pan-os-syslog-0.1.0.0: Parse syslog traffic from PAN-OS

Safe HaskellNone
LanguageHaskell2010

Panos.Syslog.Threat

Description

Fields for threat logs.

Synopsis

Documentation

action :: Threat -> Bytes Source #

Action taken for the session; values are alert, allow, deny, drop, drop-all-packets, reset-client, reset-server, reset-both, block-url.

application :: Threat -> Bytes Source #

Application associated with the session.

category :: Threat -> Bytes Source #

For URL Subtype, it is the URL Category; For WildFire subtype, it is the verdict on the file and is either malicious, grayware, or benign; For other subtypes, the value is any.

contentVersion :: Threat -> Bytes Source #

destinationAddress :: Threat -> IP Source #

Original session destination IP address.

destinationCountry :: Threat -> Bytes Source #

Destination country or Internal region for private addresses. Maximum length is 32 bytes.

destinationPort :: Threat -> Word16 Source #

Destination port utilized by the session.

destinationUser :: Threat -> Bytes Source #

Username of the user to which the session was destined.

destinationZone :: Threat -> Bytes Source #

Zone the session was destined to.

deviceName :: Threat -> Bytes Source #

The hostname of the firewall on which the session was logged.

httpHeaders :: Threat -> Bytes Source #

httpMethod :: Threat -> Bytes Source #

inboundInterface :: Threat -> Bytes Source #

Interface that the session was sourced from.

miscellaneous :: Threat -> Bytes Source #

natDestinationIp :: Threat -> IP Source #

If Destination NAT performed, the post-NAT Destination IP address.

natDestinationPort :: Threat -> Word16 Source #

Post-NAT destination port.

natSourceIp :: Threat -> IP Source #

If Source NAT performed, the post-NAT Source IP address.

natSourcePort :: Threat -> Word16 Source #

Post-NAT source port.

outboundInterface :: Threat -> Bytes Source #

Interface that the session was destined to.

recipient :: Threat -> Bytes Source #

referer :: Threat -> Bytes Source #

ruleName :: Threat -> Bytes Source #

Name of the rule that the session matched.

sender :: Threat -> Bytes Source #

sequenceNumber :: Threat -> Word64 Source #

A 64-bit log entry identifier incremented sequentially. Each log type has a unique number space. This field is not supported on PA-7000 Series firewalls.

serialNumber :: Threat -> Bytes Source #

Serial number of the firewall that generated the log. These occassionally contain non-numeric characters, so do not attempt to parse this as a decimal number.

severity :: Threat -> Bytes Source #

Severity associated with the threat; values are informational, low, medium, high, critical.

sourceAddress :: Threat -> IP Source #

Original session source IP address.

sourceCountry :: Threat -> Bytes Source #

Source country or Internal region for private addresses; maximum length is 32 bytes.

sourcePort :: Threat -> Word16 Source #

Source port utilized by the session.

sourceUser :: Threat -> Bytes Source #

Username of the user who initiated the session.

sourceZone :: Threat -> Bytes Source #

Zone the session was sourced from.

subject :: Threat -> Bytes Source #

subtype :: Threat -> Bytes Source #

Subtype of threat log. Values include: data, file, flood, packet, scan, spyware, url, virus, vulnerability, wildfire, wildfire-virus.

threatCategory :: Threat -> Bytes Source #

threatId :: Threat -> Word64 Source #

The numerical identifier for a threat. See threatName.

threatName :: Threat -> Bytes Source #

Palo Alto Networks identifier for the threat. It is a description string followed by a 64-bit numerical identifier in parentheses for some subtypes.

This field is just the description string. The numerical identifier goes can be accessed with threatId.

timeGenerated :: Threat -> Datetime Source #

Time the log was generated on the dataplane.

virtualSystemName :: Threat -> Bytes Source #

The name of the virtual system associated with the session; only valid on firewalls enabled for multiple virtual systems.