Strata Logging Service
Decryption
Table of Contents
Expand All
|
Collapse All
Strata Logging Service Docs
Decryption
By default, decryption logs display entries for unsuccessful TLS handshakes. In addition,
they can display entries for successful TLS handshakes, but the firewall administrator must
first enable successful TLS handshake logging in a Decryption policy.
See the following for information related to supported log formats:
|
DECRYPTION Field
(Display Name)
|
Description
|
|---|---|
|
action.value
(ACTION)
|
Identifies the action that the firewall took for the network traffic.
Syslog field name: Syslog Field Order
CEF field name: act
EMAIL field name: Action
HTTPS field name: Action
LEEF field name: Action
|
|
app
(APPLICATION)
|
Application associated with the network traffic.
Syslog field name: Syslog Field Order
CEF field name: app
EMAIL field name: Application
HTTPS field name: Application
LEEF field name: Application
|
|
app_category
(APPLICATION CATEGORY)
|
Identifies the high-level family of the application.
CEF field name: PanOSApplicationCategory
EMAIL field name: ApplicationCategory
HTTPS field name: ApplicationCategory
LEEF field name: ApplicationCategory
|
|
app_sub_category
(APPLICATION SUBCATEGORY)
|
Identifies the application's subcategory. The subcategory is related to the application's category, which is identified in category_of_app.
CEF field name: PanOSApplicationSubcategory
EMAIL field name: ApplicationSubcategory
HTTPS field name: ApplicationSubcategory
LEEF field name: ApplicationSubcategory
|
|
cert_flags
(CERTIFICATE FLAGS)
|
Internal use only bit field containing raw decryption information as generated at the
firewall. The information in this bit field is reflected in other decryption log fields.
Syslog field name: Syslog Field Order
CEF field name: PanOSCertificateFlags
EMAIL field name: CertificateFlags
HTTPS field name: CertificateFlags
LEEF field name: CertificateFlags
|
|
cert_serial
(CERTIFICATE SERIAL)
|
The certificate's serial number.
Syslog field name: Syslog Field Order
CEF field name: PanOSCertificateSerial
EMAIL field name: CertificateSerial
HTTPS field name: CertificateSerial
LEEF field name: CertificateSerial
|
|
certificate_size
(CERTIFICATE SIZE)
|
The size of the certificate.
Syslog field name: Syslog Field Order
CEF field name: PanOSCertificateSize
EMAIL field name: CertificateSize
HTTPS field name: CertificateSize
LEEF field name: CertificateSize
|
|
certificate_version.value
(CERTIFICATE VERSION)
|
The certificate's version number.
Syslog field name: Syslog Field Order
CEF field name: PanOSCertificateVersion
EMAIL field name: CertificateVersion
HTTPS field name: CertificateVersion
LEEF field name: CertificateVersion
|
|
chain_status.value
(CHAIN STATUS)
|
The certificate chain verification status. Possible values are:
Syslog field name: Syslog Field Order
CEF field name: PanOSChainStatus
EMAIL field name: ChainStatus
HTTPS field name: ChainStatus
LEEF field name: ChainStatus
|
|
characteristics_of_app
(APPLICATION CHARACTERISTICS)
|
Identifies the behaviorial characteristic of the application associated with the network traffic.
CEF field name: PanOSApplicationCharacteristics
EMAIL field name: ApplicationCharacteristics
HTTPS field name: ApplicationCharacteristics
LEEF field name: ApplicationCharacteristics
|
|
client_to_firewall.value
(CLIENT TO FIREWALL)
|
The direction of the SSL/TLS connection is from the client to the firewall.
Syslog field name: Syslog Field Order
CEF field name: PanOSClientToFirewall
EMAIL field name: ClientToFirewall
HTTPS field name: ClientToFirewall
LEEF field name: ClientToFirewall
|
|
cn
(COMMON NAME)
|
The common name found on the certificate's domain name.
Syslog field name: Syslog Field Order
CEF field name: PanOSCommonName
EMAIL field name: CommonName
HTTPS field name: CommonName
LEEF field name: CommonName
|
|
cn_len
(COMMON NAME LENGTH)
|
The length of the common name found on the certificate's domain name
before truncation (if any).
Syslog field name: Syslog Field Order
CEF field name: PanOSCommonNameLength
EMAIL field name: CommonNameLength
HTTPS field name: CommonNameLength
LEEF field name: CommonNameLength
|
|
config_version.value
(CONFIG VERSION)
|
Version number of the firewall operating system that wrote this log record, in
major.minor format.
Syslog field name: Syslog Field Order
CEF field name: PanOSConfigVersion
EMAIL field name: ConfigVersion
HTTPS field name: ConfigVersion
LEEF field name: ConfigVersion
|
|
container_id
(CONTAINER ID)
|
Unknown field. No information is available at this time.
Syslog field name: Syslog Field Order
CEF field name: PanOSContainerID
EMAIL field name: ContainerID
HTTPS field name: ContainerID
LEEF field name: ContainerID
|
|
container_of_app
(APPLICATION CONTAINER)
|
Identifies the managing application or parent of the application associated with this network traffic.
CEF field name: PanOSApplicationContainer
EMAIL field name: ApplicationContainer
HTTPS field name: ApplicationContainer
LEEF field name: ApplicationContainer
|
|
count_of_repeats
(REPEAT COUNT)
|
Number of sessions with same Source IP, Destination IP, Application, and Content/Threat Type seen for the summary interval.
Syslog field name: Syslog Field Order
CEF field name: cnt
EMAIL field name: RepeatCount
HTTPS field name: RepeatCount
LEEF field name: CountOfRepeat
|
|
cpadding
(CPADDING)
|
For internal use only.
CEF field name: PanOSCpadding
EMAIL field name: Cpadding
HTTPS field name: Cpadding
LEEF field name: Cpadding
|
|
customer_id
(TENANT ID)
|
The ID that uniquely identifies the Strata Logging Service instance which
received this log record.
CEF field name: PanOSCortexDataLakeTenantID
EMAIL field name: CortexDataLakeTenantID
HTTPS field name: CortexDataLakeTenantID
LEEF field name: CortexDataLakeTenantID
|
|
dest_device_category
(DESTINATION DEVICE CATEGORY)
|
Category of the device to which the session was directed.
Syslog field name: Syslog Field Order
CEF field name: PanOSDestinationDeviceCategory
EMAIL field name: DestinationDeviceCategory
HTTPS field name: DestinationDeviceCategory
LEEF field name: DestinationDeviceCategory
|
|
dest_device_class
(DESTINATION DEVICE CLASS)
|
Destination device class.
