<span class="pill kill-chain">_time</span>
<span class="pill kill-chain">date_hour</span>
<span class="pill kill-chain">date_mday</span>
<span class="pill kill-chain">date_minute</span>
<span class="pill kill-chain">date_month</span>
<span class="pill kill-chain">date_second</span>
<span class="pill kill-chain">date_wday</span>
<span class="pill kill-chain">date_year</span>
<span class="pill kill-chain">date_zone</span>
<span class="pill kill-chain">host</span>
<span class="pill kill-chain">index</span>
<span class="pill kill-chain">linecount</span>
<span class="pill kill-chain">punct</span>
<span class="pill kill-chain">source</span>
<span class="pill kill-chain">sourcetype</span>
<span class="pill kill-chain">splunk_server</span>
<span class="pill kill-chain">timeendpos</span>
<span class="pill kill-chain">timestartpos</span>
</div>
Data Source: Palo Alto Network Traffic
Description
Data source object for Palo Alto Network Traffic
Details
| Property | Value |
|---|---|
| Source | screenconnect_palo_traffic |
| Sourcetype | pan:traffic |
Supported Apps
- Palo Alto Networks Add-on (version 8.1.3)
Event Fields
Fields
Example Log
1577 <14>1 2024-02-22T12:33:50-05:00 PALO220.ATTACK_RANGE.LAN - - - - 1,2024/02/22 12:33:50,012801036556,TRAFFIC,end,2305,2024/02/22 12:33:50,192.168.1.205,147.28.146.44,201.17.96.104,147.28.146.44,No_Vuln_Filtering_OUT,,,screenconnect,vsys1,Trust,Untrust,ethernet1/2,ethernet1/1,splunk_range,2024/02/22 12:33:50,14740,1,50624,443,11024,443,0x40005e,tcp,allow,7419,6609,810,25,2024/02/22 12:32:29,65,any,0,376156893,0x0,192.168.0.0-192.168.255.255,United States,0,14,11,tcp-fin,0,0,0,0,,PALO220,from-policy,,,0,,0,,N/A,0,0,0,0,0862e58b-4a54-436b-b3ac-ea3eccf8403b,0,0,,,,,,,
Source: GitHub | Version: 1