[firewall.paloalto.auth][firewall.paloalto.config][firewall.paloalto.correlation] [firewall.paloalto.decryption][firewall.paloalto.globalprotect][firewall.paloalto.hipmatch] firewall.paloalto.auth Anchor |
---|
| firewall.paloalto.auth |
---|
| firewall.paloalto.auth |
---|
|
Field in union table | Field in source table | Field transformation | Type | Extra fields |
---|
eventdate | eventdate | | timestamp
| | timestamp | create_date | | timestamp
| | recvdate | recv_date | | timestamp
| | machine | machine | | str
| | logType | log_type | | str
| | subType | sub_type | | str
| | serial | serial | | str
| | srcIp | src_ip | | ip4
| | dstIp | - | | ip4
| | srcNatIp | srcNatIp | | ip4
| | dstNatIp | dstNatIp | | ip4
| | rule | - | | str
| | srcUser | src_user | | str
| | dstUser | - | | str
| | app | - | | str
| | virtSys | vsys | | str
| | srcZone | - | | str
| | dstZone | - | | str
| | srcIface | - | | str
| | dstIface | - | | str
| | logAction | log_action | | str
| | session | session_id | | str
| | repCnt | rep_cnt | | int4
| | srcPort | - | | int4
| | dstPort | - | | int4
| | srcNatPort | srcNatPort | | int4
| | dstNatPort | dstNatPort | | int4
| | flags | - | | str
| | proto | auth_proto | | str
| | action | - | | str
| | category | src_category | | str
| | seqno | seq_no | | int8
| | actionFlags | action_flags | | str
| | deviceName | device_name | | str
| | bytes | - | | int8
| | sentBytes | - | | int8
| | recvBytes | - | | int8
| | pkts | - | | int4
| | srcCountry | - | | str
| | dstCountry | - | | str
| | session_end_reason | - | | str
| | url_filename | url_filename | | str
| | threatid | - | | str
| | severity | - | | str
| | direction | - | | str
| | host | - | | str
| | result | - | | str
| | path | - | | str
| | rawMessage | rawMessage | | str
| | hostchain | hostchain | | str
| ✓ | tag | tag | | str
| ✓ |
firewall.paloalto.config Anchor |
---|
| firewall.paloalto.config |
---|
| firewall.paloalto.config |
---|
|
Field in union table | Field in source table | Field transformation | Data type | Extra fields |
---|
eventdate | eventdate | | timestamp
| | timestamp | timestamp | | timestamp
| | recvdate | recvdate | | timestamp
| | machine | machine | | str
| | logType | logType | | str
| | subType | subType | | str
| | serial | serial | | str
| | srcIp | - | ip4(null(''))
| ip4
| | dstIp | - | ip4(null(''))
| ip4
| | srcNatIp | - | ip4(null(''))
| ip4
| | dstNatIp | - | ip4(null(''))
| ip4
| | rule | - | null('')
| str
| | srcUser | - | null('')
| str
| | dstUser | - | null('')
| str
| | app | - | null('')
| str
| | virtSys | vsys | | str
| | srcZone | - | null('')
| str
| | dstZone | - | null('')
| str
| | srcIface | - | null('')
| str
| | dstIface | - | null('')
| str
| | logAction | - | null('')
| str
| | session | - | null('')
| str
| | repCnt | - | int4(null(''))
| int4
| | srcPort | - | int4(null(''))
| int4
| | dstPort | - | int4(null(''))
| int4
| | srcNatPort | srcNatPort | | int4
| | dstNatPort | dstNatPort | | int4
| | flags | - | null('')
| str
| | proto | - | null('')
| str
| | action | - | null('')
| str
| | category | - | null('')
| str
| | seqno | seqno | | int8
| | actionFlags | - | null('')
| str
| | deviceName | device_name | | str
| | bytes | - | int8(null(''))
| int8
| | sentBytes | - | int8(null(''))
| int8
| | recvBytes | - | int8(null(''))
| int8
| | pkts | - | int4(null(''))
| int4
| | srcCountry | - | null('')
| str
| | dstCountry | - | null('')
| str
| | session_end_reason | - | null('')
| str
| | url_filename | url_filename | | str
| | threatid | - | null('')
| str
| | severity | - | null('')
| str
| | direction | - | null('')
| str
| | host | host | | str
| | result | result | | str
| | path | path | | str
| | rawMessage | rawMessage | | str
