Mengumpulkan log firewall Palo Alto Networks
Ringkasan
Dokumen ini menjelaskan cara mengonfigurasi syslog dan forwarder Chronicle untuk mengumpulkan log firewall Palo Alto Networks. Dokumen ini juga menjelaskan cara kolom log firewall Palo Alto Networks dipetakan ke kolom Chronicle Unified Data Model (UDM).
Untuk mengetahui ringkasan tentang penyerapan data Chronicle, lihat Penyerapan data ke Chronicle.
Label penyerapan mengidentifikasi parser yang menormalisasi data log mentah ke format UDM terstruktur. Informasi dalam dokumen ini berlaku untuk parser dengan label proses transfer PAN_FIREWALL.
Sebelum memulai
Untuk memahami komponen yang di-deploy untuk mengumpulkan log firewall Palo Alto Networks, tinjau arsitektur deployment. Setiap deployment pelanggan mungkin berbeda dari representasi ini dan mungkin lebih kompleks.
Diagram berikut menunjukkan cara mengonfigurasi syslog di firewall Palo Alto Networks dan menginstal forwarder Chronicle di server Linux untuk meneruskan data log ke Chronicle. Parser mendukung log yang ditulis dalam format data berikut: Nilai yang Dipisahkan Koma (CSV), Format Peristiwa Umum (CEF), dan Format Perpanjangan Peristiwa Log (LEEF).
Verifikasi format log dan versi PAN-OS yang didukung parser Chronicle. Tabel berikut mencantumkan format log dan versi PAN-OS yang sesuai yang didukung parser Chronicle:
Format log Versi PAN-OS CSV 10.1.3 CEF (CEF) 10.0.0 LEEF 9.1.0 Verifikasi jenis log firewall Palo Alto Networks yang didukung parser Chronicle. Parser Chronicle mendukung jenis log firewall Palo Alto Networks berikut:
- Traffic
- Ancaman
- Pengiriman WildFire
- Pemeriksaan terowongan
- Konfigurasi
- Image
- Kecocokan HIP
- Tag IP
- User-ID
- Dekripsi
- Authentication
- Pemfilteran URL
- Pemfilteran data
- GlobalProtect
- Korelasi
Untuk mengetahui informasi selengkapnya tentang jenis log firewall Palo Alto Networks, lihat jenis log PAN-OS.
Pastikan semua sistem dalam arsitektur deployment dikonfigurasi dalam zona waktu UTC.
Sebelum menggunakan parser Gold firewall Palo Alto Networks, tinjau perubahan pemetaan kolom antara parser default dan parser Gold yang tercantum dalam dokumen ini. Sebagai bagian dari migrasi, pastikan aturan, penelusuran, dasbor, atau proses lain yang bergantung pada kolom asli menggunakan kolom yang diperbarui.
Misalnya, dalam parser default, kolom log "category" dipetakan ke kolom UDM "security_result.description". Di parser Gold firewall PAN, kolom log "category" dipetakan ke kolom UDM "security_result.category_details". Jika bermigrasi ke Gold parser firewall PAN dan menggunakan "category" dalam aturan, Anda harus mengubah aturan agar menggunakan kolom UDM "security_result.category_details" dari parser Gold.
Mengonfigurasi syslog dan forwarder Chronicle
Untuk mengonfigurasi syslog dan forwarder Chronicle, selesaikan langkah-langkah berikut:
Untuk memantau log CSV, konfigurasikan profil server syslog. Untuk mengetahui informasi selengkapnya, lihat Mengonfigurasi profil server syslog.
Ketika mengonfigurasi profil server syslog, tentukan "Default" sebagai format log kustom.
Untuk memantau log CEF, konfigurasikan firewall Palo Alto Networks untuk meneruskan log CEF. Untuk mengetahui informasi selengkapnya, download PDF panduan Integrasi CEF PAN-OS dan lihat bagian "Konfigurasi Palo Alto Networks NGFW untuk menghasilkan peristiwa CEF".
Untuk memantau log LEEF, konfigurasikan profil server syslog. Untuk mengetahui informasi selengkapnya, lihat Penerusan log kustom dalam format LEEF.
Konfigurasikan penerusan Chronicle untuk mengirim log ke Chronicle. Untuk informasi selengkapnya, lihat Menginstal dan mengonfigurasi forwarder di Linux. Berikut adalah contoh konfigurasi penerusan Chronicle:
- syslog: common: enabled: true data_type: PAN_FIREWALL batch_n_seconds: 10 batch_n_bytes: 1048576 tcp_address: 0.0.0.0:10518 connection_timeout_sec: 60
Referensi pemetaan kolom: kolom log firewall PAN ke kolom UDM
Bagian ini menjelaskan cara parser memetakan kolom log firewall Palo Alto Networks ke kolom peristiwa UDM Chronicle untuk setiap jenis log.
Kunci label Chronicle mengacu pada nama kunci yang dipetakan ke kolom UDM Labels.key. Misalnya, untuk kolom "Virtual System", nama kolomnya adalah "cs3" dalam format CEF dan "VirtualSystem" dalam format LEEF. Kolom UDM "about.labels.key" berisi nilai "vsys" dan kolom UDM "about.labels.value" berisi nilai kolom tersebut.
Beberapa nama kolom CEF atau LEEF tidak memiliki nama yang sesuai dengan nama kolom CSV. Dalam kasus tersebut, jika Anda menambahkan nama variabel sendiri dalam format log kustom di profil syslog, parser tidak akan memetakannya ke kolom UDM.
Lihat bagian berikut untuk referensi pemetaan setiap jenis log:
- Sistem
- Konfigurasi
- Ancaman/kebakaran hutan
- Traffic
- ID Pengguna
- Kecocokan HIP
- Tag IP
- Dekripsi
- Terowongan
- Authentication
- URL
- Data
- GlobalProtect
- Korelasi
Image
Tabel berikut mencantumkan kolom log dari jenis log sistem dan kolom UDM yang sesuai.
| Kolom CSV | Kolom CEF | Kolom LEEF | Kunci label Chronicle | Kolom UDM |
|---|---|---|---|---|
| Waktu Penerimaan (accept_time atau cef-formatted-receive_time) | rt | devTime | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
|
| Nomor Seri (serial) | deviceExternalId | SerialNumber | intermediary.asset.hardware.serial_number | |
| Jenis (jenis) | jenis (Tajuk) | cat | metadata.product_event_type ditetapkan ke "%{type} - %{subtype}". | |
| Ancaman/Jenis Konten (subjenis) | subjenis (Header) | Subjenis | metadata.product_event_type ditetapkan ke "%{type} - %{subtype}". | |
| Waktu yang Dihasilkan (time_generated atau cef-formatted-time_generated) | metadata.event_timestamp | |||
| Sistem Virtual (vsys) | cs3 | VirtualSystem | {i>vsys<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| ID Peristiwa (eventid) | cat | eventid | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Objek (objek) | fname | Nama file | objek | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Modul (modul) | flexString2 | Modul | modul | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Keparahan (keparahan) | $number-of-severity(header) | Keseriusan | security_result.severity dan security_result.severity_details | |
| Deskripsi (buram) | msg | msg | metadata.description | |
| principal_user_userid (Kolom ini diekstrak dari kolom msg) | principal.user.userid | |||
| principal_ip3 (Kolom ini diekstrak dari kolom msg) | principal.ip | |||
| Alasan (Kolom ini diekstrak dari kolom pesan) | security_result.description | |||
| server_address (Kolom ini diekstrak dari kolom msg.) | target.ip | |||
| server_profile (Kolom ini diekstrak dari kolom msg.) | {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} | |||
| Nomor Urut (seqno) | externalId | urutan | metadata.product_log_id | |
| Tanda Tindakan (actionflag) | PanOSActionFlags | ActionFlags | actionflag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_1 hingga dg_hier_level_4) | PanOSDGl1 | DeviceGroupHierarchyL1 | dg_hier_level_1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_2) | PanOSDGl2 | DeviceGroupHierarchyL2 | dg_hier_level_2 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_3) | PanOSDGl3 | DeviceGroupHierarchyL3 | dg_hier_level_3 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_4) | PanOSDGl4 | DeviceGroupHierarchyL4 | dg_hier_level_4 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nama Sistem Virtual (vsys_name) | PanOSVsysName | vSrcName | principal.resource.name
principal.resource.resource_type=VIRTUAL_MACHINE |
|
| Nama Perangkat (device_name) | dvchost | DeviceName | intermediary.hostname | |
| Stempel Waktu Resolusi Tinggi (high_res_timestamp) | anOSTimeGeneratedHighResolution | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
Konfigurasi
Tabel berikut mencantumkan kolom log dari jenis log konfigurasi dan kolom UDM yang sesuai.
| Kolom CSV | Kolom CEF | Kolom LEEF | Kunci label Chronicle | Kolom UDM |
|---|---|---|---|---|
| Waktu Penerimaan (accept_time atau cef-formatted-receive_time) | rt | devTime | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
|
| Nomor Seri (serial) | deviceExternalId | SerialNumber | intermediary.asset.hardware.serial_number | |
| Jenis (jenis) | jenis (Tajuk) | cat | metadata.product_event_type | |
| Ancaman/Jenis Konten (subjenis) | subjenis (Header) | metadata.product_event_type | ||
| Waktu yang Dihasilkan (time_generated atau cef-formatted-time_generated) | metadata.event_timestamp | |||
| Host (host) | hantu | src | principal.ip/hostname | |
| Sistem Virtual (vsys) | cs3 | VirtualSystem | {i>vsys<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Perintah (cmd) | act | msg | cmd | metadata.description |
| Admin (admin) | Duser | usrName | principal.user.userid | |
| Klien (klien) | destinationServiceName | klien | principal.application | |
| Hasil (hasil) | ID Tanda Tangan (Header)(alasan) | Hasil | security_result.summary | |
| Jalur Konfigurasi (jalur) | msg | ConfigurationPath | principal.process.command_line | |
| Detail Sebelum Perubahan (before_change_detail) | cs1 | BeforeChangeDetail | before_change_detail | target.resource.attribute.labels.key/value |
| Detail Setelah Perubahan (after_change_detail) | cs2 | AfterChangeDetail | after_change_detail | target.resource.attribute.labels.key/value |
| Nomor Urut (seqno) | externalId | urutan | metadata.product_log_id | |
| Tanda Tindakan (actionflag) | PanOSActionFlags | ActionFlags | actionflag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_1 hingga dg_hier_level_4) | PanOSDGl1 | DeviceGroupHierarchyL1 | dg_hier_level_1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_2) | PanOSDGl2 | DeviceGroupHierarchyL2 | dg_hier_level_2 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_3) | PanOSDGl3 | DeviceGroupHierarchyL3 | dg_hier_level_3 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_4) | PanOSDGl4 | DeviceGroupHierarchyL4 | dg_hier_level_4 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nama Sistem Virtual (vsys_name) | PanOSVsysName | vSrcName | principal.resource.name
principal.resource.resource_type=VIRTUAL_MACHINE |
|
| Nama Perangkat (device_name) | dvchost | DeviceName | intermediary.hostname | |
| Grup Perangkat (dg_id) | PanOSFWDeviceGroup | dg_id | principal.asset.attribute.labels.key/value | |
| Audit Komentar (komentar) | PanOSPolicyAuditComment | komentar | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
Ancaman/WildFire
Tabel berikut mencantumkan kolom log jenis log Threat/WildFire dan kolom UDM yang sesuai.
