Skip to main content
Skip table of contents

Cortex IOC Messages

Vendor Documentation

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/logs/cortex-xdr-log-notification-formats/cortex-xdr-ioc-bioc-log-format

Classification

Rule NameRule TypeCommon EventClassification
Cortex IOC MessagesBase RuleOther SecurityGeneral Security

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
HEADER/VendorN/AN/AVendor info.
HEADER/Device ProductN/AN/ADevice product info.
HEADER/Device Version<version>Text/StringDevice version info.
HEADER/Device Event Class ID<vmid>Text/StringN/A
HEADER/name<vendorinfo>Text/StringAction type.
HEADER/Severity<severity>Number
  • Integer/0 - Unknown
  • 6 - Low
  • 8 - Medium
  • 9 - High
endN/AN/ATimestamp.
shost<sname>Text/StringHostname of the machine from where the action was initiated.
suser<login><domainorigin>Text/StringUsername of the user who initiated the action.
deviceFacilityN/AN/AN/A
cat<threatname>Text/StringN/A
externalId<threatid>NumberN/A
request<url>string/NumberN/A
cs1<process>Text/StringN/A
cs1LabelN/AN/AN/A
cs2<command>Text/StringN/A
cs2LabelN/AN/AN/A
cs3N/AN/AN/A
cs3LabelN/AN/AN/A
cs4N/AN/AN/A
cs4LabelN/AN/AN/A
cs5N/AN/AN/A
cs5LabelN/AN/AN/A
cs6N/AN/AN/A
cs6LabelN/AN/AN/A
dst<dip>NumberN/A
dpt<dport>NumberN/A
src<sip>NumberN/A
spt<sport>NumberN/A
app<protname>Text/StringN/A
fileHash<hash>Text/StringN/A
filePath<object>Text/StringN/A
targetprocesssignatureN/AN/AN/A
tenantnameN/AN/AN/A
tenantCDLidN/AN/AN/A
CSPaccountnameN/AN/AN/A
initiatorSha256N/AN/AN/A
initiatorPath<parentprocesspath>Text/StringN/A
cgoSha256N/AN/AN/A
osParentNameN/AN/AN/A
osParentCmdN/AN/AN/A
osParentSha256N/AN/AN/A
osParentSignatureN/AN/AN/A
osParentSignerN/AN/AN/A
incidentN/AN/AN/A
act<action>Text/StringN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close