOSDeviceOSAndroidPatch
|
Query Name: device.os.android.patch
Header Type: Custom
|
PanOSDeviceOSAndroidRelease
|
Query Name: device.os.android.release
Header Type: Custom
|
PanOSDeviceOSAndroidSDK
|
Query Name: device.os.android.sdk
Header Type: Custom
|
PanOSDeviceOSiOSMajor
|
Query Name: device.os.ios.major
Header Type: Custom
|
PanOSDeviceOSiOSMinor
|
Query Name: device.os.ios.minor
Header Type: Custom
|
PanOSDeviceOSiOSPatch
|
Query Name: device.os.ios.patch
Header Type: Custom
|
PanOSDeviceOSmacOSBugfix
|
Query Name: device.os.macos.bugfix
Header Type: Custom
|
PanOSDeviceOSmacOSBuild
|
Query Name: device.os.macos.build
Header Type: Custom
|
PanOSDeviceOSmacOSMajor
|
Query Name: device.os.macos.major
Header Type: Custom
|
PanOSDeviceOSmacOSMinor
|
Query Name: device.os.macos.minor
Header Type: Custom
|
PanOSDeviceOSmacOSServer
|
Query Name: device.os.macos.server
Header Type: Custom
|
PanOSDeviceOSType
|
Query Name: device.os.type
Header Type: Custom
|
PanOSDeviceOSWindowsBuild
|
Query Name: device.os.windows.build
Header Type: Custom
|
PanOSDeviceOSWindowsMajor
|
Query Name: device.os.windows.major
Header Type: Custom
|
PanOSDeviceOSWindowsMinor
|
Query Name: device.os.windows.minor
Header Type: Custom
|
PanOSDeviceOSWindowsPatch
|
Query Name: device.os.windows.patch
Header Type: Custom
|
PanOSDeviceOSWindowsProduct
|
Query Name: device.os.windows.product
Header Type: Custom
|
PanOSDeviceOSDisplayName
|
Query Name: device.os_display_name
Header Type: Custom
|
PanOSDeviceRawUniversalID
|
Query Name: device.raw_universal_id
Header Type: Custom
|
PanOSDeviceScreenLockStatus
|
Query Name: device.screen_lock_status
Header Type: Custom
|
PanOSDeviceSerialNumber
|
Query Name: device.serial_number
Header Type: Custom
|
PanOSDeviceType
|
Query Name: device.type
Header Type: Custom
|
PanOSDeviceUserAgent
|
Query Name: device.user_agent
Header Type: Custom
|
PanOSFileExtension
|
Query Name: file.extension
Header Type: Custom
|
PanOSFileIsEncrypted
|
Query Name: file.is_encrypted
Header Type: Custom
|
PanOSFileLocalPath
|
Query Name: file.local_path
Header Type: Custom
|
PanOSFileMimeType
|
Query Name: file.mime_type
Header Type: Custom
|
PanOSFileName
|
Query Name: file.name
Header Type: Custom
|
PanOSFileOperation
|
Query Name: file.operation
Header Type: Custom
|
PanOSFileOriginDownloadURL
|
Query Name: file.origin_download_url
Header Type: Custom
|
PanOSFileSHA256
|
Query Name: file.sha256
Header Type: Custom
|
PanOSFileURL
|
Query Name: file.url
Header Type: Custom
|
PanOSID
|
Query Name: id
Header Type: Custom
|
PanOSLogSource
|
Query Name: log_source
Header Type: Custom
|
PanOSLogSourceGroupID
|
Query Name: log_source_group_id
Header Type: Custom
|
deviceExternalID
|
Query Name: log_source_id
Header Type: Predefined
|
dvchost
|
Query Name: log_source_name
Header Type: Predefined
|
rt
|
Query Name: log_time
Header Type: Predefined
|
Device Event Class ID
|
Query Name: log_type.value
Header Type: Custom
|
PanOSNetworkClassifications
|
Query Name: network.classifications
Header Type: Custom
|
PanOSNetworkFrameURL
|
Query Name: network.frame_url
Header Type: Custom
|
PanOSNetworkHTTPMethod
|
Query Name: network.http.method
Header Type: Custom
|
PanOSNetworkHTTPStatus
|
Query Name: network.http.status
Header Type: Custom
|
PanOSNetworkProtocol
|
Query Name: network.protocol
Header Type: Custom
|
PanOSNetworkTabURL
|
Query Name: network.tab_url