| | hostchain | hostchain | | str
| ✓ | tag | tag | | str
| ✓ |
firewall.paloalto.correlation Anchor |
---|
| firewall.paloalto.correlation |
---|
| firewall.paloalto.correlation |
---|
|
Field in union table | Field in source table | Field transformation | Data type | Extra fields |
---|
eventdate | eventdate |
| timestamp
| | timestamp | timestamp |
| timestamp
| | recvdate | recvdate |
| timestamp
| | machine | machine |
| str
| | logType | logType |
| str
| | subType | subType |
| str
| | serial | serial |
| str
| | srcIp | srcIp |
| ip4
| | dstIp | - | ip4(null(''))
| ip4
| | srcNatIp | - | ip4(null(''))
| ip4
| | dstNatIp | - | ip4(null(''))
| ip4
| | rule | - | null('')
| str
| | srcUser | srcUser |
| str
| | dstUser | - | null('')
| str
| | app | - | null('')
| str
| | virtSys | vsys |
| str
| | srcZone | - | null('')
| str
| | dstZone | - | null('')
| str
| | srcIface | - | null('')
| str
| | dstIface | - | null('')
| str
| | logAction | - | null('')
| str
| | session | - | null('')
| str
| | repCnt | - | int4(null(''))
| int4
| | srcPort | - | int4(null(''))
| int4
| | dstPort | - | int4(null(''))
| int4
| | srcNatPort | srcNatPort |
| int4
| | dstNatPort | dstNatPort |
| int4
| | flags | - | null('')
| str
| | proto | - | null('')
| str
| | action | - | null('')
| str
| | category | - | null('')
| str
| | seqno | - | int8(null(''))
| int8
| | actionFlags | - | null('')
| str
| | deviceName | device_name |
| str
| | bytes | - | int8(null(''))
| int8
| | sentBytes | - | int8(null(''))
| int8
| | recvBytes | - | int8(null(''))
| int8
| | pkts | - | int4(null(''))
| int4
| | srcCountry | - | null('')
| str
| | dstCountry | - | null('')
| str
| | session_end_reason | - | null('')
| str
| | url_filename | url_filename |
| str
| | threatid | - | null('')
| str
| | severity | - | null('')
| str
| | direction | - | null('')
| str
| | host | - | null('')
| str
| | result | - | null('')
| str
| | path | - | null('')
| str
| | rawMessage | rawMessage |
| str
| | hostchain | hostchain |
| str
| ✓ | tag | tag |
| str
| ✓ |
firewall.paloalto.decryption Anchor |
---|
| firewall.paloalto.decryption |
---|
| firewall.paloalto.decryption |
---|
|
Field in union table | Field in source table | Field transformation | Data type | Extra fields |
---|
eventdate | eventdate | | timestamp
| | timestamp | time_generated | | timestamp
| | recvdate | receive_time | | timestamp
| | machine | machine | | str
| | logType | logtype | | str
| | subType | subtype | | str
| | serial | serial | | str
| | srcIp | src_ip4 | | ip4
| | dstIp | dst_ip4 | | ip4
| | srcNatIp | srcNatIp | | ip4
| | dstNatIp | dstNatIp | | ip4
| | rule | rule | | str
| | srcUser | src_user | | str
| | dstUser | dst_user | | str
| | app | app | | str
| | virtSys | vsys | | str
| | srcZone | src_zone | | str
| | dstZone | dst_zone | | str
| | srcIface | inbound_if | | str
| | dstIface | outbound_if | | str
| | logAction | log_set | | str
| | session | session_id | | str
| | repCnt | repeat_cnt | | int4
| | srcPort | src_port | | int4
| | dstPort | dst_port | | int4
| | srcNatPort | srcNatPort | | int4
| | dstNatPort | dstNatPort | | int4
| | flags | flags | | str
| | proto | proto | | str
| | action | action | | str
| | category | - | | str
| | seqno | seqno | | int8
| | actionFlags | action_flags | | str
| | deviceName | device_name | | str
| | bytes | - | | int8
| | sentBytes | - | | int8
| | recvBytes | - | | int8
| | pkts | - | | int4
| | srcCountry | - | | str
| | dstCountry | - | | str
| | session_end_reason | - | | str
| | url_filename | url_filename | | str
| | threatid | - | | str
| | severity | - | | str
| | direction | - | | str
| | host | - | | str
| | result | - | | str
| | path | - | | str
| | rawMessage | rawMessage | | str
| | hostchain | hostchain | | str