CEF field name: PanOSDestinationDeviceClass
EMAIL field name: DestinationDeviceClass
HTTPS field name: DestinationDeviceClass
LEEF field name: DestinationDeviceClass
|
|
dest_device_host
(DESTINATION DEVICE HOST)
|
Hostname of the device to which the session was directed.
Syslog field name: Syslog Field Order
CEF field name: PanOSDestinationDeviceHost
EMAIL field name: DestinationDeviceHost
HTTPS field name: DestinationDeviceHost
LEEF field name: DestinationDeviceHost
|
|
dest_device_mac
(DESTINATION DEVICE MAC)
|
MAC Address of the device to which the session was directed.
Syslog field name: Syslog Field Order
CEF field name: PanOSDestinationDeviceMac
EMAIL field name: DestinationDeviceMac
HTTPS field name: DestinationDeviceMac
LEEF field name: DestinationDeviceMac
|
|
dest_device_model
(DESTINATION DEVICE MODEL)
|
Model of the device to which the session was directed.
Syslog field name: Syslog Field Order
CEF field name: PanOSDestinationDeviceModel
EMAIL field name: DestinationDeviceModel
HTTPS field name: DestinationDeviceModel
LEEF field name: DestinationDeviceModel
|
|
dest_device_os
(DESTINATION DEVICE OS)
|
Destination device OS type.
CEF field name: PanOSDestinationDeviceOS
EMAIL field name: DestinationDeviceOS
HTTPS field name: DestinationDeviceOS
LEEF field name: DestinationDeviceOS
|
|
dest_device_osfamily
(DESTINATION DEVICE OS FAMILY)
|
OS family of the device to which the session was directed.
Syslog field name: Syslog Field Order
CEF field name: PanOSDestinationDeviceOSFamily
EMAIL field name: DestinationDeviceOSFamily
HTTPS field name: DestinationDeviceOSFamily
LEEF field name: DestinationDeviceOSFamily
|
|
dest_device_osversion
(DESTINATION DEVICE OS VERSION)
|
OS version of the device to which the session was directed.
Syslog field name: Syslog Field Order
CEF field name: PanOSDestinationDeviceOSVersion
EMAIL field name: DestinationDeviceOSVersion
HTTPS field name: DestinationDeviceOSVersion
LEEF field name: DestinationDeviceOSVersion
|
|
dest_device_profile
(DESTINATION DEVICE PROFILE)
|
Profile of the device to which the session was directed.
Syslog field name: Syslog Field Order
CEF field name: PanOSDestinationDeviceProfile
EMAIL field name: DestinationDeviceProfile
HTTPS field name: DestinationDeviceProfile
LEEF field name: DestinationDeviceProfile
|
|
dest_device_vendor
(DESTINATION DEVICE VENDOR)
|
Vendor of the device to which the session was directed.
Syslog field name: Syslog Field Order
CEF field name: PanOSDestinationDeviceVendor
EMAIL field name: DestinationDeviceVendor
HTTPS field name: DestinationDeviceVendor
LEEF field name: DestinationDeviceVendor
|
|
dest_dynamic_address_group
(DESTINATION DYNAMIC ADDRESS GROUP)
|
The dynamic address group that Device-ID identifies as the destination for the traffic.
Syslog field name: Syslog Field Order
CEF field name: PanOSDestinationDynamicAddressGroup
EMAIL field name: DestinationDynamicAddressGroup
HTTPS field name: DestinationDynamicAddressGroup
LEEF field name: DestinationDynamicAddressGroup
|
|
dest_edl
(DESTINATION EDL)
|
The name of the external dynamic list that contains the destination IP address of the traffic.
Syslog field name: Syslog Field Order
CEF field name: PanOSDestinationEDL
EMAIL field name: DestinationEDL
HTTPS field name: DestinationEDL
LEEF field name: DestinationEDL
|
|
dest_ip.value
(DESTINATION ADDRESS)
|
Original destination IP address.
Syslog field name: Syslog Field Order
EMAIL field name: DestinationAddress
HTTPS field name: DestinationAddress
LEEF field name: dst
|
|
dest_location
(DESTINATION LOCATION)
|
Destination country or internal region for private addresses.
CEF field name: PanOSDestinationLocation
EMAIL field name: DestinationLocation
HTTPS field name: DestinationLocation
LEEF field name: DestinationLocation
|
|
dest_port
(DESTINATION PORT)
|
Network traffic's destination port. If this value is 0, then the app is using its standard port.
Syslog field name: Syslog Field Order
CEF field name: dpt
EMAIL field name: DestinationPort
HTTPS field name: DestinationPort
LEEF field name: dstPort
|
|
dest_user
(DESTINATION USER)
|
The username to which the network traffic was destined.
Syslog field name: Syslog Field Order
CEF field name: duser
EMAIL field name: DestinationUser
HTTPS field name: DestinationUser
LEEF field name: DestinationUser
|
|
dest_user_info.domain
(DESTINATION USER DOMAIN)
|
Domain to which the Destination User belongs.
CEF field name: dntdom
EMAIL field name: DestinationUserDomain
HTTPS field name: DestinationUserDomain
LEEF field name: DestinationUserDomain
|
|
dest_user_info.name
(DESTINATION USER NAME)
|
The Destination User. That is, the username to which the network traffic was destined.
CEF field name: dusername
EMAIL field name: DestinationUserName
HTTPS field name: DestinationUserName
LEEF field name: DestinationUserName
|
|
dest_user_info.uuid
(DESTINATION USER UUID)
|
Unique identifier assigned to the Destination User.
CEF field name: duid
EMAIL field name: DestinationUserUUID
HTTPS field name: DestinationUserUUID
LEEF field name: DestinationUserUUID
|
|
dest_uuid
(DESTINATION UUID)
|
Identifies the destination universal unique identifier for a guest virtual machine in the VMware NSX environment.
Syslog field name: Syslog Field Order
CEF field name: PanOSDestinationUUID
EMAIL field name: DestinationUUID
HTTPS field name: DestinationUUID
LEEF field name: DestinationUUID
|
|
dg_hier_level_1
(DG HIERARCHY LEVEL 1)
|
A sequence of identification numbers that indicate the device group’s location within a device group hierarchy.
CEF field name: PanOSDGHierarchyLevel1
EMAIL field name: DGHierarchyLevel1
HTTPS field name: DGHierarchyLevel1
LEEF field name: DGHierarchyLevel1
|
|
dg_hier_level_2
(DG HIERARCHY LEVEL 2)
|
A sequence of identification numbers that indicate the device group’s location within a device group hierarchy.
