diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index aa071c723952..24454b2f0f3b 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -12046,7 +12046,7 @@ Log entry identifier that is incremented sequentially. Unique for each log type. -- -*`palo_alto.pan_os.threat_file_or_url`*:: +*`palo_alto.pan_os.threat.resource`*:: + -- type: keyword @@ -12056,7 +12056,7 @@ URL or file name for a threat. -- -*`palo_alto.pan_os.threat_id`*:: +*`palo_alto.pan_os.threat.id`*:: + -- type: keyword @@ -12064,6 +12064,16 @@ type: keyword Palo Alto Networks identifier for the threat. +-- + +*`palo_alto.pan_os.threat.name`*:: ++ +-- +type: keyword + +Palo Alto Networks name for the threat. + + -- [[exported-fields-postgresql]] diff --git a/filebeat/docs/images/filebeat-palo-alto-threat.png b/filebeat/docs/images/filebeat-palo-alto-threat.png new file mode 100644 index 000000000000..46959b21a75e Binary files /dev/null and b/filebeat/docs/images/filebeat-palo-alto-threat.png differ diff --git a/filebeat/docs/images/filebeat-palo-alto-traffic.png b/filebeat/docs/images/filebeat-palo-alto-traffic.png new file mode 100644 index 000000000000..ef9d5f706eca Binary files /dev/null and b/filebeat/docs/images/filebeat-palo-alto-traffic.png differ diff --git a/filebeat/docs/modules/palo_alto.asciidoc b/filebeat/docs/modules/palo_alto.asciidoc index 9c0a1fc9c03c..a387ef460aa1 100644 --- a/filebeat/docs/modules/palo_alto.asciidoc +++ b/filebeat/docs/modules/palo_alto.asciidoc @@ -121,14 +121,16 @@ in ECS that are added under the `palo_alto` prefix: | Device Name | observer.hostname | |============== -// [float] -// === Example dashboard -// -// This module comes with a sample dashboard: -// -// (TODO) -// [role="screenshot"] -// image::./images/kibana-cisco-asa.png[] +[float] +=== Example dashboard + +This module comes with two sample dashboards: + +[role="screenshot"] +image::./images/filebeat-palo-alto-traffic.png[] + +[role="screenshot"] +image::./images/filebeat-palo-alto-threat.png[] include::../include/configuring-intro.asciidoc[] diff --git a/x-pack/filebeat/module/palo_alto/_meta/docs.asciidoc b/x-pack/filebeat/module/palo_alto/_meta/docs.asciidoc index cbcc0098872d..9780f0025084 100644 --- a/x-pack/filebeat/module/palo_alto/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/palo_alto/_meta/docs.asciidoc @@ -116,14 +116,16 @@ in ECS that are added under the `palo_alto` prefix: | Device Name | observer.hostname | |============== -// [float] -// === Example dashboard -// -// This module comes with a sample dashboard: -// -// (TODO) -// [role="screenshot"] -// image::./images/kibana-cisco-asa.png[] +[float] +=== Example dashboard + +This module comes with two sample dashboards: + +[role="screenshot"] +image::./images/filebeat-palo-alto-traffic.png[] + +[role="screenshot"] +image::./images/filebeat-palo-alto-threat.png[] include::../include/configuring-intro.asciidoc[] diff --git a/x-pack/filebeat/module/palo_alto/_meta/kibana/7/dashboard/Filebeat-palo-alto-network-overview.json b/x-pack/filebeat/module/palo_alto/_meta/kibana/7/dashboard/Filebeat-palo-alto-network-overview.json new file mode 100644 index 000000000000..6f8eacad468b --- /dev/null +++ b/x-pack/filebeat/module/palo_alto/_meta/kibana/7/dashboard/Filebeat-palo-alto-network-overview.json @@ -0,0 +1,1107 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "1", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "4", + "w": 12, + "x": 24, + "y": 15 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "5", + "w": 12, + "x": 36, + "y": 15 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "6", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "7", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "version": "7.1.0" + } + ], + "timeRestore": false, + "title": "[Filebeat