URL EMAIL Fields

Table of Contents

URL EMAIL Fields

Example URL log in EMAIL:

TimeReceived=2021-02-22T04:52:19.000000Z
DeviceSN=xxxxxxxxxxxxx
LogType=THREAT
Subtype=url
ConfigVersion=10.0
TimeGenerated=2021-02-22T04:51:55.000000Z
SourceAddress=xxx.xx.x.xx
DestinationAddress=xxx.xx.x.xx
NATSource=xxx.xx.x.xx
NATDestination=
Rule=deny-time-wasters
SourceUser="xxxxx\xxxxx o\"'\"test"
DestinationUser="paloaltonetwork\xxxxx"
Application=rhapsody
VirtualLocation=vsys1
FromZone=ethernet4Zone-test2
ToZone=untrust
InboundInterface=unknown
OutboundInterface=ethernet1/3
LogSetting=rs-logging
SessionID=837029
RepeatCount=1
SourcePort=21038
DestinationPort=24789
NATSourcePort=27050
NATDestinationPort=432
Protocol=tcp
Action=reset-client
URL=? 
URLCategory=travel
VendorSeverity=Informational
DirectionOfAttack=server to client
SequenceNo=2638701702
SourceLocation=US
DestinationLocation=dallas
ContentType=application/foo
PacketID=0
URLCounter=1
UserAgent=
X-Forwarded-For=
Referer=
DGHierarchyLevel1=11
DGHierarchyLevel2=0
DGHierarchyLevel3=0
DGHierarchyLevel4=0
VirtualSystemName=
DeviceName=xxxxx
SourceUUID=
DestinationUUID=
HTTPMethod=post
IMSI=36
IMEI=xxxxx
ParentSessionID=6142
ParentStarttime=2021-02-22T04:51:49.000000Z
Tunnel=VXLAN
InlineMLVerdict=overflow
ContentVersion=50222
SigFlags=2
HTTPHeaders=
URLCategoryList=travel,11008,47022
RuleUUID=2fb8efd4-2f01-421d-a113-097992777432
HTTP2Connection=837029
DynamicUserGroupName=
X-Forwarded-ForIP=
SourceDeviceCategory=A-Phone
SourceDeviceProfile=a-profile
SourceDeviceModel=720P/60
SourceDeviceVendor=Samsung
SourceDeviceOSFamily=M4500
SourceDeviceOSVersion=Android v8
SourceDeviceHost=pan-123
SourceDeviceMac=264989591511
DestinationDeviceCategory=A-Phone
DestinationDeviceProfile=a-profile
DestinationDeviceModel=iPhone
DestinationDeviceVendor=Apple
DestinationDeviceOSFamily=9
DestinationDeviceOSVersion=iOS 9
DestinationDeviceHost=pan-233
DestinationDeviceMac=743514319696
ContainerID=1873cc5c-0d31
ContainerNameSpace=pns_default
ContainerName=pan-dp-77754f4
SourceEDL=
DestinationEDL=
HostID=1010101010
EndpointSerialNumber=xxxxxxxxxxxxxx
SourceDynamicAddressGroup=
DestinationDynamicAddressGroup=
TimeGeneratedHighResolution=2021-02-22T04:51:55.231000Z
NSSAINetworkSliceType=38

The following table identifies the URL field names that the Log Forwarding app uses when you forward logs using the EMAIL log format.