CEF field name: PanOSDGHierarchyLevel2
EMAIL field name: DGHierarchyLevel2
HTTPS field name: DGHierarchyLevel2
LEEF field name: DGHierarchyLevel2
|
|
dg_hier_level_3
(DG HIERARCHY LEVEL 3)
|
A sequence of identification numbers that indicate the device group’s location within a device group hierarchy.
CEF field name: PanOSDGHierarchyLevel3
EMAIL field name: DGHierarchyLevel3
HTTPS field name: DGHierarchyLevel3
LEEF field name: DGHierarchyLevel3
|
|
dg_hier_level_4
(DG HIERARCHY LEVEL 4)
|
A sequence of identification numbers that indicate the device group’s location within a device group hierarchy.
CEF field name: PanOSDGHierarchyLevel4
EMAIL field name: DGHierarchyLevel4
HTTPS field name: DGHierarchyLevel4
LEEF field name: DGHierarchyLevel4
|
|
domain
(DOMAIN)
|
The subject common name; that is, the name of the server that the certificate protects.
CEF field name: PanOSDomain
EMAIL field name: Domain
HTTPS field name: Domain
LEEF field name: Domain
|
|
elliptic_curve.value
(ELLIPTIC CURVE)
|
The elliptic cryptography curve that the client and server negotiate and use for
connections that use ECDHE cipher suites.
Syslog field name: Syslog Field Order
CEF field name: PanOSEllipticCurve
EMAIL field name: EllipticCurve
HTTPS field name: EllipticCurve
LEEF field name: EllipticCurve
|
|
error_index.value
(ERROR INDEX)
|
The elliptic cryptography curve that the client and server negotiate and use for
connections that use ECDHE cipher suites.
Syslog field name: Syslog Field Order
CEF field name: PanOSErrorIndex
EMAIL field name: ErrorIndex
HTTPS field name: ErrorIndex
LEEF field name: ErrorIndex
|
|
error_message
(ERROR MESSAGE)
|
The error message content.
Syslog field name: Syslog Field Order
CEF field name: PanOSErrorMessage
EMAIL field name: ErrorMessage
HTTPS field name: ErrorMessage
LEEF field name: ErrorMessage
|
|
fingerprint
(FINGERPRINT)
|
A hash of the certificate in x509 binary format.
Syslog field name: Syslog Field Order
CEF field name: PanOSFingerprint
EMAIL field name: Fingerprint
HTTPS field name: Fingerprint
LEEF field name: Fingerprint
|
|
firewall_to_client.value
(FIREWALL TO CLIENT)
|
The direction of the SSL/TLS connection is from the firewall to the client.
Syslog field name: Syslog Field Order
CEF field name: PanOSFirewallToClient
EMAIL field name: FirewallToClient
HTTPS field name: FirewallToClient
LEEF field name: FirewallToClient
|
|
from_zone
(FROM ZONE)
|
The networking zone from which the traffic originated.
Syslog field name: Syslog Field Order
CEF field name: cs4
EMAIL field name: FromZone
HTTPS field name: FromZone
LEEF field name: FromZone
|
|
inbound_if.value
(INBOUND INTERFACE)
|
Interface from which the network traffic was sourced.
Syslog field name: Syslog Field Order
CEF field name: deviceInboundInterface
EMAIL field name: InboundInterface
HTTPS field name: InboundInterface
LEEF field name: InboundInterface
|
|
inbound_if_details.port
(INBOUND INTERFACE DETAILS PORT)
|
Hardware port or socket from which the network traffic was sourced.
CEF field name: PanOSInboundInterfaceDetailsPort
EMAIL field name: InboundInterfaceDetailsPort
HTTPS field name: InboundInterfaceDetailsPort
LEEF field name: InboundInterfaceDetailsPort
|
|
inbound_if_details.slot
(INBOUND INTERFACE DETAILS SLOT)
|
Interface slot from which the network traffic was sourced.
CEF field name: PanOSInboundInterfaceDetailsSlot
EMAIL field name: InboundInterfaceDetailsSlot
HTTPS field name: InboundInterfaceDetailsSlot
LEEF field name: InboundInterfaceDetailsSlot
|
|
inbound_if_details.type.value
(INBOUND INTERFACE DETAILS TYPE)
|
The type of interface from which the network traffic was sourced.
CEF field name: PanOSInboundInterfaceDetailsType
EMAIL field name: InboundInterfaceDetailsType
HTTPS field name: InboundInterfaceDetailsType
LEEF field name: InboundInterfaceDetailsType
|
|
inbound_if_details.unit
(INBOUND INTERFACE DETAILS UNIT)
|
Internal use.
CEF field name: PanOSInboundInterfaceDetailsUnit
EMAIL field name: InboundInterfaceDetailsUnit
HTTPS field name: InboundInterfaceDetailsUnit
LEEF field name: InboundInterfaceDetailsUnit
|
|
is_captive_portal
(CAPTIVE PORTAL)
|
Indicates if user information for the session was captured through Captive Portal.
CEF field name: PanOSCaptivePortal
EMAIL field name: CaptivePortal
HTTPS field name: CaptivePortal
LEEF field name: CaptivePortal
|
|
is_cert_ECDSA
(IS CERT ECDSA)
|
The certificate key exchange algorithm used for the session is ECDSA.
CEF field name: PanOSIsCertECDSA
EMAIL field name: IsCertECDSA
HTTPS field name: IsCertECDSA
LEEF field name: IsCertECDSA
|
|
is_cert_RSA
(IS CERT RSA)
|
The certificate key exchange algorithm used for the session is RSA.
CEF field name: PanOSIsCertRSA
EMAIL field name: IsCertRSA
HTTPS field name: IsCertRSA
LEEF field name: IsCertRSA
|
|
is_cert_cn_truncated
(IS CERT CN TRUNCATED)
|
Indicates whether the common name found on the certificate has been truncated
due to buffer limits.
CEF field name: PanOSIsCertCNTruncated
EMAIL field name: IsCertCNTruncated
HTTPS field name: IsCertCNTruncated
LEEF field name: IsCertCNTruncated
|
|
is_client_to_server
(IS CLIENT TO SERVER)
|
Indicates if direction of traffic is from client to server.
CEF field name: PanOSIsClienttoServer
EMAIL field name: IsClienttoServer
HTTPS field name: IsClienttoServer
LEEF field name: IsClienttoServer
|
|
is_container
(IS CONTAINER)
|
Indicates if the session is a container page access (Container Page).
