panw fieldsedit
Module for Palo Alto Networks (PAN-OS)
panwedit
Fields from the panw module.
panosedit
Fields for the Palo Alto Networks PAN-OS logs.
-
panw.panos.ruleset
-
Name of the rule that matched this session.
type: keyword
sourceedit
Fields to extend the top-level source object.
-
panw.panos.source.zone
-
Source zone for this session.
type: keyword
-
panw.panos.source.interface
-
Source interface for this session.
type: keyword
natedit
Post-NAT source address, if source NAT is performed.
-
panw.panos.source.nat.ip
-
Post-NAT source IP.
type: ip
-
panw.panos.source.nat.port
-
Post-NAT source port.
type: long
destinationedit
Fields to extend the top-level destination object.
-
panw.panos.destination.zone
-
Destination zone for this session.
type: keyword
-
panw.panos.destination.interface
-
Destination interface for this session.
type: keyword
natedit
Post-NAT destination address, if destination NAT is performed.
-
panw.panos.destination.nat.ip
-
Post-NAT destination IP.
type: ip
-
panw.panos.destination.nat.port
-
Post-NAT destination port.
type: long
networkedit
Fields to extend the top-level network object.
-
panw.panos.network.pcap_id
-
Packet capture ID for a threat.
type: keyword
-
panw.panos.network.nat.community_id
-
Community ID flow-hash for the NAT 5-tuple.
type: keyword
fileedit
Fields to extend the top-level file object.
-
panw.panos.file.hash
-
Binary hash for a threat file sent to be analyzed by the WildFire service.
type: keyword
urledit
Fields to extend the top-level url object.
-
panw.panos.url.category
-
For threat URLs, it’s the URL category. For WildFire, the verdict on the file and is either malicious, grayware, or benign.
type: keyword
-
panw.panos.flow_id
-
Internal numeric identifier for each session.
type: keyword
-
panw.panos.sequence_number
-
Log entry identifier that is incremented sequentially. Unique for each log type.
type: long
-
panw.panos.threat.resource
-
URL or file name for a threat.
type: keyword
-
panw.panos.threat.id
-
Palo Alto Networks identifier for the threat.
type: keyword
-
panw.panos.threat.name
-
Palo Alto Networks name for the threat.
type: keyword