Parsers and Generated Fields
Tag Fields Created by Parser paloalto-ngfw
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser paloalto-ngfw
Source Field | LogScale Repository Field |
---|---|
Vendor.CertificateEndDate | after |
Vendor.CertificateStartDate | before |
Vendor.BytesReceived | destination.bytes |
Vendor.DestinationAddress | destination.ip |
Vendor.DestinationDeviceMac | destination.mac |
Vendor.NATDestination | destination.nat.ip |
Vendor.NATDestinationPort | destination.nat.port |
Vendor.PacketsReceived | destination.packets |
Vendor.DestinationPort | destination.port |
Vendor.Recipient | destination.user.email |
Vendor.DestinationUser | destination.user.name |
Vendor.Description | event.action |
Vendor.ReceiveTime | event.created |
Vendor.ElapsedTime | event.duration |
Vendor.SessionDuration | event.duration |
Vendor.Status | event.outcome |
Vendor.Reason | event.reason |
Vendor.StartTime | event.start |
Vendor.FileType | file.type |
Vendor.HostID | host.id |
Vendor.DeviceMacAddress | host.mac[0] |
Vendor.MachineName | host.name |
Vendor.SourceDeviceOS | host.os.family |
Vendor.OperatingSystem | host.os.full |
Vendor.SourceDeviceOSVersion | host.os.full |
Vendor.HTTPMethod | http.request.method |
Vendor.XForwardedFor | ip |
Vendor.Severity | log.level |
Vendor.IssuerCommonName | name |
Vendor.ServerNameIndication | name |
Vendor.SubjectCommonName | name |
Vendor.Application | network.application |
Vendor.Bytes | network.bytes |
Vendor.Packets | network.packets |
Vendor.IpProtocol | network.transport |
Vendor.Protocol | network.transport |
Vendor.CertificateVersion | number |
Vendor.ChainStatus | number |
Vendor.TunnelInspectionRule | rule.name |
Vendor.RuleUUID | rule.uuid |
Vendor.CertificateSize | size |
Vendor.BytesSent | source.bytes |
Vendor.IPV6PrivateAddress | source.ip |
Vendor.IPv6SystemAddress | source.ip |
Vendor.PrivateAddress | source.ip |
Vendor.SourceAddress | source.ip |
Vendor.SourceDeviceMac | source.mac |
Vendor.IPV6PublicAddress | source.nat.ip |
Vendor.NATSource | source.nat.ip |
Vendor.PublicAddress | source.nat.ip |
Vendor.NATSourcePort | source.nat.port |
Vendor.PacketsSent | source.packets |
Vendor.SourcePort | source.port |
Vendor.Sender | source.user.email |
Vendor.NormalizeUser | source.user.name |
Vendor.SourceUser | source.user.name |
Vendor.User | source.user.name |
Vendor.UserBySource | source.user.name |
Vendor.EncryptionAlgorithm | tls.cipher |
Vendor.EllipticCurve | tls.curve |