Firewall Activity Data | Trend Micro Service Central

Views:

Field Name	Type	General Field	Description	Example	Products
act	-	-	The action	`Allow` `Block`	Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Zero Trust Secure Access Private Access Palo Alto Networks Firewall
app	-	-	The network protocol	`HTTP`	Trend Micro Deep Discovery Inspector Virtual Network Sensor Palo Alto Networks Firewall
application	-	-	The name of the requested application	`Facebook` `wiki`	Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Zero Trust Secure Access Private Access Palo Alto Networks Firewall
cnt	-	-	The total number of logs	`1` `2` `3`	Palo Alto Networks Firewall
dOSName	-	-	The destination OS	`Windows`	Palo Alto Networks Firewall
dUser1	-	UserAccount	The latest sign-in user of the destination	`dhr\m42svc` `altsvc`	Palo Alto Networks Firewall
dhost	-	DomainName	The destination hostname	`sw_us-east-1c_10-124-21-139` `8.243.49.4`	Palo Alto Networks Firewall
dmac	-	-	The destination MAC address	`a8:d0:e5:5c:cb:c5`	Palo Alto Networks Firewall
dpt	-	Port	The service destination port of the private application server (dstport)	`443`	Trend Vision One Zero Trust Secure Access Private Access Palo Alto Networks Firewall XDR for Cloud - AWS VPC Flow Logs
dst	-	IPv4 IPv6	The destination IP (dstaddr)	`10.10.10.10` `10.206.209.64`	Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Zero Trust Secure Access Private Access Palo Alto Networks Firewall XDR for Cloud - AWS VPC Flow Logs
dstLocation	-	-	The destination country	`Japan`	Palo Alto Networks Firewall
dstZone	-	-	The destination zone of the Palo Alto Networks firewall session	`LAB-Small`	Palo Alto Networks Firewall
dvchost	-	-	The network device hostname	`my-company-xns` `my-ddi`	Trend Micro Deep Discovery Inspector Virtual Network Sensor Palo Alto Networks Firewall
eventId	-	-	The event ID	`200139` `200140`	Virtual Network Sensor Trend Micro Deep Discovery Inspector Palo Alto Networks Firewall XDR for Cloud - AWS VPC Flow Logs
eventName	-	-	The log type	`SWG_ACTIVITY_LOG` `FIREWALL_ACTIVITY_LOG` `VPC_ACTIVITY_LOG`	Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Zero Trust Secure Access Private Access Trend Micro Deep Discovery Inspector Virtual Network Sensor Palo Alto Networks Firewall XDR for Cloud - AWS VPC Flow Logs
eventSubName	-	-	The Zero Trust Secure Access - Internet Access cloud app action or the Palo Alto Networks firewall log sub-type	`OneDrive download file` `start` `end` `drop` `deny`	Trend Vision One Zero Trust Secure Access Internet Access Palo Alto Networks Firewall
eventTime	-	-	The time the agent or product detected the event	`1657135700000`	Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Zero Trust Secure Access Private Access Trend Micro Deep Discovery Inspector Virtual Network Sensor Palo Alto Networks Firewall XDR for Cloud - AWS VPC Flow Logs
filterRiskLevel	-	-	The top level filter risk of the event	`info` `low` `medium`	Security Analytics Engine
flowId	-	-	The network analysis flow ID	`6837014561409730558`	Trend Micro Deep Discovery Inspector Virtual Network Sensor Palo Alto Networks Firewall
httpXForwardedFor	-	-	The HTTP X-Forwarded-For header	`192.168.1.103, 192.168.1.104, 192.168.1.106`	Trend Micro Deep Discovery Inspector Virtual Network Sensor Palo Alto Networks Firewall
pname	-	-	The product name	`Secure Web Gateway` `XDR for Cloud - AWS VPC Flow Logs`	Trend Vision One Zero Trust Secure Access Internet Access Trend Micro Deep Discovery Inspector Virtual Network Sensor Palo Alto Networks Firewall XDR for Cloud - AWS VPC Flow Logs
policyName	-	-	The name of the triggered policy	`lab-to-dns` `small-lab-http-out`	Palo Alto Networks Firewall
policyTreePath	-	-	The policy tree path (endpoint only)	`policyname1/policyname2/policyname3`	Security Analytics Engine
policyUuid	-	-	The policy UUID	`afef0518-abd7-43e1-9b73-2f55c4c95a8e`	Trend Vision One Zero Trust Secure Access Private Access Palo Alto Networks Firewall
productCode	-	-	The product which sent the log	`sig` `szn`	Security Analytics Engine Palo Alto Networks Firewall
pver	-	-	The product version	`1`	Trend Vision One Zero Trust Secure Access Internet Access Palo Alto Networks Firewall
reqDataSize	-	-	The data volume transmitted over the transport layer by the client (in bytes)	`15688`	Virtual Network Sensor Palo Alto Networks Firewall
respDataSize	-	-	The data volume transmitted over the transport layer by the server (in bytes)	`7856`	Virtual Network Sensor Palo Alto Networks Firewall
sOSName	-	-	The source OS	`Windows 10`	Palo Alto Networks Firewall
sUser1	-	UserAccount	The latest sign-in user of the source	`000c29edef58` `corpdmz.com\ser-desktopcentral`	Palo Alto Networks Firewall
sessionEndReason	-	-	The reason why a session was terminated	`tcp-fin` `tcp-rst-from-server`	Palo Alto Networks Firewall
sessionStart	-	-	The session start time (in seconds)	`1575462989`	Trend Vision One Zero Trust Secure Access Private Access Trend Micro Deep Discovery Inspector Virtual Network Sensor Palo Alto Networks Firewall
shost	-	DomainName	The source hostname	`sw_us-east-1a_10-124-17-69` `sw_us-east-1c_10-124-21-139`	Palo Alto Networks Firewall
smac	-	-	The source MAC address	`a8:d0:e5:5c:cb:c5` `00:50:56:b2:93:46` `00:09:0f:09:00:06`	Palo Alto Networks Firewall
spt	-	Port	The virtual port of the source assigned to the Secure Access Module (srcport)	`57763`	Trend Vision One Zero Trust Secure Access Private Access Palo Alto Networks Firewall XDR for Cloud - AWS VPC Flow Logs
src	-	IPv4 IPv6	The source IP (srcaddr)	`100.100.100.100` `18.162.103.100`	Trend Vision One Zero Trust Secure Access Internet Access Trend Vision One Zero Trust Secure Access Private Access Palo Alto Networks Firewall XDR for Cloud - AWS VPC Flow Logs
srcLocation	-	-	The source country	`Japan`	Palo Alto Networks Firewall
srcZone	-	-	The source zone of the Palo Alto Networks firewall session	`LAB-Small`	Palo Alto Networks Firewall
tags	-	Technique	The detected technique ID based on the alert filter	`MITREV9.T1057` `MITREV9.T1059.003` `XSAE.F2924`	Security Analytics Engine
uuid	-	-	The unique key of the log	`00008a58-5c57-46b2-ad06-335035989d08` `0000ca1e-abfa-4013-9213-2dcf5cf1c4d0` `0001469c-dc16-469f-8e44-3d02d2057250`	Security Analytics Engine
vsysName	-	-	The Palo Alto Networks virtual system of the session	`vsys1`	Palo Alto Networks Firewall