| ✓ | tag | tag | | str
| ✓ |
firewall.paloalto.globalprotect Anchor |
---|
| firewall.paloalto.globalprotect |
---|
| firewall.paloalto.globalprotect |
---|
|
Field in union table | Field in source table | Field transformation | Data type | Extra fields |
---|
eventdate | eventdate | | timestamp
| | timestamp | createdate | | timestamp
| | recvdate | recvdate | | timestamp
| | machine | machine | | str
| | logType | logType | | str
| | subType | subType | | str
| | serial | serialnumber | | str
| | srcIp | srcIp | | ip4
| | dstIp | - | | ip4
| | srcNatIp | - | | ip4
| | dstNatIp | - | | ip4
| | rule | - | | str
| | srcUser | srcUser | | str
| | dstUser | - | | str
| | app | - | | str
| | virtSys | vsys | | str
| | srcZone | - | | str
| | dstZone | - | | str
| | srcIface | - | | str
| | dstIface | - | | str
| | logAction | - | | str
| | session | - | | str
| | repCnt | repeatcnt | Code Block |
---|
int4(repeatcnt) |
| int4
| | srcPort | - | | int4
| | dstPort | - | | int4
| | srcNatPort | srcNatPort | | int4
| | dstNatPort | dstNatPort | | int4
| | flags | - | | str
| | proto | - | | str
| | action | - | | str
| | category | - | | str
| | seqno | seqno | | int8
| | actionFlags | actionflags | | str
| | deviceName | machinename | | str
| | bytes | - | | int8
| | sentBytes | - | | int8
| | recvBytes | - | | int8
| | pkts | - | | int4
| | srcCountry | - | | str
| | dstCountry | - | | str
| | session_end_reason | - | | str
| | url_filename | url_filename | | str
| | threatid | - | | str
| | severity | - | | str
| | direction | - | | str
| | host | host | | str
| | result | - | | str
| | path | - | | str
| | rawMessage | rawMessage | | str
| | hostchain | hostchain | | str
| ✓ | tag | tag | | str
| ✓ |
firewall.paloalto.hipmatch Anchor |
---|
| firewall.paloalto.hipmatch |
---|
| firewall.paloalto.hipmatch |
---|
|
Field in union table | Field in source table | Field transformation | Data type | Extra fields |
---|
eventdate | eventdate |
| timestamp
| | timestamp | createdate |
| timestamp
| | recvdate | recvdate |
| timestamp
| | machine | machine |
| str
| | logType | logType |
| str
| | subType | subType |
| str
| | serial | serialNumber |
| str
| | srcIp | srcIp |
| ip4
| | dstIp | - | ip4(null(''))
| ip4
| | srcNatIp | - | ip4(null(''))
| ip4
| | dstNatIp | - | ip4(null(''))
| ip4
| | rule | - | null('')
| str
| | srcUser | srcUser |
| str
| | dstUser | - | null('')
| str
| | app | - | null('')
| str
| | virtSys | vsys |
| str
| | srcZone | - | null('')
| str
| | dstZone | - | null('')
| str
| | srcIface | - | null('')
| str
| | dstIface | - | null('')
| str
| | logAction | - | null('')
| str
| | session | - | null('')
| str
| | repCnt | repeatCnt | int4(repeatCnt)
| int4
| | srcPort | - | int4(null(''))
| int4
| | dstPort | - | int4(null(''))
| int4
| | srcNatPort | srcNatPort |
| int4
| | dstNatPort | dstNatPort |
| int4
| | flags | - | null('')
| str
| | proto | - | null('')
| str
| | action | - | null('')
| str
| | category | - | null('')
| str
| | seqno | seqno |
| int8
| | actionFlags | actionflags |
| str
| | deviceName | device_name |
| str
| | bytes | - | int8(null(''))
| int8
| | sentBytes | - | int8(null(''))
| int8
| | recvBytes | - | int8(null(''))
| int8
| | pkts | - | int4(null(''))
| int4
| | srcCountry | - | null('')
| str
| | dstCountry | - | null('')
| str
| | session_end_reason | - | null('')
| str
| | url_filename | url_filename |
| str
| | threatid | - | null('')
| str
| | severity | - | null('')
| str
| | direction | - | null('')
| str
| | host | host |
| str
| | result | - | null('')
| str
| | path | - | null('')
| str
| | rawMessage | rawMessage |
| str
| | hostchain | hostchain |
| str
| ✓ | tag | tag |
| str
| ✓ |