| Kolom CSV | Kolom CEF | Kolom LEEF | Kunci label Chronicle | Kolom UDM |
|---|---|---|---|---|
| Waktu Penerimaan (accept_time atau cef-formatted-receive_time) | rt | devTime | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
|
| Nomor Seri (nomor seri) | deviceExternalId | SerialNumber | intermediary.asset.hardware.serial_number | |
| Jenis (jenis) | jenis (Tajuk) | cat | metadata.product_event_type | |
| Ancaman/Jenis Konten (subjenis) | cat/subjenis (Header) | Subjenis | metadata.product_event_type | |
| Waktu Pembuatan (time_generated atau cef-formatted-time_generated) | metadata.event_timestamp | |||
| Alamat sumber (src) | src | src | principal.ip | |
| Alamat tujuan (dst) | dst | dst | target.ip | |
| IP Sumber NAT (natsrc) | sourceTranslatedAddress | srcPostNAT | principal.nat_ip | |
| IP Tujuan NAT (natdst) | destinationTranslatedAddress | dstPostNAT | target.nat_ip | |
| Nama Aturan (aturan) | cs1 | RuleName | security_result.rule_name | |
| Pengguna Sumber (srcuser) | suser | SourceUser / usrName | principal.user.userid | |
| Pengguna Tujuan (dstuser) | Duser | DestinationUser | target.user.userid | |
| Aplikasi (aplikasi) | aplikasi | Aplikasi | target.application | |
| Sistem Virtual (vsys) | cs3 | VirtualSystem | {i>vsys<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Zona Sumber (dari) | cs4 | SourceZone | dari | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Zona Tujuan (ke) | cs5 | DestinationZone | pada | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Antarmuka Masuk (inbound_if) | deviceInboundInterface | IngressInterface | inbound_if | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Antarmuka Keluar (outbound_if) | deviceOutboundInterface | EgressInterface | outbound_if | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Tindakan Log (set log) | cs6 | LogForwardingProfile | kumpulan log | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| ID sesi (sessionid) | cn1 | SessionID | network.session_id | |
| Ulangi Hitung (repeatcnt) | cnt | RepeatCount | {i>repeatcnt<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Port Sumber (olahraga) | spt | srcPort | principal.port | |
| Port Tujuan (dport) | dpt | dstPort | target.port | |
| Port Sumber NAT (natsport) | sourceTranslatedPort | srcPostNATPort | principal.nat_port | |
| Port Tujuan NAT (natdport) | destinationTranslatedPort | dstPostNATPort | target.nat_port | |
| Bendera (bendera) | flexString1 | Flag | flag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Protokol IP (proto) | proto | proto | network.ip_protocol | |
| Tindakan (tindakan) | act | action | security_result.action_details
security_result.action |
|
| URL/Nama file (misc) | permintaan | Lain-lain | target.file.full_path (jika subjenis adalah 'file', 'virus', 'wildfire-virus', atau 'wildfire' maka kolom `misc` akan dipetakan ke target.file.full_path) target.url (jika subjenis adalah 'url', kolom `misc` akan dipetakan ke target.url dan target.nama host) target.nama host (jika subjenis adalah 'spyware' atau 'kerentanan', maka kolom `misc` akan dipetakan ke target.file.full_path dan target.url) |
|
| Ancaman/Nama Konten (ancaman) | cat | ThreatID | security_result.threat_name | |
| Kategori (kategori) | cs2 | URLCategory | security_result.category_details | |
| Keparahan (keparahan) | jumlah-keseriusan(header) | Keseriusan | security_result.severity dan security_result.severity_details | |
| Arah (arah) | flexString2 | Arah | network.direction | |
| Nomor Urut (seqno) | externalId | urutan | metadata.product_log_id | |
| Tanda Tindakan (actionflag) | PanOSActionFlags | ActionFlags | actionflag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Negara Sumber (srcloc) | SourceLocation | principal.location.country_or_region | ||
| Negara Tujuan (dstloc) | DestinationLocation | target.location.country_or_region | ||
| Jenis Konten (jenis konten) | ContentType | jenis konten | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| ID PCAP (pcap_id) | fileId | PCAP_ID | pcap_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Intisari File (filedigest) | fileHash | FileDigest | about.file.sha1/md5/sha256 | |
| {i>Cloud<i} (cloud) | filePath | Cloud | cloud | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Indeks URL (url_idx) | URLIndex | url_idx | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Agen Pengguna (user_agent) | network.http.user_agent | |||
| Jenis File (jenis file) | fileType | FileType | about.file.mime_type | |
| X-Forwarded-For (xff) | principal.ip | |||
| Perujuk (perujuk) | network.http.referral_url | |||
| Pengirim (pengirim) | Suid | Pengirim | network.email.from | |
| Subjek (subjek) | msg | Subjek | network.email.subject | |
| Penerima (penerima) | duid | Penerima | network.email.to | |
| ID Laporan (reportid) | oldFileId | ReportID | id laporan | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_1 hingga dg_hier_level_4) | PanOSDGl1 | DeviceGroupHierarchyL1 | dg_hier_level_1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_2) | PanOSDGl2 | DeviceGroupHierarchyL2 | dg_hier_level_2 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_3) | PanOSDGl3 | DeviceGroupHierarchyL3 | dg_hier_level_3 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_4) | PanOSDGl4 | DeviceGroupHierarchyL4 | dg_hier_level_4 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nama Sistem Virtual (vsys_name) | PanOSVsysName | vSrcName | principal.resource.name
principal.resource.resource_type=VIRTUAL_MACHINE |
|
| Nama Perangkat (device_name) | dvchost | DeviceName | intermediary.hostname | |
| UUID VM Sumber (src_uuid) | PanOSSrcUUID | SrcUUID | principal.user.product_object_id | |
| UUID VM tujuan (dst_uuid) | PanOSDstUUID | DstUUID | target.user.product_object_id | |
| Metode HTTP (http_method) | RequestMethod | network.http.method | ||
| ID Tunnel/IMSI (tunnel_id/imsi) | PanOSTunnelID | TunnelID | tunnel_id/imsi | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Tag Monitor/IMEI (monitortag/imei) | PanOSMonitorTag | MonitorTag | monitortag/imei | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| ID Sesi Induk (parent_session_id) | PanOSParentSessionID | ParentSessionID | parent_session_id | network.parent_session_id |
| Waktu Mulai Sesi Orang Tua (parent_start_time) | PanOSParentStartTime | ParentStartTime | parent_start_time | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Jenis Terowongan (terowongan) | PanOSTunnelType | TunnelType | tunnel | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Kategori Ancaman (thr_category) | PanOSThreatCategory | ThreatCategory | thr_category | security_result.detection_fields.key/value |
| Versi Konten (contentver) | PanOSContentVer | ContentVer | kontenver | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| ID Asosiasi SCTP (assoc_id) | PanOSAssocID | assoc_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| ID Protokol Payload (ppid) | PanOSPPID | ppid | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Header HTTP (http_headers) | PanOSHTTPHeader | http_headers | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Daftar Kategori URL (url_category_list) | PanOSURLCatList | url_category_list | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| UUID aturan (rule_uuid) | PanOSRuleUUID | security_result.rule_id | ||
| Koneksi HTTP/2 (http2_connection) | PanOSHTTP2Con | http2_connection | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nama Grup Pengguna Dinamis (dynusergroup_name) | PanDynamicUsrgrp | dynusergroup_name | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Alamat XFF (xff_ip) | PanXFFIP | principal.ip | ||
| Kategori Perangkat Sumber (src_category) | PanSrcDeviceCat | src_category | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Profil Perangkat Sumber (src_profile) | PanSrcDeviceProf | src_profile | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Model Perangkat Sumber (src_model) | PanSrcDeviceModel | src_model | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Vendor Perangkat Sumber (src_vendor) | PanSrcDeviceVendor | src_vendor | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Rangkaian OS Perangkat Sumber (src_osfamily) | PanSrcDeviceOS | src_osfamily | principal.asset.platform_software.platform principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Versi OS Perangkat Sumber (src_osversion) | PanSrcDeviceOSv | principal.asset.software.version | ||
| Nama Host Sumber (src_host) | PanSrcHostname | principal.hostname | ||
| Alamat MAC Sumber (src_mac) | PanSrcMac | principal.mac | ||
| Kategori Perangkat Tujuan (dst_category) | PanDstDeviceCat | dst_category | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Profil Perangkat Tujuan (dst_profile) | PanDstDeviceProf | dst_profile | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Model Perangkat Tujuan (dst_model) | PanDstDeviceModel | dst_model | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Vendor Perangkat Tujuan (dst_vendor) | PanDstDeviceVendor | dst_vendor | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Rangkaian OS Perangkat Tujuan (dst_osfamily) | PanDstDeviceOS | dst_osfamily | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Versi OS Perangkat Tujuan (dst_osversion) | PanDstDeviceOSv | target.asset.software.version | ||
| Nama Host Tujuan (dst_host) | PanDstHostname | target.hostname | ||
| Alamat MAC Tujuan (dst_mac) | PanDstMac | target.mac | ||
| ID penampung (container_id) | PanContainerName | container_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Namespace POD (pod_namespace) | PanPODNamespace | pod_namespace | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nama POD (pod_name) | PanPODName | pod_name | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Daftar Dinamis Eksternal Sumber (src_edl) | PanSrcEDL | src_edl | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Daftar Dinamis Eksternal Tujuan (dst_edl) | PanDstEDL | dst_edl | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| ID Host (hostid) | PanGPHostID | id host | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nomor Seri Perangkat Pengguna (nomor seri) | PanEPSerial | principal.asset.hardware.serial_number | ||
| EDL Domain (domain_edl) | PanDomainEDL | domain_edl | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Grup Alamat Dinamis Sumber (src_dag) | PanSrcDAG | principal.group.group_display_name | ||
| Grup Alamat Dinamis Tujuan (dst_dag) | PanDstDAG | target.group.group_display_name | ||
| {i>Hash <i}Sebagian (sebagian_hash) | PanPartialHash | partial_hash | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Stempel Waktu Resolusi Tinggi (stempel waktu high_res) | PanTimeHighRes | stempel waktu resolusi tinggi | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
|
| Alasan (alasan) | PanReasonFilteringAction | alasan | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Justifikasi (pembenaran) | PanJustification | justifikasi | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Jenis Layanan Slice (nssai_sst) | PanASServiceType | nssai_sst | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Subkategori Aplikasi (subcategory_of_app) | subcategory_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Kategori Aplikasi (category_of_app) | category_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Teknologi Aplikasi (technology_of_app) | technology_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Risiko Aplikasi (risk_of_app) | risk_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Karakteristik Aplikasi (characteristic_of_app) | characteristic_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Penampung Aplikasi (container_of_app) | container_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| SaaS Aplikasi (is_saas_of_app) | is_saas_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Status Sanksi Aplikasi (sanctioned_state_of_app) | sanctioned_state_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
Traffic
Tabel berikut mencantumkan kolom log jenis log traffic dan kolom UDM yang sesuai.
