Halaman ini diterjemahkan oleh Cloud Translation API.

Mengumpulkan log firewall Palo Alto Networks

Didukung di:

Google SecOps SIEM

Ringkasan

Dokumen ini menjelaskan cara mengonfigurasi syslog dan forwarder Google Security Operations untuk mengumpulkan log firewall Palo Alto Networks. Dokumen ini juga menjelaskan cara kolom log firewall Palo Alto Networks dipetakan ke kolom Unified Data Model (UDM) Google Security Operations.

Untuk ringkasan tentang penyerapan data Google Security Operations, lihat Penyerapan data ke Google Security Operations.

Label penyerapan mengidentifikasi parser yang menormalisasi data log mentah ke format UDM terstruktur. Informasi dalam dokumen ini berlaku untuk parser dengan label transfer PAN_FIREWALL.

Sebelum memulai

Pastikan produk firewall Palo Alto Networks di-deploy dan dikonfigurasi dengan benar. Untuk mengetahui petunjuk penyiapan mendetail, lihat Dokumentasi PAN-OS.
Untuk memahami komponen yang di-deploy untuk mengumpulkan log firewall Palo Alto Networks, tinjau arsitektur deployment. Setiap deployment pelanggan mungkin berbeda dari representasi ini dan mungkin lebih kompleks.

Diagram berikut menunjukkan cara mengonfigurasi syslog di firewall Palo Alto Networks dan menginstal forwarder Google Security Operations di server Linux untuk meneruskan data log ke Google Security Operations. Parser mendukung log yang ditulis dalam format data berikut: Nilai yang Dipisahkan Koma (CSV), Format Peristiwa Umum (CEF), dan Format Log Peristiwa yang Diperluas (LEEF).
Verifikasi format log dan versi PAN-OS yang didukung parser Google Security Operations. Tabel berikut mencantumkan format log dan versi PAN-OS yang sesuai yang didukung parser Google Security Operations:

Format log Versi PAN-OS

CSV 10.1.3

CEF 10.0.0

LEEF 9.1.0
Verifikasi jenis log firewall Palo Alto Networks yang didukung parser Google Security Operations. Parser Google Security Operations mendukung jenis log firewall Palo Alto Networks berikut:
- Traffic
- Ancaman
- Pengiriman WildFire
- Pemeriksaan terowongan
- Konfigurasi
- Sistem
- Kecocokan HIP
- Tag IP
- User-ID
- Dekripsi
- Autentikasi
- Pemfilteran URL
- Pemfilteran data
- GlobalProtect
- Korelasi
Untuk mengetahui informasi selengkapnya tentang jenis log firewall Palo Alto Networks, lihat Jenis log PAN-OS.
Pastikan semua sistem dalam arsitektur deployment dikonfigurasi di zona waktu UTC.
Sebelum menggunakan parser firewall Palo Alto Networks, tinjau perubahan dalam pemetaan kolom antara parser sebelumnya dan parser firewall Palo Alto Networks saat ini. Sebagai bagian dari migrasi, pastikan aturan, penelusuran, dasbor, atau proses lain yang bergantung pada kolom asli menggunakan kolom yang diperbarui.

Misalnya, dalam versi parser sebelumnya, kolom log category dipetakan ke kolom UDM security_result.description. Dalam parser firewall Palo Alto Networks saat ini, kolom log category dipetakan ke kolom UDM security_result.category_details. Jika Anda bermigrasi ke parser firewall Palo Alto Networks saat ini dan menggunakan kolom category dalam aturan, Anda perlu mengubah aturan untuk menggunakan kolom UDM security_result.category_details dari parser saat ini.

Mengonfigurasi syslog dan penerusan Google Security Operations

Untuk mengonfigurasi syslog dan forwarder Google Security Operations, selesaikan langkah-langkah berikut:

Untuk memantau log CSV, konfigurasikan profil server syslog. Untuk informasi selengkapnya, lihat Mengonfigurasi profil server syslog.

Saat Anda mengonfigurasi profil server syslog, tentukan "Default" sebagai format log kustom.
Untuk memantau log CEF, konfigurasikan firewall Palo Alto Networks untuk meneruskan log CEF. Untuk informasi selengkapnya, download PDF panduan Integrasi CEF PAN-OS dan lihat bagian "Konfigurasi NGFW Palo Alto Networks untuk menghasilkan peristiwa CEF".
Untuk memantau log LEEF, konfigurasikan profil server syslog. Untuk mengetahui informasi selengkapnya, lihat Penerusan log kustom dalam format LEEF.
Konfigurasikan penerusan Google Security Operations untuk mengirim log ke Google Security Operations. Untuk informasi selengkapnya, lihat Menginstal dan mengonfigurasi forwarder di Linux. Berikut adalah contoh konfigurasi forwarder Google Security Operations:
```
  - syslog:
      common:
        enabled: true
        data_type: PAN_FIREWALL
        batch_n_seconds: 10
        batch_n_bytes: 1048576
      tcp_address: 0.0.0.0:10518
      connection_timeout_sec: 60
```

Referensi pemetaan kolom: Kolom log firewall PAN ke kolom UDM

Bagian ini menjelaskan cara parser memetakan kolom log firewall Palo Alto Networks ke kolom peristiwa UDM Google Security Operations untuk setiap jenis log.

Kunci label Google Security Operations mengacu pada nama kunci yang dipetakan ke kolom UDM Labels.key. Misalnya, dalam kasus kolom "Virtual System", nama kolomnya adalah "cs3" dalam format CEF dan "VirtualSystem" dalam format LEEF. Kolom UDM "about.labels.key" berisi nilai "vsys" dan kolom UDM "about.labels.value" berisi nilai kolom tersebut.

Beberapa nama kolom CEF atau LEEF tidak memiliki nama yang sesuai dengan nama kolom CSV. Dalam kasus tersebut, jika Anda menambahkan nama variabel Anda sendiri dalam format log kustom di profil syslog, parser tidak memetakan nama tersebut ke kolom UDM.

Lihat bagian berikut untuk referensi pemetaan setiap jenis log:

Sistem
Konfigurasi
Ancaman/kebakaran hutan
Traffic
ID Pengguna
Pencocokan HIP
Tag IP
Dekripsi
Tunnel
Authentication
URL
Data
GlobalProtect
Korelasi

Sistem

Tabel berikut mencantumkan kolom log dari jenis log sistem dan kolom UDM yang sesuai.

Kolom CSV	Kolom CEF	Kolom LEEF	Kunci label Google Security Operations	Kolom UDM
Waktu Penerimaan (receive_time atau cef-formatted-receive_time)	rt	devTime		metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Nomor Seri (serial)	deviceExternalId	SerialNumber		intermediary.asset.hardware.serial_number
Jenis (type)	type (Header)	cat		metadata.product_event_type ditetapkan ke "%{type} - %{subtype}".
Jenis Konten/Ancaman (subjenis)	subjenis (Header)	Subjenis		metadata.product_event_type ditetapkan ke "%{type} - %{subtype}".
Waktu yang Dibuat (time_generated atau cef-formatted-time_generated)				metadata.event_timestamp
Sistem Virtual (vsys)	cs3	VirtualSystem	vsys	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Peristiwa (eventid)	cat		eventid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Objek (object)	fname	Nama file	objek	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Modul (module)	flexString2	Modul	modul	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Keparahan (severity)	$number-of-severity(header)	Keparahan		security_result.severity dan security_result.severity_details
Deskripsi (buram)	msg	msg		metadata.description
	principal_user_userid (Kolom ini diekstrak dari kolom msg)			principal.user.userid
	principal_ip3 (Kolom ini diekstrak dari kolom msg)			principal.ip
	Alasan (Kolom ini diekstrak dari kolom msg)			security_result.description
	server_address (Kolom ini diekstrak dari kolom msg.)			target.ip
	server_profile (Kolom ini diekstrak dari kolom msg.)			additional.fields.key dan additional.fields.value.string_value
Nomor Urutan (seqno)	externalId	urutan		metadata.product_log_id
Flag Tindakan (actionflags)	PanOSActionFlags	ActionFlags	actionflags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_1 hingga dg_hier_level_4)	PanOSDGl1	DeviceGroupHierarchyL1	dg_hier_level_1	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_2)	PanOSDGl2	DeviceGroupHierarchyL2	dg_hier_level_2	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_3)	PanOSDGl3	DeviceGroupHierarchyL3	dg_hier_level_3	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_4)	PanOSDGl4	DeviceGroupHierarchyL4	dg_hier_level_4	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Sistem Virtual (vsys_name)	PanOSVsysName	vSrcName		principal.resource.name principal.resource.resource_type=VIRTUAL_MACHINE
Nama Perangkat (device_name)	dvchost	DeviceName		intermediary.hostname
Stempel Waktu Resolusi Tinggi (high_res_timestamp)	anOSTimeGeneratedHighResolution			metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)

Konfigurasi

Tabel berikut mencantumkan kolom log dari jenis log konfigurasi dan kolom UDM yang sesuai.

Kolom CSV	Kolom CEF	Kolom LEEF	Kunci label Google Security Operations	Kolom UDM
Waktu Penerimaan (receive_time atau cef-formatted-receive_time)	rt	devTime		metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Nomor Seri (serial)	deviceExternalId	SerialNumber		intermediary.asset.hardware.serial_number
Jenis (type)	type (Header)	cat		metadata.product_event_type
Jenis Konten/Ancaman (subjenis)	subjenis (Header)			metadata.product_event_type
Waktu yang Dibuat (time_generated atau cef-formatted-time_generated)				metadata.event_timestamp
Host (host)	shost	src		principal.ip/hostname
Sistem Virtual (vsys)	cs3	VirtualSystem	vsys	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Perintah (cmd)	tindakan	msg	cmd	metadata.description
Admin (admin)	duser	usrName		principal.user.userid
Klien (client)	destinationServiceName	klien		principal.application
Hasil (result)	ID Tanda Tangan (Header)(alasan)	Hasil		security_result.summary
Jalur Konfigurasi (jalur)	msg	ConfigurationPath		principal.process.command_line
Detail Sebelum Perubahan (before_change_detail)	cs1	BeforeChangeDetail	before_change_detail	target.resource.attribute.labels.key/value
Detail Setelah Perubahan (after_change_detail)	cs2	AfterChangeDetail	after_change_detail	target.resource.attribute.labels.key/value
Nomor Urutan (seqno)	externalId	urutan		metadata.product_log_id
Flag Tindakan (actionflags)	PanOSActionFlags	ActionFlags	actionflags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_1 hingga dg_hier_level_4)	PanOSDGl1	DeviceGroupHierarchyL1	dg_hier_level_1	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_2)	PanOSDGl2	DeviceGroupHierarchyL2	dg_hier_level_2	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_3)	PanOSDGl3	DeviceGroupHierarchyL3	dg_hier_level_3	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_4)	PanOSDGl4	DeviceGroupHierarchyL4	dg_hier_level_4	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Sistem Virtual (vsys_name)	PanOSVsysName	vSrcName		principal.resource.name principal.resource.resource_type=VIRTUAL_MACHINE
Nama Perangkat (device_name)	dvchost	DeviceName		intermediary.hostname
Grup Perangkat (dg_id)	PanOSFWDeviceGroup		dg_id	principal.asset.attribute.labels.key/value
Komentar Audit (komentar)	PanOSPolicyAuditComment		komentar	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value

Ancaman/WildFire

Tabel berikut mencantumkan kolom log jenis log Threat/WildFire dan kolom UDM yang sesuai.