Header Type: Custom
|
PanOSNetworkURL
|
Query Name: network.url
Header Type: Custom
|
PanOSPageCaptureIsSecureScreenshot
|
Query Name: page.capture.is_secure_screenshot
Header Type: Custom
|
PanOSPageCaptureTriggeredByURL
|
Query Name: page.capture.triggered_by_url
Header Type: Custom
|
PanOSPageDevtoolsBlockReason
|
Query Name: page.devtools.block_reason
Header Type: Custom
|
PanOSPageTitle
|
Query Name: page.title
Header Type: Custom
|
PanOSPincodeFailedAttempts
|
Query Name: pincode.failed_attempts
Header Type: Custom
|
PanOSPincodeRegistrationTime
|
Query Name: pincode.registration_time
Header Type: Custom
|
PlatformType
|
Query Name: platform_type
Header Type: Custom
|
PanOSPolicyAction
|
Query Name: policy.action
Header Type: Custom
|
PanOSPolicyBlockReason
|
Query Name: policy.block_reason
Header Type: Custom
|
PanOSPolicyBypassReason
|
Query Name: policy.bypass_reason
Header Type: Custom
|
PanOSPolicyIsMonitor
|
Query Name: policy.is_monitor
Header Type: Custom
|
PanOSPolicyIsSessionRecorded
|
Query Name: policy.is_session_recorded
Header Type: Custom
|
PanOSPolicyRuleDescription
|
Query Name: policy.rule_description
Header Type: Custom
|
PanOSPolicyRuleID
|
Query Name: policy.rule_id
Header Type: Custom
|
PanOSPostureBlockReason
|
Query Name: posture.block_reason
Header Type: Custom
|
PanOSPostureBlockType
|
Query Name: posture.block_type
Header Type: Custom
|
PanOSPostureError
|
Query Name: posture.error
Header Type: Custom
|
PanOSPrintPrinterLocation
|
Query Name: print.printer_location
Header Type: Custom
|
PanOSPrintPrinterName
|
Query Name: print.printer_name
Header Type: Custom
|
PanOSProcessCLIArgs
|
Query Name: process.cli_args
Header Type: Custom
|
PanOSProcessImagePath
|
Query Name: process.image_path
Header Type: Custom
|
PanOSProcessParentProcess
|
Query Name: process.parent_process
Header Type: Custom
|
PanOSProcessPID
|
Query Name: process.pid
Header Type: Custom
|
PanOSStateDeviceGroupEvaluation
|
Query Name: state.device_group_evaluation
Header Type: Custom
|
PanOSStateSignInRules
|
Query Name: state.sign_in_rules
Header Type: Custom
|
PanOSSubtenantID
|
Query Name: sub_tenant_id
Header Type: Custom
|
Name
|
Query Name: sub_type.value
Header Type: Custom
|
PanOSTamperingType
|
Query Name: tampering.type
Header Type: Custom
|
PanOSTenantID
|
Query Name: tenant_id
Header Type: Custom
|
start
|
Query Name: time_generated
Header Type: Predefined
|
PanOSTimeGeneratedHighResolution
|
Query Name: time_generated_high_res
Header Type: Custom
|
PanOSTimestamp
|
Query Name: timestamp
Header Type: Custom
|
PanOSTSGID
|
Query Name: tsg_id
Header Type: Custom
|
PanOSType
|
Query Name: type
Header Type: Custom
|
PanOSUserEmail
|
Query Name: user.email
Header Type: Custom
|
PanOSUserExternalID
|
Query Name: user.external_id
Header Type: Custom
|
PanOSUserGroupsIDs
|
Query Name: user.groups.ids
Header Type: Custom
|
PanOSUserGroupsNames
|
Query Name: user.groups.names
Header Type: Custom
|
PanOSUserID
|
Query Name: user.id
Header Type: Custom
|
PanOSUserName
|
Query Name: user.name
Header Type: Custom
|
PanOSUserTenantExternalID
|
Query Name: user.tenant_external_id
Header Type: Custom
|
PanOSUserTenantID
|
Query Name: user.tenant_id
Header Type: Custom
|
PanOSUserTenantName
|
Query Name: user.tenant_name
Header Type: Custom
|
PanOSUserTSGID
|
Query Name: user.tsg_id
Header Type: Custom
|
Device Vendor
|
Query Name: vendor_name
Header Type: Custom
|