| Kolom CSV | Kolom CEF | Kolom LEEF | Kunci label Chronicle | Kolom UDM |
|---|---|---|---|---|
| Waktu Penerimaan (accept_time atau cef-formatted-receive_time) | rt | devTime | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
|
| Nomor Seri (serial) | deviceExternalId | SerialNumber | intermediary.asset.hardware.serial_number | |
| Jenis (jenis) | jenis (Tajuk) | kucing/Jenis | metadata.product_event_type | |
| Ancaman/Jenis Konten (subjenis) | subjenis (Header) | Subjenis | metadata.product_event_type | |
| Waktu yang Dihasilkan (time_generated atau cef-formatted-time_generated) | mulai | metadata.event_timestamp | ||
| Alamat Sumber (src) | src | src | principal.ip | |
| Alamat Tujuan (dst) | dst | dst | target.ip | |
| IP Sumber NAT (natsrc) | sourceTranslatedAddress | srcPostNAT | principal.nat_ip | |
| IP Tujuan NAT (natdst) | destinationTranslatedAddress | dstPostNAT | target.nat_ip | |
| Nama Aturan (aturan) | cs1 | RuleName | security_result.rule_name | |
| Pengguna Sumber (srcuser) | suser | SourceUser | principal.user.userid | |
| Pengguna Tujuan (dstuser) | Duser | DestinationUser | target.user.userid | |
| Aplikasi (aplikasi) | aplikasi | Aplikasi | target.application | |
| Sistem Virtual (vsys) | cs3 | VirtualSystem | {i>vsys<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Zona Sumber (dari) | cs4 | SourceZone | dari | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Zona Tujuan (ke) | cs5 | DestinationZone | pada | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Antarmuka Masuk (inbound_if) | deviceInboundInterface | IngressInterface | inbound_if | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Antarmuka Keluar (outbound_if) | deviceOutboundInterface | EgressInterface | outbound_if | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Tindakan Log (set log) | cs6 | LogForwardingProfile | kumpulan log | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| ID sesi (sessionid) | cn1 | SessionID | network.session_id | |
| Ulangi Hitung (repeatcnt) | cnt | RepeatCount | {i>repeatcnt<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Port Sumber (olahraga) | spt | srcPort | principal.port | |
| Port Tujuan (dport) | dpt | dstPort | target.port | |
| Port Sumber NAT (natsport) | sourceTranslatedPort | srcPostNATPort | principal.nat_port | |
| Port Tujuan NAT (natdport) | destinationTranslatedPort | dstPostNATPort | target.nat_port | |
| Bendera (bendera) | flexString1 | Flag | flag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Protokol IP (proto) | proto | proto | network.ip_protocol | |
| Tindakan (tindakan) | act | action | security_result.action_details
security_result.action |
|
| Byte (byte) | flexNumber1 | totalBytes | byte | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Byte Terkirim (byte_sent) | in | srcBytes | network.sent_bytes | |
| Byte Diterima (bytes_acceptd) | keluar | dstBytes | network.received_bytes | |
| Paket (paket) | cn2 | totalPackets | paket | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Waktu Mulai (mulai) | StartTime | mulai | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Waktu Berlalu (berlalu) | cn3 | ElapsedTime | berlalu | network.session_duration.seconds |
| Kategori (kategori) | cs2 | URLCategory | security_result.category / security_result.category_details | |
| Nomor Urut (seqno) | externalId | urutan | metadata.product_log_id | |
| Tanda Tindakan (actionflag) | PanOSActionFlags | ActionFlags | actionflag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Negara Sumber (srcloc) | SourceLocation | principal.location.country_or_region | ||
| Negara Tujuan (dstloc) | DestinationLocation | target.location.country_or_region | ||
| Paket Terkirim (pkts_sent) | PanOSPacketsSent | srcPackets | pkts_sent | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Paket Diterima (pkts_acceptd) | PanOSPacketsReceived | dstPackets | pkts_received | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Alasan Berakhirnya Sesi (session_end_reason) | alasan | SessionEndReason | security_result.summary | |
| Hierarki Grup Perangkat (dg_hier_level_1 hingga dg_hier_level_4) | PanOSDGl1 | DeviceGroupHierarchyL1 | dg_hier_level_1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_2) | PanOSDGl2 | DeviceGroupHierarchyL2 | dg_hier_level_2 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat 3 (dg_hier_level_3) | PanOSDGl3 | DeviceGroupHierarchyL3 | dg_hier_level_3 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_4) | PanOSDGl4 | DeviceGroupHierarchyL4 | dg_hier_level_4 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nama Sistem Virtual (vsys_name) | PanOSVsysName | vSrcName | principal.resource.name
principal.resource.resource_type=VIRTUAL_MACHINE |
|
| Nama Perangkat (device_name) | dvchost | DeviceName | intermediary.hostname | |
| Sumber Tindakan (action_source) | cat | ActionSource | action_source | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| UUID VM Sumber (src_uuid) | PanOSSrcUUID | SrcUUID | principal.asset.product_object_id | |
| UUID VM tujuan (dst_uuid) | PanOSDstUUID | DstUUID | target.asset.product_object_id | |
| ID Tunnel/IMSI (tunnelid/imsi) | PanOSTunnelID | TunnelID | tunnelid/imsi | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Tag Monitor/IMEI (monitortag/imei) | PanOSMonitorTag | MonitorTag | monitortag/imei | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| ID Sesi Induk (parent_session_id) | PanOSParentSessionID | ParentSessionID | parent_session_id | network.parent_session_id |
| Waktu Mulai Orang Tua (parent_start_time) | PanOSParentStartTime | ParentStartTime | parent_start_time | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Jenis Terowongan (terowongan) | PanOSTunnelType | TunnelType | tunnel | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| ID Asosiasi SCTP (assoc_id) | PanOSSCTPAssocID | assoc_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Potongan SCTP (bagian) | PanOSSCTPChunks | potongan | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Potongan SCTP Terkirim (potongan_terkirim) | PanOSSCTPChunkSent | chunks_sent | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Potongan SCTP Diterima (potongan_menerima) | PanOSSCTPChunksRcv | chunks_received | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| UUID aturan (rule_uuid) | PanOSRuleUUID | security_result.rule_id | ||
| Koneksi HTTP/2 (http2_connection) | PanOSHTTP2Con | http2_connection | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Jumlah Flap Aplikasi (link_change_count) | PanLinkChange | link_change_count | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| ID Kebijakan (policy_id) | PanPolicyID | policy_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Sakelar Tautan (link_switches) | PanLinkDetail | link_switches | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Cluster SD-WAN (sdwan_cluster) | PanSDWANCluster | sdwan_cluster | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Jenis Perangkat SD-WAN (sdwan_device_type) | PanSDWANDevice | sdwan_device_type | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Jenis Cluster SD-WAN (sdwan_cluster_type) | PanSDWANClustype | sdwan_cluster_type | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Situs SD-WAN (sdwan_site) | PanSDWANSite | sdwan_site | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nama Grup Pengguna Dinamis (dynusergroup_name) | PanDynamicUsrgrp | dynusergroup_name | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Alamat XFF (xff_ip) | PanXFFIP | principal.ip | ||
| Kategori Perangkat Sumber (src_category) | PanSrcDeviceCat | src_category | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Profil Perangkat Sumber (src_profile) | PanSrcDeviceProf | src_profile | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Model Perangkat Sumber (src_model) | PanSrcDeviceModel | src_model | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Vendor Perangkat Sumber (src_vendor) | PanSrcDeviceVendor | src_vendor | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Rangkaian OS Perangkat Sumber (src_osfamily) | PanSrcDeviceOS | principal.asset.platform_software.platform principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Versi OS Perangkat Sumber (src_osversion) | PanSrcDeviceOSv | principal.asset.software.version | ||
| Nama Host Sumber (src_host) | PanSrcHostname | principal.hostname | ||
| Alamat MAC Sumber (src_mac) | PanSrcMac | principal.mac | ||
| Kategori Perangkat Tujuan (dst_category) | PanDstDeviceCat | dst_category | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Profil Perangkat Tujuan (dst_profile) | PanDstDeviceProf | dst_profile | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Model Perangkat Tujuan (dst_model) | PanDstDeviceModel | dst_model | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Vendor Perangkat Tujuan (dst_vendor) | PanDstDeviceVendor | dst_vendor | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Rangkaian OS Perangkat Tujuan (dst_osfamily) | PanDstDeviceOS | dst_osfamily | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Versi OS Perangkat Tujuan (dst_osversion) | PanDstDeviceOSv | target.asset.software.version | ||
| Nama Host Tujuan (dst_host) | PanDstHostname | target.hostname | ||
| Alamat MAC Tujuan (dst_mac) | PanDstMac | target.mac | ||
| ID penampung (container_id) | PanContainerName | container_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Namespace POD (pod_namespace) | PanPODNamespace | pod_namespace | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nama POD (pod_name) | PanPODName | pod_name | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Daftar Dinamis Eksternal Sumber (src_edl) | PanSrcEDL | src_edl | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Daftar Dinamis Eksternal Tujuan (dst_edl) | PanDstEDL | dst_edl | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| ID Host (hostid) | PanGPHostID | id host | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nomor Seri Perangkat Pengguna (nomor seri) | PanEPSerial | principal.asset.hardware.serial_number | ||
| Grup Alamat Dinamis Sumber (src_dag) | PanSrcDAG | principal.group.group_display_name | ||
| Grup Alamat Dinamis Tujuan (dst_dag) | PanDstDAG | target.group.group_display_name | ||
| Pemilik Sesi (session_owner) | PanHASessionOwner | session_owner | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Stempel Waktu Resolusi Tinggi (high_res_timestamp) | PanTimeHighRes | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
||
| Jenis Layanan Slice (nsdsai_sst) | PanASServiceType | nsdsai_sst | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Pembeda Slice (nsdsai_sd) | PanASServiceDiff | nsdsai_sd | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Subkategori Aplikasi (subcategory_of_app) | subcategory_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Kategori Aplikasi (category_of_app) | category_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Teknologi Aplikasi (technology_of_app) | technology_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Risiko Aplikasi (risk_of_app) | security_result.severity | |||
| Karakteristik Aplikasi (characteristic_of_app) | characteristic_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Penampung Aplikasi (container_of_app) | container_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| SaaS Aplikasi (is_saas_of_app) | is_saas_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Status Sanksi Aplikasi (sanctioned_state_of_app) | sanctioned_state_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Subkategori Aplikasi (subcategory_of_app) | subcategory_of_app1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
User-ID
Tabel berikut mencantumkan kolom log dari jenis log User-id dan kolom UDM yang sesuai.
| Kolom CSV | Kolom CEF | Kolom LEEF | Kunci label Chronicle | Kolom UDM |
|---|---|---|---|---|
| Waktu Penerimaan (accept_time atau cef-formatted-receive_time) | rt | devTime | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
|
| Nomor Seri (serial) | deviceExternalId | SerialNumber | intermediary.asset.hardware.serial_number | |
| Jenis (jenis) | jenis (Tajuk) | cat | metadata.product_event_type | |
| Ancaman/Jenis Konten (subjenis) | subjenis (Header) | Subjenis | metadata.product_event_type | |
| Waktu yang Dihasilkan (time_generated atau cef-formatted-time_generated) | metadata.event_timestamp | |||
| Sistem Virtual (vsys) | cs3 | VirtualSystem | {i>vsys<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| IP Sumber (ip) | src | src | principal.ip | |
| Pengguna (pengguna) | Duser | usrName | target.user.userid
target.administrative_domain target.user.email_addresses |
|
| Nama Sumber Data (namasumber data) | cs4 | DataSourceName | namasumber data | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| ID Peristiwa (eventid) | EventID | eventid | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Ulangi Hitung (repeatcnt) | cnt | RepeatCount | {i>repeatcnt<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Batas Waktu Habis (waktu tunggu) | cn3 | TimeoutThreshold | timeout | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Port Sumber (beginport) | spt | srcPort | principal.port | |
| Port Tujuan (endport) | dpt | dstPort | target.port | |
| Sumber Data (sumber data) | cs5 | DataSource | sumber data | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Jenis Sumber Data (jenissumber data) | cs6 | DataSourceType | jenissumberdata | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nomor Urut (seqno) | externalId | urutan | metadata.product_log_id | |
| Tanda Tindakan (actionflag) | PanOSActionFlags | ActionFlags | actionflag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_1) | PanOSDGl1 | DeviceGroupHierarchyL1 | dg_hier_level_1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_2) | PanOSDGl2 | DeviceGroupHierarchyL2 | dg_hier_level_2 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_3) | PanOSDGl3 | DeviceGroupHierarchyL3 | dg_hier_level_3 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_4) | PanOSDGl4 | DeviceGroupHierarchyL4 | dg_hier_level_4 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nama Sistem Virtual (vsys_name) | PanOSVsysName | vSrcName | principal.resource.name
principal.resource.resource_type=VIRTUAL_MACHINE |
|
| Nama Perangkat (device_name) | dvchost | DeviceName | intermediary.hostname | |
| ID Sistem Virtual (vsys_id) | cn2 | VirtualSystemID | principal.resource.resource_type=VIRTUAL_MACHINE dan principal.resource.product_object_id | |
| Jenis Faktor (tipe faktor) | cs1 | FactorType | jenis faktor | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Waktu Penyelesaian Faktor (waktu penyelesaian faktor) | selesai | FactorCompletionTime | waktu penyelesaian faktor | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nomor Faktor (faktorno) | cn1 | FactorNumber | Factorno | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Tanda Grup Pengguna (ugflag) | PanOSUGFlags | ugflag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Pengguna berdasarkan Sumber (userbysource) | PanOSUserBySource | principal.user.userid
principal.administrative_domain principal.user.email_addresses |
||
| Stempel Waktu Resolusi Tinggi (stempel waktu high_res) | PanOSTimeGeneratedHighResolution | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
Kecocokan HIP
Tabel berikut mencantumkan kolom log jenis log pencocokan HIP dan kolom UDM yang sesuai.
