Skip to main content
Skip table of contents

IP Tag Messages

Vendor Documentation

Classification

Rule NameRule TypeClassificationCommon Event
IP Tag MessagesBase RuleInformationGeneral Profile Detection

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

N/A N/AN/AdeviceVendor
N/A N/A N/AdeviceProduct
 N/A N/AN/AVersion
N/A <vmid>Text/StringLogType
 N/A N/AN/ASubType
N/A <severity>NumberdeviceSeverity
ProfileTokenN/A N/A N/A
dtz N/AN/A N/A
rt N/AN/ATime the log was received in Cortex Data Lake. This string contains a timestamp value that is the number of microseconds since the Unix epoch.
deviceExternalId<serialnumber>Text/String/NumberID that uniquely identifies the source of the log. That is, the serial number of the firewall that generated the log.
PanOSCortexDataLakeTenantlD N/AN/AThe ID that uniquely identifies the Cortex Data Lake instance which received this log record.
PanOSIsDuplicateLog N/AN/AIndicates whether this log data is available in multiple locations, such as from Cortex Data Lake as well as from an on-premise log collector.
PanOSIsPrismaNetworksN/A N/AInternal-use field. If set to 1, the log was generated on a cloud-based firewall. If 0, the firewall was running on-premise.
PanOSIsPrismaUsersN/A N/AInternal use field. If set to 1, the log record was generated using a cloud-based GlobalProtect instance. If 0, GlobalProtect was hosted on-premise.
PanOSLogExportedN/A N/AIndicates if this log was exported from the firewall using the firewall's log export function.
PanOSLogForwardedN/A N/AInternal-use field that indicates if the log is being forwarded.
PanOSLogSettingN/A N/ALog forwarding profile name that was applied to the session. This name was defined by the firewall's administrator.
PanOSLogSourceN/A N/AIdentifies the origin of the data. That is, the system that produced the data.
PanOSLogSourceTimeZoneOffsetN/A N/ATime Zone offset from GMT of the source of the log.
PanOSRule N/AN/AName of the security policy rule that the network traffic matched.
PanOSRuleUUIDN/A N/AUnique identifier for the security policy rule that the network traffic matched.
PanOSConfigVersion N/AN/AVersion number of the firewall operating system that wrote this log record.
start N/AN/ATime when the log was generated on the firewall's data plane. This string contains a timestamp value that is the number of microseconds since the Unix epoch.
cs3N/A N/AString representation of the unique identifier for a virtual system on a Palo Alto Networks firewall.
cs3Label N/AN/AN/A 
src<sip>IP AddressOriginal source IP address.
dst<dip>IP AddressOriginal source IP address.
PanOSTagName<subject>Text/StringThe tag mapped to the source IP address.
PanOSEventID<action>Text/StringIdentifies the event.
cnt<quantity>NumberNumber of sessions with same Source IP, Destination IP, Application, and Content/Threat Type seen for the summary interval.
PanOSMappingTimeoutN/A N/ATime interval before the IP-to-tag mapping expires for the source IP address.
PanOSMappingDataSource<object>Text/StringName of the source from which the mapping information was collected.
PanOSMappingDataSourceType<objecttype>Text/StringSource from which mapping information is collected.
PanOSMappingDataSourceSubType N/AN/AMechanism used to identify the IP/User mappings within a data source.
externalId N/AN/AThe log entry identifier, which is incremented sequentially. Each log type has a unique number space.
PanOSDGHierarchyLevel1 N/AN/AA sequence of identification numbers that indicate the device group’s location within a device group hierarchy.
PanOSDGHierarchyLevel2 N/AN/AA sequence of identification numbers that indicate the device group’s location within a device group hierarchy.
PanOSDGHierarchyLevel3 N/AN/AA sequence of identification numbers that indicate the device group’s location within a device group hierarchy.
PanOSDGHierarchyLevel4N/A N/AA sequence of identification numbers that indicate the device group’s location within a device group hierarchy.
PanOSVirtualSystemName N/AN/AThe name of the virtual system associated with the network traffic.
dvchostN/A N/AName of the source of the log. That is, the hostname of the firewall that logged the network traffic.
cn2N/A N/AA unique identifier for a virtual system on a Palo Alto Networks firewall.
cn2LabelN/A N/A N/A
PanOSIPSubnetRange N/AN/AIP subnet range.
PanOSTimeGeneratedHighResolution N/AN/ATime the log was generated in data plane with millisec granularity in format YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.