sase.paloalto
- Juan Tomás Alonso Nieto (Deactivated)
Introduction
Tags beginning with sase.paloalto identify events generated by Paloalto.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as saso.paloalto. The third level identifies the type of events sent, and the fourth level indicates the event subtype.Â
Technology | Brand | Type | Subtype |
|---|---|---|---|
saso | paloalto |
|
|
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|---|
sase.paloalto.prisma_access.threat | sase.paloalto.prisma_access.threat |
sase.paloalto.prisma_cloud.audit | sase.paloalto.prisma_cloud.audit |
sase.paloalto.prisma_cloud.cwp | sase.paloalto.prisma_cloud.cwp |
sase.paloalto.prisma_saas.activity_monitoring | sase.paloalto.prisma_saas.activity_monitoring |
sase.paloalto.prisma_saas.admin_audit | sase.paloalto.prisma_saas.admin_audit |
sase.paloalto.prisma_saas.incident | sase.paloalto.prisma_saas.incident |
sase.paloalto.prisma_saas.invalid | sase.paloalto.prisma_saas.invalid |
sase.paloalto.prisma_saas.other | sase.paloalto.prisma_saas.other |
sase.paloalto.prisma_saas.policy_violation | sase.paloalto.prisma_saas.policy_violation |
sase.paloalto.prisma_saas.remediation | sase.paloalto.prisma_saas.remediation |