CEF field name: PanOSIsContainer
EMAIL field name: IsContainer
HTTPS field name: IsContainer
LEEF field name: IsContainer
|
|
is_decrypt_mirror
(IS DECRYPT MIRROR)
|
Indicates whether decrypted traffic was sent out in clear text through a mirror port.
CEF field name: PanOSIsDecryptMirror
EMAIL field name: IsDecryptMirror
HTTPS field name: IsDecryptMirror
LEEF field name: IsDecryptMirror
|
|
is_decrypted
(IS DECRYPTED)
|
Flag that indicates that the session is decrypted.
CEF field name: PanOSIsDecrypted
EMAIL field name: IsDecrypted
HTTPS field name: IsDecrypted
LEEF field name: IsDecrypted
|
|
is_dup_log
(IS DUPLICATE LOG)
|
Indicates whether this log data is available in multiple locations, such as from Strata Logging Service as well as from an on-premise log
collector.
CEF field name: PanOSIsDuplicateLog
EMAIL field name: IsDuplicateLog
HTTPS field name: IsDuplicateLog
LEEF field name: IsDuplicateLog
|
|
is_encrypted
(IS ENCRYPTED)
|
Flag that indicates that the session is encrypted.
CEF field name: PanOSIsEncrypted
EMAIL field name: IsEncrypted
HTTPS field name: IsEncrypted
LEEF field name: IsEncrypted
|
|
is_exported
(LOG EXPORTED)
|
Indicates if this log was exported from the firewall using the firewall's log export function.
CEF field name: PanOSLogExported
EMAIL field name: LogExported
HTTPS field name: LogExported
LEEF field name: LogExported
|
|
is_forwarded
(IS FORWARDED)
|
Internal-use field that indicates if the log is being forwarded.
CEF field name: PanOSIsForwarded
EMAIL field name: IsForwarded
HTTPS field name: IsForwarded
LEEF field name: IsForwarded
|
|
is_ipv6
(IS IPV6)
|
Indicates whether IPV6 was used for the session.
CEF field name: PanOSIsIPV6
EMAIL field name: IsIPV6
HTTPS field name: IsIPV6
LEEF field name: IsIPV6
|
|
is_issuer_cn_truncated
(IS ISSUER CN TRUNCATED)
|
Indicates whether the common name used by the certificate's issuer has been truncated
due to buffer limits.
CEF field name: PanOSIsIssuerCNTruncated
EMAIL field name: IsIssuerCNTruncated
HTTPS field name: IsIssuerCNTruncated
LEEF field name: IsIssuerCNTruncated
|
|
is_mptcp_on
(IS MPTCP ON)
|
Indicates whether the option is enabled on the next-generation firewall that allows a client to use multiple paths to connect to a destination host.
CEF field name: PanOSIsMptcpOn
EMAIL field name: IsMptcpOn
HTTPS field name: IsMptcpOn
LEEF field name: IsMptcpOn
|
|
is_nat
(IS NAT)
|
Indicates if the firewall is performing network address translation (NAT) for the logged traffic.
CEF field name: PanOSIsNAT
EMAIL field name: IsNAT
HTTPS field name: IsNAT
LEEF field name: IsNAT
|
|
is_non_std_dest_port
(IS NON STANDARD DESTINATION PORT)
|
Indicates if the destination port is non-standard.
CEF field name: PanOSIsNonStandardDestinationPort
EMAIL field name: IsNonStandardDestinationPort
HTTPS field name: IsNonStandardDestinationPort
LEEF field name: IsNonStandardDestinationPort
|
|
is_packet_capture
(PACKET CAPTURE)
|
Indicates whether the session has a packet capture (PCAP).
CEF field name: PanOSPacketCapture
EMAIL field name: PacketCapture
HTTPS field name: PacketCapture
LEEF field name: PacketCapture
|
|
is_phishing
(IS PHISHING)
|
Indicates whether enterprise credentials were submitted by an end user.
CEF field name: PanOSIsPhishing
EMAIL field name: IsPhishing
HTTPS field name: IsPhishing
LEEF field name: IsPhishing
|
|
is_prisma_branch
(IS PRISMA NETWORK)
|
Internal-use field. If set to 1, the log was generated on a cloud-based firewall. If 0, the firewall was running on-premise.
CEF field name: PanOSIsPrismaNetwork
EMAIL field name: IsPrismaNetwork
HTTPS field name: IsPrismaNetwork
LEEF field name: IsPrismaNetwork
|
|
is_prisma_mobile
(IS PRISMA USERS)
|
Internal use field. If set to 1, the log record was generated using a cloud-based GlobalProtect instance. If 0, GlobalProtect was hosted on-premise.
CEF field name: PanOSIsPrismaUsers
EMAIL field name: IsPrismaUsers
HTTPS field name: IsPrismaUsers
LEEF field name: IsPrismaUsers
|
|
is_proxy
(IS PROXY)
|
Indicates whether the SSL session is decrypted (SSL Proxy).
CEF field name: PanOSIsProxy
EMAIL field name: IsProxy
HTTPS field name: IsProxy
LEEF field name: IsProxy
|
|
is_recon_excluded
(IS RECON EXCLUDED)
|
Indicates whether source for the flow is on the firewall allow list and not subject to recon protection.
CEF field name: PanOSIsReconExcluded
EMAIL field name: IsReconExcluded
HTTPS field name: IsReconExcluded
LEEF field name: IsReconExcluded
|
|
is_resume_session
(IS RESUME SESSION)
|
Indicates that the decryption session was previously interrupted and is now
resuming.
CEF field name: PanOSIsResumeSession
EMAIL field name: IsResumeSession
HTTPS field name: IsResumeSession
LEEF field name: IsResumeSession
|
|
is_root_cn_truncated
(IS ROOT CN TRUNCATED)
|
Indicates whether the common name used for the root CA has been truncated
due to buffer limits.
CEF field name: PanOSIsRootCNTruncated
EMAIL field name: IsRootCNTruncated
HTTPS field name: IsRootCNTruncated
LEEF field name: IsRootCNTruncated
|
|
is_saas_app
(IS SAAS APPLICATION)
|
Internal use field. Indicates whether the application associated with this network traffic is a SAAS application.
CEF field name: PanOSIsSaaSApplication
EMAIL field name: IsSaaSApplication
HTTPS field name: IsSaaSApplication
LEEF field name: IsSaaSApplication
|
|
is_server_to_client
(IS SERVER TO CLIENT)
|
Indicates if direction of traffic is from server to client.