Kolom CSV	Kolom CEF	Kolom LEEF	Kunci label Google Security Operations	Kolom UDM
Waktu Penerimaan (receive_time atau cef-formatted-receive_time)	rt	devTime		metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Nomor Seri (nomor seri)	deviceExternalId	SerialNumber		intermediary.asset.hardware.serial_number
Jenis (type)	type (Header)	cat		metadata.product_event_type
Jenis Konten/Ancaman (subjenis)	cat/subtype (Header)	Subjenis		metadata.product_event_type
Buat Waktu (time_generated atau cef-formatted-time_generated)				metadata.event_timestamp
Alamat sumber (src)	src	src		principal.ip
Alamat tujuan (dst)	dst	dst		target.ip
IP Sumber NAT (natsrc)	sourceTranslatedAddress	srcPostNAT		principal.nat_ip
IP Tujuan NAT (natdst)	destinationTranslatedAddress	dstPostNAT		target.nat_ip
Nama Aturan (aturan)	cs1	RuleName		security_result.rule_name
Pengguna Sumber (srcuser)	pengguna	SourceUser / usrName		principal.user.userid
Pengguna Tujuan (dstuser)	duser	DestinationUser		target.user.userid
Aplikasi (app)	aplikasi	Aplikasi		target.application
Sistem Virtual (vsys)	cs3	VirtualSystem	vsys	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Zona Sumber (dari)	cs4	SourceZone	dari	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Zona Tujuan (ke)	cs5	DestinationZone	sampai	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Antarmuka Masuk (inbound_if)	deviceInboundInterface	IngressInterface	inbound_if	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Antarmuka Keluar (outbound_if)	deviceOutboundInterface	EgressInterface	outbound_if	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Tindakan Log (set log)	cs6	LogForwardingProfile	logset	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Sesi (sessionid)	cn1	SessionID		network.session_id
Jumlah Pengulangan (repeatcnt)	cnt	RepeatCount	repeatcnt	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Port Sumber (sport)	spt	srcPort		principal.port
Port Tujuan (dport)	dpt	dstPort		target.port
Port Sumber NAT (natsport)	sourceTranslatedPort	srcPostNATPort		principal.nat_port
Port Tujuan NAT (natdport)	destinationTranslatedPort	dstPostNATPort		target.nat_port
Flag	flexString1	Flag	flag	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Protokol IP (proto)	proto	proto		network.ip_protocol
Tindakan (action)	tindakan	action		security_result.action_details security_result.action
URL/Nama File (lainnya)	permintaan	Lain-lain		target.file.full_path (jika subjenisnya adalah 'file', 'virus', 'wildfire-virus', atau 'wildfire', kolom `misc` akan dipetakan ke target.file.full_path) target.url (jika subjenisnya adalah 'url', kolom `misc` akan dipetakan ke target.url dan target.hostname) target.hostname (jika subjenisnya adalah 'spyware' atau 'vulnerability', kolom `misc` akan dipetakan ke target.file.full_path dan target.url)
Nama Ancaman/Konten (threatid)	cat	ThreatID		security_result.threat_name
Kategori (category)	cs2	URLCategory		security_result.category_details
Keparahan (severity)	number-of-severity(header)	Keparahan		security_result.severity dan security_result.severity_details
Arah (direction)	flexString2	Arah		network.direction
Nomor Urutan (seqno)	externalId	urutan		metadata.product_log_id
Flag Tindakan (actionflags)	PanOSActionFlags	ActionFlags	actionflags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Negara Sumber (srcloc)		SourceLocation		principal.location.country_or_region
Negara Tujuan (dstloc)		DestinationLocation		target.location.country_or_region
Jenis Konten (contenttype)		ContentType	contenttype	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID PCAP (pcap_id)	fileId	PCAP_ID	pcap_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Ringkasan File (filedigest)	fileHash	FileDigest		about.file.sha1/md5/sha256
Cloud (cloud)	filePath	Cloud	cloud	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Indeks URL (url_idx)		URLIndex	url_idx	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Agen Pengguna (user_agent)				network.http.user_agent
Jenis File (filetype)	fileType	FileType		about.file.mime_type
X-Forwarded-For (xff)				principal.ip
Perujuk (referer)				network.http.referral_url
Pengirim (sender)	suid	Pengirim		network.email.from
Subjek (subject)	msg	Subjek		network.email.subject
Penerima (recipient)	duid	Penerima		network.email.to
ID Laporan (reportid)	oldFileId	ReportID	reportid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_1 hingga dg_hier_level_4)	PanOSDGl1	DeviceGroupHierarchyL1	dg_hier_level_1	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_2)	PanOSDGl2	DeviceGroupHierarchyL2	dg_hier_level_2	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_3)	PanOSDGl3	DeviceGroupHierarchyL3	dg_hier_level_3	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_4)	PanOSDGl4	DeviceGroupHierarchyL4	dg_hier_level_4	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Sistem Virtual (vsys_name)	PanOSVsysName	vSrcName		principal.resource.name principal.resource.resource_type=VIRTUAL_MACHINE
Nama Perangkat (device_name)	dvchost	DeviceName		intermediary.hostname
UUID VM sumber (src_uuid)	PanOSSrcUUID	SrcUUID		principal.user.product_object_id
UUID VM tujuan (dst_uuid)	PanOSDstUUID	DstUUID		target.user.product_object_id
Metode HTTP (http_method)		RequestMethod		network.http.method
ID Tunnel/IMSI (tunnel_id/imsi)	PanOSTunnelID	TunnelID	tunnel_id/imsi	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Monitor Tag/IMEI (monitortag/imei)	PanOSMonitorTag	MonitorTag	monitortag/imei	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Sesi Induk (parent_session_id)	PanOSParentSessionID	ParentSessionID	parent_session_id	network.parent_session_id
Waktu Mulai Sesi Induk (parent_start_time)	PanOSParentStartTime	ParentStartTime	parent_start_time	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Jenis Tunnel (tunnel)	PanOSTunnelType	TunnelType	tunnel	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Kategori Ancaman (thr_category)	PanOSThreatCategory	ThreatCategory	thr_category	security_result.detection_fields.key/value
Versi Konten (contentver)	PanOSContentVer	ContentVer	contentver	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Asosiasi SCTP (assoc_id)	PanOSAssocID		assoc_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Payload Protocol (ppid)	PanOSPPID		ppid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Header HTTP (http_headers)	PanOSHTTPHeader		http_headers	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Daftar Kategori URL (url_category_list)	PanOSURLCatList		url_category_list	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
UUID Aturan (rule_uuid)	PanOSRuleUUID			security_result.rule_id
Koneksi HTTP/2 (http2_connection)	PanOSHTTP2Con		http2_connection	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Grup Pengguna Dinamis (dynusergroup_name)	PanDynamicUsrgrp		dynusergroup_name	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Alamat XFF (xff_ip)	PanXFFIP			principal.ip
Kategori Perangkat Sumber (src_category)	PanSrcDeviceCat		src_category	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Profil Perangkat Sumber (src_profile)	PanSrcDeviceProf		src_profile	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Model Perangkat Sumber (src_model)	PanSrcDeviceModel		src_model	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Vendor Perangkat Sumber (src_vendor)	PanSrcDeviceVendor		src_vendor	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Grup OS Perangkat Sumber (src_osfamily)	PanSrcDeviceOS		src_osfamily	principal.asset.platform_software.platform principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Versi OS Perangkat Sumber (src_osversion)	PanSrcDeviceOSv			principal.asset.software.version
Nama Host Sumber (src_host)	PanSrcHostname			principal.hostname
Alamat MAC Sumber (src_mac)	PanSrcMac			principal.mac
Kategori Perangkat Tujuan (dst_category)	PanDstDeviceCat		dst_category	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Profil Perangkat Tujuan (dst_profile)	PanDstDeviceProf		dst_profile	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Model Perangkat Tujuan (dst_model)	PanDstDeviceModel		dst_model	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Vendor Perangkat Tujuan (dst_vendor)	PanDstDeviceVendor		dst_vendor	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Grup OS Perangkat Tujuan (dst_osfamily)	PanDstDeviceOS		dst_osfamily	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Versi OS Perangkat Tujuan (dst_osversion)	PanDstDeviceOSv			target.asset.software.version
Nama Host Tujuan (dst_host)	PanDstHostname			target.hostname
Alamat MAC Tujuan (dst_mac)	PanDstMac			target.mac
ID Penampung (container_id)	PanContainerName		container_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Namespace POD (pod_namespace)	PanPODNamespace		pod_namespace	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama POD (pod_name)	PanPODName		pod_name	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Daftar Dinamis Eksternal Sumber (src_edl)	PanSrcEDL		src_edl	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Daftar Dinamis Eksternal Tujuan (dst_edl)	PanDstEDL		dst_edl	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Host (hostid)	PanGPHostID		hostid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nomor Seri Perangkat Pengguna (serialnumber)	PanEPSerial			principal.asset.hardware.serial_number
EDL Domain (domain_edl)	PanDomainEDL		domain_edl	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Grup Alamat Dinamis Sumber (src_dag)	PanSrcDAG			principal.group.group_display_name
Grup Alamat Dinamis Tujuan (dst_dag)	PanDstDAG			target.group.group_display_name
Hash Sebagian (partial_hash)	PanPartialHash		partial_hash	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Stempel Waktu Resolusi Tinggi (stempel waktu high_res)	PanTimeHighRes		stempel waktu high_res	metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Alasan (reason)	PanReasonFilteringAction		alasan	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Justifikasi (justification)	PanJustification		justifikasi	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Jenis Layanan Slice (nssai_sst)	PanASServiceType		nssai_sst	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Subkategori Aplikasi (subcategory_of_app)			subcategory_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Kategori Aplikasi (category_of_app)			category_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Teknologi Aplikasi (technology_of_app)			technology_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Risiko Aplikasi (risk_of_app)			risk_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Karakteristik Aplikasi (characteristic_of_app)			characteristic_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Penampung Aplikasi (container_of_app)			container_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
SaaS Aplikasi (is_saas_of_app)			is_saas_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Status Sanksi Aplikasi (sanctioned_state_of_app)			sanctioned_state_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value

Traffic

Tabel berikut mencantumkan kolom log jenis log traffic dan kolom UDM yang sesuai.

