Parsers and Generated Fields
Tag Fields Created by Parser paloalto-prisma-sdwan
#Cps.version
#Vendor
#ecs.version
#event.dataset
#event.kind
#event.module
#event.outcome
#observer.type
Fields Identified by Parser paloalto-prisma-sdwan
| Source Field | CPS Field |
|---|---|
| Vendor.CLOUDGENIX_HOST | destination.address |
| Vendor.REMOTE_HOSTNAME | destination.address |
| observer.name | destination.address |
| Vendor.BYTES_SENT | destination.bytes |
| Vendor.bytes_recvd | destination.bytes |
| Vendor.DST_IP | destination.ip |
| Vendor.REMOTE_IP | destination.ip |
| Vendor.dst_ip | destination.ip |
| Vendor.PKTS_SENT | destination.packets |
| Vendor.DST_PORT | destination.port |
| Vendor.dst_port | destination.port |
| Vendor.MSG | event.action |
| Vendor.DEVICE_TIME | event.created |
| Vendor.IDENTIFIER | event.id |
| Vendor.REASON | event.reason |
| Vendor.SEVERITY | event.severity |
| Vendor.Severity | event.severity |
| Vendor.CLOUDGENIX_HOST | host.name |
| Vendor.FACILITY | log.syslog.facility.name |
| Vendor.SEVERITY | log.syslog.severity.name |
| source.bytes | network.bytes |
| source.packets | network.packets |
| Vendor.PROTOCOL_NAME | network.protocol |
| Vendor.protocol_name | network.transport |
| Vendor.CLOUDGENIX_HOST; | observer.address |
| Vendor.ION_HOS; | observer.address |
| Vendor.DeviceName | observer.name |
| server.name | observer.name |
| Vendor.ProcessID | process.id |
| Vendor.PROCESS_NAME | process.name |
| Vendor.app_name; | process.name |
| Vendor.ION_HOST | server.name |
| observer.name | server.name |
| Vendor.NAME | source.address |
| Vendor.BYTES_RECVD | source.bytes |
| Vendor.bytes_sent | source.bytes |
| Vendor.SRC_IP | source.ip |
| Vendor.src_ip | source.ip |
| Vendor.PKTS_RECVD | source.packets |
| Vendor.pkts_sent | source.packets |
| Vendor.SRC_PORT | source.port |
| Vendor.src_port | source.port |
| Vendor.USER | user.name |
| Vendor.user | user.name |