Views:
Important
Important
This data source query method is no longer available after February 2, 2026. For more information on the currently available data sources for use in XDR Data Explorer queries, go to https://trendmicro.github.io/tm-v1-schema/pages/index.
Field Name
Type
General Field
Description
Example
Products
act
-
-
The action
  • Allow
  • Block
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
app
-
-
The network protocol
HTTP
  • Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
application
-
-
The name of the requested application
  • Facebook
  • wiki
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
cnt
-
-
The total number of logs
  • 1
  • 2
  • 3
Palo Alto Networks Next-Generation Firewalls
dOSName
-
-
The destination operating system (OS)
Windows
Palo Alto Networks Next-Generation Firewalls
dUser1
-
UserAccount
The latest sign-in user of the destination
  • dhr\m42svc
  • altsvc
Palo Alto Networks Next-Generation Firewalls
dhost
-
DomainName
The destination hostname
  • sw_us-east-1c_10-124-21-139
  • 8.243.49.4
Palo Alto Networks Next-Generation Firewalls
dmac
-
-
The destination media access control (MAC) address
a8:d0:e5:5c:cb:c5
Palo Alto Networks Next-Generation Firewalls
dpt
-
Port
The service destination port of the private application server (dstport)
443
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
dst
-
  • IPv4
  • IPv6
The destination internet protocol (IP) (dstaddr)
  • 10.10.10.10
  • 10.206.209.64
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
dstLocation
-
-
The destination country
Japan
Palo Alto Networks Next-Generation Firewalls
dstZone
-
-
The destination zone of the Palo Alto Networks Next-Generation Firewalls session
LAB-Small
Palo Alto Networks Next-Generation Firewalls
dvchost
-
-
The network device hostname
  • my-company-xns
  • my-ddi
  • Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
eventId
-
-
The event ID
  • 200139
  • 200140
  • Virtual Network Sensor
  • Deep Discovery Inspector
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
eventName
-
-
The log type
  • SWG_ACTIVITY_LOG
  • FIREWALL_ACTIVITY_LOG
  • VPC_ACTIVITY_LOG
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
eventSubName
-
-
The Zero Trust Secure Access - Internet Access cloud app action or the Palo Alto Networks Next-Generation Firewalls log sub-type
  • OneDrive download file
  • start
  • end
  • drop
  • deny
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Palo Alto Networks Next-Generation Firewalls
eventTime
-
-
The time the agent or product detected the event
1657135700000
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
filterRiskLevel
-
-
The top level filter risk of the event
  • info
  • low
  • medium
Security Analytics Engine
flowId
-
-
The network analysis flow ID
6837014561409730558
  • Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
httpXForwardedFor
-
-
The hypertext transfer protocol (HTTP) X-Forwarded-For header
192.168.1.103, 192.168.1.104, 192.168.1.106
  • Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
pname
-
-
The product name
  • Secure Web Gateway
  • XDR for Cloud - AWS VPC Flow Logs
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
policyName
-
-
The name of the triggered policy
  • lab-to-dns
  • small-lab-http-out
Palo Alto Networks Next-Generation Firewalls
policyTreePath
-
-
The policy tree path (endpoint only)
policyname1/policyname2/policyname3
Security Analytics Engine
policyUuid
-
-
The policy universally unique identifier (UUID)
afef0518-abd7-43e1-9b73-2f55c4c95a8e
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
productCode
-
-
The product which sent the log
  • sig
  • szn
  • Security Analytics Engine
  • Palo Alto Networks Next-Generation Firewalls
pver
-
-
The product version
1
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Palo Alto Networks Next-Generation Firewalls
reqDataSize
-
-
The data volume transmitted over the transport layer by the client (in bytes)
15688
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
respDataSize
-
-
The data volume transmitted over the transport layer by the server (in bytes)
7856
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
sOSName
-
-
The source OS
Windows 10
Palo Alto Networks Next-Generation Firewalls
sUser1
-
UserAccount
The latest sign-in user of the source
  • 000c29edef58
  • corpdmz.com\ser-desktopcentral
Palo Alto Networks Next-Generation Firewalls
sessionEndReason
-
-
The reason why a session was terminated
  • tcp-fin
  • tcp-rst-from-server
Palo Alto Networks Next-Generation Firewalls
sessionStart
-
-
The session start time (in seconds)
1575462989
  • Trend Vision One Zero Trust Secure Access Private Access
  • Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
shost
-
DomainName
The source hostname
  • sw_us-east-1a_10-124-17-69
  • sw_us-east-1c_10-124-21-139
Palo Alto Networks Next-Generation Firewalls
smac
-
-
The source MAC address
  • a8:d0:e5:5c:cb:c5
  • 00:50:56:b2:93:46
  • 00:09:0f:09:00:06
Palo Alto Networks Next-Generation Firewalls
spt
-
Port
The virtual port of the source assigned to the Secure Access Module (srcport)
57763
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
src
-
  • IPv4
  • IPv6
The source IP (srcaddr)
  • 100.100.100.100
  • 18.162.103.100
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
srcLocation
-
-
The source country
Japan
Palo Alto Networks Next-Generation Firewalls
srcZone
-
-
The source zone of the Palo Alto Networks Next-Generation Firewalls session
LAB-Small
Palo Alto Networks Next-Generation Firewalls
tags
-
  • Technique
The detected technique ID based on the alert filter
  • MITREV9.T1057
  • MITREV9.T1059.003
  • XSAE.F2924
Security Analytics Engine
uuid
-
-
The unique key of the log
  • 00008a58-5c57-46b2-ad06-335035989d08
  • 0000ca1e-abfa-4013-9213-2dcf5cf1c4d0
  • 0001469c-dc16-469f-8e44-3d02d2057250
Security Analytics Engine
vsysName
-
-
The Palo Alto Networks virtual system of the session
vsys1
Palo Alto Networks Next-Generation Firewalls