| Kolom CSV | Kolom CEF | Kolom LEEF | Kunci label Chronicle | Kolom UDM |
|---|---|---|---|---|
| Waktu Penerimaan (accept_time atau cef-formatted-receive_time) | rt | devTime | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
|
| Nomor Seri (serial) | deviceExternalId | SerialNumber | intermediary.asset.hardware.serial_number | |
| Jenis (jenis) | jenis (Tajuk) | cat | metadata.product_event_type | |
| Ancaman/Jenis Konten (subjenis) | subjenis (Header) | Subjenis | ||
| Waktu yang Dihasilkan (time_generated atau cef-formatted-time_generated) | mulai | startTime | metadata.event_timestamp | |
| Pengguna Sumber (srcuser) | suser | usrName | principal.user.userid | |
| Sistem Virtual (vsys) | cs3 | VirtualSystem | {i>vsys<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nama Perangkat (namamesin) | hantu | identHostName | principal.hostname | |
| Sistem Operasi (os) | cs2 | OS | principal.asset.platform_software.platform | |
| Alamat Sumber (src) | src | {i>identsrc<i} | principal.ip | |
| HIP (nama pencocokan) | cat | HIP | nama pencocokan | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Ulangi Hitung (repeatcnt) | cnt | RepeatCount | {i>repeatcnt<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Jenis HIP (jenis pencocokan) | ID Kelas Peristiwa Perangkat (Header) | HIPType | matchtype | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nomor Urut (seqno) | externalId | urutan | metadata.product_log_id | |
| Tanda Tindakan (actionflag) | PanOSActionFlags | ActionFlags | actionflag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_1) | PanOSDGl1 | DeviceGroupHierarchyL1 | dg_hier_level_1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_2) | PanOSDGl2 | DeviceGroupHierarchyL2 | dg_hier_level_2 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_3) | PanOSDGl3 | DeviceGroupHierarchyL3 | dg_hier_level_3 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_4) | PanOSDGl4 | DeviceGroupHierarchyL4 | dg_hier_level_4 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nama Sistem Virtual (vsys_name) | PanOSVsysName | vSrcName | principal.resource.name
principal.resource.resource_type=VIRTUAL_MACHINE |
|
| Nama Perangkat (device_name) | dvchost | DeviceName | intermediary.hostname | |
| ID Sistem Virtual (vsys_id) | cn2 | VirtualSystemID | principal.resource.resource_type=VIRTUAL_MACHINE dan principal.resource.product_object_id | |
| Alamat Sistem IPv6 (srcipv6) | C6a2 | srcipv6 | principal.asset.ip | |
| ID Host (hostid) | PanOSHostID | principal.asset.product_object_id | ||
| Nomor Seri Perangkat Pengguna (nomor seri) | PanOSEndpointSerialNumber | principal.asset.hardware.serial_number | ||
| Alamat MAC Perangkat (mac) | PanOSEndpointMac | principal.asset.mac | ||
| Stempel Waktu Resolusi Tinggi (high_res_timestamp) | PanOSTimeGeneratedHighResolution | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
Tag IP
Tabel berikut mencantumkan kolom log jenis log tag IP dan kolom UDM yang sesuai.
| Kolom CSV | Kolom CEF | Kolom LEEF | Kunci label Chronicle | Kolom UDM |
|---|---|---|---|---|
| Waktu Penerimaan (accept_time atau cef-formatted-receive_time) | rt | devTime | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
|
| Nomor Seri (serial) | deviceExternalId | SerialNumber | intermediary.asset.hardware.serial_number | |
| Jenis (jenis) | jenis (Tajuk) | cat | metadata.product_event_type | |
| Ancaman/Jenis Konten (subjenis) | subjenis (Header) | Subjenis | metadata.product_event_type | |
| Waktu yang Dihasilkan (time_generated atau cef-formatted-time_generated) | GenerateTime | metadata.event_timestamp | ||
| Sistem Virtual (vsys) | cs3 | VirtualSystem | {i>vsys<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| IP Sumber (ip) | src | src | principal.ip | |
| Nama Tag (tag_name) | PanOSTagName | TagName | tag_name | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| ID peristiwa (event_id) | PanOSEventID | EventID | event_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Ulangi Hitung (repeatcnt) | cnt | RepeatCount | {i>repeatcnt<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Waktu tunggu (waktu tunggu) | PanOSTimeout | TimeoutThreshold | timeout | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nama Sumber Data (namasumber data) | PanOSDataSourceName | DataSourceName | namasumber data | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Jenis Sumber Data (datasource_type) | PanOSDataSourceType | DataSource | datasource_type | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Subjenis Sumber Data (datasource_subtype) | PanOSDataSourceSubType | DataSourceType | datasource_subtype | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nomor Urut (seqno) | externalId | urutan | metadata.product_log_id | |
| Tanda Tindakan (actionflag) | PanOSActionFlags | ActionFlags | actionflag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_1) | PanOSDGl1 | DeviceGroupHierarchyL1 | dg_hier_level_1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_2) | PanOSDGl2 | DeviceGroupHierarchyL2 | dg_hier_level_2 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_3) | PanOSDGl3 | DeviceGroupHierarchyL3 | dg_hier_level_3 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_4) | PanOSDGl4 | DeviceGroupHierarchyL4 | dg_hier_level_4 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nama Sistem Virtual (vsys_name) | PanOsVsysName | vSrcName | principal.resource.name
principal.resource.resource_type=VIRTUAL_MACHINE |
|
| Nama Perangkat (device_name) | dvchost | DeviceName | intermediary.hostname | |
| ID Sistem Virtual (vsys_id) | cn2 | VirtualSystemID | principal.resource.resource_type=VIRTUAL_MACHINE dan principal.resource.product_object_id | |
| Stempel Waktu Resolusi Tinggi (stempel waktu high_res) | PanOSTimeGeneratedHighResolution | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
Dekripsi
Tabel berikut mencantumkan kolom log dari jenis log dekripsi dan kolom UDM yang sesuai.
| Kolom CSV | Kolom CEF | Kolom LEEF | Kunci label Chronicle | Kolom UDM |
|---|---|---|---|---|
| Waktu Penerimaan (accept_time atau cef-formatted-receive_time) | rt | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
||
| Nomor Seri (serial) | PanOSDeviceSN | intermediary.asset.hardware.serial_number | ||
| Jenis (jenis) | jenis (Tajuk) | metadata.product_event_type | ||
| Ancaman/Jenis Konten (subjenis) | subjenis (Header) | metadata.product_event_type | ||
| Versi Konfigurasi (config_ver) | PanOSConfigVersion | config_ver | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Waktu Pembuatan (time_generated) | PanOSLogTimeStamp | metadata.event_timestamp | ||
| Alamat Sumber (src) | src | principal.ip | ||
| Alamat Tujuan (dst) | dst | target.ip | ||
| IP Sumber NAT (natsrc) | sourceTranslatedAddress | principa.nat_ip | ||
| IP Tujuan NAT (natdst) | destinationTranslatedAddress | target.nat_ip | ||
| Aturan (aturan) | cs1 | security_result.rule_name | ||
| Pengguna Sumber (srcuser) | suser | principal.user.userid | ||
| Pengguna Tujuan (dstuser) | Duser | target.user.userid | ||
| Aplikasi (aplikasi) | aplikasi | target.application | ||
| Sistem Virtual (vsys) | cs3 | {i>vsys<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Zona Sumber (dari) | cs4 | dari | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Zona Tujuan (ke) | cs5 | pada | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Antarmuka Masuk (inbound_if) | deviceInboundInterface | inbound_if | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Antarmuka Keluar (outbound_if) | deviceOutboundInterface | outbound_if | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Tindakan Log (set log) | cs6 | kumpulan log | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Waktu yang Dicatat (time_received) | PanOSTimeReceivedManagementPlane | - | ||
| ID sesi (sessionid) | cn1 | network.session_id | ||
| Ulangi Hitung (repeatcnt) | PanOSCountOfRepeat/RepeatCount | {i>repeatcnt<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Port Sumber (olahraga) | spt | principal.port | ||
| Port Tujuan (dport) | dpt | target.port | ||
| Port Sumber NAT (natsport) | sourceTranslatedPort | principal.nat_port | ||
| Port Tujuan NAT (natdport) | destinationTranslatedPort | target.nat_port | ||
| Bendera (bendera) | flexString1 | flag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Protokol IP (proto) | proto | network.ip_protocol | ||
| Tindakan (tindakan) | act | security_result.action_details
security_result.action |
||
| Terowongan (terowongan) | PanOSTunnel | tunnel | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| UUID VM Sumber (src_uuid) | PanOSSourceUUID | principal.asset.asset_id | ||
| UUID VM tujuan (dst_uuid) | PanOSDestinationUUID | target.asset.asset_id | ||
| UUID untuk aturan (rule_uuid) | PanOSRuleUUID | security_result.rule_id | ||
| Tahap untuk Klien ke Firewall (hs_stage_c2f) | PanOSClientToFirewall | hs_stage_c2f | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Tahap untuk Firewall ke Server (hs_stage_f2s) | PanOSFirewallToServer | hs_stage_f2s | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Versi TLS (tls_version) | PanOSTLSVersion | network.tls.version | ||
| Algoritma Pertukaran Kunci (tls_keyxchg) | PanOSTLSKeyExchange | tls_keyxchg | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Algoritma Enkripsi (tls_enc) | PanOSTLSEncryptionAlgorithm | tls_enc | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Algoritma Hash (tls_auth) | PanOSTLSAuth | tls_auth | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nama Kebijakan (policy_name) | PanOSPolicyName | policy_name | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Kurva Eliptik (ec_curve) | PanOSEllipticCurve | network.tls.curve | ||
| Indeks Kesalahan (err_index) | PanOSErrorIndex | err_index | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Status Akar (root_status) | PanOSRootStatus | root_status | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Status Jaringan (chain_status) | PanOSChainStatus | chain_status | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Jenis Proxy (proxy_type) | PanOSProxyType | proxy_type | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nomor Seri Sertifikat (cert_serial) | PanOSCertificateSerial | network.tls.server.certificate.serial | ||
| Sidik Jari Sertifikat (sidik jari) | PanOSFingerprint | network.tls.server.certificate.md5/sha1/sha256 | ||
| Tanggal Mulai Sertifikat (sebelum) | PanOSTimeNotBefore | network.tls.server.certificate.not_before | ||
| Tanggal Akhir Sertifikat (notafter) | PanOSTimeNotAfter | network.tls.server.certificate.not_after | ||
| Versi Sertifikat (cert_ver) | PanOSCertificateVersion | network.tls.server.certificate.version | ||
| Ukuran Sertifikat (cert_size) | PanOSCertificateSize | cert_size | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Panjang Nama Umum (cn_len) | PanOSCommonNameLength | cn_len | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Panjang Nama Umum Penerbit (issuer_len) | PanOSIssuerNameLength | issuer_len | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Panjang Nama Umum Akar (rootcn_len) | PanOSRootCNLength | rootcn_len | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Panjang SNI (sni_len) | PanOSSNILength | sni_len | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Tanda Sertifikat (cert_flags) | PanOSCertificateFlags | cert_flags | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nama Umum Subjek (cn) | PanOSCommonName | cn | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nama Umum Penerbit (issuer_cn) | PanOSIssuerCommonName | network.tls.server.certificate.issuer | ||
| Nama Umum Root (root_cn) | PanOSRootCommonName | root_cn | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Indikasi Nama Server
(sni) |
network.tls.client.server_name | |||
| Kesalahan (kesalahan) | PanOSErrorMessage | error | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| ID penampung (container_id) | PanOSContainerID | container_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Namespace POD (pod_namespace) | PanOSContainerNameSpace | pod_namespace | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nama POD (pod_name) | PanOSContainerName | pod_name | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Daftar Dinamis Eksternal Sumber (src_edl) | PanOSSourceEDL | src_edl | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Daftar Dinamis Eksternal Tujuan (dst_edl) | PanOSDestinationEDL | dst_edl | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Grup Alamat Dinamis Sumber (src_dag) | PanOSSourceDynamicAddressGroup | principal.group.group_display_name | ||
| Grup Alamat Dinamis Tujuan (dst_dag) | PanOSDestinationDynamicAddressGroup | target.group.group_display_name | ||
