Parsers and Generated Fields
Tag Fields Created by Parser paloalto-ngfw
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser paloalto-ngfw
| Vendor Field | CPS Field | Description |
|---|---|---|
| Vendor.FUTUREUSE2 | Vendor.ConfigVersion | |
| Vendor.BytesReceived | destination.bytes | |
| Vendor.DestinationCountry | destination.geo.country_name | |
| Vendor.DestinationAddress | destination.ip | |
| Vendor.DestinationDeviceMac | destination.mac | |
| Vendor.NATDestination | destination.nat.ip | |
| Vendor.NATDestinationPort | destination.nat.port | |
| Vendor.PacketsReceived | destination.packets | |
| Vendor.DestinationPort | destination.port | |
| Vendor.Recipient | destination.user.email | |
| Vendor.Description | event.action | |
| Vendor.ReceiveTime | event.created | |
| Vendor.ElapsedTime | event.duration | |
| Vendor.SessionDuration | event.duration | |
| Vendor.Status | event.outcome | |
| Vendor.Reason | event.reason | |
| Vendor.StartTime | event.start | |
| Vendor.FileType | file.type | |
| Vendor.HostID | host.id | |
| Vendor.DeviceMacAddress | host.mac[0] | |
| Vendor.MachineName | host.name | |
| Vendor.SourceDeviceOS | host.os.family | |
| Vendor.SourceDeviceOSVersion | host.os.full | |
| Vendor.HTTPMethod | http.request.method | |
| Vendor.Severity | log.level | |
| Vendor.Application | network.application | |
| Vendor.Bytes | network.bytes | |
| Vendor.XForwardedFor | network.forwarded_ip | |
| Vendor.Packets | network.packets | |
| Vendor.IpProtocol | network.transport | |
| Vendor.Protocol | network.transport | |
| Vendor.ConfigurationPath | process.command_line | |
| Vendor.Category | rule.category | |
| Vendor.Category | rule.category | |
| Vendor.TunnelInspectionRule | rule.name | |
| Vendor.RuleUUID | rule.uuid | |
| Vendor.BytesSent | source.bytes | |
| Vendor.Host | source.ip | |
| Vendor.SourceAddress | source.ip | |
| Vendor.SourceDeviceMac | source.mac | |
| Vendor.NATSource | source.nat.ip | |
| Vendor.NATSourcePort | source.nat.port | |
| Vendor.PacketsSent | source.packets | |
| Vendor.SourcePort | source.port | |
| Vendor.Sender | source.user.email | |
| Vendor.User | source.user.name | |
| Vendor.UserBySource | source.user.name | |
| Vendor.EncryptionAlgorithm | tls.cipher | |
| Vendor.CertificateEndDate | tls.client.not_after | |
| Vendor.CertificateStartDate | tls.client.not_before | |
| Vendor.ServerNameIndication | tls.client.server_name | |
| Vendor.CertificateSize | tls.client.x509.public_key_size | |
| Vendor.ChainStatus | tls.client.x509.serial_number | |
| Vendor.CertificateVersion | tls.client.x509.version_number | |
| Vendor.EllipticCurve | tls.curve | |
| Vendor.URLFilename | url.original | |
| top_ld | url.top_level_domain | |
| Vendor.Admin | user.name | |
| Vendor.UserAgent | user_agent.original |