Parsers and Generated Fields
Tag Fields Created by Parser paloalto-ngfw
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser paloalto-ngfw
| Source Field | LogScale Repository Field |
|---|---|
| Vendor.CertificateEndDate | after |
| Vendor.CertificateStartDate | before |
| Vendor.BytesReceived | destination.bytes |
| Vendor.DestinationAddress | destination.ip |
| Vendor.DestinationDeviceMac | destination.mac |
| Vendor.NATDestination | destination.nat.ip |
| Vendor.NATDestinationPort | destination.nat.port |
| Vendor.PacketsReceived | destination.packets |
| Vendor.DestinationPort | destination.port |
| Vendor.Recipient | destination.user.email |
| Vendor.DestinationUser | destination.user.name |
| Vendor.Description | event.action |
| Vendor.ReceiveTime | event.created |
| Vendor.ElapsedTime | event.duration |
| Vendor.SessionDuration | event.duration |
| Vendor.Status | event.outcome |
| Vendor.Reason | event.reason |
| Vendor.StartTime | event.start |
| Vendor.FileType | file.type |
| Vendor.HostID | host.id |
| Vendor.DeviceMacAddress | host.mac[0] |
| Vendor.MachineName | host.name |
| Vendor.SourceDeviceOS | host.os.family |
| Vendor.OperatingSystem | host.os.full |
| Vendor.SourceDeviceOSVersion | host.os.full |
| Vendor.HTTPMethod | http.request.method |
| Vendor.XForwardedFor | ip |
| Vendor.Severity | log.level |
| Vendor.IssuerCommonName | name |
| Vendor.ServerNameIndication | name |
| Vendor.SubjectCommonName | name |
| Vendor.Application | network.application |
| Vendor.Bytes | network.bytes |
| Vendor.Packets | network.packets |
| Vendor.IpProtocol | network.transport |
| Vendor.Protocol | network.transport |
| Vendor.CertificateVersion | number |
| Vendor.ChainStatus | number |
| Vendor.TunnelInspectionRule | rule.name |
| Vendor.RuleUUID | rule.uuid |
| Vendor.CertificateSize | size |
| Vendor.BytesSent | source.bytes |
| Vendor.IPV6PrivateAddress | source.ip |
| Vendor.IPv6SystemAddress | source.ip |
| Vendor.PrivateAddress | source.ip |
| Vendor.SourceAddress | source.ip |
| Vendor.SourceDeviceMac | source.mac |
| Vendor.IPV6PublicAddress | source.nat.ip |
| Vendor.NATSource | source.nat.ip |
| Vendor.PublicAddress | source.nat.ip |
| Vendor.NATSourcePort | source.nat.port |
| Vendor.PacketsSent | source.packets |
| Vendor.SourcePort | source.port |
| Vendor.Sender | source.user.email |
| Vendor.NormalizeUser | source.user.name |
| Vendor.SourceUser | source.user.name |
| Vendor.User | source.user.name |
| Vendor.UserBySource | source.user.name |
| Vendor.EncryptionAlgorithm | tls.cipher |
| Vendor.EllipticCurve | tls.curve |