| Stempel Waktu Resolusi Tinggi (high_res_timestamp) | PanOSTimeGeneratedHighResolution | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
||
| Kategori Perangkat Sumber (src_category) | PanOSSourceDeviceCategory | src_category | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Profil Perangkat Sumber (src_profile) | PanOSSourceDeviceProfile | src_profile | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Model Perangkat Sumber (src_model) | PanOSSourceDeviceModel | src_model | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Vendor Perangkat Sumber (src_vendor) | PanOSSourceDeviceVendor | src_vendor | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Rangkaian OS Perangkat Sumber (src_osfamily) | PanOSSourceDeviceOSFamily | principal.asset.platform_software.platform principal.labels.key dan principal.labels.value |
||
| Versi OS Perangkat Sumber (src_osversion) | PanOSSourceDeviceOSVersion | principal.asset.software.version | ||
| Nama Host Sumber (src_host) | PanOSSourceDeviceHost | principal.hostname | ||
| Alamat MAC Sumber (src_mac) | PanOSSourceDeviceMac | principal.mac | ||
| Kategori Perangkat Tujuan (dst_category) | PanOSDestinationDeviceCategory | dst_category | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Profil Perangkat Tujuan (dst_profile) | PanOSDestinationDeviceProfile | dst_profile | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Model Perangkat Tujuan (dst_model) | PanOSDestinationDeviceModel | dst_model | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Vendor Perangkat Tujuan (dst_vendor) | PanOSDestinationDeviceVendor | dst_vendor | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Rangkaian OS Perangkat Tujuan (dst_osfamily) | PanOSDestinationDeviceOSFamily | dst_osfamily | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Versi OS Perangkat Tujuan (dst_osversion) | PanOSDestinationDeviceOSVersion | target.asset.software.version | ||
| Nama Host Tujuan (dst_host) | PanOSDestinationDeviceHost | target.hostname | ||
| Alamat MAC Tujuan (dst_mac) | PanOSDestinationDeviceMac | target.mac | ||
| Nomor Urut (seqno) | PanOSLogTypeSeqNo | metadata.product_log_id | ||
| Tanda Tindakan (actionflag) | PanOSActionFlags | actionflag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Hierarki Grup Perangkat (dg_hier_level_1) | DeviceGroupHierarchyL1 | dg_hier_level_1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Hierarki Grup Perangkat (dg_hier_level_2) | DeviceGroupHierarchyL2 | dg_hier_level_2 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Hierarki Grup Perangkat (dg_hier_level_3) | DeviceGroupHierarchyL3 | dg_hier_level_3 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Hierarki Grup Perangkat (dg_hier_level_4) | DeviceGroupHierarchyL4 | dg_hier_level_4 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nama Sistem Virtual (vsys_name) | principal.resource.name
principal.resource.resource_type=VIRTUAL_MACHINE |
|||
| Nama Perangkat (device_name) | intermediary.hostname | |||
| ID Sistem Virtual (vsys_id) | principal.resource.resource_type=VIRTUAL_MACHINE dan principal.resource.product_object_id | |||
| Subkategori Aplikasi (subcategory_of_app) | subcategory_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Kategori Aplikasi (category_of_app) | category_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Teknologi Aplikasi (technology_of_app) | technology_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Risiko Aplikasi (risk_of_app) | security_result.severity | |||
| Karakteristik Aplikasi (characteristic_of_app) | characteristic_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Penampung Aplikasi (container_of_app) | container_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| SaaS Aplikasi (is_saas_of_app) | is_saas_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Status Sanksi Aplikasi (sanctioned_state_of_app) | sanctioned_state_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
Terowongan
Tabel berikut berisi kolom log dari jenis log tunnel dan kolom UDM yang sesuai.
| Kolom CSV | Kolom CEF | Kolom LEEF | Kunci label Chronicle | Kolom UDM |
|---|---|---|---|---|
| Waktu Penerimaan (accept_time atau cef-formatted-receive_time) | rt | devTime | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
|
| Nomor Seri (serial) | deviceExternalId | SerialNumber | intermediary.asset.hardware.serial_number | |
| Jenis (jenis) | jenis (Tajuk) | cat | metadata.product_event_type | |
| Ancaman/Jenis Konten (subjenis) | subjenis (Header) | Subjenis | metadata.product_event_type | |
| Waktu yang Dihasilkan (time_generated atau cef-formatted-time_generated) | metadata.event_timestamp | |||
| Alamat Sumber (src) | src | src | principal.ip | |
| Alamat Tujuan (dst) | dst | dst | target.ip | |
| IP Sumber NAT (natsrc) | sourceTranslatedAddress | srcPostNAT | principal.nat_ip | |
| IP Tujuan NAT (natdst) | destinationTranslatedAddress | dstPostNAT | target.nat_ip | |
| Nama Aturan (aturan) | cs1 | RuleName | security_result.rule_name | |
| Pengguna Sumber (srcuser) | suser | SourceUser / usrName | principal.user.userid | |
| Pengguna Tujuan (dstuser) | Duser | DestinationUser | target.user.userid | |
| Aplikasi (aplikasi) | aplikasi | Aplikasi | network.application_protocol | |
| Sistem Virtual (vsys) | cs3 | VirtualSystem | {i>vsys<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Zona Sumber (dari) | cs4 | SourceZone | dari | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Zona Tujuan (ke) | cs5 | DestinationZone | pada | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Antarmuka Masuk (inbound_if) | deviceInboundInterface | IngressInterface | inbound_if | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Antarmuka Keluar (outbound_if) | deviceOutboundInterface | EgressInterface | outbound_if | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Tindakan Log (set log) | cs6 | LogForwardingProfile | kumpulan log | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| ID sesi (sessionid) | cn1 | SessionID | network.session_id | |
| Ulangi Hitung (repeatcnt) | cnt | RepeatCount | {i>repeatcnt<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Port Sumber (olahraga) | spt | srcPort | principal.port | |
| Port Tujuan (dport) | dpt | dstPort | target.port | |
| Port Sumber NAT (natsport) | sourceTranslatedPort | srcPostNATPort | principal.nat_port | |
| Port Tujuan NAT (natdport) | destinationTranslatedPort | dstPostNATPort | target.nat_port | |
| Bendera (bendera) | flexString1 | Flag | flag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Protokol IP (proto) | proto | proto | network.ip_protocol | |
| Tindakan (tindakan) | act | action | security_result.action_details
security_result.action |
|
| Keparahan (keparahan) | security_result.severity dan security_result.severity_details | |||
| Nomor Urut (seqno) | externalId | urutan | metadata.product_log_id | |
| Tanda Tindakan (actionflag) | PanOSActionFlags | ActionFlags | actionflag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Lokasi Sumber (srcloc) | principal.location.country_or_region | |||
| Lokasi Tujuan (dstloc) | target.location.country_or_region | |||
| Hierarki Grup Perangkat (dg_hier_level_1) | PanOSDGl1 | DeviceGroupHierarchyL1 | dg_hier_level_1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_2) | PanOSDGl2 | DeviceGroupHierarchyL2 | dg_hier_level_2 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_3) | PanOSDGl3 | DeviceGroupHierarchyL3 | dg_hier_level_3 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_4) | PanOSDGl4 | DeviceGroupHierarchyL4 | dg_hier_level_4 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nama Sistem Virtual (vsys_name) | PanOSVsysName | vSrcName | principal.resource.name
principal.resource.resource_type=VIRTUAL_MACHINE |
|
| Nama Perangkat (device_name) | dvchost | DeviceName | intermediary.hostname | |
| ID Tunnel (tunnelid) | PanOSTunnelID | TunnelID | tunnelid | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Tag Pantau (monitortag) | PanOSMonitorTag | MonitorTag | tag pantau | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| ID Sesi Induk (parent_session_id) | PanOSParentSessionID | ParentSessionID | parent_session_id | network.parent_session_id |
| Waktu Mulai Orang Tua (parent_start_time) | PanOSParentStartTime | ParentStartTime | parent_start_time | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Jenis Terowongan (terowongan) | cs2 | TunnelType | tunnel | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Byte (byte) | flexNumber1 | totalBytes | byte | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Byte Terkirim (byte_sent) | in | srcBytes | network.sent_bytes | |
| Byte Diterima (bytes_acceptd) | keluar | dstBytes | network.received_bytes | |
| Paket (paket) | cn2 | totalPackets | paket | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Paket Terkirim (pkts_sent) | PanOSPacketsSent | srcPackets | pkts_sent | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Paket Diterima (pkts_acceptd) | PanOSPacketsReceived | dstPackets | pkts_received | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Enkapsulasi Maksimum (max_encap) | flexNumber2 | MaximumEncapsulation | max_encap | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Protokol Tidak Dikenal (unknown_proto) | cfp1 | UnknownProtocol | unknown_proto | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Pemeriksaan Ketat (strict_check) | cfp2 | StrictChecking | strict_check | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Fragmen Tunnel (tunnel_fragment) | PanOSTunnelFragment | TunnelFragment | tunnel_fragment | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Sesi yang Dibuat (sessions_created) | cfp3 | SessionsCreated | sessions_created | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Sesi Ditutup (sessions_closed) | cfp4 | SessionsClosed | sessions_closed | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Alasan Berakhirnya Sesi (session_end_reason) | alasan | SessionEndReason | security_result.summary | |
| Sumber Tindakan (action_source) | cat | ActionSource | action_source | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Waktu Mulai (mulai) | startTime | mulai | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Waktu Berlalu (berlalu) | cn3 | ElapsedTime | berlalu | network.session_duration.seconds |
| Aturan Inspeksi Tunnel (tunnel_insp_rule) | PanOSTunneInspectionRule | security_result.rule_name = "Tunnel Inspection Rule: %{PanOSTunnelInspectionRule}" | ||
| IP Pengguna Jarak Jauh (remote_user_ip) | PanOSRmtUserIP | target.ip | ||
| ID Pengguna Jarak Jauh (remote_user_id) | PanOSRmtUserID | remote_user_id | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| UUID Aturan Keamanan (rule_uuid) | PanOSRuleUUID | security_result.rule_id | ||
| ID PCAP (pcap_id) | PanOSPcapID | pcap_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nama Grup Pengguna Dinamis (dynusergroup_name) | PanDynamicUsrgrp | principal.group.group_display_name | ||
| Daftar Dinamis Eksternal Sumber (src_edl) | PanOSSourceEDL | src_edl | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Daftar Dinamis Eksternal Tujuan (dst_edl) | PanOSDestinationEDL | dst_edl | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Stempel Waktu Resolusi Tinggi (stempel waktu high_res) | PanOSTimeGeneratedHighResolution | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
||
| Pembeda Slice (nssai_sd) | nssai_sd | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Jenis Layanan Slice (nssai_sd) | nssai_sd1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| ID Sesi PDU (pdu_session_id) | pdu_session_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Subkategori Aplikasi (subcategory_of_app) | subcategory_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Kategori Aplikasi (category_of_app) | category_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Teknologi Aplikasi (technology_of_app) | technology_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Risiko Aplikasi (risk_of_app) | risk_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Karakteristik Aplikasi (characteristic_of_app) | characteristic_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Penampung Aplikasi (container_of_app) | container_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| SaaS Aplikasi (is_saas_of_app) | is_saas_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Status Sanksi Aplikasi (sanctioned_state_of_app) | sanctioned_state_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
Authentication
Tabel berikut mencantumkan kolom log dari jenis log autentikasi dan kolom UDM yang sesuai.