Kolom CSV	Kolom CEF	Kolom LEEF	Kunci label Google Security Operations	Kolom UDM
Waktu Penerimaan (receive_time atau cef-formatted-receive_time)	rt	devTime		metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Nomor Seri (serial)	deviceExternalId	SerialNumber		intermediary.asset.hardware.serial_number
Jenis (type)	type (Header)	cat/Type		metadata.product_event_type
Jenis Konten/Ancaman (subjenis)	subjenis (Header)	Subjenis		metadata.product_event_type
Waktu yang Dibuat (time_generated atau cef-formatted-time_generated)	mulai			metadata.event_timestamp
Alamat Sumber (src)	src	src		principal.ip
Alamat Tujuan (dst)	dst	dst		target.ip
IP Sumber NAT (natsrc)	sourceTranslatedAddress	srcPostNAT		principal.nat_ip
IP Tujuan NAT (natdst)	destinationTranslatedAddress	dstPostNAT		target.nat_ip
Nama Aturan (aturan)	cs1	RuleName		security_result.rule_name
Pengguna Sumber (srcuser)	pengguna	SourceUser		principal.user.userid
Pengguna Tujuan (dstuser)	duser	DestinationUser		target.user.userid
Aplikasi (app)	aplikasi	Aplikasi		target.application
Sistem Virtual (vsys)	cs3	VirtualSystem	vsys	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Zona Sumber (dari)	cs4	SourceZone	dari	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Zona Tujuan (ke)	cs5	DestinationZone	sampai	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Antarmuka Masuk (inbound_if)	deviceInboundInterface	IngressInterface	inbound_if	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Antarmuka Keluar (outbound_if)	deviceOutboundInterface	EgressInterface	outbound_if	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Tindakan Log (set log)	cs6	LogForwardingProfile	logset	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Sesi (sessionid)	cn1	SessionID		network.session_id
Jumlah Pengulangan (repeatcnt)	cnt	RepeatCount	repeatcnt	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Port Sumber (sport)	spt	srcPort		principal.port
Port Tujuan (dport)	dpt	dstPort		target.port
Port Sumber NAT (natsport)	sourceTranslatedPort	srcPostNATPort		principal.nat_port
Port Tujuan NAT (natdport)	destinationTranslatedPort	dstPostNATPort		target.nat_port
Flag	flexString1	Flag	flag	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Protokol IP (proto)	proto	proto		network.ip_protocol
Tindakan (action)	tindakan	action		security_result.action_details security_result.action
Byte	flexNumber1	totalBytes	byte	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Byte Terkirim (bytes_sent)	in	srcBytes		network.sent_bytes
Byte yang Diterima (bytes_received)	keluar	dstBytes		network.received_bytes
Paket (paket)	cn2	totalPackets	paket	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Waktu Mulai (mulai)		StartTime	mulai	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Waktu Berlalu (berlalu)	cn3	ElapsedTime	berlalu	network.session_duration.seconds
Kategori (category)	cs2	URLCategory		security_result.category / security_result.category_details
Nomor Urutan (seqno)	externalId	urutan		metadata.product_log_id
Flag Tindakan (actionflags)	PanOSActionFlags	ActionFlags	actionflags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Negara Sumber (srcloc)		SourceLocation		principal.location.country_or_region
Negara Tujuan (dstloc)		DestinationLocation		target.location.country_or_region
Paket Terkirim (pkts_sent)	PanOSPacketsSent	srcPackets	pkts_sent	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Paket yang Diterima (pkts_received)	PanOSPacketsReceived	dstPackets	pkts_received	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Alasan Akhir Sesi (session_end_reason)	alasan	SessionEndReason		security_result.summary
Hierarki Grup Perangkat1 (dg_hier_level_1 hingga dg_hier_level_4)	PanOSDGl1	DeviceGroupHierarchyL1	dg_hier_level_1	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat2 (dg_hier_level_2)	PanOSDGl2	DeviceGroupHierarchyL2	dg_hier_level_2	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat3 (dg_hier_level_3)	PanOSDGl3	DeviceGroupHierarchyL3	dg_hier_level_3	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_4)	PanOSDGl4	DeviceGroupHierarchyL4	dg_hier_level_4	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Sistem Virtual (vsys_name)	PanOSVsysName	vSrcName		principal.resource.name principal.resource.resource_type=VIRTUAL_MACHINE
Nama Perangkat (device_name)	dvchost	DeviceName		intermediary.hostname
Sumber Tindakan (action_source)	cat	ActionSource	action_source	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
UUID VM sumber (src_uuid)	PanOSSrcUUID	SrcUUID		principal.asset.product_object_id
UUID VM tujuan (dst_uuid)	PanOSDstUUID	DstUUID		target.asset.product_object_id
ID Tunnel/IMSI (tunnelid/imsi)	PanOSTunnelID	TunnelID	tunnelid/imsi	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Monitor Tag/IMEI (monitortag/imei)	PanOSMonitorTag	MonitorTag	monitortag/imei	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Sesi Induk (parent_session_id)	PanOSParentSessionID	ParentSessionID	parent_session_id	network.parent_session_id
Waktu Mulai Induk (parent_start_time)	PanOSParentStartTime	ParentStartTime	parent_start_time	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Jenis Tunnel (tunnel)	PanOSTunnelType	TunnelType	tunnel	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Asosiasi SCTP (assoc_id)	PanOSSCTPAssocID		assoc_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Potongan SCTP (chunk)	PanOSSCTPChunks		potongan	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Potongan SCTP yang Dikirim (chunks_sent)	PanOSSCTPChunkSent		chunks_sent	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Potongan SCTP yang Diterima (chunks_received)	PanOSSCTPChunksRcv		chunks_received	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
UUID Aturan (rule_uuid)	PanOSRuleUUID			security_result.rule_id
Koneksi HTTP/2 (http2_connection)	PanOSHTTP2Con		http2_connection	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Jumlah Flap Aplikasi (link_change_count)	PanLinkChange		link_change_count	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Kebijakan (policy_id)	PanPolicyID		policy_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Tombol Link (link_switches)	PanLinkDetail		link_switches	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Cluster SD-WAN (sdwan_cluster)	PanSDWANCluster		sdwan_cluster	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Jenis Perangkat SD-WAN (sdwan_device_type)	PanSDWANDevice		sdwan_device_type	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Jenis Cluster SD-WAN (sdwan_cluster_type)	PanSDWANClustype		sdwan_cluster_type	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Situs SD-WAN (sdwan_site)	PanSDWANSite		sdwan_site	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Grup Pengguna Dinamis (dynusergroup_name)	PanDynamicUsrgrp		dynusergroup_name	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Alamat XFF (xff_ip)	PanXFFIP			principal.ip
Kategori Perangkat Sumber (src_category)	PanSrcDeviceCat		src_category	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Profil Perangkat Sumber (src_profile)	PanSrcDeviceProf		src_profile	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Model Perangkat Sumber (src_model)	PanSrcDeviceModel		src_model	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Vendor Perangkat Sumber (src_vendor)	PanSrcDeviceVendor		src_vendor	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Grup OS Perangkat Sumber (src_osfamily)	PanSrcDeviceOS			principal.asset.platform_software.platform principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Versi OS Perangkat Sumber (src_osversion)	PanSrcDeviceOSv			principal.asset.software.version
Nama Host Sumber (src_host)	PanSrcHostname			principal.hostname
Alamat MAC Sumber (src_mac)	PanSrcMac			principal.mac
Kategori Perangkat Tujuan (dst_category)	PanDstDeviceCat		dst_category	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Profil Perangkat Tujuan (dst_profile)	PanDstDeviceProf		dst_profile	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Model Perangkat Tujuan (dst_model)	PanDstDeviceModel		dst_model	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Vendor Perangkat Tujuan (dst_vendor)	PanDstDeviceVendor		dst_vendor	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Grup OS Perangkat Tujuan (dst_osfamily)	PanDstDeviceOS		dst_osfamily	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Versi OS Perangkat Tujuan (dst_osversion)	PanDstDeviceOSv			target.asset.software.version
Nama Host Tujuan (dst_host)	PanDstHostname			target.hostname
Alamat MAC Tujuan (dst_mac)	PanDstMac			target.mac
ID Penampung (container_id)	PanContainerName		container_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Namespace POD (pod_namespace)	PanPODNamespace		pod_namespace	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama POD (pod_name)	PanPODName		pod_name	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Daftar Dinamis Eksternal Sumber (src_edl)	PanSrcEDL		src_edl	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Daftar Dinamis Eksternal Tujuan (dst_edl)	PanDstEDL		dst_edl	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
ID Host (hostid)	PanGPHostID		hostid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nomor Seri Perangkat Pengguna (serialnumber)	PanEPSerial			principal.asset.hardware.serial_number
Grup Alamat Dinamis Sumber (src_dag)	PanSrcDAG			principal.group.group_display_name
Grup Alamat Dinamis Tujuan (dst_dag)	PanDstDAG			target.group.group_display_name
Pemilik Sesi (session_owner)	PanHASessionOwner		session_owner	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Stempel Waktu Resolusi Tinggi (high_res_timestamp)	PanTimeHighRes			metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Jenis Layanan Slice (nsdsai_sst)	PanASServiceType		nsdsai_sst	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Pembeda Slice (nsdsai_sd)	PanASServiceDiff		nsdsai_sd	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Subkategori Aplikasi (subcategory_of_app)			subcategory_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Kategori Aplikasi (category_of_app)			category_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Teknologi Aplikasi (technology_of_app)			technology_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Risiko Aplikasi (risk_of_app)				security_result.severity
Karakteristik Aplikasi (characteristic_of_app)			characteristic_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Penampung Aplikasi (container_of_app)			container_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
SaaS Aplikasi (is_saas_of_app)			is_saas_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Status Sanksi Aplikasi (sanctioned_state_of_app)			sanctioned_state_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Subkategori Aplikasi (subcategory_of_app)			subcategory_of_app1	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value

User-ID

Tabel berikut mencantumkan kolom log dari jenis log user-id dan kolom UDM yang sesuai.

Kolom CSV	Kolom CEF	Kolom LEEF	Kunci label Google Security Operations	Kolom UDM
Waktu Penerimaan (receive_time atau cef-formatted-receive_time)	rt	devTime		metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Nomor Seri (serial)	deviceExternalId	SerialNumber		intermediary.asset.hardware.serial_number
Jenis (type)	type (Header)	cat		metadata.product_event_type
Jenis Konten/Ancaman (subjenis)	subjenis (Header)	Subjenis		metadata.product_event_type
Waktu yang Dibuat (time_generated atau cef-formatted-time_generated)				metadata.event_timestamp
Sistem Virtual (vsys)	cs3	VirtualSystem	vsys	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
IP sumber (ip)	src	src		principal.ip
Pengguna (user)	duser	usrName		target.user.userid target.administrative_domain target.user.email_addresses
Nama Sumber Data (datasourcename)	cs4	DataSourceName	datasourcename	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
ID Peristiwa (eventid)		EventID	eventid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Jumlah Pengulangan (repeatcnt)	cnt	RepeatCount	repeatcnt	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Batas Waktu Tunggu (waktu tunggu)	cn3	TimeoutThreshold	timeout	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Port Sumber (beginport)	spt	srcPort		principal.port
Port Tujuan (endport)	dpt	dstPort		target.port
Sumber Data (datasource)	cs5	DataSource	sumber data	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Jenis Sumber Data (datasourcetype)	cs6	DataSourceType	datasourcetype	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Nomor Urutan (seqno)	externalId	urutan		metadata.product_log_id
Flag Tindakan (actionflags)	PanOSActionFlags	ActionFlags	actionflags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_1)	PanOSDGl1	DeviceGroupHierarchyL1	dg_hier_level_1	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_2)	PanOSDGl2	DeviceGroupHierarchyL2	dg_hier_level_2	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_3)	PanOSDGl3	DeviceGroupHierarchyL3	dg_hier_level_3	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_4)	PanOSDGl4	DeviceGroupHierarchyL4	dg_hier_level_4	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Sistem Virtual (vsys_name)	PanOSVsysName	vSrcName		principal.resource.name principal.resource.resource_type=VIRTUAL_MACHINE
Nama Perangkat (device_name)	dvchost	DeviceName		intermediary.hostname
ID Sistem Virtual (vsys_id)	cn2	VirtualSystemID		principal.resource.resource_type=VIRTUAL_MACHINE and principal.resource.product_object_id
Jenis Faktor (factortype)	cs1	FactorType	factortype	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Waktu Penyelesaian Faktor (factorcompletiontime)	selesai	FactorCompletionTime	factorcompletiontime	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nomor Faktor (factorno)	cn1	FactorNumber	factorno	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Flag Grup Pengguna (ugflags)	PanOSUGFlags		ugflags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Pengguna menurut Sumber (userbysource)	PanOSUserBySource			principal.user.userid principal.administrative_domain principal.user.email_addresses
Stempel Waktu Resolusi Tinggi (stempel waktu high_res)	PanOSTimeGeneratedHighResolution			metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)

Kecocokan HIP

Tabel berikut mencantumkan kolom log dari jenis log kecocokan HIP dan kolom UDM yang sesuai.

Kolom CSV	Kolom CEF	Kolom LEEF	Kunci label Google Security Operations	Kolom UDM
Waktu Penerimaan (receive_time atau cef-formatted-receive_time)	rt	devTime		metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Nomor Seri (serial)	deviceExternalId	SerialNumber		intermediary.asset.hardware.serial_number
Jenis (type)	type (Header)	cat		metadata.product_event_type
Jenis Konten/Ancaman (subjenis)	subjenis (Header)	Subjenis
Waktu yang Dibuat (time_generated atau cef-formatted-time_generated)	mulai	startTime		metadata.event_timestamp
Pengguna Sumber (srcuser)	pengguna	usrName		principal.user.userid
Sistem Virtual (vsys)	cs3	VirtualSystem	vsys	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Perangkat (machinename)	shost	identHostName		principal.hostname
Sistem Operasi (os)	cs2	OS		principal.asset.platform_software.platform
Alamat Sumber (src)	src	identsrc		principal.ip
HIP (matchname)	cat	HIP	matchname	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Jumlah Pengulangan (repeatcnt)	cnt	RepeatCount	repeatcnt	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Jenis HIP (matchtype)	ID Class Peristiwa Perangkat (Header)	HIPType	matchtype	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nomor Urutan (seqno)	externalId	urutan		metadata.product_log_id
Flag Tindakan (actionflags)	PanOSActionFlags	ActionFlags	actionflags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_1)	PanOSDGl1	DeviceGroupHierarchyL1	dg_hier_level_1	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_2)	PanOSDGl2	DeviceGroupHierarchyL2	dg_hier_level_2	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_3)	PanOSDGl3	DeviceGroupHierarchyL3	dg_hier_level_3	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_4)	PanOSDGl4	DeviceGroupHierarchyL4	dg_hier_level_4	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Sistem Virtual (vsys_name)	PanOSVsysName	vSrcName		principal.resource.name principal.resource.resource_type=VIRTUAL_MACHINE
Nama Perangkat (device_name)	dvchost	DeviceName		intermediary.hostname
ID Sistem Virtual (vsys_id)	cn2	VirtualSystemID		principal.resource.resource_type=VIRTUAL_MACHINE and principal.resource.product_object_id
Alamat Sistem IPv6 (srcipv6)	c6a2	srcipv6		principal.asset.ip
ID Host (hostid)	PanOSHostID			principal.asset.product_object_id
Nomor Seri Perangkat Pengguna (serialnumber)	PanOSEndpointSerialNumber			principal.asset.hardware.serial_number
Alamat MAC Perangkat (mac)	PanOSEndpointMac			principal.asset.mac
Stempel Waktu Resolusi Tinggi (high_res_timestamp)	PanOSTimeGeneratedHighResolution			metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)

Tag IP

Tabel berikut mencantumkan kolom log dari jenis log tag IP dan kolom UDM yang sesuai.

Kolom CSV	Kolom CEF	Kolom LEEF	Kunci label Google Security Operations	Kolom UDM
Waktu Penerimaan (receive_time atau cef-formatted-receive_time)	rt	devTime		metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Nomor Seri (serial)	deviceExternalId	SerialNumber		intermediary.asset.hardware.serial_number
Jenis (type)	type (Header)	cat		metadata.product_event_type
Jenis Konten/Ancaman (subjenis)	subjenis (Header)	Subjenis		metadata.product_event_type
Waktu yang Dibuat (time_generated atau cef-formatted-time_generated)		GenerateTime		metadata.event_timestamp
Sistem Virtual (vsys)	cs3	VirtualSystem	vsys	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
IP sumber (ip)	src	src		principal.ip
Nama Tag (tag_name)	PanOSTagName	TagName	tag_name	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
ID Peristiwa (event_id)	PanOSEventID	EventID	event_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Jumlah Pengulangan (repeatcnt)	cnt	RepeatCount	repeatcnt	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Waktu tunggu (timeout)	PanOSTimeout	TimeoutThreshold	timeout	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Sumber Data (datasourcename)	PanOSDataSourceName	DataSourceName	datasourcename	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Jenis Sumber Data (datasource_type)	PanOSDataSourceType	DataSource	datasource_type	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Subjenis Sumber Data (datasource_subtype)	PanOSDataSourceSubType	DataSourceType	datasource_subtype	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Nomor Urutan (seqno)	externalId	urutan		metadata.product_log_id
Flag Tindakan (actionflags)	PanOSActionFlags	ActionFlags	actionflags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_1)	PanOSDGl1	DeviceGroupHierarchyL1	dg_hier_level_1	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_2)	PanOSDGl2	DeviceGroupHierarchyL2	dg_hier_level_2	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_3)	PanOSDGl3	DeviceGroupHierarchyL3	dg_hier_level_3	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_4)	PanOSDGl4	DeviceGroupHierarchyL4	dg_hier_level_4	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Sistem Virtual (vsys_name)	PanOsVsysName	vSrcName		principal.resource.name principal.resource.resource_type=VIRTUAL_MACHINE
Nama Perangkat (device_name)	dvchost	DeviceName		intermediary.hostname
ID Sistem Virtual (vsys_id)	cn2	VirtualSystemID		principal.resource.resource_type=VIRTUAL_MACHINE and principal.resource.product_object_id
Stempel Waktu Resolusi Tinggi (stempel waktu high_res)	PanOSTimeGeneratedHighResolution			metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)

Dekripsi

Tabel berikut mencantumkan kolom log jenis log dekripsi dan kolom UDM yang sesuai.

Kolom CSV	Kolom CEF	Kolom LEEF	Kunci label Google Security Operations	Kolom UDM
Waktu Penerimaan (receive_time atau cef-formatted-receive_time)	rt			metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Nomor Seri (serial)	PanOSDeviceSN			intermediary.asset.hardware.serial_number
Jenis (type)	type (Header)			metadata.product_event_type
Jenis Konten/Ancaman (subjenis)	subjenis (Header)			metadata.product_event_type
Versi Konfigurasi (config_ver)	PanOSConfigVersion		config_ver	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Waktu Pembuatan (time_generated)	PanOSLogTimeStamp			metadata.event_timestamp
Alamat Sumber (src)	src			principal.ip
Alamat Tujuan (dst)	dst			target.ip
IP Sumber NAT (natsrc)	sourceTranslatedAddress			principa.nat_ip
IP Tujuan NAT (natdst)	destinationTranslatedAddress			target.nat_ip
Aturan (rule)	cs1			security_result.rule_name
Pengguna Sumber (srcuser)	pengguna			principal.user.userid
Pengguna Tujuan (dstuser)	duser			target.user.userid
Aplikasi (app)	aplikasi			target.application
Sistem Virtual (vsys)	cs3		vsys	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Zona Sumber (dari)	cs4		dari	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Zona Tujuan (ke)	cs5		sampai	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Antarmuka Masuk (inbound_if)	deviceInboundInterface		inbound_if	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Antarmuka Keluar (outbound_if)	deviceOutboundInterface		outbound_if	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Tindakan Log (set log)	cs6		logset	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Waktu Dicatat (time_received)	PanOSTimeReceivedManagementPlane			-
ID Sesi (sessionid)	cn1			network.session_id
Jumlah Pengulangan (repeatcnt)	PanOSCountOfRepeats/RepeatCount		repeatcnt	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Port Sumber (sport)	spt			principal.port
Port Tujuan (dport)	dpt			target.port
Port Sumber NAT (natsport)	sourceTranslatedPort			principal.nat_port
Port Tujuan NAT (natdport)	destinationTranslatedPort			target.nat_port
Flag	flexString1		flag	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Protokol IP (proto)	proto			network.ip_protocol
Tindakan (action)	tindakan			security_result.action_details security_result.action
Tunnel (tunnel)	PanOSTunnel		tunnel	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
UUID VM sumber (src_uuid)	PanOSSourceUUID			principal.asset.asset_id
UUID VM tujuan (dst_uuid)	PanOSDestinationUUID			target.asset.asset_id
UUID untuk aturan (rule_uuid)	PanOSRuleUUID			security_result.rule_id
Tahap untuk Klien ke Firewall (hs_stage_c2f)	PanOSClientToFirewall		hs_stage_c2f	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Tahap untuk Firewall ke Server (hs_stage_f2s)	PanOSFirewallToServer		hs_stage_f2s	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Versi TLS (tls_version)	PanOSTLSVersion			network.tls.version
Algoritma Pertukaran Kunci (tls_keyxchg)	PanOSTLSKeyExchange		tls_keyxchg	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Algoritma Enkripsi (tls_enc)	PanOSTLSEncryptionAlgorithm		tls_enc	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Algoritma Hash (tls_auth)	PanOSTLSAuth		tls_auth	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Kebijakan (policy_name)	PanOSPolicyName		policy_name	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Kurva Eliptik (ec_curve)	PanOSEllipticCurve			network.tls.curve
Indeks Error (err_index)	PanOSErrorIndex		err_index	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Status Root (root_status)	PanOSRootStatus		root_status	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Status Rantai (chain_status)	PanOSChainStatus		chain_status	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Jenis Proxy (proxy_type)	PanOSProxyType		proxy_type	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nomor Seri Sertifikat (cert_serial)	PanOSCertificateSerial			network.tls.server.certificate.serial
Sidik Jari Sertifikat (sidik jari)	PanOSFingerprint			network.tls.server.certificate.md5/sha1/sha256
Tanggal Mulai Sertifikat (notbefore)	PanOSTimeNotBefore			network.tls.server.certificate.not_before
Tanggal Akhir Sertifikat (notafter)	PanOSTimeNotAfter			network.tls.server.certificate.not_after
Versi Sertifikat (cert_ver)	PanOSCertificateVersion			network.tls.server.certificate.version
Ukuran Sertifikat (cert_size)	PanOSCertificateSize		cert_size	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Panjang Nama Umum (cn_len)	PanOSCommonNameLength		cn_len	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Panjang Nama Umum Penerbit (issuer_len)	PanOSIssuerNameLength		issuer_len	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Panjang Nama Umum Root (rootcn_len)	PanOSRootCNLength		rootcn_len	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Panjang SNI (sni_len)	PanOSSNILength		sni_len	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Tanda Sertifikat (cert_flags)	PanOSCertificateFlags		cert_flags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Umum Subjek (cn)	PanOSCommonName		cn	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Umum Penerbit (issuer_cn)	PanOSIssuerCommonName			network.tls.server.certificate.issuer
Nama Umum Root (root_cn)	PanOSRootCommonName		root_cn	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Indikasi Nama Server (sni)				network.tls.client.server_name
Error (error)	PanOSErrorMessage		error	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Penampung (container_id)	PanOSContainerID		container_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Namespace POD (pod_namespace)	PanOSContainerNameSpace		pod_namespace	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama POD (pod_name)	PanOSContainerName		pod_name	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Daftar Dinamis Eksternal Sumber (src_edl)	PanOSSourceEDL		src_edl	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Daftar Dinamis Eksternal Tujuan (dst_edl)	PanOSDestinationEDL		dst_edl	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Grup Alamat Dinamis Sumber (src_dag)	PanOSSourceDynamicAddressGroup			principal.group.group_display_name
Grup Alamat Dinamis Tujuan (dst_dag)	PanOSDestinationDynamicAddressGroup			target.group.group_display_name
Stempel Waktu Resolusi Tinggi (high_res_timestamp)	PanOSTimeGeneratedHighResolution			metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Kategori Perangkat Sumber (src_category)	PanOSSourceDeviceCategory		src_category	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Profil Perangkat Sumber (src_profile)	PanOSSourceDeviceProfile		src_profile	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Model Perangkat Sumber (src_model)	PanOSSourceDeviceModel		src_model	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Vendor Perangkat Sumber (src_vendor)	PanOSSourceDeviceVendor		src_vendor	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Grup OS Perangkat Sumber (src_osfamily)	PanOSSourceDeviceOSFamily			principal.asset.platform_software.platform principal.labels.key dan principal.labels.value
Versi OS Perangkat Sumber (src_osversion)	PanOSSourceDeviceOSVersion			principal.asset.software.version
Nama Host Sumber (src_host)	PanOSSourceDeviceHost			principal.hostname
Alamat MAC Sumber (src_mac)	PanOSSourceDeviceMac			principal.mac
Kategori Perangkat Tujuan (dst_category)	PanOSDestinationDeviceCategory		dst_category	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Profil Perangkat Tujuan (dst_profile)	PanOSDestinationDeviceProfile		dst_profile	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Model Perangkat Tujuan (dst_model)	PanOSDestinationDeviceModel		dst_model	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Vendor Perangkat Tujuan (dst_vendor)	PanOSDestinationDeviceVendor		dst_vendor	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Grup OS Perangkat Tujuan (dst_osfamily)	PanOSDestinationDeviceOSFamily		dst_osfamily	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Versi OS Perangkat Tujuan (dst_osversion)	PanOSDestinationDeviceOSVersion			target.asset.software.version
Nama Host Tujuan (dst_host)	PanOSDestinationDeviceHost			target.hostname
Alamat MAC Tujuan (dst_mac)	PanOSDestinationDeviceMac			target.mac
Nomor Urutan (seqno)	PanOSLogTypeSeqNo			metadata.product_log_id
Flag Tindakan (actionflags)	PanOSActionFlags		actionflags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_1)		DeviceGroupHierarchyL1	dg_hier_level_1	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_2)		DeviceGroupHierarchyL2	dg_hier_level_2	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_3)		DeviceGroupHierarchyL3	dg_hier_level_3	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_4)		DeviceGroupHierarchyL4	dg_hier_level_4	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Sistem Virtual (vsys_name)				principal.resource.name principal.resource.resource_type=VIRTUAL_MACHINE
Nama Perangkat (device_name)				intermediary.hostname
ID Sistem Virtual (vsys_id)				principal.resource.resource_type=VIRTUAL_MACHINE and principal.resource.product_object_id
Subkategori Aplikasi (subcategory_of_app)			subcategory_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Kategori Aplikasi (category_of_app)			category_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Teknologi Aplikasi (technology_of_app)			technology_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Risiko Aplikasi (risk_of_app)				security_result.severity
Karakteristik Aplikasi (characteristic_of_app)			characteristic_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Penampung Aplikasi (container_of_app)			container_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
SaaS Aplikasi (is_saas_of_app)			is_saas_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Status Sanksi Aplikasi (sanctioned_state_of_app)			sanctioned_state_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value

Terowongan

Tabel berikut mencantumkan kolom log dari jenis log tunnel dan kolom UDM yang sesuai.

Kolom CSV	Kolom CEF	Kolom LEEF	Kunci label Google Security Operations	Kolom UDM
Waktu Penerimaan (receive_time atau cef-formatted-receive_time)	rt	devTime		metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Nomor Seri (serial)	deviceExternalId	SerialNumber		intermediary.asset.hardware.serial_number
Jenis (type)	type (Header)	cat		metadata.product_event_type
Jenis Konten/Ancaman (subjenis)	subjenis (Header)	Subjenis		metadata.product_event_type
Waktu yang Dibuat (time_generated atau cef-formatted-time_generated)				metadata.event_timestamp
Alamat Sumber (src)	src	src		principal.ip
Alamat Tujuan (dst)	dst	dst		target.ip
IP Sumber NAT (natsrc)	sourceTranslatedAddress	srcPostNAT		principal.nat_ip
IP Tujuan NAT (natdst)	destinationTranslatedAddress	dstPostNAT		target.nat_ip
Nama Aturan (aturan)	cs1	RuleName		security_result.rule_name
Pengguna Sumber (srcuser)	pengguna	SourceUser / usrName		principal.user.userid
Pengguna Tujuan (dstuser)	duser	DestinationUser		target.user.userid
Aplikasi (app)	aplikasi	Aplikasi		network.application_protocol
Sistem Virtual (vsys)	cs3	VirtualSystem	vsys	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Zona Sumber (dari)	cs4	SourceZone	dari	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Zona Tujuan (ke)	cs5	DestinationZone	sampai	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Antarmuka Masuk (inbound_if)	deviceInboundInterface	IngressInterface	inbound_if	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Antarmuka Keluar (outbound_if)	deviceOutboundInterface	EgressInterface	outbound_if	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Tindakan Log (set log)	cs6	LogForwardingProfile	logset	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Sesi (sessionid)	cn1	SessionID		network.session_id
Jumlah Pengulangan (repeatcnt)	cnt	RepeatCount	repeatcnt	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Port Sumber (sport)	spt	srcPort		principal.port
Port Tujuan (dport)	dpt	dstPort		target.port
Port Sumber NAT (natsport)	sourceTranslatedPort	srcPostNATPort		principal.nat_port
Port Tujuan NAT (natdport)	destinationTranslatedPort	dstPostNATPort		target.nat_port
Flag	flexString1	Flag	flag	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Protokol IP (proto)	proto	proto		network.ip_protocol
Tindakan (action)	tindakan	action		security_result.action_details security_result.action
Keparahan (severity)				security_result.severity dan security_result.severity_details
Nomor Urutan (seqno)	externalId	urutan		metadata.product_log_id
Flag Tindakan (actionflags)	PanOSActionFlags	ActionFlags	actionflags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Lokasi Sumber (srcloc)				principal.location.country_or_region
Lokasi Tujuan (dstloc)				target.location.country_or_region
Hierarki Grup Perangkat (dg_hier_level_1)	PanOSDGl1	DeviceGroupHierarchyL1	dg_hier_level_1	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_2)	PanOSDGl2	DeviceGroupHierarchyL2	dg_hier_level_2	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_3)	PanOSDGl3	DeviceGroupHierarchyL3	dg_hier_level_3	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_4)	PanOSDGl4	DeviceGroupHierarchyL4	dg_hier_level_4	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Sistem Virtual (vsys_name)	PanOSVsysName	vSrcName		principal.resource.name principal.resource.resource_type=VIRTUAL_MACHINE
Nama Perangkat (device_name)	dvchost	DeviceName		intermediary.hostname
ID Tunnel (tunnelid)	PanOSTunnelID	TunnelID	tunnelid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Tag Monitor (monitortag)	PanOSMonitorTag	MonitorTag	monitortag	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Sesi Induk (parent_session_id)	PanOSParentSessionID	ParentSessionID	parent_session_id	network.parent_session_id
Waktu Mulai Induk (parent_start_time)	PanOSParentStartTime	ParentStartTime	parent_start_time	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Jenis Tunnel (tunnel)	cs2	TunnelType	tunnel	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Byte	flexNumber1	totalBytes	byte	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Byte Terkirim (bytes_sent)	in	srcBytes		network.sent_bytes
Byte yang Diterima (bytes_received)	keluar	dstBytes		network.received_bytes
Paket (paket)	cn2	totalPackets	paket	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Paket Terkirim (pkts_sent)	PanOSPacketsSent	srcPackets	pkts_sent	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Paket yang Diterima (pkts_received)	PanOSPacketsReceived	dstPackets	pkts_received	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Enkapsulasi Maksimum (max_encap)	flexNumber2	MaximumEncapsulation	max_encap	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Protokol Tidak Diketahui (unknown_proto)	cfp1	UnknownProtocol	unknown_proto	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Pemeriksaan Ketat (strict_check)	cfp2	StrictChecking	strict_check	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Fragmen Tunnel (tunnel_fragment)	PanOSTunnelFragment	TunnelFragment	tunnel_fragment	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Sesi yang Dibuat (sessions_created)	cfp3	SessionsCreated	sessions_created	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Sesi Ditutup (sessions_closed)	cfp4	SessionsClosed	sessions_closed	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Alasan Akhir Sesi (session_end_reason)	alasan	SessionEndReason		security_result.summary
Sumber Tindakan (action_source)	cat	ActionSource	action_source	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Waktu Mulai (mulai)		startTime	mulai	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Waktu Berlalu (berlalu)	cn3	ElapsedTime	berlalu	network.session_duration.seconds
Aturan Inspeksi Tunnel (tunnel_insp_rule)	PanOSTunneInspectionRule			security_result.rule_name = "Tunnel Inspection Rule: %{PanOSTunnelInspectionRule}"
IP Pengguna Jarak Jauh (remote_user_ip)	PanOSRmtUserIP			target.ip
ID Pengguna Jarak Jauh (remote_user_id)	PanOSRmtUserID		remote_user_id	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
UUID Aturan Keamanan (rule_uuid)	PanOSRuleUUID			security_result.rule_id
ID PCAP (pcap_id)	PanOSPcapID		pcap_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Grup Pengguna Dinamis (dynusergroup_name)	PanDynamicUsrgrp			principal.group.group_display_name
Daftar Dinamis Eksternal Sumber (src_edl)	PanOSSourceEDL		src_edl	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Daftar Dinamis Eksternal Tujuan (dst_edl)	PanOSDestinationEDL		dst_edl	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Stempel Waktu Resolusi Tinggi (stempel waktu high_res)	PanOSTimeGeneratedHighResolution			metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Pembeda Slice (nssai_sd)			nssai_sd	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Jenis Layanan Slice (nssai_sd)			nssai_sd1	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Sesi PDU (pdu_session_id)			pdu_session_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Subkategori Aplikasi (subcategory_of_app)			subcategory_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Kategori Aplikasi (category_of_app)			category_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Teknologi Aplikasi (technology_of_app)			technology_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Risiko Aplikasi (risk_of_app)			risk_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Karakteristik Aplikasi (characteristic_of_app)			characteristic_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Penampung Aplikasi (container_of_app)			container_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
SaaS Aplikasi (is_saas_of_app)			is_saas_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Status Sanksi Aplikasi (sanctioned_state_of_app)			sanctioned_state_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value

Autentikasi

Tabel berikut mencantumkan kolom log dari jenis log autentikasi dan kolom UDM yang sesuai.

Kolom CSV	Kolom CEF	Kolom LEEF	Kunci label Google Security Operations	Kolom UDM
Waktu Penerimaan (receive_time atau cef-formatted-receive_time)	rt	devTime		metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Nomor Seri (serial)	deviceExternalId	SerialNumber		intermediary.asset.hardware.serial_number
Jenis (type)	type (Header)	cat		metadata.product_event_type
Jenis Konten/Ancaman (subjenis)	subjenis (Header)	Subjenis		metadata.product_event_type
Waktu yang Dibuat (time_generated atau cef-formatted-time_generated)				metadata.event_timestamp
Sistem Virtual (vsys)	cs3	VirtualSystem	vsys	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
IP sumber (ip)	src	src		principal.ip
Pengguna (user)	duser	usrName		target.user.userid
Normalisasi Pengguna (normalize_user)	cs2	NormalizeUser		target.user.user_display_name
Objek (object)	fname	ObjectName	objek	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Kebijakan Autentikasi (authpolicy)	cs4	AuthPolicy	authpolicy	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Jumlah Pengulangan (repeatcnt)	cnt	RepeatCount	repeatcnt	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Autentikasi (authid)	cn2	AuthenticationID	authid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Vendor (vendor)	flexString2	Vendor	vendor	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Tindakan Log (set log)	cs6	LogForwardingProfile	logset	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Profil Server (serverprofile)	cs1	ServerProfile	serverprofile	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Deskripsi (desc)	PanOSDesc	AdditionalAuthInfo		security_result.description
Jenis Klien (clienttype)	cs5	ClientType	clienttype	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Jenis Peristiwa (peristiwa)	msg	msg		extensions.auth.auth_details
Nomor Faktor (factorno)	cn1	FactorNumber	factorno	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nomor Urutan (seqno)	externalId	urutan		metadata.product_log_id
Flag Tindakan (actionflags)	PanOSActionFlags	ActionFlags	actionflags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_1)	PanOSDGl1	DeviceGroupHierarchyL1	dg_hier_level_1	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_2)	PanOSDGl2	DeviceGroupHierarchyL2	dg_hier_level_2	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_3)	PanOSDGl3	DeviceGroupHierarchyL3	dg_hier_level_3	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_4)	PanOSDGl4	DeviceGroupHierarchyL4	dg_hier_level_4	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Sistem Virtual (vsys_name)	PanOSVsysName	vSrcName		principal.resource.name principal.resource.resource_type=VIRTUAL_MACHINE
Nama Perangkat (device_name)	dvchost	DeviceName		intermediary.hostname
ID Sistem Virtual (vsys_id)				principal.resource.resource_type=VIRTUAL_MACHINE and principal.resource.product_object_id
Authentication Protocol (authproto)			authproto	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
UUID untuk aturan (rule_uuid)	PanOSRuleUUID/RuleUUID			security_result.rule_id
Stempel Waktu Resolusi Tinggi (high_res _timestamp)	PanOSTimeGeneratedHighResolution			metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Kategori Perangkat Sumber (src_category)	PanOSSourceDeviceCategory		src_category	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Profil Perangkat Sumber (src_profile)	PanOSSourceDeviceProfile		src_profile	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Model Perangkat Sumber (src_model)	PanOSSourceDeviceModel		src_model	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Vendor Perangkat Sumber (src_vendor)	PanOSSourceDeviceVendor		src_vendor	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Grup OS Perangkat Sumber (src_osfamily)	PanOSSourceDeviceOSFamily			principal.asset.platform_software.platform principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Versi OS Perangkat Sumber (src_osversion)	PanOSSourceDeviceOSVersion			principal.asset.software.version
Nama Host Sumber (src_host)	PanOSSourceHostname			principal.hostname
Alamat MAC Sumber (src_mac)	PanOSSourceMac			principal.asset.mac
Wilayah (region)	PanOSTrafficOriginRegion			principal.location.country_or_region
Agen Pengguna (user_agent)	PanOSHTTPUserAgent			network.http.user_agent
ID Sesi(sessionid)	PanOSTrafficSessionID			network.session_id

URL

Tabel berikut mencantumkan kolom log dari jenis log URL dan kolom UDM yang sesuai.

Kolom CSV	Kolom CEF	Kolom LEEF	Kunci label Google Security Operations	Kolom UDM
Waktu Penerimaan (cef-formatted-receive_time)	rt	devTime		metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Nomor seri (serial)	deviceExternalId	SerialNumber		intermediary.asset.hardware.serial_number
Jenis (type)	type (Header)	cat		metadata.product_event_type
Jenis Konten/Ancaman (subjenis)	subjenis (Header)	Subjenis		metadata.product_event_type
Waktu Pembuatan				metadata.event_timestamp
Alamat sumber (src)	src	src		principal.ip
Alamat tujuan (dst)	dst	dst		target.ip
IP Sumber NAT (natsrc)	sourceTranslatedAddress	srcPostNAT		principal.nat_ip
IP Tujuan NAT (natdst)	destinationTranslatedAddress	dstPostNAT		target.nat_ip
Aturan (rule)	cs1	RuleName		security_result.rule_name
Pengguna Sumber (srcuser)	pengguna	SourceUser		principal.user.userid
Pengguna Tujuan (dstuser)	duser	DestinationUser		target.user.userid
Aplikasi (app)	aplikasi	Aplikasi		network.application_protocol
Sistem Virtual (vsys)	cs3	VirtualSystem	vsys	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Zona Sumber (dari)	cs4	SourceZone	dari	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Zona Tujuan (ke)	cs5	DestinationZone	sampai	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Antarmuka Masuk (inbound_if)	deviceInboundInterface	IngressInterface	inbound_if	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Antarmuka Keluar (outbound_if)	deviceOutboundInterface	EgressInterface	outbound_if	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Tindakan Log (set log)	cs6	LogForwardingProfile	logset	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Waktu yang Dicatat			time_logged	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Sesi (sessionid)	cn1	SessionID		network.session_id
Jumlah Pengulangan (repeatcnt)	cnt	RepeatCount	repeatcnt	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Port Sumber (sport)	spt	srcPort		principal.port
Port Tujuan (dport)	dpt	dstPort		target.port
Port Sumber NAT (natsport)	sourceTranslatedPort	srcPostNATPort		principal.nat_port
Port Tujuan NAT (natdport)	destinationTranslatedPort	dstPostNATPort		target.nat_port
Flag	flexString1	Flag	flag	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Protokol IP (proto)	proto	proto		network.ip_protocol
Tindakan (action)	tindakan	action		security_result.action_details security_result.action
URL/Nama File (lainnya)		Lain-lain		target.file.full_path target.url
Nama Ancaman/Konten (threatid)	cat	ThreatID		security_result.threat_id
Kategori (category)	cs2	URLCategory	category	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Keparahan (severity)	number-of-severity (Header)	Keparahan		security_result.severity security_result.severity_details
Arah (direction)	flexString2	Arah		network.direction
Nomor Urutan (seqno)	externalId	urutan		metadata.product_log_id
Flag Tindakan (actionflags)	PanOSActionFlags	ActionFlags	actionflags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Negara Sumber (srcloc)		SourceLocation		principal.location.country_or_region
Negara Tujuan (dstloc)		DestinationLocation		target.location.country_or_region
contenttype (contenttype)	requestContext	ContentType	contenttype	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
pcap_id (pcap_id)	fileId	PCAP_ID	pcap_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
filedigest (filedigest)		FileDigest		about.file.sha1/md5/sha256
cloud (cloud)		Cloud	cloud	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
url_idx (url_idx)		URLIndex	url_idx	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
user_agent (user_agent)	requestClientApplication	UserAgent		network.http.user_agent
filetype (filetype)				about.file.mime_type
xff (xff)	PanOSXForwarderfor	identSrc	xff	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
perujuk (referer)	PanOSReferer	Referer		network.http.referral_url
pengirim (sender)				network.email.from
subjek (subject)		Subjek		network.email.subject
penerima (recipient)				network.email.to
reportid (reportid)			reportid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki DG Tingkat 1 (dg_hier_level_1)	PanOSDGl1	DeviceGroupHierarchyL1	dg_hier_level_1	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki DG Level 2 (dg_hier_level_2)	PanOSDGl2	DeviceGroupHierarchyL2	dg_hier_level_2	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki DG Level 3 (dg_hier_level_3)	PanOSDGl3	DeviceGroupHierarchyL3	dg_hier_level_3	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki DG Level 4 (dg_hier_level_4)	PanOSDGl4	DeviceGroupHierarchyL4	dg_hier_level_4	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Sistem Virtual (vsys_name)	PanOSVsysName	vSrcName		principal.resource.name principal.resource.resource_type=VIRTUAL_MACHINE
Nama Perangkat (device_name)	dvchost	DeviceName		intermediary.hostname
file_url (file_url)				about.url
UUID VM sumber (src_uuid)		SrcUUID		principal.asset.asset_id
UUID VM tujuan (dst_uuid)		DstUUID		target.asset.asset_id
http_method (http_method)	requestMethod	RequestMethod		network.http.method
ID Tunnel/IMSI (tunnelid)	PanOSTunnelID	TunnelID	tunnelid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Memantau Tag/IMEI (monitortag)	PanOSMonitorTag	MonitorTag	monitortag	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Sesi Induk (parent_session_id)	PanOSParentSessionID	ParentSessionID	parent_session_id	network.parent_session_id
Waktu Mulai Sesi Induk (parent_start_time)	PanOSParentStartTime	ParentStartTime	parent_start_time	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Tunnel (tunnel)	PanOSTunnelType	TunnelType	tunnel	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
thr_category (thr_category)	PanOSThreatCategory	ThreatCategory	thr_category	security_result.detection_fields.key/value
contentver (contentver)	PanOSContentVer	ContentVer	contentver	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
sig_flags (sig_flags)			sig_flags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Asosiasi SCTP (assoc_id)	PanOSAssocID		assoc_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Payload Protocol (ppid)	PanOSPPID		ppid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
http_headers (http_headers)	PanOSHTTPHeader		http_headers	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Daftar Kategori URL (url_category_list)	PanOSURLCatList		url_category_list	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
UUID untuk aturan (rule_uuid)	PanOSRuleUUID		rule_uuid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Koneksi HTTP/2 (http2_connection)	PanOSHTTP2Con		http2_connection	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
dynusergroup_name (dynusergroup_name)	PanDynamicUsrgrp		dynusergroup_name	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Alamat XFF (xff_ip)	PanXFFIP			principal.ip
Kategori Perangkat Sumber (src_category)	PanSrcDeviceCat		src_category	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Profil Perangkat Sumber (src_profile)	PanSrcDeviceProf		src_profile	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Model Perangkat Sumber (src_model)	PanSrcDeviceModel		src_model	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Vendor Perangkat Sumber (src_vendor)	PanSrcDeviceVendor		src_vendor	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Grup OS Perangkat Sumber (src_osfamily)	PanSrcDeviceOS			principal.asset.platform_software.platform principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Versi OS Perangkat Sumber (src_osversion)	PanSrcDeviceOSv			principal.asset.software.version
Nama Host Sumber (src_host)	PanSrcHostname		src_host	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Alamat Mac Sumber (src_mac)	PanSrcMac			principal.mac
Kategori Perangkat Tujuan (dst_category)	PanDstDeviceCat		dst_category	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Profil Perangkat Tujuan (dst_profile)	PanDstDeviceProf		dst_profile	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Model Perangkat Tujuan (dst_model)	PanDstDeviceModel		dst_model	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Vendor Perangkat Tujuan (dst_vendor)	PanDstDeviceVendor		dst_vendor	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Grup OS Perangkat Tujuan (dst_osfamily)	PanDstDeviceOS			target.asset.platform_software.platform target.labels.key dan target.labels.value
Versi OS Perangkat Tujuan (dst_osversion)	PanDstDeviceOSv			target.asset.software.version
Nama Host Tujuan (dst_host)	PanPODNamespace			target.hostname
Alamat Mac Tujuan (dst_mac)	PanDstMac			target.mac
ID Penampung (container_id)	PanContainerName		container_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Namespace POD (pod_namespace)	PanPODNamespace		pod_namespace	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama POD (pod_name)	PanPODName		pod_name	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Daftar Dinamis Eksternal Sumber (src_edl)	PanSrcEDL		src_edl	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Daftar Dinamis Eksternal Tujuan (dst_edl)	PanDstEDL		dst_edl	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
ID Host (hostid)	PanGPHostID		hostid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nomor Seri (serialnumber)	PanEPSerial			principal.asset.hardware.serial_number
domain_edl (domain_edl)	PanDomainEDL		domain_edl	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Grup Alamat Dinamis Sumber (src_dag)	PanSrcDAG			principal.group.group_display_name
Grup Alamat Dinamis Tujuan (dst_dag)	PanDstDAG			target.group.group_display_name
partial_hash (partial_hash)	PanPartialHash		partial_hash	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Stempel Waktu Resolusi Tinggi (high_res_timestamp)	PanTimeHighRes			metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Alasan (reason)	PanReasonFilteringAction		alasan	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
justification (justification)	PanJustification		justifikasi	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
nssai_sst (nssai_sst)	PanASServiceType		nssai_sst	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Subkategori aplikasi (subcategory_of_app)			subcategory_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Kategori aplikasi (category_of_app)			category_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Teknologi aplikasi (technology_of_app)			technology_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Risiko aplikasi (risk_of_app)			risk_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Karakteristik aplikasi (characteristic_of_app)			characteristic_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Penampung aplikasi (container_of_app)			container_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Aplikasi yang di-tunnel (tunneled_app)			tunneled_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
SaaS aplikasi (is_saas_of_app)			is_saas_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Status aplikasi yang tidak diizinkan (sanctioned_state_of_app)			sanctioned_state_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value

