Views:
Field Name
Type
General Field
Description
Example
Products
act
-
-
The action
  • Allow
  • Block
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
app
-
-
The network protocol
  • HTTP
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
application
-
-
The name of the requested application
  • Facebook
  • wiki
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
cnt
-
-
The total number of logs
  • 1
  • 2
  • 3
  • Palo Alto Networks Next-Generation Firewalls
dOSName
-
-
The destination OS
  • Windows
  • Palo Alto Networks Next-Generation Firewalls
dUser1
-
  • UserAccount
The latest sign-in user of the destination
  • dhr\m42svc
  • altsvc
  • Palo Alto Networks Next-Generation Firewalls
dhost
-
  • DomainName
The destination hostname
  • sw_us-east-1c_10-124-21-139
  • 8.243.49.4
  • Palo Alto Networks Next-Generation Firewalls
dmac
-
-
The destination MAC address
  • a8:d0:e5:5c:cb:c5
  • Palo Alto Networks Next-Generation Firewalls
dpt
-
  • Port
The service destination port of the private application server (dstport)
  • 443
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
dst
-
  • IPv4
  • IPv6
The destination IP (dstaddr)
  • 10.10.10.10
  • 10.206.209.64
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
dstLocation
-
-
The destination country
  • Japan
  • Palo Alto Networks Next-Generation Firewalls
dstZone
-
-
The destination zone of the Palo Alto Networks Next-Generation Firewalls session
  • LAB-Small
  • Palo Alto Networks Next-Generation Firewalls
dvchost
-
-
The network device hostname
  • my-company-xns
  • my-ddi
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
eventId
-
-
The event ID
  • 200139
  • 200140
  • Virtual Network Sensor
  • Trend Micro Deep Discovery Inspector
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
eventName
-
-
The log type
  • SWG_ACTIVITY_LOG
  • FIREWALL_ACTIVITY_LOG
  • VPC_ACTIVITY_LOG
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
eventSubName
-
-
The Zero Trust Secure Access - Internet Access cloud app action or the Palo Alto Networks Next-Generation Firewalls log sub-type
  • OneDrive download file
  • start
  • end
  • drop
  • deny
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Palo Alto Networks Next-Generation Firewalls
eventTime
-
-
The time the agent or product detected the event
  • 1657135700000
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
filterRiskLevel
-
-
The top level filter risk of the event
  • info
  • low
  • medium
  • Security Analytics Engine
flowId
-
-
The network analysis flow ID
  • 6837014561409730558
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
httpXForwardedFor
-
-
The HTTP X-Forwarded-For header
  • 192.168.1.103, 192.168.1.104, 192.168.1.106
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
pname
-
-
The product name
  • Secure Web Gateway
  • XDR for Cloud - AWS VPC Flow Logs
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
policyName
-
-
The name of the triggered policy
  • lab-to-dns
  • small-lab-http-out
  • Palo Alto Networks Next-Generation Firewalls
policyTreePath
-
-
The policy tree path (endpoint only)
  • policyname1/policyname2/policyname3
  • Security Analytics Engine
policyUuid
-
-
The policy UUID
  • afef0518-abd7-43e1-9b73-2f55c4c95a8e
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
productCode
-
-
The product which sent the log
  • sig
  • szn
  • Security Analytics Engine
  • Palo Alto Networks Next-Generation Firewalls
pver
-
-
The product version
  • 1
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Palo Alto Networks Next-Generation Firewalls
reqDataSize
-
-
The data volume transmitted over the transport layer by the client (in bytes)
  • 15688
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
respDataSize
-
-
The data volume transmitted over the transport layer by the server (in bytes)
  • 7856
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
sOSName
-
-
The source OS
  • Windows 10
  • Palo Alto Networks Next-Generation Firewalls
sUser1
-
  • UserAccount
The latest sign-in user of the source
  • 000c29edef58
  • corpdmz.com\ser-desktopcentral
  • Palo Alto Networks Next-Generation Firewalls
sessionEndReason
-
-
The reason why a session was terminated
  • tcp-fin
  • tcp-rst-from-server
  • Palo Alto Networks Next-Generation Firewalls
sessionStart
-
-
The session start time (in seconds)
  • 1575462989
  • Trend Vision One Zero Trust Secure Access Private Access
  • Trend Micro Deep Discovery Inspector
  • Virtual Network Sensor
  • Palo Alto Networks Next-Generation Firewalls
shost
-
  • DomainName
The source hostname
  • sw_us-east-1a_10-124-17-69
  • sw_us-east-1c_10-124-21-139
  • Palo Alto Networks Next-Generation Firewalls
smac
-
-
The source MAC address
  • a8:d0:e5:5c:cb:c5
  • 00:50:56:b2:93:46
  • 00:09:0f:09:00:06
  • Palo Alto Networks Next-Generation Firewalls
spt
-
  • Port
The virtual port of the source assigned to the Secure Access Module (srcport)
  • 57763
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
src
-
  • IPv4
  • IPv6
The source IP (srcaddr)
  • 100.100.100.100
  • 18.162.103.100
  • Trend Vision One Zero Trust Secure Access Internet Access
  • Trend Vision One Zero Trust Secure Access Private Access
  • Palo Alto Networks Next-Generation Firewalls
  • XDR for Cloud - AWS VPC Flow Logs
srcLocation
-
-
The source country
  • Japan
  • Palo Alto Networks Next-Generation Firewalls
srcZone
-
-
The source zone of the Palo Alto Networks Next-Generation Firewalls session
  • LAB-Small
  • Palo Alto Networks Next-Generation Firewalls
tags
-
  • Technique
The detected technique ID based on the alert filter
  • MITREV9.T1057
  • MITREV9.T1059.003
  • XSAE.F2924
  • Security Analytics Engine
uuid
-
-
The unique key of the log
  • 00008a58-5c57-46b2-ad06-335035989d08
  • 0000ca1e-abfa-4013-9213-2dcf5cf1c4d0
  • 0001469c-dc16-469f-8e44-3d02d2057250
  • Security Analytics Engine
vsysName
-
-
The Palo Alto Networks virtual system of the session
  • vsys1
  • Palo Alto Networks Next-Generation Firewalls