CEF field name: PanOSIsServertoClient
EMAIL field name: IsServertoClient
HTTPS field name: IsServertoClient
LEEF field name: IsServertoClient
|
|
is_sni_truncated
(IS SNI TRUNCATED)
|
Indicates whether the server name indication (SNI), which is the hostname of the server that the
client is trying to reach, has been truncated due to buffer limits.
CEF field name: PanOSIsSNITruncated
EMAIL field name: IsSNITruncated
HTTPS field name: IsSNITruncated
LEEF field name: IsSNITruncated
|
|
is_source_x_fwded
(IS SOURCE X FORWARDED)
|
Indicates whether the X-Forwarded-For value from a proxy is in the source user field.
CEF field name: PanOSIsSourceXForwarded
EMAIL field name: IsSourceXForwarded
HTTPS field name: IsSourceXForwarded
LEEF field name: IsSourceXForwarded
|
|
is_sym_return
(IS SYSTEM RETURN)
|
Indicates whether symmetric return was used to forward traffic for this session.
CEF field name: PanOSIsSystemReturn
EMAIL field name: IsSystemReturn
HTTPS field name: IsSystemReturn
LEEF field name: IsSystemReturn
|
|
is_transaction
(IS TRANSACTION)
|
Indicates whether the log corresponds to a transaction within an HTTP proxy session (Proxy Transaction).
CEF field name: PanOSIsTransaction
EMAIL field name: IsTransaction
HTTPS field name: IsTransaction
LEEF field name: IsTransaction
|
|
is_tunnel_inspected
(IS TUNNEL INSPECTED)
|
Indicates whether the payload for the outer tunnel was inspected.
CEF field name: PanOSIsTunnelInspected
EMAIL field name: IsTunnelInspected
HTTPS field name: IsTunnelInspected
LEEF field name: IsTunnelInspected
|
|
is_url_denied
(IS URL DENIED)
|
Indicates whether the session was denied due to a URL filtering rule.
CEF field name: PanOSIsURLDenied
EMAIL field name: IsURLDenied
HTTPS field name: IsURLDenied
LEEF field name: IsURLDenied
|
|
issuer_cn
(ISSUER COMMON NAME)
|
The name of the organization that verified the certificate’s contents.
Syslog field name: Syslog Field Order
CEF field name: PanOSIssuerCommonName
EMAIL field name: IssuerCommonName
HTTPS field name: IssuerCommonName
LEEF field name: IssuerCommonName
|
|
issuer_len
(ISSUER NAME LENGTH)
|
The length of the issuer's common name before truncation (if any).
Syslog field name: Syslog Field Order
CEF field name: PanOSIssuerNameLength
EMAIL field name: IssuerNameLength
HTTPS field name: IssuerNameLength
LEEF field name: IssuerNameLength
|
|
log_set
(LOG SETTING)
|
Log forwarding profile name that was applied to the session. This name was defined by the firewall's administrator.
Syslog field name: Syslog Field Order
CEF field name: cs6
EMAIL field name: LogSetting
HTTPS field name: LogSetting
LEEF field name: LogSetting
|
|
log_source
(LOG SOURCE)
|
Identifies the origin of the data. That is, the system that produced the data.
CEF field name: PanOSLogSource
EMAIL field name: LogSource
HTTPS field name: LogSource
LEEF field name: LogSource
|
|
log_source_group_id
(LOG SOURCE GROUP ID)
|
ID that uniquely identifies the logSourceGroupId of the log. That is, the log_source_id of the group.
CEF field name: LogSourceGroupID
EMAIL field name: LogSourceGroupID
HTTPS field name: LogSourceGroupID
LEEF field name: LogSourceGroupID
|
|
log_source_id
(DEVICE SN)
|
ID that uniquely identifies the source of the log. That is, the serial number of the firewall that generated the log.
If the log is generated by Prisma Access, the serial number is not displayed.
Syslog field name: Syslog Field Order
CEF field name: PanOSDeviceSN
EMAIL field name: DeviceSN
HTTPS field name: DeviceSN
LEEF field name: DeviceSN
|
|
log_source_name
(DEVICE NAME)
|
Name of the source of the log. That is, the hostname of the firewall that logged the network traffic.
CEF field name: PanOSDeviceName
EMAIL field name: DeviceName
HTTPS field name: DeviceName
LEEF field name: DeviceName
|
|
log_source_tz_offset
(LOG SOURCE TIMEZONE OFFSET)
|
Time Zone offset from GMT of the source of the log.
CEF field name: PanOSLogSourceTimeZoneOffset
EMAIL field name: LogSourceTimeZoneOffset
HTTPS field name: LogSourceTimeZoneOffset
LEEF field name: LogSourceTimeZoneOffset
|
|
log_time
(TIME RECEIVED)
|
Time the log was received in Strata Logging Service. This string contains a
timestamp value that is the number of microseconds since the Unix epoch.
Syslog field name: Syslog Field Order
CEF field name: rt
EMAIL field name: TimeReceived
HTTPS field name: TimeReceived
LEEF field name: TimeReceived
|
|
log_type.value
(LOG TYPE)
|
Identifies the log type.
Syslog field name: Syslog Field Order
CEF field name: Device Event Class ID
EMAIL field name: LogType
HTTPS field name: LogType
LEEF field name: cat
|
|
nat_dest.value
(NAT DESTINATION)
|
If destination NAT was performed, the post-NAT destination IP address.
Syslog field name: Syslog Field Order
CEF field name: destinationTranslatedAddress
EMAIL field name: NATDestination
HTTPS field name: NATDestination
LEEF field name: dstPostNAT
|
|
nat_dest_port
(NAT DESTINATION PORT)
|
Post-NAT destination port.
Syslog field name: Syslog Field Order
CEF field name: destinationTranslatedPort
EMAIL field name: NATDestinationPort
HTTPS field name: NATDestinationPort
LEEF field name: dstPostNATPort
|
|
nat_source.value
(NAT SOURCE)
|
If source NAT was performed, the post-NAT source IP address.
Syslog field name: Syslog Field Order
CEF field name: sourceTranslatedAddress
EMAIL field name: NATSource
HTTPS field name: NATSource
LEEF field name: srcPostNAT
|
|
nat_source_port
(NAT SOURCE PORT)
|
Post-NAT source port.
Syslog field name: Syslog Field Order
CEF field name: sourceTranslatedPort
EMAIL field name: NATSourcePort
HTTPS field name: NATSourcePort
LEEF field name: srcPostNATPort
|
|
not_after
(TIME NOT AFTER)
|
Timestamp date after which the certificate is no longer valid.