palo_alto] Network Flows ECS", + "version": 1 + }, + "id": "e40ba240-7572-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "091fe860-756a-11e9-976e-65a8f47cc4c1", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "87f30f60-7569-11e9-976e-65a8f47cc4c1", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "78e7e820-756d-11e9-976e-65a8f47cc4c1", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "d9cab170-756f-11e9-976e-65a8f47cc4c1", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "135930b0-7570-11e9-976e-65a8f47cc4c1", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "e46331c0-756a-11e9-976e-65a8f47cc4c1", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "0407a3e0-756f-11e9-976e-65a8f47cc4c1", + "name": "panel_6", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-05-13T11:33:12.420Z", + "version": "WzI0NSwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Destination Flows Map [Filebeat palo_alto] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "destination.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + } + } + }, + "title": "Destination Flows Map [Filebeat palo_alto] ECS", + "type": "tile_map" + } + }, + "id": "091fe860-756a-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T10:29:49.158Z", + "version": "WzIzOCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Source Flows Map [Filebeat palo_alto] ECS", + "uiStateJSON": { + "mapCenter": [ + -0.17578097424708533, + 0.17578125 + ], + "mapZoom": 1 + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "autoPrecision": true, + "field": "source.geo.location", + "isFilteredByCollar": true, + "mapCenter": [ + 0, + 0 + ], + "mapZoom": 2, + "precision": 2, + "useGeocentroid": true + }, + "schema": "segment", + "type": "geohash_grid" + } + ], + "params": { + "addTooltip": true, + "colorSchema": "Yellow to Red", + "heatClusterSize": 1.5, + "isDesaturated": true, + "legendPosition": "bottomright", + "mapCenter": [ + 0, + 0 + ], + "mapType": "Scaled Circle Markers", + "mapZoom": 2, + "wms": { + "enabled": false, + "options": { + "format": "image/png", + "transparent": true + } + } + }, + "title": "Source Flows Map [Filebeat palo_alto] ECS", + "type": "tile_map" + } + }, + "id": "87f30f60-7569-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T10:26:12.438Z", + "version": "WzIzNywxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": true, + "params": { + "query": "flow_terminated" + }, + "type": "phrase", + "value": "flow_terminated" + }, + "query": { + "match": { + "event.action": { + "query": "flow_terminated", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Flow Creation Histogram [Filebeat palo_alto] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "2018-04-10T04:36:19.586Z", + "to": "2018-04-10T04:39:56.264Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Flow Creation Histogram [Filebeat palo_alto] ECS", + "type": "histogram" + } + }, + "id": "78e7e820-756d-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T10:54:25.186Z", + "version": "WzI0MCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": true, + "params": { + "query": "flow_started" + }, + "type": "phrase", + "value": "flow_started" + }, + "query": { + "match": { + "event.action": { + "query": "flow_started", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Source Zone breakout [Filebeat palo_alto] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "palo_alto.pan_os.source.zone", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Source Zone breakout [Filebeat palo_alto] ECS", + "type": "horizontal_bar" + } + }, + "id": "d9cab170-756f-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T11:12:26.462Z", + "version": "WzI0MywxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.action", + "negate": true, + "params": { + "query": "flow_started" + }, + "type": "phrase", + "value": "flow_started" + }, + "query": { + "match": { + "event.action": { + "query": "flow_started", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Destination