| Kolom CSV | Kolom CEF | Kolom LEEF | Kunci label Chronicle | Kolom UDM |
|---|---|---|---|---|
| Waktu Penerimaan (accept_time atau cef-formatted-receive_time) | rt | devTime | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
|
| Nomor Seri (serial) | deviceExternalId | SerialNumber | intermediary.asset.hardware.serial_number | |
| Jenis (jenis) | jenis (Tajuk) | cat | metadata.product_event_type | |
| Ancaman/Jenis Konten (subjenis) | subjenis (Header) | Subjenis | metadata.product_event_type | |
| Waktu yang Dihasilkan (time_generated atau cef-formatted-time_generated) | metadata.event_timestamp | |||
| Sistem Virtual (vsys) | cs3 | VirtualSystem | {i>vsys<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| IP Sumber (ip) | src | src | principal.ip | |
| Pengguna (pengguna) | Duser | usrName | target.user.userid | |
| Normalisasikan Pengguna (normalize_user) | cs2 | NormalizeUser | target.user.user_display_name | |
| Objek (objek) | fname | ObjectName | objek | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Kebijakan Autentikasi (authpolicy) | cs4 | AuthPolicy | kebijakan autentikasi | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Ulangi Hitung (repeatcnt) | cnt | RepeatCount | {i>repeatcnt<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| ID Autentikasi (authid) | cn2 | AuthenticationID | authid | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Vendor (vendor) | flexString2 | Vendor | vendor | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Tindakan Log (set log) | cs6 | LogForwardingProfile | kumpulan log | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Profil Server (profilserver) | cs1 | ServerProfile | profilserver | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Deskripsi (turunan) | PanOSDesc | AdditionalAuthInfo | security_result.description | |
| Jenis Klien (clienttype) | cs5 | ClientType | jenis klien | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Jenis Peristiwa (peristiwa) | msg | msg | extensions.auth.auth_details | |
| Nomor Faktor (faktorno) | cn1 | FactorNumber | Factorno | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nomor Urut (seqno) | externalId | urutan | metadata.product_log_id | |
| Tanda Tindakan (actionflag) | PanOSActionFlags | ActionFlags | actionflag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_1) | PanOSDGl1 | DeviceGroupHierarchyL1 | dg_hier_level_1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_2) | PanOSDGl2 | DeviceGroupHierarchyL2 | dg_hier_level_2 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_3) | PanOSDGl3 | DeviceGroupHierarchyL3 | dg_hier_level_3 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki Grup Perangkat (dg_hier_level_4) | PanOSDGl4 | DeviceGroupHierarchyL4 | dg_hier_level_4 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nama Sistem Virtual (vsys_name) | PanOSVsysName | vSrcName | principal.resource.name
principal.resource.resource_type=VIRTUAL_MACHINE |
|
| Nama Perangkat (device_name) | dvchost | DeviceName | intermediary.hostname | |
| ID Sistem Virtual (vsys_id) | principal.resource.resource_type=VIRTUAL_MACHINE dan principal.resource.product_object_id | |||
| Protokol Autentikasi (authproto) | Authproto | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| UUID untuk aturan (rule_uuid) | PanOSRuleUUID/UUID Aturan | security_result.rule_id | ||
| Stempel Waktu Resolusi Tinggi (high_res _timestamp) | PanOSTimeGeneratedHighResolution | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
||
| Kategori Perangkat Sumber (src_category) | PanOSSourceDeviceCategory | src_category | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Profil Perangkat Sumber (src_profile) | PanOSSourceDeviceProfile | src_profile | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Model Perangkat Sumber (src_model) | PanOSSourceDeviceModel | src_model | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Vendor Perangkat Sumber (src_vendor) | PanOSSourceDeviceVendor | src_vendor | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Rangkaian OS Perangkat Sumber (src_osfamily) | PanOSSourceDeviceOSFamily | principal.asset.platform_software.platform principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Versi OS Perangkat Sumber (src_osversion) | PanOSSourceDeviceOSVersion | principal.asset.software.version | ||
| Nama Host Sumber (src_host) | PanOSSourceHostname | principal.hostname | ||
| Alamat MAC Sumber (src_mac) | PanOSSourceMac | principal.asset.mac | ||
| Wilayah (region) | PanOSTrafficOriginRegion | principal.location.country_or_region | ||
| Agen Pengguna (user_agent) | PanOSHTTPUserAgent | network.http.user_agent | ||
| ID Sesi(sessionid) | PanOSTrafficSessionID | network.session_id |
URL
Tabel berikut mencantumkan kolom log jenis log URL dan kolom UDM yang sesuai.
| Kolom CSV | Kolom CEF | Kolom LEEF | Kunci label Chronicle | Kolom UDM |
|---|---|---|---|---|
| Waktu Penerimaan (cef-formatted-receive_time) | rt | devTime | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
|
| Nomor seri (serial) | deviceExternalId | SerialNumber | intermediary.asset.hardware.serial_number | |
| Jenis (jenis) | jenis (Tajuk) | cat | metadata.product_event_type | |
| Ancaman/Jenis Konten (subjenis) | subjenis (Header) | Subjenis | metadata.product_event_type | |
| Waktu Pembuatan | metadata.event_timestamp | |||
| Alamat sumber (src) | src | src | principal.ip | |
| Alamat tujuan (dst) | dst | dst | target.ip | |
| IP Sumber NAT (natsrc) | sourceTranslatedAddress | srcPostNAT | principal.nat_ip | |
| IP Tujuan NAT (natdst) | destinationTranslatedAddress | dstPostNAT | target.nat_ip | |
| Aturan (aturan) | cs1 | RuleName | security_result.rule_name | |
| Pengguna Sumber (srcuser) | suser | SourceUser | principal.user.userid | |
| Pengguna Tujuan (dstuser) | Duser | DestinationUser | target.user.userid | |
| Aplikasi (aplikasi) | aplikasi | Aplikasi | network.application_protocol | |
| Sistem Virtual (vsys) | cs3 | VirtualSystem | {i>vsys<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Zona Sumber (dari) | cs4 | SourceZone | dari | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Zona Tujuan (ke) | cs5 | DestinationZone | pada | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Antarmuka Masuk (inbound_if) | deviceInboundInterface | IngressInterface | inbound_if | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Antarmuka Keluar (outbound_if) | deviceOutboundInterface | EgressInterface | outbound_if | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Tindakan Log (set log) | cs6 | LogForwardingProfile | kumpulan log | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Waktu yang Dicatat | time_logged | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| ID sesi (sessionid) | cn1 | SessionID | network.session_id | |
| Ulangi Hitung (repeatcnt) | cnt | RepeatCount | {i>repeatcnt<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Port Sumber (olahraga) | spt | srcPort | principal.port | |
| Port Tujuan (dport) | dpt | dstPort | target.port | |
| Port Sumber NAT (natsport) | sourceTranslatedPort | srcPostNATPort | principal.nat_port | |
| Port Tujuan NAT (natdport) | destinationTranslatedPort | dstPostNATPort | target.nat_port | |
| Bendera (bendera) | flexString1 | Flag | flag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Protokol IP (proto) | proto | proto | network.ip_protocol | |
| Tindakan (tindakan) | act | action | security_result.action_details
security_result.action |
|
| URL/Nama file (misc) | Lain-lain | target.file.full_path
target.url |
||
| Ancaman/Nama Konten (ancaman) | cat | ThreatID | security_result.threat_id | |
| Kategori (kategori) | cs2 | URLCategory | category | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Keparahan (keparahan) | jumlah-keparahan (Header) | Keseriusan | security_result.severity
security_result.severity_details |
|
| Arah (arah) | flexString2 | Arah | network.direction | |
| Nomor Urut (seqno) | externalId | urutan | metadata.product_log_id | |
| Tanda Tindakan (actionflag) | PanOSActionFlags | ActionFlags | actionflag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Negara Sumber (srcloc) | SourceLocation | principal.location.country_or_region | ||
| Negara Tujuan (dstloc) | DestinationLocation | target.location.country_or_region | ||
| contenttype (contenttype) | requestContext | ContentType | jenis konten | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| {i>pcap_id<i} (id_pcap) | fileId | PCAP_ID | pcap_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| filedigest (filedigest) | FileDigest | about.file.sha1/md5/sha256 | ||
| cloud (cloud) | Cloud | cloud | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| url_idx (url_idx) | URLIndex | url_idx | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| user_agent (user_agent) [agen_pengguna] | requestClientApplication | UserAgent | network.http.user_agent | |
| jenis file (jenis file) | about.file.mime_type | |||
| xff (xff) | PanOSXForwarderfor | identSrc | xff | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| perujuk (perujuk) | PanOSReferer | Referer | network.http.referral_url | |
| pengirim (pengirim) | network.email.from | |||
| subjek (subjek) | Subjek | network.email.subject | ||
| penerima (penerima) | network.email.to | |||
| ID laporan (reportid) | id laporan | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Hierarki DG Level 1 (dg_hier_level_1) | PanOSDGl1 | DeviceGroupHierarchyL1 | dg_hier_level_1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki DG Level 2 (dg_hier_level_2) | PanOSDGl2 | DeviceGroupHierarchyL2 | dg_hier_level_2 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki DG Level 3 (dg_hier_level_3) | PanOSDGl3 | DeviceGroupHierarchyL3 | dg_hier_level_3 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki DG Level 4 (dg_hier_level_4) | PanOSDGl4 | DeviceGroupHierarchyL4 | dg_hier_level_4 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nama Sistem Virtual (vsys_name) | PanOSVsysName | vSrcName | principal.resource.name
principal.resource.resource_type=VIRTUAL_MACHINE |
|
| Nama Perangkat (device_name) | dvchost | DeviceName | intermediary.hostname | |
| url_file (file_url) | about.url | |||
| UUID VM Sumber (src_uuid) | SrcUUID | principal.asset.asset_id | ||
| UUID VM tujuan (dst_uuid) | DstUUID | target.asset.asset_id | ||
| http_method (http_method) | requestMethod | RequestMethod | network.http.method | |
| ID Tunnel/IMSI (tunnelid) | PanOSTunnelID | TunnelID | tunnelid | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Tag Monitor/IMEI (monitortag) | PanOSMonitorTag | MonitorTag | tag pantau | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| ID Sesi Induk (parent_session_id) | PanOSParentSessionID | ParentSessionID | parent_session_id | network.parent_session_id |
| Waktu Mulai Sesi Orang Tua (parent_start_time) | PanOSParentStartTime | ParentStartTime | parent_start_time | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Terowongan (terowongan) | PanOSTunnelType | TunnelType | tunnel | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| thr_category (kategori_thr) | PanOSThreatCategory | ThreatCategory | thr_category | security_result.detection_fields.key/value |
| penyedia konten (ver konten) | PanOSContentVer | ContentVer | kontenver | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| sig_flags (sig_flags) | sig_flags | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| ID Asosiasi SCTP (assoc_id) | PanOSAssocID | assoc_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| ID Protokol Payload (ppid) | PanOSPPID | ppid | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| http_headers (http_headers) | PanOSHTTPHeader | http_headers | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Daftar Kategori URL (url_category_list) | PanOSURLCatList | url_category_list | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| UUID untuk aturan (rule_uuid) | PanOSRuleUUID | rule_uuid | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Koneksi HTTP/2 (http2_connection) | PanOSHTTP2Con | http2_connection | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| dynusergroup_name (nama_grup_dynuser) | PanDynamicUsrgrp | dynusergroup_name | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Alamat XFF (xff_ip) | PanXFFIP | principal.ip | ||
| Kategori Perangkat Sumber (src_category) | PanSrcDeviceCat | src_category | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Profil Perangkat Sumber (src_profile) | PanSrcDeviceProf | src_profile | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Model Perangkat Sumber (src_model) | PanSrcDeviceModel | src_model | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Vendor Perangkat Sumber (src_vendor) | PanSrcDeviceVendor | src_vendor | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Rangkaian OS Perangkat Sumber (src_osfamily) | PanSrcDeviceOS | principal.asset.platform_software.platform principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Versi OS Perangkat Sumber (src_osversion) | PanSrcDeviceOSv | principal.asset.software.version | ||
| Nama Host Sumber (src_host) | PanSrcHostname | src_host | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Alamat Mac Sumber (src_mac) | PanSrcMac | principal.mac | ||
| Kategori Perangkat Tujuan (dst_category) | PanDstDeviceCat | dst_category | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Profil Perangkat Tujuan (dst_profile) | PanDstDeviceProf | dst_profile | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Model Perangkat Tujuan (dst_model) | PanDstDeviceModel | dst_model | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Vendor Perangkat Tujuan (dst_vendor) | PanDstDeviceVendor | dst_vendor | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Rangkaian OS Perangkat Tujuan (dst_osfamily) | PanDstDeviceOS | target.asset.platform_software.platform
target.labels.key dan target.labels.value |
||
| Versi OS Perangkat Tujuan (dst_osversion) | PanDstDeviceOSv | target.asset.software.version | ||
| Nama Host Tujuan (dst_host) | PanPODNamespace | target.hostname | ||