Syslog field name: Syslog Field Order
CEF field name: PanOSTimeNotAfter
EMAIL field name: TimeNotAfter
HTTPS field name: TimeNotAfter
LEEF field name: TimeNotAfter
|
|
not_before
(TIME NOT BEFORE)
|
Timestamp date before which the certificate is not yet valid.
Syslog field name: Syslog Field Order
CEF field name: PanOSTimeNotBefore
EMAIL field name: TimeNotBefore
HTTPS field name: TimeNotBefore
LEEF field name: TimeNotBefore
|
|
outbound_if.value
(OUTBOUND INTERFACE)
|
Interface to which the network traffic was destined.
Syslog field name: Syslog Field Order
CEF field name: deviceOutboundInterface
EMAIL field name: OutboundInterface
HTTPS field name: OutboundInterface
LEEF field name: OutboundInterface
|
|
outbound_if_details.port
(OUTBOUND INTERFACE DETAILS PORT)
|
Hardware port or socket to which the network traffic was sent.
CEF field name: PanOSOutboundInterfaceDetailsPort
EMAIL field name: OutboundInterfaceDetailsPort
HTTPS field name: OutboundInterfaceDetailsPort
LEEF field name: OutboundInterfaceDetailsPort
|
|
outbound_if_details.slot
(OUTBOUND INTERFACE DETAILS SLOT)
|
Interface slot to which the network traffic was sent.
CEF field name: PanOSOutboundInterfaceDetailsSlot
EMAIL field name: OutboundInterfaceDetailsSlot
HTTPS field name: OutboundInterfaceDetailsSlot
LEEF field name: OutboundInterfaceDetailsSlot
|
|
outbound_if_details.type.value
(OUTBOUND INTERFACE DETAILS TYPE)
|
The type of interface to which the network traffic was sent.
CEF field name: PanOSOutboundInterfaceDetailsType
EMAIL field name: OutboundInterfaceDetailsType
HTTPS field name: OutboundInterfaceDetailsType
LEEF field name: OutboundInterfaceDetailsType
|
|
outbound_if_details.unit
(OUTBOUND INTERFACE DETAILS UNIT)
|
Internal use.
CEF field name: PanOSOutboundInterfaceDetailsUnit
EMAIL field name: OutboundInterfaceDetailsUnit
HTTPS field name: OutboundInterfaceDetailsUnit
LEEF field name: OutboundInterfaceDetailsUnit
|
|
padding
(PADDING)
|
For internal use only.
CEF field name: PanOSPadding
EMAIL field name: Padding
HTTPS field name: Padding
LEEF field name: Padding
|
|
padding3
(PADDING3)
|
For internal use only.
CEF field name: PanOSPadding3
EMAIL field name: Padding3
HTTPS field name: Padding3
LEEF field name: Padding3
|
|
panorama_serial
(PANORAMA SN)
|
Panorama Serial associated with CDL.
CEF field name: PanOSPanoramaSN
EMAIL field name: PanoramaSN
HTTPS field name: PanoramaSN
LEEF field name: PanoramaSN
|
|
platform_type
(PLATFORM TYPE)
|
The platform type (Valid types are VM, PA, NGFW, CNGFW).
CEF field name: PlatformType
EMAIL field name: PlatformType
HTTPS field name: PlatformType
LEEF field name: PlatformType
|
|
pod_name
(CONTAINER NAME)
|
Container name.
Syslog field name: Syslog Field Order
CEF field name: PanOSContainerName
EMAIL field name: ContainerName
HTTPS field name: ContainerName
LEEF field name: ContainerName
|
|
pod_namespace
(CONTAINER NAME SPACE)
|
Container namespace.
Syslog field name: Syslog Field Order
CEF field name: PanOSContainerNameSpace
EMAIL field name: ContainerNameSpace
HTTPS field name: ContainerNameSpace
LEEF field name: ContainerNameSpace
|
|
policy_name
(POLICY NAME)
|
The name of the Decryption policy associated with the session.
Syslog field name: Syslog Field Order
CEF field name: PanOSPolicyName
EMAIL field name: PolicyName
HTTPS field name: PolicyName
LEEF field name: PolicyName
|
|
protocol.value
(PROTOCOL)
|
IP protocol associated with the session.
Syslog field name: Syslog Field Order
CEF field name: proto
EMAIL field name: Protocol
HTTPS field name: Protocol
LEEF field name: proto
|
|
proxy_type.value
(PROXY TYPE)
|
The Decryption proxy type, such as Forward for Forward Proxy, Inbound for Inbound
Inspection, No Decrypt for undecrypted traffic, Decryption Broker, GlobalProtect, and so
forth.
Syslog field name: Syslog Field Order
CEF field name: PanOSProxyType
EMAIL field name: ProxyType
HTTPS field name: ProxyType
LEEF field name: EventID
|
|
risk_of_app
(APPLICATION RISK)
|
Indicates how risky the application is from a network security perspective.
CEF field name: PanOSApplicationRisk
EMAIL field name: ApplicationRisk
HTTPS field name: ApplicationRisk
LEEF field name: ApplicationRisk
|
|
root_cn
(ROOT COMMON NAME)
|
The name of the root certificate authority.
Syslog field name: Syslog Field Order
CEF field name: PanOSRootCommonName
EMAIL field name: RootCommonName
HTTPS field name: RootCommonName
LEEF field name: RootCommonName
|
|
root_cn_len
(ROOT CN LENGTH)
|
The length of the root CA's common name before truncation (if any).
Syslog field name: Syslog Field Order
CEF field name: PanOSRootCNLength
EMAIL field name: RootCNLength
HTTPS field name: RootCNLength
LEEF field name: RootCNLength
|
|
root_status.value
(ROOT STATUS)
|
The status of the root certificate, for example, trusted, untrusted, or uninspected.
Syslog field name: Syslog Field Order
CEF field name: PanOSRootStatus
EMAIL field name: RootStatus
HTTPS field name: RootStatus
LEEF field name: RootStatus
|
|
rule_matched
(RULE)
|
Name of the security policy rule that the network traffic matched.
Syslog field name: Syslog Field Order
CEF field name: cs1
EMAIL field name: Rule
HTTPS field name: Rule
LEEF field name: Rule
|
|
rule_matched_uuid
(RULE UUID)
|
Unique identifier for the security policy rule that the network traffic matched.
Syslog field name: Syslog Field Order
CEF field name: PanOSRuleUUID
EMAIL field name: RuleUUID
HTTPS field name: RuleUUID
LEEF field name: RuleUUID
|
|
sanctioned_state_of_app
(SANCTIONED STATE OF APP)
|
Indicates whether the application has been flagged as sanctioned by the firewall administrator.