Zone breakout [Filebeat palo_alto] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "palo_alto.pan_os.destination.zone", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 200 + }, + "position": "left", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": true, + "rotate": 75, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "bottom", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Destination Zone breakout [Filebeat palo_alto] ECS", + "type": "horizontal_bar" + } + }, + "id": "135930b0-7570-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T11:13:03.291Z", + "version": "WzI0NCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Event Outcome by Transport and Destination Port [Filebeat palo_alto] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "network.transport", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "4", + "params": { + "field": "destination.port", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Event Outcome by Transport and Destination Port [Filebeat palo_alto] ECS", + "type": "pie" + } + }, + "id": "e46331c0-756a-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T10:35:57.020Z", + "version": "WzIzOSwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Network Application breakout [Filebeat palo_alto] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "network.application", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Network Application breakout [Filebeat palo_alto] ECS", + "type": "pie" + } + }, + "id": "0407a3e0-756f-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T11:05:28.094Z", + "version": "WzI0MSwxXQ==" + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "palo_alto.pan_os:* and event.category: \"network_traffic\"" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "PAN-OS Flows [Filebeat palo_alto] ECS", + "version": 1 + }, + "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "search": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-05-13T10:23:33.182Z", + "version": "WzIzNSwxXQ==" + } + ], + "version": "7.1.0" +} diff --git a/x-pack/filebeat/module/palo_alto/_meta/kibana/7/dashboard/Filebeat-palo-alto-threat-overview.json b/x-pack/filebeat/module/palo_alto/_meta/kibana/7/dashboard/Filebeat-palo-alto-threat-overview.json new file mode 100644 index 000000000000..c0d4034c7d1e --- /dev/null +++ b/x-pack/filebeat/module/palo_alto/_meta/kibana/7/dashboard/Filebeat-palo-alto-threat-overview.json @@ -0,0 +1,796 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 15, + "i": "1", + "w": 31, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Threat outcome histogram", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "2", + "w": 24, + "x": 0, + "y": 15 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Top threats by name", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "3", + "w": 24, + "x": 24, + "y": 15 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Top threats by resource", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "4", + "w": 24, + "x": 0, + "y": 30 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": "Top attackers (clients)", + "version": "7.1.