| Alamat Mac Tujuan (dst_mac) | PanDstMac | target.mac | ||
| ID penampung (container_id) | PanContainerName | container_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Namespace POD (pod_namespace) | PanPODNamespace | pod_namespace | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nama POD (pod_name) | PanPODName | pod_name | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Daftar Dinamis Eksternal Sumber (src_edl) | PanSrcEDL | src_edl | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Daftar Dinamis Eksternal Tujuan (dst_edl) | PanDstEDL | dst_edl | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| ID Host (hostid) | PanGPHostID | id host | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nomor Seri (nomor seri) | PanEPSerial | principal.asset.hardware.serial_number | ||
| domain_edl (domain_edl) | PanDomainEDL | domain_edl | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Grup Alamat Dinamis Sumber (src_dag) | PanSrcDAG | principal.group.group_display_name | ||
| Grup Alamat Dinamis Tujuan (dst_dag) | PanDstDAG | target.group.group_display_name | ||
| hash_sebagian (sebagian_hash) | PanPartialHash | partial_hash | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Stempel Waktu Resolusi Tinggi (high_res_timestamp) | PanTimeHighRes | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
||
| Alasan (alasan) | PanReasonFilteringAction | alasan | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| justifikasi (pembenaran) | PanJustification | justifikasi | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| {i>nssai_sst<i} (nssai_sst) | PanASServiceType | nssai_sst | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Subkategori aplikasi (subcategory_of_app) | subcategory_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Kategori aplikasi (category_of_app) | category_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Teknologi aplikasi (technology_of_app) | technology_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Risiko aplikasi (risk_of_app) | risk_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Karakteristik aplikasi (characteristic_of_app) | characteristic_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Penampung aplikasi (container_of_app) | container_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Aplikasi terowongan (tunneled_app) | tunneled_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| SaaS aplikasi (is_saas_of_app) | is_saas_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Status Aplikasi yang Diizinkan (sanctioned_state_of_app) | sanctioned_state_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
Data
Tabel berikut mencantumkan kolom log dari jenis log data dan kolom UDM yang sesuai.
| Kolom CSV | Kolom CEF | Kolom LEEF | Kunci label Chronicle | Kolom UDM |
|---|---|---|---|---|
| Waktu Penerimaan (cef-formatted-receive_time) | rt | devTime | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
|
| Nomor seri (serial) | deviceExternalId | SerialNumber | intermediary.asset.hardware.serial_number | |
| Jenis (jenis) | jenis (Tajuk) | cat | metadata.product_event_type | |
| Ancaman/Jenis Konten (subjenis) | subjenis (Header) | Subjenis | metadata.product_event_type | |
| Waktu Pembuatan | metadata.event_timestamp | |||
| Alamat sumber (src) | src | src | principal.ip | |
| Alamat tujuan (dst) | dst | dst | target.ip | |
| IP Sumber NAT (natsrc) | sourceTranslatedAddress | srcPostNAT | principal.nat_ip | |
| IP Tujuan NAT (natdst) | destinationTranslatedAddress | dstPostNAT | target.nat_ip | |
| Aturan (aturan) | cs1 | RuleName | security_result.rule_name | |
| Pengguna Sumber (srcuser) | suser | SourceUser | principal.user.userid | |
| Pengguna Tujuan (dstuser) | Duser | DestinationUser | target.user.userid | |
| Aplikasi (aplikasi) | aplikasi | Aplikasi | network.application_protocol | |
| Sistem Virtual (vsys) | cs3 | VirtualSystem | {i>vsys<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Zona Sumber (dari) | cs4 | SourceZone | dari | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Zona Tujuan (ke) | cs5 | DestinationZone | pada | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Antarmuka Masuk (inbound_if) | deviceInboundInterface | IngressInterface | inbound_if | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Antarmuka Keluar (outbound_if) | deviceOutboundInterface | EgressInterface | outbound_if | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Tindakan Log (set log) | cs6 | LogForwardingProfile | kumpulan log | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Waktu yang Dicatat | time_logged | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| ID sesi (sessionid) | cn1 | SessionID | network.session_id | |
| Ulangi Hitung (repeatcnt) | cnt | RepeatCount | {i>repeatcnt<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Port Sumber (olahraga) | spt | srcPort | principal.port | |
| Port Tujuan (dport) | dpt | dstPort | target.port | |
| Port Sumber NAT (natsport) | sourceTranslatedPort | srcPostNATPort | principal.nat_port | |
| Port Tujuan NAT (natdport) | destinationTranslatedPort | dstPostNATPort | target.nat_port | |
| Bendera (bendera) | flexString1 | Flag | flag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Protokol IP (proto) | proto | proto | network.ip_protocol | |
| Tindakan (tindakan) | act | action | security_result.action_details
security_result.action |
|
| URL/Nama file (misc) | Lain-lain | target.file.full_path
target.url |
||
| Ancaman/Nama Konten (ancaman) | cat | ThreatID | security_result.threat_id | |
| Kategori (kategori) | cs2 | URLCategory | category | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Keparahan (keparahan) | jumlah-keparahan (Header) | Keseriusan | security_result.severity
security_result.severity_details |
|
| Arah (arah) | flexString2 | Arah | network.direction | |
| Nomor Urut (seqno) | externalId | urutan | metadata.product_log_id | |
| Tanda Tindakan (actionflag) | PanOSActionFlags | ActionFlags | actionflag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Negara Sumber (srcloc) | SourceLocation | principal.location.country_or_region | ||
| Negara Tujuan (dstloc) | DestinationLocation | target.location.country_or_region | ||
| contenttype (contenttype) | ContentType | jenis konten | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| {i>pcap_id<i} (id_pcap) | fileId | PCAP_ID | pcap_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| filedigest (filedigest) | FileDigest | about.file.sha1/md5/sha256 | ||
| cloud (cloud) | Cloud | cloud | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| url_idx (url_idx) | URLIndex | url_idx | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| user_agent (user_agent) [agen_pengguna] | network.http.user_agent | |||
| jenis file (jenis file) | about.file.mime_type | |||
| xff (xff) | xff | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| perujuk (perujuk) | network.http.referral_url | |||
| pengirim (pengirim) | network.email.from | |||
| subjek (subjek) | Subjek | network.email.subject | ||
| penerima (penerima) | network.email.to | |||
| ID laporan (reportid) | id laporan | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Hierarki DG Level 1 (dg_hier_level_1) | PanOSDGl1 | DeviceGroupHierarchyL1 | dg_hier_level_1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki DG Level 2 (dg_hier_level_2) | PanOSDGl2 | DeviceGroupHierarchyL2 | dg_hier_level_2 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki DG Level 3 (dg_hier_level_3) | PanOSDGl3 | DeviceGroupHierarchyL3 | dg_hier_level_3 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Hierarki DG Level 4 (dg_hier_level_4) | PanOSDGl4 | DeviceGroupHierarchyL4 | dg_hier_level_4 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Nama Sistem Virtual (vsys_name) | PanOSVsysName | vSrcName | principal.resource.name
principal.resource.resource_type=VIRTUAL_MACHINE |
|
| Nama Perangkat (device_name) | dvchost | DeviceName | intermediary.hostname | |
| url_file (file_url) | about.url | |||
| UUID VM Sumber (src_uuid) | SrcUUID | principal.asset.asset_id | ||
| UUID VM tujuan (dst_uuid) | DstUUID | target.asset.asset_id | ||
| http_method (http_method) | RequestMethod | network.http.method | ||
| ID Tunnel/IMSI (tunnelid) | PanOSTunnelID | TunnelID | tunnelid | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Tag Monitor/IMEI (monitortag) | PanOSMonitorTag | MonitorTag | tag pantau | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| ID Sesi Induk (parent_session_id) | PanOSParentSessionID | ParentSessionID | parent_session_id | network.parent_session_id |
| Waktu Mulai Sesi Orang Tua (parent_start_time) | PanOSParentStartTime | ParentStartTime | parent_start_time | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| Terowongan (terowongan) | PanOSTunnelType | TunnelType | tunnel | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| thr_category (kategori_thr) | PanOSThreatCategory | ThreatCategory | thr_category | security_result.detection_fields.key/value |
| penyedia konten (ver konten) | PanOSContentVer | ContentVer | kontenver | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
| sig_flags (sig_flags) | sig_flags | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| ID Asosiasi SCTP (assoc_id) | PanOSAssocID | assoc_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| ID Protokol Payload (ppid) | PanOSPPID | ppid | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| http_headers (http_headers) | PanOSHTTPHeader | http_headers | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Daftar Kategori URL (url_category_list) | url_category_list | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| UUID untuk aturan (rule_uuid) | PanOSRuleUUID | rule_uuid | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Koneksi HTTP/2 (http2_connection) | http2_connection | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| dynusergroup_name (nama_grup_dynuser) | dynusergroup_name | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Alamat XFF (xff_ip) | principal.ip | |||
| Kategori Perangkat Sumber (src_category) | src_category | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Profil Perangkat Sumber (src_profile) | src_profile | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Model Perangkat Sumber (src_model) | src_model | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Vendor Perangkat Sumber (src_vendor) | src_vendor | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Rangkaian OS Perangkat Sumber (src_osfamily) | principal.asset.platform_software.platform principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|||
| Versi OS Perangkat Sumber (src_osversion) | principal.asset.software.version | |||
| Nama Host Sumber (src_host) | src_host | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Alamat Mac Sumber (src_mac) | principal.mac | |||
| Kategori Perangkat Tujuan (dst_category) | dst_category | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Profil Perangkat Tujuan (dst_profile) | dst_profile | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Model Perangkat Tujuan (dst_model) | dst_model | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Vendor Perangkat Tujuan (dst_vendor) | dst_vendor | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Rangkaian OS Perangkat Tujuan (dst_osfamily) | target.asset.platform_software.platform
target.labels.key dan target.labels.value |
|||
| Versi OS Perangkat Tujuan (dst_osversion) | target.asset.software.version | |||
| Nama Host Tujuan (dst_host) | target.hostname | |||
| Alamat Mac Tujuan (dst_mac) | target.mac | |||
| ID penampung (container_id) | container_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Namespace POD (pod_namespace) | pod_namespace | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Nama POD (pod_name) | pod_name | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Daftar Dinamis Eksternal Sumber (src_edl) | src_edl | principal.labels.key dan principal.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Daftar Dinamis Eksternal Tujuan (dst_edl) | dst_edl | target.labels.key dan target.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| ID Host (hostid) | id host | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Nomor Seri (nomor seri) | principal.asset.hardware.serial_number | |||
| domain_edl (domain_edl) | domain_edl | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Grup Alamat Dinamis Sumber (src_dag) | principal.group.group_display_name | |||
| Grup Alamat Dinamis Tujuan (dst_dag) | target.group.group_display_name | |||
| hash_sebagian (sebagian_hash) | partial_hash | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Stempel Waktu Resolusi Tinggi (high_res_timestamp) | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
|||
| Alasan (alasan) | alasan | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| justifikasi (pembenaran) | justifikasi | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| {i>nssai_sst<i} (nssai_sst) | nssai_sst | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Subkategori aplikasi (subcategory_of_app) | subcategory_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Kategori aplikasi (category_of_app) | category_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Teknologi aplikasi (technology_of_app) | technology_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Risiko aplikasi (risk_of_app) | risk_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Karakteristik aplikasi (characteristic_of_app) | characteristic_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Penampung aplikasi (container_of_app) | container_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Aplikasi terowongan (tunneled_app) | tunneled_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| SaaS aplikasi (is_saas_of_app) | is_saas_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Status Aplikasi yang Diizinkan (sanctioned_state_of_app) | sanctioned_state_of_app | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
GlobalProtect
Tabel berikut mencantumkan kolom log jenis log GlobalProtect dan kolom UDM yang sesuai.
