IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Osquery fields PostgreSQL fields »
Elastic Docs Filebeat Reference [7.2] Exported fields

panw fields

edit

panw fields

edit

Module for Palo Alto Networks (PAN-OS)

panw

edit

Fields from the panw module.

panos

edit

Fields for the Palo Alto Networks PAN-OS logs.

panw.panos.ruleset

Name of the rule that matched this session.

type: keyword

source

edit

Fields to extend the top-level source object.

panw.panos.source.zone

Source zone for this session.

type: keyword

panw.panos.source.interface

Source interface for this session.

type: keyword

nat

edit

Post-NAT source address, if source NAT is performed.

panw.panos.source.nat.ip

Post-NAT source IP.

type: ip

panw.panos.source.nat.port

Post-NAT source port.

type: long

destination

edit

Fields to extend the top-level destination object.

panw.panos.destination.zone

Destination zone for this session.

type: keyword

panw.panos.destination.interface

Destination interface for this session.

type: keyword

nat

edit

Post-NAT destination address, if destination NAT is performed.

panw.panos.destination.nat.ip

Post-NAT destination IP.

type: ip

panw.panos.destination.nat.port

Post-NAT destination port.

type: long

network

edit

Fields to extend the top-level network object.

panw.panos.network.pcap_id

Packet capture ID for a threat.

type: keyword

panw.panos.network.nat.community_id

Community ID flow-hash for the NAT 5-tuple.

type: keyword

file

edit

Fields to extend the top-level file object.

panw.panos.file.hash

Binary hash for a threat file sent to be analyzed by the WildFire service.

type: keyword

url

edit

Fields to extend the top-level url object.

panw.panos.url.category

For threat URLs, it’s the URL category. For WildFire, the verdict on the file and is either malicious, grayware, or benign.

type: keyword

panw.panos.flow_id

Internal numeric identifier for each session.

type: keyword

panw.panos.sequence_number

Log entry identifier that is incremented sequentially. Unique for each log type.

type: long

panw.panos.threat.resource

URL or file name for a threat.

type: keyword

panw.panos.threat.id

Palo Alto Networks identifier for the threat.

type: keyword

panw.panos.threat.name

Palo Alto Networks name for the threat.

type: keyword

« Osquery fields PostgreSQL fields »