Strata Logging Service
Events CEF Fields
Table of Contents
Expand All
|
Collapse All
Strata Logging Service Docs
Events CEF Fields
The following table identifies the Events field names that the Log Forwarding app
uses when you forward logs using the CEF log format.
|
CEF Name
|
Field Details
|
|---|---|
|
PanOSApplicationAppCategory
|
Query Name: application.app_category
Header Type: Custom
|
|
PanOSApplicationAppSubcategory
|
Query Name: application.app_sub_category
Header Type: Custom
|
|
PanOSApplicationExternalID
|
Query Name: application.external_id
Header Type: Custom
|
|
PanOSApplicationExternalName
|
Query Name: application.external_name
Header Type: Custom
|
|
PanOSApplicationID
|
Query Name: application.id
Header Type: Custom
|
|
PanOSApplicationName
|
Query Name: application.name
Header Type: Custom
|
|
PanOSApplicationProtectedAccount
|
Query Name: application.protected_account
Header Type: Custom
|
|
PanOSApplicationRiskofApp
|
Query Name: application.risk_of_app
Header Type: Custom
|
|
PanOSApplicationSource
|
Query Name: application.source
Header Type: Custom
|
|
PanOSApplicationUsername
|
Query Name: application.username
Header Type: Custom
|
|
PanOSBatchID
|
Query Name: batch_id
Header Type: Custom
|
|
PanOSBrowserExtensionAppLaunchURL
|
Query Name: browser_extension.app_launch_url
Header Type: Custom
|
|
PanOSBrowserExtensionAvailableLaunchTypes
|
Query Name: browser_extension.available_launch_types
Header Type: Custom
|
|
PanOSBrowserExtensionDescription
|
Query Name: browser_extension.description
Header Type: Custom
|
|
PanOSBrowserExtensionDisabledReason
|
Query Name: browser_extension.disabled_reason
Header Type: Custom
|
|
PanOSBrowserExtensionEnabled
|
Query Name: browser_extension.enabled
Header Type: Custom
|
|
PanOSBrowserExtensionHomepageURL
|
Query Name: browser_extension.homepage_url
Header Type: Custom
|
|
PanOSBrowserExtensionHostPermissions
|
Query Name: browser_extension.host_permissions
Header Type: Custom
|
|
PanOSBrowserExtensionID
|
Query Name: browser_extension.id
Header Type: Custom
|
|
PanOSBrowserExtensionInstallType
|
Query Name: browser_extension.install_type
Header Type: Custom
|
|
PanOSBrowserExtensionIsApp
|
Query Name: browser_extension.is_app
Header Type: Custom
|
|
PanOSBrowserExtensionLaunchType
|
Query Name: browser_extension.launch_type
Header Type: Custom
|
|
PanOSBrowserExtensionMayDisable
|
Query Name: browser_extension.may_disable
Header Type: Custom
|
|
PanOSBrowserExtensionName
|
Query Name: browser_extension.name
Header Type: Custom
|
|
PanOSBrowserExtensionOfflineEnabled
|
Query Name: browser_extension.offline_enabled
Header Type: Custom
|
|
PanOSBrowserExtensionOptionsURL
|
Query Name: browser_extension.options_url
Header Type: Custom
|
|
PanOSBrowserExtensionPermissions
|
Query Name: browser_extension.permissions
Header Type: Custom
|
|
PanOSBrowserExtensionShortName
|
Query Name: browser_extension.short_name
Header Type: Custom
|
|
PanOSBrowserExtensionType
|
Query Name: browser_extension.type
Header Type: Custom
|
|
PanOSBrowserExtensionUpdateURL
|
Query Name: browser_extension.update_url
Header Type: Custom
|
|
PanOSBrowserExtensionVersion
|
Query Name: browser_extension.version
Header Type: Custom
|
|
PanOSCertificateCreatedTime
|
Query Name: certificate.created_time
Header Type: Custom
|
|
PanOSCertificateExpirationTime
|
Query Name: certificate.expiration_time
Header Type: Custom
|
|
PanOSCertificateFingerprints
|
Query Name: certificate.fingerprints