| Kolom CSV | Kolom CEF | Kolom LEEF | Kunci label Chronicle | Kolom UDM |
|---|---|---|---|---|
| Waktu Penerimaan (accept_time) | rt | received_time | metadata.event_timestamp | |
| Nomor seri (serial) | PanOSDeviceSN | intermediary_asset_hardware_serial_number | intermediary.asset.hardware.serial_number | |
| Jenis (jenis) | jenis (Tajuk) | metadata.product_event_type | ||
| Ancaman/Jenis Konten (subjenis) | subjenis (Header) | Subjenis | metadata.product_event_type | |
| Waktu Pembuatan (time_generated) | PanOSLogTimeStamp | generated_timestamp | metadata.event_timestamp | |
| Sistem Virtual (vsys) | PanOSVirtualSystem | {i>vsys<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| ID Peristiwa (eventid) | PanOSEventID | event_id | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Tahap (tahap) | PanOSStage | stage | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Metode Autentikasi (auth_method) | PanOSAuthMethod | extension_auth_auth_details | extensions.auth.auth_details | |
| Jenis Tunnel (tunnel_type) | PanOSTunnelType | tunnel | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Pengguna Sumber (srcuser) | PanOSSourceUserName | src_user | principal.user.email_address
principal.user.userid principal.administrative_domain |
|
| Region Sumber (srcregion) | PanOSSourceRegion | src_region | principal.location.country_or_region | |
| Nama Perangkat (namamesin) | PanOSEndpointDeviceName | machine_name | principal.hostname | |
| IP Publik (public_ip) | PanOSPublicIPv4 | principal.nat_ip | ||
| IPv6 Publik (public_ipv6) | PanOSPublicIPv6 | principal.nat_ip | ||
| IP Pribadi (private_ip) | PanOSPrivateIPv4 | principal.ip | ||
| IPv6 Pribadi (private_ipv6) | PanOSPrivateIPv6 | principal.ip | ||
| ID Host (hostid) | PanOSHostID | id host | principal.asset.asset_id | |
| Nomor Seri (nomor seri) | PanOSDeviceSN | principal.asset.hardware.serial_number | ||
| Versi Klien (client_ver) | PanOSGlobalProtectClientVersion | client_ver | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| OS Klien (client_os) | PanOSEndpointOSType | principal.asset.platform_software.platform(enum) | ||
| Versi OS Klien (client_os_ver) | PanOSEndpointOSVersion | principal.asset.platform_software.platform_version | ||
| Ulangi Hitung (repeatcnt) | PanOSCountOfRepeats | {i>repeatcnt<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Alasan (alasan) | PanOSQuarantineReason | security_result.summary | ||
| Kesalahan (kesalahan) | PanOSConnectionError | error | security_result.description | |
| Deskripsi (buram) | PanOSDescription | security_result.description | ||
| Status (status) | PanOSEventStatus | status | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Lokasi (lokasi) | PanOSGPGatewayLocation | target.location.country_or_region | ||
| Durasi Login (login_duration) | PanOSLoginDuration | network.session_duration | ||
| Metode Connect (connect_method) | PanOSConnectionMethod | connect_method | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Kode Kesalahan (kode_kesalahan) | PanOSConnectionErrorID | error_code | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Portal (portal) | PanOSPortal | portal | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nomor Urut (seqno) | PanOSSequenceNo | metadata.product_log_id | ||
| Tanda Tindakan (actionflag) | PanOSActionFlags | actionflag | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Stempel Waktu Resolusi Tinggi (high_res_timestamp) | anOSTimeGeneratedHighResolution | {i>metadata.collected_timestamp<i},
metadata.event_timestamp (jika "Waktu Pembuatan" tidak ada) |
||
| Metode Pemilihan Gateway (selection_type) | PanOSGatewaySelectionType | selection_type | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Waktu Respons SSL (response_time) | PanOSSSLResponseTime | response_time | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Prioritas Gateway (prioritas) | PanOSGatewayPriority | priority | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Gateway yang Dicoba (attempted_gateways) | PanOSAttemptedGateways | attempted_gateways | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Nama Gateway (gateway) | PanOSAttemptedGateways | gateway | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Hierarki Grup Perangkat (dg_hier_level_1) | dg_hier_level_1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Hierarki Grup Perangkat (dg_hier_level_2) | dg_hier_level_2 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Hierarki Grup Perangkat (dg_hier_level_3) | dg_hier_level_3 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Hierarki Grup Perangkat (dg_hier_level_4) | dg_hier_level_4 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Nama Sistem Virtual (vsys_name) | principal.resource.name
principal.resource.resource_type=VIRTUAL_MACHINE |
|||
| Nama Perangkat (device_name) | target.hostname | |||
| ID Sistem Virtual (vsys_id) | principal.resource.resource_type=VIRTUAL_MACHINE dan principal.resource.product_object_id |
Korelasi
Tabel berikut mencantumkan kolom log jenis log Korelasi dan kolom UDM yang sesuai.
| Kolom CSV | Kolom CEF | Kolom LEEF | Kunci label Chronicle | Kolom UDM |
|---|---|---|---|---|
| Waktu yang Dihasilkan (time_generated atau cef-formatted-time_generated) | startTime | generated_timestamp | metadata.event_timestamp | |
| Alamat Sumber (src) | src | principal.ip | ||
| Pengguna Sumber (srcuser) | SourceUser / usrName | principal.user.userid | ||
| Sistem Virtual (vsys) | VirtualSystem | {i>vsys<i} | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
|
| Kategori (kategori) | security_result.category_details | |||
| Keparahan (keparahan) | Keseriusan | security_result.severity dan security_result.severity_details | ||
| Hierarki Grup Perangkat Level 1 | DeviceGroupHierarchyL1 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Hierarki Grup Perangkat Level 2 | DeviceGroupHierarchyL2 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Hierarki Grup Perangkat Level 3 | DeviceGroupHierarchyL3 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Hierarki Grup Perangkat Level 4 | DeviceGroupHierarchyL4 | about.labels.key dan about.labels.value {i>additional.fields.key<i} dan {i>additional.fields.value.string_value<i} |
||
| Nama Sistem Virtual (vsys_name) | vSrcName | principal.resource.name
principal.resource.resource_type=VIRTUAL_MACHINE |
||
| Nama Perangkat (device_name) | DeviceName | intermediary.hostname | ||
| ID Sistem Virtual (vsys_id) | VirtualSystemID | principal.resource.resource_type=VIRTUAL_MACHINE dan principal.resource.product_object_id | ||
| Nama Objek (objectname) | ObjectName | target.resource.name | ||
| ID Objek (object_id) | ObjectID | target.resource.product_object_id |
Referensi pemetaan kolom: Jenis log ke jenis peristiwa UDM
Tabel berikut mencantumkan jenis log firewall Palo Alto Networks dan jenis peristiwa UDM yang sesuai.
| Jenis log | Jenis peristiwa UDM |
| Traffic | NETWORK_CONNECTION |
| Ancaman | NETWORK_CONNECTION |
| Pemfilteran URL | NETWORK_CONNECTION |
| WildFire | NETWORK_CONNECTION
Log pengiriman WildFire adalah subjenis dari jenis log Threat dan menggunakan format syslog yang sama. |
| Penyaringan Data | NETWORK_CONNECTION |
| Terowongan | NETWORK_CONNECTION |
| Konfigurasi | SETTING_MODIFICATION/SETTING_CREATION/SETTING_DELETION/SETTING_UNCATEGORIZED
Nilai kolom "Command (cmd)" menentukan pemetaan jenis peristiwa UDM. Jika nilai kolom cmd ditambahkan atau digandakan, SETTING_CREATION telah disetel. Jika nilai kolom cmd dihapus, SETTING_DELETION telah ditetapkan. Jika nilai kolom cmd adalah edit, pindahkan, ganti nama, tetapkan, atau commit, SETTING_MODIFICATION akan ditetapkan. Jika nilai kolom cmd tidak berisi nilai apa pun, maka SETTING_UNCATEGORIZED telah ditetapkan. |
| Image |
Jika nilai subjenis adalah "dhcp", berarti NETWORK_DHCP telah disetel. Jika nilai subjenis adalah "auth", berarti USER_LOGIN telah ditetapkan. Untuk nilai subjenis lain, GENERIC_EVENT telah ditetapkan. |
| Pencocokan HIP | NETWORK_CONNECTION |
| Tag IP | GENERIC_EVENT |
| User-ID | USER_LOGIN/USER_LOGOUT/USER_UNCATEGORIZED
Jika nilai subjenis adalah "login", berarti USER_LOGIN telah ditetapkan. Jika nilai subjenis adalah "logout", USER_LOGOUT ditetapkan. Jika subjenis tidak berisi nilai apa pun, maka USER_UNCATEGORIZED telah disetel. |
| Dekripsi | NETWORK_CONNECTION |
| Authentication | GENERIC_EVENT |