panw fields
editpanw fields
editModule for Palo Alto Networks (PAN-OS)
panw
editFields from the panw module.
panos
editFields for the Palo Alto Networks PAN-OS logs.
-
panw.panos.ruleset
-
Name of the rule that matched this session.
type: keyword
source
editFields to extend the top-level source object.
-
panw.panos.source.zone
-
Source zone for this session.
type: keyword
-
panw.panos.source.interface
-
Source interface for this session.
type: keyword
nat
editPost-NAT source address, if source NAT is performed.
-
panw.panos.source.nat.ip
-
Post-NAT source IP.
type: ip
-
panw.panos.source.nat.port
-
Post-NAT source port.
type: long
destination
editFields to extend the top-level destination object.
-
panw.panos.destination.zone
-
Destination zone for this session.
type: keyword
-
panw.panos.destination.interface
-
Destination interface for this session.
type: keyword
nat
editPost-NAT destination address, if destination NAT is performed.
-
panw.panos.destination.nat.ip
-
Post-NAT destination IP.
type: ip
-
panw.panos.destination.nat.port
-
Post-NAT destination port.
type: long
network
editFields to extend the top-level network object.
-
panw.panos.network.pcap_id
-
Packet capture ID for a threat.
type: keyword
-
panw.panos.network.nat.community_id
-
Community ID flow-hash for the NAT 5-tuple.
type: keyword
file
editFields to extend the top-level file object.
-
panw.panos.file.hash
-
Binary hash for a threat file sent to be analyzed by the WildFire service.
type: keyword
url
editFields to extend the top-level url object.
-
panw.panos.url.category
-
For threat URLs, it’s the URL category. For WildFire, the verdict on the file and is either malicious, grayware, or benign.
type: keyword
-
panw.panos.flow_id
-
Internal numeric identifier for each session.
type: keyword
-
panw.panos.sequence_number
-
Log entry identifier that is incremented sequentially. Unique for each log type.
type: long
-
panw.panos.threat.resource
-
URL or file name for a threat.
type: keyword
-
panw.panos.threat.id
-
Palo Alto Networks identifier for the threat.
type: keyword
-
panw.panos.threat.name
-
Palo Alto Networks name for the threat.
type: keyword