Skip to main content
Skip table of contents

Cortex BIOC Messages

Vendor Documentation

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/logs/cortex-xdr-log-notification-formats/cortex-xdr-ioc-bioc-log-format

Classification

Rule Name

Rule Type

Common Event

Classification

Cortex BIOC MessagesBase RuleGeneral SecurityOther Security

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

HEADER/VendorN/AN/AVendor info
HEADER/Device ProductN/AN/ADevice Product info
HEADER/Device Version<version>Text/StringDevice Version info
HEADER/Device Event Class ID<vmid>Text/StringN/A
HEADER/name<vendorinfo>Text/StringAction type
HEADER/Severity<severity>Text/Stringinteger/0 - Unknown, 6 - Low, 8 - Medium, 9 - High
endN/AN/ATimestamp
shost<sname>Text/StringHostname of the machine from where the action was initiated.
suser<login>, <domainorigin>Text/StringUsername of the user who initiated the action.
deviceFacilityN/AN/AN/A
cat<threatname>Text/StringN/A
externalId<threatid>NumberN/A
request<url>

Text/String/Number

N/A
cs1<process>Text/StringN/A
cs1LabelN/AN/AN/A
cs2N/AN/AN/A
cs2LabelN/AN/AN/A
cs3N/AN/AN/A
cs3LabelN/AN/AN/A
cs4N/AN/AN/A
cs4LabelN/AN/AN/A
cs5<command>Text/StringN/A
cs5LabelN/A N/A N/A
cs6N/AN/AN/A
cs6LabelN/AN/AN/A
fileHash<hash>Text/String/NumberN/A
filePath<object>Text/StringN/A
targetprocesssignatureN/A N/A N/A
tenantnameN/A N/A N/A
tenantCDLidN/A N/A N/A
CSPaccountnameN/A N/A N/A
initiatorSha256N/A N/A N/A
initiatorPath<parentprocesspath>Text/StringN/A
cgoSha256N/A N/A N/A
osParentNameN/A N/A N/A
osParentCmdN/AN/AN/A
osParentSha256N/AN/AN/A
osParentSignatureN/AN/AN/A
osParentSignerN/AN/AN/A
incidentN/AN/AN/A
act<action>Text/StringN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close