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 8, + "i": "5", + "w": 24, + "x": 24, + "y": 30 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Top attackers (servers)", + "version": "7.1.0" + }, + { + "embeddableConfig": { + "vis": { + "legendOpen": true + } + }, + "gridData": { + "h": 15, + "i": "6", + "w": 17, + "x": 31, + "y": 0 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Outcome by threat type", + "version": "7.1.0" + } + ], + "timeRestore": false, + "title": "[Filebeat palo_alto] Threats Overview ECS", + "version": 1 + }, + "id": "772964e0-7591-11e9-aacf-79a3704914a0", + "migrationVersion": { + "dashboard": "7.0.0" + }, + "references": [ + { + "id": "0bd2a0c0-7574-11e9-976e-65a8f47cc4c1", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "3eca1070-7589-11e9-aacf-79a3704914a0", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "5bd32b20-7575-11e9-976e-65a8f47cc4c1", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "90ce3300-758a-11e9-aacf-79a3704914a0", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "a95aaf20-758a-11e9-aacf-79a3704914a0", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "6dce7930-758c-11e9-aacf-79a3704914a0", + "name": "panel_5", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2019-05-13T15:12:04.141Z", + "version": "WzI1NiwyXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Threat outcome histogram [Filebeat palo_alto] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customInterval": "2h", + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "timeRange": { + "from": "2018-04-10T04:36:19.586Z", + "to": "2018-04-10T04:39:56.264Z" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.outcome", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Threat outcome histogram [Filebeat palo_alto] ECS", + "type": "histogram" + } + }, + "id": "0bd2a0c0-7574-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T11:41:28.652Z", + "version": "WzI0NiwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Threat ID Cloud [Filebeat palo_alto] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "palo_alto.pan_os.threat.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Threat ID Cloud [Filebeat palo_alto] ECS", + "type": "tagcloud" + } + }, + "id": "3eca1070-7589-11e9-aacf-79a3704914a0", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T15:06:36.839Z", + "version": "WzI1NSwyXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Threat Resource Cloud [Filebeat palo_alto] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "url.original", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Threat Resource Cloud [Filebeat palo_alto] ECS", + "type": "tagcloud" + } + }, + "id": "5bd32b20-7575-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T11:50:52.370Z", + "version": "WzI0NywxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "network.direction", + "negate": false, + "params": { + "query": "inbound" + }, + "type": "phrase", + "value": "inbound" + }, + "query": { + "match": { + "network.direction": { + "query": "inbound", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top attackers (clients) [Filebeat palo_alto] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "client.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top attackers (clients) [Filebeat palo_alto] ECS", + "type": "table" + } + }, + "id": "90ce3300-758a-11e9-aacf-79a3704914a0", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T14:22:40.688Z", + "version": "WzI1MSwyXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "network.direction", + "negate": false, + "params": { + "query": "outbound" + }, + "type": "phrase", + "value": "outbound" + }, + "query": { + "match": { + "network.direction": { + "query": "outbound", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Top attackers (servers) [Filebeat palo_alto] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "server.ip", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Top attackers (servers) [Filebeat palo_alto] ECS", + "type": "table" + } + }, + "id": "a95aaf20-758a-11e9-aacf-79a3704914a0", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T14:23:21.874Z", + "version": "WzI1MiwyXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Outcome