Parsers and Generated Fields

Tag Fields Created by Parser paloalto-ngfw
  • #Cps.version

  • #Vendor

  • #ecs.version

  • #event.dataset

  • #event.kind

  • #event.module

  • #event.outcome

  • #observer.type

Fields Identified by Parser paloalto-ngfw
Source FieldCPS Field
Vendor.FUTUREUSE2Vendor.ConfigVersion
Vendor.BytesReceiveddestination.bytes
Vendor.DestinationCountrydestination.geo.country_name
Vendor.DestinationAddressdestination.ip
Vendor.DestinationDeviceMacdestination.mac
Vendor.NATDestinationdestination.nat.ip
Vendor.NATDestinationPortdestination.nat.port
Vendor.PacketsReceiveddestination.packets
Vendor.DestinationPortdestination.port
Vendor.DestinationPort;destination.port
Vendor.Recipientdestination.user.email
Vendor.DestinationUser;destination.user.name
Vendor.Descriptionevent.action
Vendor.ReceiveTimeevent.created
Vendor.ElapsedTimeevent.duration
Vendor.SessionDurationevent.duration
Vendor.Statusevent.outcome
Vendor.Reasonevent.reason
Vendor.StartTimeevent.start
Vendor.FileTypefile.type
Vendor.HostIDhost.id
Vendor.DeviceMacAddresshost.mac[0]
Vendor.MachineNamehost.name
Vendor.SourceDeviceOShost.os.family
Vendor.OperatingSystem;host.os.full
Vendor.SourceDeviceOSVersionhost.os.full
Vendor.HTTPMethodhttp.request.method
Vendor.Severitylog.level
Vendor.Applicationnetwork.application
Vendor.Bytesnetwork.bytes
Vendor.XForwardedFornetwork.forwarded_ip
Vendor.Packetsnetwork.packets
Vendor.IpProtocolnetwork.transport
Vendor.Protocolnetwork.transport
Vendor.ConfigurationPathprocess.command_line
Vendor.Categoryrule.category
Vendor.Categoryrule.category
Vendor.TunnelInspectionRulerule.name
Vendor.RuleUUIDrule.uuid
Vendor.BytesSentsource.bytes
Vendor.SourceCountry;source.geo.country_name
Vendor.Hostsource.ip
Vendor.IPV6PrivateAddress;source.ip
Vendor.IPv6SystemAddress;source.ip
Vendor.PrivateAddress;source.ip
Vendor.SourceAddresssource.ip
Vendor.SourceAddress;source.ip
Vendor.SourceDeviceMacsource.mac
Vendor.IPV6PublicAddress;source.nat.ip
Vendor.NATSourcesource.nat.ip
Vendor.PublicAddress;source.nat.ip
Vendor.NATSourcePortsource.nat.port
Vendor.PacketsSentsource.packets
Vendor.SourcePortsource.port
Vendor.Sendersource.user.email
Vendor.NormalizeUser;source.user.name
Vendor.SourceUser;source.user.name
Vendor.Usersource.user.name
Vendor.UserBySourcesource.user.name
Vendor.EncryptionAlgorithmtls.cipher
Vendor.CertificateEndDatetls.client.not_after
Vendor.CertificateStartDatetls.client.not_before
Vendor.ServerNameIndicationtls.client.server_name
Vendor.IssuerCommonName;tls.client.x509.issuer.common_name[0]
Vendor.CertificateSizetls.client.x509.public_key_size
Vendor.ChainStatustls.client.x509.serial_number
Vendor.SubjectCommonName;tls.client.x509.subject.common_name[0]
Vendor.CertificateVersiontls.client.x509.version_number
Vendor.EllipticCurvetls.curve
Vendor.URLFilenameurl.original
top_ldurl.top_level_domain