Panorama.Monitor.JobID | String | The job ID of the logs query. |
Panorama.Monitor.Status | String | The status of the logs query. |
Panorama.Monitor.Message | String | The message of the logs query. |
Panorama.Monitor.Logs.Action | String | The action taken for the session. Can be "alert", "allow", "deny", "drop", "drop-all-packets", "reset-client", "reset-server", "reset-both", or "block-url". |
Panorama.Monitor.Logs.Application | String | The application associated with the session. |
Panorama.Monitor.Logs.Category | String | The URL category of the URL subtype. For WildFire subtype, it is the verdict on the file, and can be either "malicious", "phishing", "grayware", or "benign". For other subtypes, the value is "any". |
Panorama.Monitor.Logs.DeviceName | String | The hostname of the firewall on which the session was logged. |
Panorama.Monitor.Logs.DestinationAddress | String | The original session destination IP address. |
Panorama.Monitor.Logs.DestinationUser | String | The username of the user to which the session was destined. |
Panorama.Monitor.Logs.DestinationCountry | String | The destination country or internal region for private addresses. Maximum length is 32 bytes. |
Panorama.Monitor.Logs.DestinationPort | String | The destination port utilized by the session. |
Panorama.Monitor.Logs.FileDigest | String | Only for the WildFire subtype, all other types do not use this field. The filedigest string shows the binary hash of the file sent to be analyzed by the WildFire service. |
Panorama.Monitor.Logs.FileName | String | File name or file type when the subtype is file. File name when the subtype is virus. File name when the subtype is wildfire-virus. File name when the subtype is wildfire. |
Panorama.Monitor.Logs.FileType | String | Only for the WildFire subtype, all other types do not use this field. Specifies the type of file that the firewall forwarded for WildFire analysis. |
Panorama.Monitor.Logs.FromZone | String | The zone from which the session was sourced. |
Panorama.Monitor.Logs.URLOrFilename | String | The actual URL when the subtype is url. The file name or file type when the subtype is file. The file name when the subtype is virus. The file name when the subtype is wildfire-virus. The file name when the subtype is wildfire. The URL or file name when the subtype is vulnerability (if applicable). |
Panorama.Monitor.Logs.NATDestinationIP | String | The post-NAT destination IP address if destination NAT was performed. |
Panorama.Monitor.Logs.NATDestinationPort | String | The post-NAT destination port. |
Panorama.Monitor.Logs.NATSourceIP | String | The post-NAT source IP address if source NAT was performed. |
Panorama.Monitor.Logs.NATSourcePort | String | The post-NAT source port. |
Panorama.Monitor.Logs.PCAPid | String | The packet capture (pcap) ID is a 64 bit unsigned integral denoting an ID to correlate threat pcap files with extended pcaps taken as a part of that flow. All threat logs will contain either a pcap_id of 0 (no associated pcap), or an ID |