Header Type: Custom
|
|
PanOSCertificateIssuer
|
Query Name: certificate.issuer
Header Type: Custom
|
|
PanOSCertificateSerialNumber
|
Query Name: certificate.serial_number
Header Type: Custom
|
|
PanOSCertificateSubject
|
Query Name: certificate.subject
Header Type: Custom
|
|
PanOSClassificationCategory
|
Query Name: classification.category
Header Type: Custom
|
|
PanOSClassificationMaliciousCategories
|
Query Name: classification.malicious_categories
Header Type: Custom
|
|
PanOSClassificationMITRE
|
Query Name: classification.mitre
Header Type: Custom
|
|
PanOSClassificationReputation
|
Query Name: classification.reputation
Header Type: Custom
|
|
PanOSClassificationSecurityCompliance
|
Query Name: classification.security_compliance
Header Type: Custom
|
|
PanOSClassificationSeverity
|
Query Name: classification.severity
Header Type: Custom
|
|
PanOSClipboardFromURL
|
Query Name: clipboard.from_url
Header Type: Custom
|
|
PanOSClipboardSelectedElement
|
Query Name: clipboard.selected_element
Header Type: Custom
|
|
PanOSContentCategories
|
Query Name: content.categories
Header Type: Custom
|
|
PanOSContentLengthBytes
|
Query Name: content.length_bytes
Header Type: Custom
|
|
PanOSContentMIPMatchedLabel
|
Query Name: content.mip_matched_label
Header Type: Custom
|
|
PanOSContentScanEngine
|
Query Name: content.scan_engine
Header Type: Custom
|
|
PanOSContentSensitiveDataCategories
|
Query Name: content.sensitive_data_categories
Header Type: Custom
|
|
PanOSContentSourceElementSelector
|
Query Name: content.source_element_selector
Header Type: Custom
|
|
PanOSContentSourceURL
|
Query Name: content.source_url
Header Type: Custom
|
|
PanOSCortexDataLakeTenantID
|
Query Name: customer_id
Header Type: Custom
|
|
PanOSDeviceBrowserBrand
|
Query Name: device.browser_brand
Header Type: Custom
|
|
PanOSDeviceBrowserType
|
Query Name: device.browser_type
Header Type: Custom
|
|
PanOSDeviceBrowserVersion
|
Query Name: device.browser_version
Header Type: Custom
|
|
PanOSDeviceUUID
|
Query Name: device.device_uuid
Header Type: Custom
|
|
PanOSDeviceDiskEncryptionStatus
|
Query Name: device.disk_encryption_status
Header Type: Custom
|
|
PanOSDeviceEPPStatus
|
Query Name: device.epp_status
Header Type: Custom
|
|
PanOSDeviceExtensionVersion
|
Query Name: device.extension_version
Header Type: Custom
|
|
PanOSDeviceFirewallStatus
|
Query Name: device.firewall_status
Header Type: Custom
|
|
PanOSDeviceGeoIPFromCityName
|
Query Name: device.geoip_from_city_name
Header Type: Custom
|
|
PanOSDeviceGeoIPFromCountryName
|
Query Name: device.geoip_from_country_name
Header Type: Custom
|
|
PanOSDeviceGeoIPFromLocationLatitude
|
Query Name: device.geoip_from_location_latitude
Header Type: Custom
|
|
PanOSDeviceGeoIPFromLocationLongitude
|
Query Name: device.geoip_from_location_longitude
Header Type: Custom
|
|
PanOSDeviceGroupsIDs
|
Query Name: device.groups.ids
Header Type: Custom
|
|
PanOSDeviceGroupsNames
|
Query Name: device.groups.names
Header Type: Custom
|
|
PanOSDeviceHostname
|
Query Name: device.hostname
Header Type: Custom
|
|
PanOSDeviceIPAddress
|
Query Name: device.ip_address
Header Type: Custom
|
|
PanOSMACAddresses
|
Query Name: device.mac_addresses
Header Type: Custom
|
|
PanOSDeviceModel
|
Query Name: device.model
Header Type: Custom
|
|
PanOSDeviceOSAndroidBuild
|
Query Name: device.os.android.build
Header Type: Custom
|
|
PanOSDeviceOSAndroidPatch
|
Query Name: device.os.android.patch
Header Type: Custom
|
|
PanOSDeviceOSAndroidRelease
|
Query Name: device.os.android.release
Header Type: Custom
|
|
PanOSDeviceOSAndroidSDK
|
Query Name: device.os.android.sdk
Header Type: Custom
|
|
PanOSDeviceOSiOSMajor
|
Query Name: device.os.ios.major
Header Type: Custom
|
|
PanOSDeviceOSiOSMinor
|
Query Name: device.os.ios.minor
Header Type: Custom
|
|
PanOSDeviceOSiOSPatch
|
Query Name: device.os.ios.patch
Header Type: Custom
|
|
PanOSDeviceOSmacOSBugfix
|
Query Name: device.os.macos.bugfix
Header Type: Custom
|
|
PanOSDeviceOSmacOSBuild
|
Query Name: device.os.macos.build
Header Type: Custom
|
|
PanOSDeviceOSmacOSMajor
|
Query Name: device.os.macos.major
Header Type: Custom
|
|
PanOSDeviceOSmacOSMinor
|
Query Name: device.os.macos.minor
Header Type: Custom
|
|
PanOSDeviceOSmacOSServer
|
Query Name: device.os.macos.server
Header Type: Custom
|
|
PanOSDeviceOSType
|
Query Name: device.os.type
Header Type: Custom
|
|
PanOSDeviceOSWindowsBuild
|
Query Name: device.os.windows.build
Header Type: Custom
|
|
PanOSDeviceOSWindowsMajor
|
Query Name: device.os.windows.major
Header Type: Custom
|
|
PanOSDeviceOSWindowsMinor
|
Query Name: device.os.windows.minor
Header Type: Custom
|
|
PanOSDeviceOSWindowsPatch
|
Query Name: device.os.windows.patch
Header Type: Custom
|
|
PanOSDeviceOSWindowsProduct
|
Query Name: device.os.windows.product
Header Type: Custom
|
|
PanOSDeviceOSDisplayName
|
Query Name: device.os_display_name
Header Type: Custom
|
|
PanOSDeviceRawUniversalID
|
Query Name: device.raw_universal_id
Header Type: Custom
|
|
PanOSDeviceScreenLockStatus
|
Query Name: device.screen_lock_status
Header Type: Custom
|
|
PanOSDeviceSerialNumber
|
Query Name: device.serial_number
Header Type: Custom
|
|
PanOSDeviceType
|
Query Name: device.type
Header Type: Custom
|
|
PanOSDeviceUserAgent
|
Query Name: device.user_agent
Header Type: Custom
|
|
PanOSFileExtension
|
Query Name: file.extension
Header Type: Custom
|
|
PanOSFileIsEncrypted
|
Query Name: file.is_encrypted
Header Type: Custom
|
|
PanOSFileLocalPath
|
Query Name: file.local_path
Header Type: Custom
|
|
PanOSFileMimeType
|
Query Name: file.mime_type
Header Type: Custom
|
|
PanOSFileName
|
Query Name: file.name
Header Type: Custom
|
|
PanOSFileOperation
|
Query Name: file.operation
Header Type: Custom
|
|
PanOSFileOriginDownloadURL
|
Query Name: file.origin_download_url
Header Type: Custom
|
|
PanOSFileSHA256
|
Query Name: file.sha256
Header Type: Custom
|
|
PanOSFileURL
|
Query Name: file.url
Header Type: Custom
|
|
PanOSID
|
Query Name: id
Header Type: Custom
|
|
PanOSLogSource
|
Query Name: log_source
Header Type: Custom
|
|
PanOSLogSourceGroupID
|
Query Name: log_source_group_id
Header Type: Custom
|
|
deviceExternalID
|
Query Name: log_source_id
Header Type: Predefined
|
|
dvchost
|
Query Name: log_source_name
Header Type: Predefined
|
|
rt
|
Query Name: log_time
Header Type: Predefined
|
|
Device Event Class ID
|
Query Name: log_type.value
Header Type: Custom
|
|
PanOSNetworkClassifications
|
Query Name: network.classifications
Header Type: Custom
|
|
PanOSNetworkFrameURL
|
Query Name: network.frame_url
Header Type: Custom
|
|
PanOSNetworkHTTPMethod
|
Query Name: network.http.method
Header Type: Custom
|
|
PanOSNetworkHTTPStatus
|
Query Name: network.http.status
Header Type: Custom
|
|
PanOSNetworkProtocol
|
Query Name: network.protocol
Header Type: Custom
|
|
PanOSNetworkTabURL
|
Query Name: network.tab_url
Header Type: Custom
|
|
PanOSNetworkURL
|
Query Name: network.url
Header Type: Custom
|
|
PanOSPageCaptureIsSecureScreenshot
|
Query Name: page.capture.is_secure_screenshot
Header Type: Custom
|
|
PanOSPageCaptureTriggeredByURL
|
Query Name: page.capture.triggered_by_url
Header Type: Custom
|
|
PanOSPageDevtoolsBlockReason
|
Query Name: page.devtools.block_reason
Header Type: Custom
|
|
PanOSPageTitle
|
Query Name: page.title
Header Type: Custom
|
|
PanOSPincodeFailedAttempts
|
Query Name: pincode.failed_attempts
Header Type: Custom
|
|
PanOSPincodeRegistrationTime
|
Query Name: pincode.registration_time
Header Type: Custom
|
|
PlatformType
|
Query Name: platform_type
Header Type: Custom
|
|
PanOSPolicyAction
|
Query Name: policy.action
Header Type: Custom
|
|
PanOSPolicyBlockReason
|
Query Name: policy.block_reason
Header Type: Custom
|
|
PanOSPolicyBypassReason
|
Query Name: policy.bypass_reason
Header Type: Custom
|
|
PanOSPolicyIsMonitor
|
Query Name: policy.is_monitor
Header Type: Custom
|
|
PanOSPolicyIsSessionRecorded
|
Query Name: policy.is_session_recorded
Header Type: Custom
|
|
PanOSPolicyRuleDescription
|
Query Name: policy.rule_description
Header Type: Custom
|
|
PanOSPolicyRuleID
|
Query Name: policy.rule_id
Header Type: Custom
|
|
PanOSPostureBlockReason
|
Query Name: posture.block_reason
Header Type: Custom
|
|
PanOSPostureBlockType
|
Query Name: posture.block_type
Header Type: Custom
|
|
PanOSPostureError
|
Query Name: posture.error
Header Type: Custom
|
|
PanOSPrintPrinterLocation
|
Query Name: print.printer_location
Header Type: Custom
|
|
PanOSPrintPrinterName
|
Query Name: print.printer_name
Header Type: Custom
|
|
PanOSProcessCLIArgs
|
Query Name: process.cli_args
Header Type: Custom
|
|
PanOSProcessImagePath
|
Query Name: process.image_path
Header Type: Custom
|
|
PanOSProcessParentProcess
|
Query Name: process.parent_process
Header Type: Custom
|
|
PanOSProcessPID
|
Query Name: process.pid
Header Type: Custom
|
|
PanOSStateDeviceGroupEvaluation
|
Query Name: state.device_group_evaluation
Header Type: Custom
|
|
PanOSStateSignInRules
|
Query Name: state.sign_in_rules
Header Type: Custom
|
|
PanOSSubtenantID
|
Query Name: sub_tenant_id
Header Type: Custom
|
|
Name
|
Query Name: sub_type.value
Header Type: Custom
|
|
PanOSTamperingType
|
Query Name: tampering.type
Header Type: Custom
|
|
PanOSTenantID
|
Query Name: tenant_id
Header Type: Custom
|
|
start
|
Query Name: time_generated
Header Type: Predefined
|
|
PanOSTimeGeneratedHighResolution
|
Query Name: time_generated_high_res
Header Type: Custom
|
|
PanOSTimestamp
|
Query Name: timestamp
Header Type: Custom
|
|
PanOSTSGID
|
Query Name: tsg_id
Header Type: Custom
|
|
PanOSType
|
Query Name: type
Header Type: Custom
|
|
PanOSUserEmail
|
Query Name: user.email
Header Type: Custom
|
|
PanOSUserExternalID
|
Query Name: user.external_id
Header Type: Custom
|
|
PanOSUserGroupsIDs
|
Query Name: user.groups.ids
Header Type: Custom
|
|
PanOSUserGroupsNames
|
Query Name: user.groups.names
Header Type: Custom
|
|
PanOSUserID
|
Query Name: user.id
Header Type: Custom
|
|
PanOSUserName
|
Query Name: user.name
Header Type: Custom
|
|
PanOSUserTenantExternalID
|
Query Name: user.tenant_external_id
Header Type: Custom
|
|
PanOSUserTenantID
|
Query Name: user.tenant_id
Header Type: Custom
|
|
PanOSUserTenantName
|
Query Name: user.tenant_name
Header Type: Custom
|
|
PanOSUserTSGID
|
Query Name: user.tsg_id
Header Type: Custom
|
|
Device Vendor
|
Query Name: vendor_name
Header Type: Custom
|