CEF field name: PanOSSanctionedStateOfApp
EMAIL field name: SanctionedStateOfApp
HTTPS field name: SanctionedStateOfApp
LEEF field name: SanctionedStateOfApp
|
|
sequence_no
(SEQUENCE NO)
|
The log entry identifier, which is incremented sequentially. Each log type has a unique number space.
Syslog field name: Syslog Field Order
CEF field name: externalId
EMAIL field name: SequenceNo
HTTPS field name: SequenceNo
LEEF field name: SequenceNo
|
|
session_id
(SESSION ID)
|
Identifies the firewall's internal identifier for a specific network session.
Syslog field name: Syslog Field Order
CEF field name: cn1
EMAIL field name: SessionID
HTTPS field name: SessionID
LEEF field name: SessionID
|
|
sni
(SERVER NAME INDICATION)
|
The hostname of the server that the client is trying to contact.
Syslog field name: Syslog Field Order
CEF field name: PanOSServerNameIndication
EMAIL field name: ServerNameIndication
HTTPS field name: ServerNameIndication
LEEF field name: ServerNameIndication
|
|
sni_len
(SNI LENGTH)
|
The length of the server name indication (SNI), which is the hostname of the server that the
client is trying to reach. This is the full length of the SNI before any truncation
might have occurred.
Syslog field name: Syslog Field Order
CEF field name: PanOSSNILength
EMAIL field name: SNILength
HTTPS field name: SNILength
LEEF field name: SNILength
|
|
source_device_category
(SOURCE DEVICE CATEGORY)
|
Category of the device from which the session originated.
Syslog field name: Syslog Field Order
CEF field name: PanOSSourceDeviceCategory
EMAIL field name: SourceDeviceCategory
HTTPS field name: SourceDeviceCategory
LEEF field name: SourceDeviceCategory
|
|
source_device_class
(SOURCE DEVICE CLASS)
|
Source device class.
CEF field name: PanOSSourceDeviceClass
EMAIL field name: SourceDeviceClass
HTTPS field name: SourceDeviceClass
LEEF field name: SourceDeviceClass
|
|
source_device_host
(SOURCE DEVICE HOST)
|
Hostname of the device from which the session originated.
Syslog field name: Syslog Field Order
CEF field name: PanOSSourceDeviceHost
EMAIL field name: SourceDeviceHost
HTTPS field name: SourceDeviceHost
LEEF field name: SourceDeviceHost
|
|
source_device_mac
(SOURCE DEVICE MAC)
|
MAC Address of the device from which the session originated.
Syslog field name: Syslog Field Order
CEF field name: PanOSSourceDeviceMac
EMAIL field name: SourceDeviceMac
HTTPS field name: SourceDeviceMac
LEEF field name: SourceDeviceMac
|
|
source_device_model
(SOURCE DEVICE MODEL)
|
Model of the device from which the session originated.
Syslog field name: Syslog Field Order
CEF field name: PanOSSourceDeviceModel
EMAIL field name: SourceDeviceModel
HTTPS field name: SourceDeviceModel
LEEF field name: SourceDeviceModel
|
|
source_device_os
(SOURCE DEVICE OS)
|
Source device OS type.
CEF field name: PanOSSourceDeviceOS
EMAIL field name: SourceDeviceOS
HTTPS field name: SourceDeviceOS
LEEF field name: SourceDeviceOS
|
|
source_device_osfamily
(SOURCE DEVICE OS FAMILY)
|
OS family of the device from which the session originated.
Syslog field name: Syslog Field Order
CEF field name: PanOSSourceDeviceOSFamily
EMAIL field name: SourceDeviceOSFamily
HTTPS field name: SourceDeviceOSFamily
LEEF field name: SourceDeviceOSFamily
|
|
source_device_osversion
(SOURCE DEVICE OS VERSION)
|
OS version of the device from which the session originated.
Syslog field name: Syslog Field Order
CEF field name: PanOSSourceDeviceOSVersion
EMAIL field name: SourceDeviceOSVersion
HTTPS field name: SourceDeviceOSVersion
LEEF field name: SourceDeviceOSVersion
|
|
source_device_profile
(SOURCE DEVICE PROFILE)
|
Profile of the device from which the session originated.
Syslog field name: Syslog Field Order
CEF field name: PanOSSourceDeviceProfile
EMAIL field name: SourceDeviceProfile
HTTPS field name: SourceDeviceProfile
LEEF field name: SourceDeviceProfile
|
|
source_device_vendor
(SOURCE DEVICE VENDOR)
|
Vendor of the device from which the session originated.
Syslog field name: Syslog Field Order
CEF field name: PanOSSourceDeviceVendor
EMAIL field name: SourceDeviceVendor
HTTPS field name: SourceDeviceVendor
LEEF field name: SourceDeviceVendor
|
|
source_dynamic_address_group
(SOURCE DYNAMIC ADDRESS GROUP)
|
The dynamic address group that Device-ID identifies as the source of the traffic.
Syslog field name: Syslog Field Order
CEF field name: PanOSSourceDynamicAddressGroup
EMAIL field name: SourceDynamicAddressGroup
HTTPS field name: SourceDynamicAddressGroup
LEEF field name: SourceDynamicAddressGroup
|
|
source_edl
(SOURCE EDL)
|
The name of the external dynamic list that contains the source IP address of the traffic.
Syslog field name: Syslog Field Order
CEF field name: PanOSSourceEDL
EMAIL field name: SourceEDL
HTTPS field name: SourceEDL
LEEF field name: SourceEDL
|
|
source_ip.value
(SOURCE ADDRESS)
|
Original source IP address.
Syslog field name: Syslog Field Order
EMAIL field name: SourceAddress
HTTPS field name: SourceAddress
LEEF field name: src
|
|
source_location
(SOURCE LOCATION)
|
Source country or internal region for private addresses.
CEF field name: PanOSSourceLocation
EMAIL field name: SourceLocation
HTTPS field name: SourceLocation
LEEF field name: SourceLocation
|
|
source_port
(SOURCE PORT)
|
Source port utilized by the session.
Syslog field name: Syslog Field Order
CEF field name: spt
EMAIL field name: SourcePort
HTTPS field name: SourcePort
LEEF field name: srcPort
|
|
source_user
(SOURCE USER)
|
The username that initiated the network traffic.
Syslog field name: Syslog Field Order
CEF field name: suser
EMAIL field name: SourceUser
HTTPS field name: SourceUser
LEEF field name: usrName
|
|
source_user_info.domain
(SOURCE USER DOMAIN)
|
Domain to which the Source User belongs.