[firewall.paloalto.iptag][firewall.paloalto.system][firewall.paloalto.threat][firewall.paloalto.traffic][firewall.paloalto.url][firewall.paloalto.userid] firewall.paloalto.iptag Anchor |
---|
| firewall.paloalto.iptag |
---|
| firewall.paloalto.iptag |
---|
|
Field in union table | Field in source table | Field transformation | Data type | Extra fields |
---|
eventdate | eventdate | | timestamp
| | timestamp | timestamp | | timestamp
| | recvdate | recvdate | | timestamp
| | machine | hostname | | str
| | logType | logType | | str
| | subType | threatType | | str
| | serial | serial | | str
| | srcIp | srcIp | | ip4
| | dstIp | - | Code Block |
---|
null(ip4(0.0.0.0)) |
| ip4
| | srcNatIp | srcNatIp | | ip4
| | dstNatIp | dstNatIp | | ip4
| | rule | - | | str
| | srcUser | - | | str
| | dstUser | - | | str
| | app | - | | str
| | virtSys | vsys | | str
| | srcZone | - | | str
| | dstZone | - | | str
| | srcIface | - | | str
| | dstIface | - | | str
| | logAction | - | | str
| | session | - | | str
| | repCnt | repeatCount | | int4
| | srcPort | - | | int4
| | dstPort | - | | int4
| | srcNatPort | srcNatPort | | int4
| | dstNatPort | dstNatPort | | int4
| | flags | - | | str
| | proto | - | | str
| | action | - | | str
| | category | - | | str
| | seqno | - | | int8
| | actionFlags | actionflags | | str
| | deviceName | device_name | | str
| | bytes | - | | int8
| | sentBytes | - | | int8
| | recvBytes | - | | int8
| | pkts | - | | int4
| | srcCountry | - | | str
| | dstCountry | - | | str
| | session_end_reason | - | | str
| | url_filename | url_filename | | str
| | threatid | - | | str
| | severity | - | | str
| | direction | - | | str
| | host | - | | str
| | result | - | | str
| | path | - | | str
| | rawMessage | rawMessage | | str
| | hostchain | hostchain | | str
| ✓ | tag | tag | | str
| ✓ |
firewall.paloalto.system Anchor |
---|
| firewall.paloalto.system |
---|
| firewall.paloalto.system |
---|
|
Field in union table | Field in source table | Field transformation | Data type | Extra fields |
---|
eventdate | eventdate |
| timestamp
| | timestamp | timestamp |
| timestamp
| | recvdate | recvdate |
| timestamp
| | machine | machine |
| str
| | logType | logType |
| str
| | subType | subType |
| str
| | serial | serial |
| str
| | srcIp | - | 1ip4(null(''))
| ip4
| | dstIp | - | 1ip4(null(''))
| ip4
| | srcNatIp | - | 1ip4(null(''))
| ip4
| | dstNatIp | - | 1ip4(null(''))
| ip4
| | rule | - | null('')
| str
| | srcUser | - | null('')
| str
| | dstUser | - | null('')
| str
| | app | - | null('')
| str
| | virtSys | - | null('')
| str
| | srcZone | - | null('')
| str
| | dstZone | - | null('')
| str
| | srcIface | - | null('')
| str
| | dstIface | - | null('')
| str
| | logAction | - | null('')
| str
| | session | - | null('')
| str
| | repCnt | - | int4(null(''))
| int4
| | srcPort | - | int4(null(''))
| int4
| | dstPort | - | int4(null(''))
| int4
| | srcNatPort | srcNatPort |
| int4
| | dstNatPort | dstNatPort |
| int4
| | flags | - | null('')
| str
| | proto | - | null('')
| str
| | action | - | null('')
| str
| | category | - | null('')
| str
| | seqno | seqno |
| int8
| | actionFlags | - | null('')
| str
| | deviceName | device_name |
| str
| | bytes | - | int8(null(''))
| int8
| | sentBytes | - | int8(null(''))
| int8
| | recvBytes | - | int8(null(''))
| int8
| | pkts | - | int4(null(''))
| int4
| | srcCountry | - | null('')
| str
| | dstCountry | - | null('')
| str
| | session_end_reason | - | null('')
| str
| | url_filename | url_filename |
| str
| | threatid | - | null('')
| str
| | severity | - | null('')
| str
| | direction | - | null('')
| str
| | host | - | null('')
| str
| | result | - | null('')
| str
| | path | - | null('')
| str
| | rawMessage | rawMessage |
| str
| | hostchain | hostchain |
| str
| ✓ | tag | tag |
