Mappings: Palo Alto System Auth Failure Variant 2
| Legacy Parser Grok Patterns |
|---|
| PALO_FW_SYSTEM_AUTH_FAILURE_2 |
| Output | Value |
|---|---|
| Vendor | Palo Alto Networks |
| Product | Next Generation Firewall |
| Record Type | Authentication |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| device_ip | source_ip | |
| severity | severity | |
| srcDevice_ip | source_ip | |
| success | None | The static text false is populated in this schema field. |
| timestamp | generated_time | We expect the orginal record value of generated_time is in the format yyyy/MM/dd HH:mm:ss |
| user_username | username |