CEF field name: sntdom
EMAIL field name: SourceUserDomain
HTTPS field name: SourceUserDomain
LEEF field name: SourceUserDomain
|
|
source_user_info.name
(SOURCE USER NAME)
|
The Source User. That is, the username that initiated the network traffic.
CEF field name: susername
EMAIL field name: SourceUserName
HTTPS field name: SourceUserName
LEEF field name: SourceUserName
|
|
source_user_info.uuid
(SOURCE USER UUID)
|
Unique identifier assigned to the Source User.
CEF field name: suid
EMAIL field name: SourceUserUUID
HTTPS field name: SourceUserUUID
LEEF field name: SourceUserUUID
|
|
source_uuid
(SOURCE UUID)
|
Identifies the source universal unique identifier for a guest virtual machine in the VMware NSX environment.
Syslog field name: Syslog Field Order
CEF field name: PanOSSourceUUID
EMAIL field name: SourceUUID
HTTPS field name: SourceUUID
LEEF field name: SourceUUID
|
|
sub_type.value
(SUB TYPE)
|
Identifies the log subtype.
Syslog field name: Syslog Field Order
CEF field name: Name
EMAIL field name: Subtype
HTTPS field name: Subtype
LEEF field name: SubType
|
|
technology_of_app
(APPLICATION TECHNOLOGY)
|
The networking technology used by the identified application.
CEF field name: PanOSApplicationTechnology
EMAIL field name: ApplicationTechnology
HTTPS field name: ApplicationTechnology
LEEF field name: ApplicationTechnology
|
|
time_generated
(TIME GENERATED)
|
Time when the log was generated on the firewall's data plane. This string contains a
timestamp value that is the number of microseconds since the Unix epoch.
Syslog field name: Syslog Field Order
CEF field name: start
EMAIL field name: TimeGenerated
HTTPS field name: TimeGenerated
LEEF field name: devTime
|
|
time_generated_high_res
(TIME GENERATED HIGH RESOLUTION)
|
Time the log was generated in data plane with millisec granularity in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
Syslog field name: Syslog Field Order
CEF field name: PanOSTimeGeneratedHighResolution
EMAIL field name: TimeGeneratedHighResolution
HTTPS field name: TimeGeneratedHighResolution
LEEF field name: TimeGeneratedHighResolution
|
|
time_received_mp
(TIME RECEIVED MANAGEMENT PLANE)
|
Time the log was received in the management plane in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
Syslog field name: Syslog Field Order
CEF field name: PanOSTimeReceivedManagementPlane
EMAIL field name: TimeReceivedManagementPlane
HTTPS field name: TimeReceivedManagementPlane
LEEF field name: TimeReceivedManagementPlane
|
|
tls_auth.value
(TLS AUTH)
|
TLS hash algorithm.
Syslog field name: Syslog Field Order
CEF field name: PanOSTLSAuth
EMAIL field name: TLSAuth
HTTPS field name: TLSAuth
LEEF field name: TLSAuth
|
|
tls_enc_algorithm.value
(TLS ENCRYPTION ALGORITHM)
|
The algorithm used to encrypt the session data, such as AES-128-CBC, AES-256-GCM, and so forth.
Syslog field name: Syslog Field Order
CEF field name: PanOSTLSEncryptionAlgorithm
EMAIL field name: TLSEncryptionAlgorithm
HTTPS field name: TLSEncryptionAlgorithm
LEEF field name: TLSEncryptionAlgorithm
|
|
tls_keyxchange.value
(TLS KEY EXCHANGE)
|
Algorithm used to perform the key exchange. Possible values are:
Syslog field name: Syslog Field Order
CEF field name: PanOSTLSKeyExchange
EMAIL field name: TLSKeyExchange
HTTPS field name: TLSKeyExchange
LEEF field name: TLSKeyExchange
|
|
tls_version.value
(TLS VERSION)
|
Version of TLS used for the encrypted session represented as major.minor.patch.build.
Syslog field name: Syslog Field Order
CEF field name: PanOSTLSVersion
EMAIL field name: TLSVersion
HTTPS field name: TLSVersion
LEEF field name: TLSVersion
|
|
to_zone
(TO ZONE)
|
Networking zone to which the traffic was sent.
Syslog field name: Syslog Field Order
CEF field name: cs5
EMAIL field name: ToZone
HTTPS field name: ToZone
LEEF field name: ToZone
|
|
tpadding
(TPADDING)
|
For internal use only.
CEF field name: PanOSTpadding
EMAIL field name: Tpadding
HTTPS field name: Tpadding
LEEF field name: Tpadding
|
|
tunnel.value
(TUNNEL)
|
Type of tunnel.
Syslog field name: Syslog Field Order
CEF field name: PanOSTunnel
EMAIL field name: Tunnel
HTTPS field name: Tunnel
LEEF field name: Tunnel
|
|
tunneled_app
(TUNNELED APPLICATION)
|
For internal use only.
CEF field name: PanOSTunneledApplication
EMAIL field name: TunneledApplication
HTTPS field name: TunneledApplication
LEEF field name: TunneledApplication
|
|
vendor_name
(VENDOR NAME)
|
Identifies the vendor that produced the data.
CEF field name: Device Vendor
EMAIL field name: VendorName
HTTPS field name: VendorName
LEEF field name: Vendor
|
|
vpadding
(VPADDING)
|
For internal use only.
CEF field name: PanOSVpadding
EMAIL field name: Vpadding
HTTPS field name: Vpadding
LEEF field name: Vpadding
|
|
vsys
(VIRTUAL LOCATION)
|
String representation of the unique identifier for a virtual system on a Palo Alto Networks firewall.
Syslog field name: Syslog Field Order
CEF field name: cs3
EMAIL field name: VirtualLocation
HTTPS field name: VirtualLocation
LEEF field name: VirtualLocation
|
|
vsys_id
(VIRTUAL SYSTEM ID)
|
A unique identifier for a virtual system on a Palo Alto Networks firewall.
CEF field name: PanOSVirtualSystemID
EMAIL field name: VirtualSystemID
HTTPS field name: VirtualSystemID
LEEF field name: VirtualSystemID
|
|
vsys_name
(VIRTUAL SYSTEM NAME)
|
The name of the virtual system associated with the network traffic.
CEF field name: PanOSVirtualSystemName
EMAIL field name: VirtualSystemName
HTTPS field name: VirtualSystemName
LEEF field name: VirtualSystemName
|