| str
| ✓ |
firewall.paloalto.threat Anchor |
---|
| firewall.paloalto.threat |
---|
| firewall.paloalto.threat |
---|
|
Field in union table | Field in source table | Field transformation | Data type | Extra fields |
---|
eventdate | eventdate |
| timestamp
| | timestamp | timestamp |
| timestamp
| | recvdate | recvdate |
| timestamp
| | machine | machine |
| str
| | logType | logType |
| str
| | subType | subType |
| str
| | serial | serial |
| str
| | srcIp | srcIp |
| ip4
| | dstIp | dstIp |
| ip4
| | srcNatIp | srcNatIp |
| ip4
| | dstNatIp | dstNatIp |
| ip4
| | rule | rule |
| str
| | srcUser | srcUser |
| str
| | dstUser | dstUser |
| str
| | app | app |
| str
| | virtSys | virtSys |
| str
| | srcZone | srcZone |
| str
| | dstZone | dstZone |
| str
| | srcIface | srcIface |
| str
| | dstIface | dstIface |
| str
| | logAction | logAction |
| str
| | session | session |
| str
| | repCnt | repCnt |
| int4
| | srcPort | srcPort |
| int4
| | dstPort | dstPort |
| int4
| | srcNatPort | srcNatPort |
| int4
| | dstNatPort | dstNatPort |
| int4
| | flags | flags |
| str
| | proto | proto |
| str
| | action | action |
| str
| | category | category |
| str
| | seqno | seqno |
| int8
| | actionFlags | actionflags |
| str
| | deviceName | deviceName |
| str
| | bytes | - | int8(null(''))
| int8
| | sentBytes | - | int8(null(''))
| int8
| | recvBytes | - | int8(null(''))
| int8
| | pkts | - | int4(null(''))
| int4
| | srcCountry | srcloc |
| str
| | dstCountry | dstloc |
| str
| | session_end_reason | - | null('')
| str
| | url_filename | url_filename |
| str
| | threatid | threatid |
| str
| | severity | severity |
| str
| | direction | direction |
| str
| | host | - | null('')
| str
| | result | - | null('')
| str
| | path | - | null('')
| str
| | rawMessage | rawMessage |
| str
| | hostchain | hostchain |
| str
| ✓ | tag | tag |
| str
| ✓ |
firewall.paloalto.traffic Anchor |
---|
| firewall.paloalto.traffic |
---|
| firewall.paloalto.traffic |
---|
|
Field in union table | Field in source table | Field transformation | Data type | Extra fields |
---|
eventdate | eventdate | | timestamp
| | timestamp | timestamp | | timestamp
| | recvdate | recvdate | | timestamp
| | machine | machine | | str
| | logType | logType | | str
| | subType | subType | | str
| | serial | serial | | str
| | srcIp | srcIp | | ip4
| | dstIp | dstIp | | ip4
| | srcNatIp | srcNatIp | | ip4
| | dstNatIp | dstNatIp | | ip4
| | rule | rule | | str
| | srcUser | srcUser | | str
| | dstUser | dstUser | | str
| | app | app | | str
| | virtSys | virtSys | | str
| | srcZone | srcZone | | str
| | dstZone | dstZone | | str
| | srcIface | srcIface | | str
| | dstIface | dstIface | | str
| | logAction | logAction | | str
| | session | session | | str
| | repCnt | repCnt | | int4
| | srcPort | srcPort | | int4
| | dstPort | dstPort | | int4
| | srcNatPort | srcNatPort | | int4
| | dstNatPort | dstNatPort | | int4
| | flags | flags | | str
| | proto | proto | | str
| | action | action | | str
| | category | category | | str
| | seqno | seqno | | int8
| | actionFlags | actionFlags | | str
| | deviceName | device_name | | str
| | bytes | bytes | | int8
| | sentBytes | sentBytes | | int8
| | recvBytes | recvBytes | | int8
| | pkts | pkts | int4(pkts)
| int4
| | srcCountry | srcCountry | | str
| | dstCountry | dstCountry | | str
| | session_end_reason | session_end_reason | | str
| | url_filename | url_filename | | str
| | threatid | - | null('')
| str
| | severity | - | null('')
| str
| | direction | - | null('')
| str
| | host | - | null('')
| str
| | result | - | null('')
| str
| | path | - | null('')
| str
| | rawMessage | rawMessage | | str
| | hostchain | hostchain | | str
| ✓ | tag | tag | | str
| ✓ |
firewall.paloalto.url Anchor |
---|