EMAIL Name	Query Name
Action	action.value
Application	app
ApplicationCategory	app_category
ApplicationSubcategory	app_sub_category
CloudHostname	cloud_hostname
CloudReportID	cloud_reportid
ConfigVersion	config_version.value
ContainerID	container_id
ApplicationContainer	container_of_app
ContentType	content_type
ContentVersion	content_version
RepeatCount	count_of_repeats
CortexDataLakeTenantID	customer_id
DestinationDeviceCategory	dest_device_category
DestinationDeviceClass	dest_device_class
DestinationDeviceHost	dest_device_host
DestinationDeviceMac	dest_device_mac
DestinationDeviceModel	dest_device_model
DestinationDeviceOS	dest_device_os
DestinationDeviceOSFamily	dest_device_osfamily
DestinationDeviceOSVersion	dest_device_osversion
DestinationDeviceProfile	dest_device_profile
DestinationDeviceVendor	dest_device_vendor
DestinationDynamicAddressGroup	dest_dynamic_address_group
DestinationEDL	dest_edl
DestinationAddress	dest_ip.value
DestinationLocation	dest_location
DestinationPort	dest_port
DestinationUser	dest_user
DestinationUserDomain	dest_user_info.domain
DestinationUserName	dest_user_info.name
DestinationUserUUID	dest_user_info.uuid
DestinationUUID	dest_uuid
DGHierarchyLevel1	dg_hier_level_1
DGHierarchyLevel2	dg_hier_level_2
DGHierarchyLevel3	dg_hier_level_3
DGHierarchyLevel4	dg_hier_level_4
DirectionOfAttack	direction_of_attack.value
DynamicUserGroupName	dynusergroup_name
EndpointSerialNumber	endpoint_serial_number
FileURL	file_url
FlowType	flow_type.value
FromZone	from_zone
HostID	gp_host_id
HTTP2Connection	http2_connection
HTTPHeaders	http_headers
HTTPMethod	http_method.value
InboundInterface	inbound_if.value
InboundInterfaceDetailsPort	inbound_if_details.port
InboundInterfaceDetailsSlot	inbound_if_details.slot
InboundInterfaceDetailsType	inbound_if_details.type.value
InboundInterfaceDetailsUnit	inbound_if_details.unit
InlineMLVerdict	inline_ml_verdict.value
CaptivePortal	is_captive_portal
IsClienttoServer	is_client_to_server
IsContainer	is_container
IsDecryptMirror	is_decrypt_mirror
IsDecrypted	is_decrypted
IsDuplicateLog	is_dup_log
IsEncrypted	is_encrypted
LogExported	is_exported
LogForwarded	is_forwarded
IsIPV6	is_ipv6
IsMptcpOn	is_mptcp_on
NAT	is_nat
IsNonStandardDestinationPort	is_non_std_dest_port
IsPacketCapture	is_packet_capture
IsPhishing	is_phishing
IsPrismaNetwork	is_prisma_branch
IsPrismaUsers	is_prisma_mobile
IsProxy	is_proxy
IsReconExcluded	is_recon_excluded
IsSaaSApplication	is_saas_app
IsServertoClient	is_server_to_client
IsSourceXForwarded	is_source_x_fwded
IsSystemReturn	is_sym_return
IsTransaction	is_transaction
IsTunnelInspected	is_tunnel_inspected
IsURLDenied	is_url_denied
K8SClusterID	k8s_cluster_id
Location	location
LogSetting	log_set
LogSource	log_source
LogSourceGroupID	log_source_group_id
DeviceSN	log_source_id
DeviceName	log_source_name
LogSourceTimeZoneOffset	log_source_tz_offset
TimeReceived	log_time
LogType	log_type.value
IMEI	monitor_tag_imei
NATDestination	nat_dest.value
NATDestinationPort	nat_dest_port
NATSource	nat_source.value
NATSourcePort	nat_source_port
NonStandardDestinationPort	non_standard_dest_port
NSSAINetworkSliceType	nssai_network_slice_type.value
OutboundInterface	outbound_if.value
OutboundInterfaceDetailsPort	outbound_if_details.port
OutboundInterfaceDetailsSlot	outbound_if_details.slot
OutboundInterfaceDetailsType	outbound_if_details.type.value
OutboundInterfaceDetailsUnit	outbound_if_details.unit
PanoramaSN	panorama_serial
ParentSessionID	parent_session_id
ParentStarttime	parent_start_time
Packet	pcap
PacketID	pcap_id
PlatformType	platform_type
ContainerName	pod_name
ContainerNameSpace	pod_namespace
Protocol	protocol.value
Referer	referer
HTTPRefererFQDN	referer_fqdn
HTTPRefererPort	referer_port
HTTPRefererProtocol	referer_protocol.value
HTTPRefererURLPath	referer_url_path
ApplicationRisk	risk_of_app
Rule	rule_matched
RuleUUID	rule_matched_uuid
SanctionedStateOfApp	sanctioned_state_of_app
SequenceNo	sequence_no
SessionID	session_id
Severity	severity
SigFlags	sig_flags
SourceDeviceCategory	source_device_category
SourceDeviceClass	source_device_class
SourceDeviceHost	source_device_host
SourceDeviceMac	source_device_mac
SourceDeviceModel	source_device_model
SourceDeviceOS	source_device_os
SourceDeviceOSFamily	source_device_osfamily
SourceDeviceOSVersion	source_device_osversion
SourceDeviceProfile	source_device_profile
SourceDeviceVendor	source_device_vendor
SourceDynamicAddressGroup	source_dynamic_address_group
SourceEDL	source_edl
SourceAddress	source_ip.value
SourceLocation	source_location
SourcePort	source_port
SourceUser	source_user
SourceUserDomain	source_user_info.domain
SourceUserName	source_user_info.name
SourceUserUUID	source_user_info.uuid
SourceUUID	source_uuid
Subtype	sub_type.value
ApplicationTechnology	technology_of_app
TimeGenerated	time_generated
TimeGeneratedHighResolution	time_generated_high_res
ToZone	to_zone
Tunnel	tunnel.value
TunneledApplication	tunneled_app
IMSI	tunnelid_imsi
URL	uri
URLCategory	url_category.value
URLCategoryList	url_category_list
URLDomain	url_domain
URLCounter	url_idx
UserAgent	user_agent
Users	users
VendorName	vendor_name
VendorSeverity	vendor_severity.value
VirtualLocation	vsys
VirtualSystemID	vsys_id
VirtualSystemName	vsys_name
X-Forwarded-For	xff
X-Forwarded-ForIP	xff_ip.value

URL CEF Fields

URL HTTPS Fields

Strata Logging Service Docs

URL EMAIL Fields

Strata Logging Service Docs

URL EMAIL Fields

Activation & Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner