Safe Haskell | None |
---|---|
Language | Haskell2010 |
Fields for threat logs.
Synopsis
- action :: Threat -> Bytes
- application :: Threat -> Bytes
- category :: Threat -> Bytes
- contentVersion :: Threat -> Bytes
- destinationAddress :: Threat -> IP
- destinationCountry :: Threat -> Bytes
- destinationPort :: Threat -> Word16
- destinationUser :: Threat -> Bytes
- destinationZone :: Threat -> Bytes
- deviceName :: Threat -> Bytes
- httpHeaders :: Threat -> Bytes
- httpMethod :: Threat -> Bytes
- inboundInterface :: Threat -> Bytes
- miscellaneous :: Threat -> Bytes
- natDestinationIp :: Threat -> IP
- natDestinationPort :: Threat -> Word16
- natSourceIp :: Threat -> IP
- natSourcePort :: Threat -> Word16
- outboundInterface :: Threat -> Bytes
- recipient :: Threat -> Bytes
- referer :: Threat -> Bytes
- ruleName :: Threat -> Bytes
- sender :: Threat -> Bytes
- sequenceNumber :: Threat -> Word64
- serialNumber :: Threat -> Bytes
- severity :: Threat -> Bytes
- sourceAddress :: Threat -> IP
- sourceCountry :: Threat -> Bytes
- sourcePort :: Threat -> Word16
- sourceUser :: Threat -> Bytes
- sourceZone :: Threat -> Bytes
- subject :: Threat -> Bytes
- subtype :: Threat -> Bytes
- threatCategory :: Threat -> Bytes
- threatId :: Threat -> Word64
- threatName :: Threat -> Bytes
- timeGenerated :: Threat -> Datetime
- virtualSystemName :: Threat -> Bytes
Documentation
action :: Threat -> Bytes Source #
Action taken for the session; values are alert
, allow
,
deny
, drop
, drop-all-packets
, reset-client
, reset-server
,
reset-both
, block-url
.
application :: Threat -> Bytes Source #
Application associated with the session.
category :: Threat -> Bytes Source #
For URL Subtype, it is the URL Category; For WildFire subtype,
it is the verdict on the file and is either malicious
, grayware
,
or benign
; For other subtypes, the value is any
.
contentVersion :: Threat -> Bytes Source #
destinationAddress :: Threat -> IP Source #
Original session destination IP address.
destinationCountry :: Threat -> Bytes Source #
Destination country or Internal region for private addresses. Maximum length is 32 bytes.
destinationPort :: Threat -> Word16 Source #
Destination port utilized by the session.
destinationUser :: Threat -> Bytes Source #
Username of the user to which the session was destined.
destinationZone :: Threat -> Bytes Source #
Zone the session was destined to.
deviceName :: Threat -> Bytes Source #
The hostname of the firewall on which the session was logged.
httpHeaders :: Threat -> Bytes Source #
httpMethod :: Threat -> Bytes Source #
inboundInterface :: Threat -> Bytes Source #
Interface that the session was sourced from.
miscellaneous :: Threat -> Bytes Source #
natDestinationIp :: Threat -> IP Source #
If Destination NAT performed, the post-NAT Destination IP address.
natDestinationPort :: Threat -> Word16 Source #
Post-NAT destination port.
natSourceIp :: Threat -> IP Source #
If Source NAT performed, the post-NAT Source IP address.
natSourcePort :: Threat -> Word16 Source #
Post-NAT source port.
outboundInterface :: Threat -> Bytes Source #
Interface that the session was destined to.
sequenceNumber :: Threat -> Word64 Source #
A 64-bit log entry identifier incremented sequentially. Each log type has a unique number space. This field is not supported on PA-7000 Series firewalls.
serialNumber :: Threat -> Bytes Source #
Serial number of the firewall that generated the log. These occassionally contain non-numeric characters, so do not attempt to parse this as a decimal number.
severity :: Threat -> Bytes Source #
Severity associated with the threat; values are informational, low, medium, high, critical.
sourceAddress :: Threat -> IP Source #
Original session source IP address.
sourceCountry :: Threat -> Bytes Source #
Source country or Internal region for private addresses; maximum length is 32 bytes.
sourcePort :: Threat -> Word16 Source #
Source port utilized by the session.
sourceUser :: Threat -> Bytes Source #
Username of the user who initiated the session.
sourceZone :: Threat -> Bytes Source #
Zone the session was sourced from.
subtype :: Threat -> Bytes Source #
Subtype of threat log. Values include: data
, file
, flood
,
packet
, scan
, spyware
, url
, virus
, vulnerability
,
wildfire
, wildfire-virus
.
threatCategory :: Threat -> Bytes Source #
threatName :: Threat -> Bytes Source #
Palo Alto Networks identifier for the threat. It is a description string followed by a 64-bit numerical identifier in parentheses for some subtypes.
This field is just the description string. The numerical identifier
goes can be accessed with threatId
.
timeGenerated :: Threat -> Datetime Source #
Time the log was generated on the dataplane.
virtualSystemName :: Threat -> Bytes Source #
The name of the virtual system associated with the session; only valid on firewalls enabled for multiple virtual systems.