| firewall.paloalto.url |
---|
| firewall.paloalto.url |
---|
|
Field in union table | Field in source table | Field transformation | Data type | Extra fields |
---|
eventdate | eventdate |
| timestamp
| | timestamp | timestamp |
| timestamp
| | recvdate | recvdate |
| timestamp
| | machine | machine |
| str
| | logType | logType |
| str
| | subType | subType |
| str
| | serial | serial |
| str
| | srcIp | srcIp |
| ip4
| | dstIp | dstIp |
| ip4
| | srcNatIp | srcNatIp |
| ip4
| | dstNatIp | dstNatIp |
| ip4
| | rule | rule |
| str
| | srcUser | srcUser |
| str
| | dstUser | dstUser |
| str
| | app | app |
| str
| | virtSys | virtSys |
| str
| | srcZone | srcZone |
| str
| | dstZone | dstZone |
| str
| | srcIface | srcIface |
| str
| | dstIface | dstIface |
| str
| | logAction | logAction |
| str
| | session | session |
| str
| | repCnt | repCnt |
| int4
| | srcPort | srcPort |
| int4
| | dstPort | dstPort |
| int4
| | srcNatPort | srcNatPort |
| int4
| | dstNatPort | dstNatPort |
| int4
| | flags | flags |
| str
| | proto | proto |
| str
| | action | action |
| str
| | category | category |
| str
| | seqno | seqno |
| int8
| | actionFlags | actionflags |
| str
| | deviceName | deviceName |
| str
| | bytes | - | int8(null(''))
| int8
| | sentBytes | - | int8(null(''))
| int8
| | recvBytes | - | int8(null(''))
| int8
| | pkts | - | int4(null(''))
| int4
| | srcCountry | srcloc |
| str
| | dstCountry | dstloc |
| str
| | session_end_reason | - | null('')
| str
| | url_filename | url_filename |
| str
| | threatid | threatid |
| str
| | severity | severity |
| str
| | direction | direction |
| str
| | host | - | null('')
| str
| | result | - | null('')
| str
| | path | - | null('')
| str
| | rawMessage | rawMessage |
| str
| | hostchain | hostchain |
| str
| ✓ | tag | tag |
| str
| ✓ |
firewall.paloalto.userid Anchor |
---|
| firewall.paloalto.userid |
---|
| firewall.paloalto.userid |
---|
|
Field in union table | Field in source table | Field transformation | Data type | Extra fields |
---|
eventdate | eventdate |
| timestamp
| | timestamp | timestamp |
| timestamp
| | recvdate | recvdate |
| timestamp
| | machine | machine |
| str
| | logType | logType |
| str
| | subType | subType |
| str
| | serial | serial |
| str
| | srcIp | srcIp |
| ip4
| | dstIp | - | ip4(null(''))
| ip4
| | srcNatIp | - | ip4(null(''))
| ip4
| | dstNatIp | - | ip4(null(''))
| ip4
| | rule | - | null('')
| str
| | srcUser | srcUser |
| str
| | dstUser | - | null('')
| str
| | app | - | null('')
| str
| | virtSys | virtSys |
| str
| | srcZone | - | null('')
| str
| | dstZone | - | null('')
| str
| | srcIface | - | null('')
| str
| | dstIface | - | null('')
| str
| | logAction | - | null('')
| str
| | session | - | null('')
| str
| | repCnt | - | int4(null(''))
| int4
| | srcPort | srcPort |
| int4
| | dstPort | dstPort |
| int4
| | srcNatPort | srcNatPort |
| int4
| | dstNatPort | dstNatPort |
| int4
| | flags | - | null('')
| str
| | proto | - | null('')
| str
| | action | - | null('')
| str
| | category | - | null('')
| str
| | seqno | seqno |
| int8
| | actionFlags | actionFlags |
| str
| | deviceName | device_name |
| str
| | bytes | - | int8(null(''))
| int8
| | sentBytes | - | int8(null(''))
| int8
| | recvBytes | - | int8(null(''))
| int8
| | pkts | - | int4(null(''))
| int4
| | srcCountry | - | null('')
| str
| | dstCountry | - | null('')
| str
| | session_end_reason | - | null('')
| str
| | url_filename | url_filename |
| str
| | threatid | - | null('')
| str
| | severity | - | null('')
| str
| | direction | - | null('')
| str
| | host | - | null('')
| str
| | result | - | null('')
| str
| | path | - | null('')
| str
| | rawMessage | rawMessage |
| str
| | hostchain | hostchain |
| str
| ✓ | tag | tag |
| str
| ✓ |
|