Data

Tabel berikut mencantumkan kolom log dari jenis log data dan kolom UDM yang sesuai.

Kolom CSV	Kolom CEF	Kolom LEEF	Kunci label Google Security Operations	Kolom UDM
Waktu Penerimaan (cef-formatted-receive_time)	rt	devTime		metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Nomor seri (serial)	deviceExternalId	SerialNumber		intermediary.asset.hardware.serial_number
Jenis (type)	type (Header)	cat		metadata.product_event_type
Jenis Konten/Ancaman (subjenis)	subjenis (Header)	Subjenis		metadata.product_event_type
Waktu Pembuatan				metadata.event_timestamp
Alamat sumber (src)	src	src		principal.ip
Alamat tujuan (dst)	dst	dst		target.ip
IP Sumber NAT (natsrc)	sourceTranslatedAddress	srcPostNAT		principal.nat_ip
IP Tujuan NAT (natdst)	destinationTranslatedAddress	dstPostNAT		target.nat_ip
Aturan (rule)	cs1	RuleName		security_result.rule_name
Pengguna Sumber (srcuser)	pengguna	SourceUser		principal.user.userid
Pengguna Tujuan (dstuser)	duser	DestinationUser		target.user.userid
Aplikasi (app)	aplikasi	Aplikasi		network.application_protocol
Sistem Virtual (vsys)	cs3	VirtualSystem	vsys	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Zona Sumber (dari)	cs4	SourceZone	dari	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Zona Tujuan (ke)	cs5	DestinationZone	sampai	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Antarmuka Masuk (inbound_if)	deviceInboundInterface	IngressInterface	inbound_if	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Antarmuka Keluar (outbound_if)	deviceOutboundInterface	EgressInterface	outbound_if	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Tindakan Log (set log)	cs6	LogForwardingProfile	logset	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Waktu yang Dicatat			time_logged	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Sesi (sessionid)	cn1	SessionID		network.session_id
Jumlah Pengulangan (repeatcnt)	cnt	RepeatCount	repeatcnt	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Port Sumber (sport)	spt	srcPort		principal.port
Port Tujuan (dport)	dpt	dstPort		target.port
Port Sumber NAT (natsport)	sourceTranslatedPort	srcPostNATPort		principal.nat_port
Port Tujuan NAT (natdport)	destinationTranslatedPort	dstPostNATPort		target.nat_port
Flag	flexString1	Flag	flag	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Protokol IP (proto)	proto	proto		network.ip_protocol
Tindakan (action)	tindakan	action		security_result.action_details security_result.action
URL/Nama File (lainnya)		Lain-lain		target.file.full_path target.url
Nama Ancaman/Konten (threatid)	cat	ThreatID		security_result.threat_id
Kategori (category)	cs2	URLCategory	category	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Keparahan (severity)	number-of-severity (Header)	Keparahan		security_result.severity security_result.severity_details
Arah (direction)	flexString2	Arah		network.direction
Nomor Urutan (seqno)	externalId	urutan		metadata.product_log_id
Flag Tindakan (actionflags)	PanOSActionFlags	ActionFlags	actionflags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Negara Sumber (srcloc)		SourceLocation		principal.location.country_or_region
Negara Tujuan (dstloc)		DestinationLocation		target.location.country_or_region
contenttype (contenttype)		ContentType	contenttype	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
pcap_id (pcap_id)	fileId	PCAP_ID	pcap_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
filedigest (filedigest)		FileDigest		about.file.sha1/md5/sha256
cloud (cloud)		Cloud	cloud	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
url_idx (url_idx)		URLIndex	url_idx	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
user_agent (user_agent)				network.http.user_agent
filetype (filetype)				about.file.mime_type
xff (xff)			xff	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
perujuk (referer)				network.http.referral_url
pengirim (sender)				network.email.from
subjek (subject)		Subjek		network.email.subject
penerima (recipient)				network.email.to
reportid (reportid)			reportid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki DG Tingkat 1 (dg_hier_level_1)	PanOSDGl1	DeviceGroupHierarchyL1	dg_hier_level_1	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki DG Level 2 (dg_hier_level_2)	PanOSDGl2	DeviceGroupHierarchyL2	dg_hier_level_2	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki DG Level 3 (dg_hier_level_3)	PanOSDGl3	DeviceGroupHierarchyL3	dg_hier_level_3	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki DG Level 4 (dg_hier_level_4)	PanOSDGl4	DeviceGroupHierarchyL4	dg_hier_level_4	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Sistem Virtual (vsys_name)	PanOSVsysName	vSrcName		principal.resource.name principal.resource.resource_type=VIRTUAL_MACHINE
Nama Perangkat (device_name)	dvchost	DeviceName		intermediary.hostname
file_url (file_url)				about.url
UUID VM sumber (src_uuid)		SrcUUID		principal.asset.asset_id
UUID VM tujuan (dst_uuid)		DstUUID		target.asset.asset_id
http_method (http_method)		RequestMethod		network.http.method
ID Tunnel/IMSI (tunnelid)	PanOSTunnelID	TunnelID	tunnelid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Memantau Tag/IMEI (monitortag)	PanOSMonitorTag	MonitorTag	monitortag	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Sesi Induk (parent_session_id)	PanOSParentSessionID	ParentSessionID	parent_session_id	network.parent_session_id
Waktu Mulai Sesi Induk (parent_start_time)	PanOSParentStartTime	ParentStartTime	parent_start_time	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Tunnel (tunnel)	PanOSTunnelType	TunnelType	tunnel	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
thr_category (thr_category)	PanOSThreatCategory	ThreatCategory	thr_category	security_result.detection_fields.key/value
contentver (contentver)	PanOSContentVer	ContentVer	contentver	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
sig_flags (sig_flags)			sig_flags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Asosiasi SCTP (assoc_id)	PanOSAssocID		assoc_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Payload Protocol (ppid)	PanOSPPID		ppid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
http_headers (http_headers)	PanOSHTTPHeader		http_headers	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Daftar Kategori URL (url_category_list)			url_category_list	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
UUID untuk aturan (rule_uuid)	PanOSRuleUUID		rule_uuid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Koneksi HTTP/2 (http2_connection)			http2_connection	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
dynusergroup_name (dynusergroup_name)			dynusergroup_name	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Alamat XFF (xff_ip)				principal.ip
Kategori Perangkat Sumber (src_category)			src_category	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Profil Perangkat Sumber (src_profile)			src_profile	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Model Perangkat Sumber (src_model)			src_model	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Vendor Perangkat Sumber (src_vendor)			src_vendor	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Grup OS Perangkat Sumber (src_osfamily)				principal.asset.platform_software.platform principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Versi OS Perangkat Sumber (src_osversion)				principal.asset.software.version
Nama Host Sumber (src_host)			src_host	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Alamat Mac Sumber (src_mac)				principal.mac
Kategori Perangkat Tujuan (dst_category)			dst_category	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Profil Perangkat Tujuan (dst_profile)			dst_profile	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Model Perangkat Tujuan (dst_model)			dst_model	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Vendor Perangkat Tujuan (dst_vendor)			dst_vendor	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
Grup OS Perangkat Tujuan (dst_osfamily)				target.asset.platform_software.platform target.labels.key dan target.labels.value
Versi OS Perangkat Tujuan (dst_osversion)				target.asset.software.version
Nama Host Tujuan (dst_host)				target.hostname
Alamat Mac Tujuan (dst_mac)				target.mac
ID Penampung (container_id)			container_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Namespace POD (pod_namespace)			pod_namespace	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama POD (pod_name)			pod_name	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Daftar Dinamis Eksternal Sumber (src_edl)			src_edl	principal.labels.key dan principal.labels.value additional.fields.key dan additional.fields.value.string_value
Daftar Dinamis Eksternal Tujuan (dst_edl)			dst_edl	target.labels.key dan target.labels.value additional.fields.key dan additional.fields.value.string_value
ID Host (hostid)			hostid	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nomor Seri (serialnumber)				principal.asset.hardware.serial_number
domain_edl (domain_edl)			domain_edl	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Grup Alamat Dinamis Sumber (src_dag)				principal.group.group_display_name
Grup Alamat Dinamis Tujuan (dst_dag)				target.group.group_display_name
partial_hash (partial_hash)			partial_hash	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Stempel Waktu Resolusi Tinggi (high_res_timestamp)				metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Alasan (reason)			alasan	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
justification (justification)			justifikasi	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
nssai_sst (nssai_sst)			nssai_sst	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Subkategori aplikasi (subcategory_of_app)			subcategory_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Kategori aplikasi (category_of_app)			category_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Teknologi aplikasi (technology_of_app)			technology_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Risiko aplikasi (risk_of_app)			risk_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Karakteristik aplikasi (characteristic_of_app)			characteristic_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Penampung aplikasi (container_of_app)			container_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Aplikasi yang di-tunnel (tunneled_app)			tunneled_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
SaaS aplikasi (is_saas_of_app)			is_saas_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Status aplikasi yang tidak diizinkan (sanctioned_state_of_app)			sanctioned_state_of_app	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value

