Mappings: Palo Alto Threat Wildfire - Custom Parser
Input | Value |
---|---|
Vendor | Palo Alto |
Product | Firewall |
Log Format | JSON |
Event ID Regex Pattern | threat-wildfire |
Output | Value |
---|---|
Vendor | Palo Alto Networks |
Product | Next Generation Firewall |
Record Type | Network |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
action | action | |
application | application | |
device_hostname | firewall_name | |
dstDevice_ip | dest_ip | |
dstPort | dest_port | |
http_url | http_url | |
ipProtocol | protocol | |
resource | flags | |
severity | pan_severity | |
srcDevice_ip | source_ip | |
srcPort | source_port | |
success | action | This is a lookup field. More info to come in the catalog later... |
threat_category | category | |
threat_name | threat_name | |
user_username | source_user |