<span class="pill kill-chain">_time</span>
<span class="pill kill-chain">date_hour</span>
<span class="pill kill-chain">date_mday</span>
<span class="pill kill-chain">date_minute</span>
<span class="pill kill-chain">date_month</span>
<span class="pill kill-chain">date_second</span>
<span class="pill kill-chain">date_wday</span>
<span class="pill kill-chain">date_year</span>
<span class="pill kill-chain">date_zone</span>
<span class="pill kill-chain">host</span>
<span class="pill kill-chain">index</span>
<span class="pill kill-chain">linecount</span>
<span class="pill kill-chain">punct</span>
<span class="pill kill-chain">source</span>
<span class="pill kill-chain">sourcetype</span>
<span class="pill kill-chain">splunk_server</span>
<span class="pill kill-chain">timeendpos</span>
<span class="pill kill-chain">timestartpos</span>
</div>
Data Source: Palo Alto Network Threat
Description
Data source object for Palo Alto Network Threat
Details
| Property | Value |
|---|---|
| Source | pan:threat |
| Sourcetype | pan:threat |
Supported Apps
- Palo Alto Networks Add-on (version 8.1.3)
Event Fields
Fields
Example Log
1May 10 11:08:39 sjc.example.com 1,2022/05/10 11:08:38,013201004583,THREAT,url,2305,2022/05/10 11:08:38,2.18.4.7,1.2.3.4,2.18.4.7,1.2.3.4,service-globalprotect,,,web-browsing,vsys1,UNTRUST,UNTRUST,ethernet1/20,loopback.1,Zero,2022/05/10 11:08:38,1535535,1,32880,443,32880,20077,0x1403000,tcp,allow,"sr.example.com/mgmt/tm/util/bash",(9999),allow-URL,informational,client-to-server,7081856864553612091,0xa000000000000000,United States,United States,0,,0,,,1,"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36",,,,,,,0,177,204,178,382,,sjc1-fw-01,,,,post,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,," allow-URL,computer-and-internet-info,low-risk",5283cb95-6902-41db-96c6-ef807361eba5,0,
Source: GitHub | Version: 1