GlobalProtect

Tabel berikut mencantumkan kolom log dari jenis log GlobalProtect dan kolom UDM yang sesuai.

Kolom CSV	Kolom CEF	Kolom LEEF	Kunci label Google Security Operations	Kolom UDM
Waktu Terima (receive_time)	rt		received_time	metadata.event_timestamp
Nomor seri (serial)	PanOSDeviceSN		intermediary_asset_hardware_serial_number	intermediary.asset.hardware.serial_number
Jenis (type)	type (Header)			metadata.product_event_type
Jenis Konten/Ancaman (subjenis)	subjenis (Header)	Subjenis		metadata.product_event_type
Waktu Pembuatan (time_generated)	PanOSLogTimeStamp		generated_timestamp	metadata.event_timestamp
Sistem Virtual (vsys)	PanOSVirtualSystem		vsys	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
ID Peristiwa (eventid)	PanOSEventID		event_id	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Tahap (stage)	PanOSStage		tahap	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Metode Autentikasi (auth_method)	PanOSAuthMethod		extension_auth_auth_details	extensions.auth.auth_details
Jenis Tunnel (tunnel_type)	PanOSTunnelType		tunnel	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Pengguna Sumber (srcuser)	PanOSSourceUserName		src_user	principal.user.email_address principal.user.userid principal.administrative_domain
Region Sumber (srcregion)	PanOSSourceRegion		src_region	principal.location.country_or_region
Nama Perangkat (machinename)	PanOSEndpointDeviceName		machine_name	principal.hostname
IP Publik (public_ip)	PanOSPublicIPv4			principal.nat_ip
IPv6 Publik (public_ipv6)	PanOSPublicIPv6			principal.nat_ip
IP Pribadi (private_ip)	PanOSPrivateIPv4			principal.ip
IPv6 Pribadi (private_ipv6)	PanOSPrivateIPv6			principal.ip
ID Host (hostid)	PanOSHostID		hostid	principal.asset.asset_id
Nomor Seri (serialnumber)	PanOSDeviceSN			principal.asset.hardware.serial_number
Versi Klien (client_ver)	PanOSGlobalProtectClientVersion		client_ver	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
OS Klien (client_os)	PanOSEndpointOSType			principal.asset.platform_software.platform(enum)
Versi OS Klien (client_os_ver)	PanOSEndpointOSVersion			principal.asset.platform_software.platform_version
Jumlah Pengulangan (repeatcnt)	PanOSCountOfRepeats		repeatcnt	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Alasan (reason)	PanOSQuarantineReason			security_result.summary
Error (error)	PanOSConnectionError		error	security_result.description
Deskripsi (buram)	PanOSDescription			security_result.description
Status (status)	PanOSEventStatus		status	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Lokasi (location)	PanOSGPGatewayLocation			target.location.country_or_region
Durasi Login (login_duration)	PanOSLoginDuration			network.session_duration
Metode Koneksi (connect_method)	PanOSConnectionMethod		connect_method	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Kode Error (error_code)	PanOSConnectionErrorID		error_code	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Portal	PanOSPortal		portal	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nomor Urutan (seqno)	PanOSSequenceNo			metadata.product_log_id
Flag Tindakan (actionflags)	PanOSActionFlags		actionflags	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Stempel Waktu Resolusi Tinggi (high_res_timestamp)	anOSTimeGeneratedHighResolution			metadata.collected_timestamp, metadata.event_timestamp (jika "Generate Time" tidak ada)
Metode Pemilihan Gateway (selection_type)	PanOSGatewaySelectionType		selection_type	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Waktu Respons SSL (response_time)	PanOSSSLResponseTime		response_time	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Prioritas Gateway (prioritas)	PanOSGatewayPriority		priority	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Gateway yang Dicoba (attempted_gateways)	PanOSAttemptedGateways		attempted_gateways	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Gateway (gateway)	PanOSAttemptedGateways		gateway	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_1)			dg_hier_level_1	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_2)			dg_hier_level_2	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_3)			dg_hier_level_3	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat (dg_hier_level_4)			dg_hier_level_4	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Sistem Virtual (vsys_name)				principal.resource.name principal.resource.resource_type=VIRTUAL_MACHINE
Nama Perangkat (device_name)				target.hostname
ID Sistem Virtual (vsys_id)				principal.resource.resource_type=VIRTUAL_MACHINE and principal.resource.product_object_id

Korelasi

Tabel berikut mencantumkan kolom log dari jenis log Korelasi dan kolom UDM yang sesuai.

Kolom CSV	Kolom LEEF	Kunci label Google Security Operations	Kolom UDM
Waktu yang Dibuat (time_generated atau cef-formatted-time_generated)	startTime	generated_timestamp	metadata.event_timestamp
Alamat Sumber (src)	src		principal.ip
Pengguna Sumber (srcuser)	SourceUser / usrName		principal.user.userid
Sistem Virtual (vsys)	VirtualSystem	vsys	about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Kategori (category)			security_result.category_details
Keparahan (severity)	Keparahan		security_result.severity dan security_result.severity_details
Hierarki Grup Perangkat Level 1	DeviceGroupHierarchyL1		about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat Level 2	DeviceGroupHierarchyL2		about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat Level 3	DeviceGroupHierarchyL3		about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Hierarki Grup Perangkat Level 4	DeviceGroupHierarchyL4		about.labels.key dan about.labels.value additional.fields.key dan additional.fields.value.string_value
Nama Sistem Virtual (vsys_name)	vSrcName		principal.resource.name principal.resource.resource_type=VIRTUAL_MACHINE
Nama Perangkat (device_name)	DeviceName		intermediary.hostname
ID Sistem Virtual (vsys_id)	VirtualSystemID		principal.resource.resource_type=VIRTUAL_MACHINE and principal.resource.product_object_id
Nama Objek (objectname)	ObjectName		target.resource.name
ID Objek (object_id)	ObjectID		target.resource.product_object_id

Referensi pemetaan kolom: Jenis log ke jenis peristiwa UDM

Tabel berikut mencantumkan jenis log firewall Palo Alto Networks dan jenis peristiwa UDM yang sesuai.

Jenis log	Jenis peristiwa UDM
Traffic	NETWORK_CONNECTION
Ancaman	NETWORK_CONNECTION
Pemfilteran URL	NETWORK_CONNECTION
WildFire	NETWORK_CONNECTION Log pengiriman WildFire adalah subjenis jenis log Ancaman dan menggunakan format syslog yang sama.
Pemfilteran Data	NETWORK_CONNECTION
Terowongan	NETWORK_CONNECTION
Konfigurasi	SETTING_MODIFICATION/SETTING_CREATION/SETTING_DELETION/SETTING_UNCATEGORIZED Nilai kolom "Command (cmd)" menentukan pemetaan jenis peristiwa UDM. Jika nilai kolom cmd adalah add atau clone, SETTING_CREATION akan ditetapkan. Jika nilai kolom cmd adalah delete, SETTING_DELETION akan ditetapkan. Jika nilai kolom cmd adalah edit, pindahkan, ganti nama, tetapkan, atau commit, SETTING_MODIFICATION akan ditetapkan. Jika nilai kolom cmd tidak berisi nilai apa pun, SETTING_UNCATEGORIZED akan ditetapkan.
Sistem	Jika nilai subjenis adalah "dhcp", NETWORK_DHCP akan ditetapkan. Jika nilai subjenis adalah "auth", USER_LOGIN akan ditetapkan. Jika nilai deskripsinya adalah "login", USER_LOGIN akan ditetapkan. Jika nilai deskripsinya adalah "logout", USER_LOGOUT akan ditetapkan. Untuk nilai subjenis lainnya, GENERIC_EVENT ditetapkan.
Pencocokan HIP	NETWORK_CONNECTION
Tag IP	GENERIC_EVENT
User-ID	USER_LOGIN/USER_LOGOUT/USER_UNCATEGORIZED Jika nilai subjenis adalah "login", USER_LOGIN akan ditetapkan. Jika nilai subjenis adalah "logout", USER_LOGOUT akan ditetapkan. Jika subjenis tidak berisi nilai apa pun, USER_UNCATEGORIZED akan ditetapkan.
Dekripsi	NETWORK_CONNECTION
Authentication	GENERIC_EVENT

Langkah selanjutnya

Penyerapan data ke Google Security Operations

Format log	Versi PAN-OS
CSV	10.1.3
CEF	10.0.0
LEEF	9.1.0