by Threat Type [Filebeat palo_alto] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "event.action", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "event.outcome", + "missingBucket": true, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTooltip": true, + "isDonut": true, + "labels": { + "last_level": true, + "show": false, + "truncate": 100, + "values": true + }, + "legendPosition": "right", + "type": "pie" + }, + "title": "Outcome by Threat Type [Filebeat palo_alto] ECS", + "type": "pie" + } + }, + "id": "6dce7930-758c-11e9-aacf-79a3704914a0", + "migrationVersion": { + "visualization": "7.0.1" + }, + "references": [ + { + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2019-05-13T14:36:00.962Z", + "version": "WzI1MywyXQ==" + }, + { + "attributes": { + "columns": [ + "_source" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "palo_alto.pan_os:* and event.category: \"security_threat\"" + }, + "version": true + } + }, + "sort": [ + "@timestamp", + "desc" + ], + "title": "PAN-OS Threats [Filebeat palo_alto] ECS", + "version": 1 + }, + "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", + "migrationVersion": { + "search": "7.0.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-05-13T10:24:06.550Z", + "version": "WzIzNiwxXQ==" + } + ], + "version": "7.1.0" +} diff --git a/x-pack/filebeat/module/palo_alto/fields.go b/x-pack/filebeat/module/palo_alto/fields.go index d192ec61b6e4..7648c70ea203 100644 --- a/x-pack/filebeat/module/palo_alto/fields.go +++ b/x-pack/filebeat/module/palo_alto/fields.go @@ -19,5 +19,5 @@ func init() { // AssetPaloAlto returns asset data. // This is the base64 encoded gzipped contents of module/palo_alto. func AssetPaloAlto() string { - return "eJzMmM9u4zYQxu95irm5BeLcesmhQNpFgABpauw26NGgqZHEhuJoh6O4ytMXpGVHtulItb1GeAsV8vvNn08iPYUXbG+hVpbmygpdAYgRi9tTGXrNphZD7hZ+vQIA+IOyxiLkxDBTluDOCsETypL4xcNPs7un6Z/ffr4CyA3azN/GRVNwqtrZOwxpa7yFgqmpu5mEYhj3cTPImSqQEt83AkuFv+n+ry8J27puTv59PqX8kfwWA3FESES/Cn4LKc3VQ+PGokfZlurwXrBdEmc7zz5iBIAnVSFQHhnD5iClEqiU6BIzkNJ48Oi9IXeTBPLUsMYkz166hmm6pAkB/ivosoglVE8tvqLtxIAW/6CWm53VqbT1Sd/I7XIO5W4EcRjfVlhBoKv3oaz1eYwT5FztJe+8UBuV/0Hm1G6DwYdFHUk0Iy/Tp7u/1mVUWcbo/TWYfD0VnhoPNXJOXGG2z3i4zr3MpgDXARx4OIJ/P4KHWQpw8xohTuVxDWLJFedDCWLvMEmrZujFOBX2vZBfe4qfzrRfemyfy7l9ss9o335V+x7uz59m5EErD5h5pIcOxJR29QhfDzr7NK4RFners8WF7N2pHWntWqt6blIeOYOHZkq/oIBWtTSM8PAl+keBlIzqUBbhRBONaWhNVdU4I2069DHhj0xBGL+v1WIGLC2npfLl5lAaOuyXqTS1xYHGyo291CEvSB3ZUiG44/rlN+MUt7DJzrpTVjQenQTeBYJyyrZvmK7Loo2x/G1sdm84rONXozH1OkkXOZn7hu2FUt+wPTLzWgkWxO2PcfN97NdYj+evj+FrIxMf2Z+/Pm6002/tsHZdkOu45hU5M1qAXPwzVli5DIxPboBGSmSYVMoabajxk2uYFKzapWKcXAMxTBboTOEmQyaytNy3/QmXt4dwOnDKgmsqZKPBZOjE5AY5djEqXe6fF9L3OPzeoNM4d021QE4yJr5rA4CPVAA64bZPFm+YxoNxmrFCJ5h18mKUtYk6PjvzvcH3kCwVEWkgplXLzEOB58TzQz46KvWh8YhXzRPUxnxfdrjO2QmJnxd2eiE6vaP7LwAA//+NIWzi" + return "eJzMmMFu4zYQhu95irm5BeLcesmhQNpFgABpauw26DGgqZHEhuJoh6O42qdfkJYd2aYtre01opupkPPNP/NTZKbwiu0t1MrSi7JCVwBixOLmUIZes6nFkLuF368AAP6irLEIOTHMlCW4s0LwhLIgfvXwy+zuafr3l1+vAHKDNvO3cdIUnKq21g6PtDXeQsHU1N1IImJ47uNikDNVICW+LwSWCn/T/V0/JGzGdS/k38dTkQ+F32AgjgiJ7JfJbyCluXpo3Fj0KJuhOrxXbBfE2da7Q4wA8KQqBMojY1gcpFQClRJdYgZSGg8evTfkbpJAnhrWmOTZkWuYphNNCPB/QZdFLKF6avENbRcMaP4farnZmp2SrU/6jdw255B2I4jD82WJFQJ09d6nWp/HOEHO1Y5454VaR/kBMqe2GwwOFnUk0Yy8TJ/u/lmVUWUZo/fXYPLVUHhrPNTIOXGF2S7j/jr3lE0BrhLY83IE/24GD7MU4HobIU7puAKx5IrzoYRg7zBJq2boxTgV1r2QX3sRP5xpP/XYPpZz+2Qf0b79qvY93B8/zciDVh4w80gP7ckp7eoRvh509mlcIyzulmeLC9m7i3aktWut6heT8sgZPDRT+hUFtKqlYYSHT9E/CqRkVPtUhBNNNKahNVVV44y06dTHpD9SgvD8uYoWFbC0mJbKl+tDaeiw36bS1BYHGis39lKHvBDqyJYKyR3XL38Yp7iFtTqrTlnSeHQSeOcIyinbfsN0XeZtzOVfY7N7w2EevxmNqe0kXeSk9g3bC0nfsD1Sea0EC+L257j5PvZrrMfz58fwtZGJj+zPnx/XsdO7dpi7Ksh1nPOGnBktQC7+jBVWLgPjkwugkRIZJpWyRhtq/OQaJgWrdqEYJ9dADJM5OlO4yZCJLC12bX/C5e0hnA6csuCaCtloMBk6MblBjl2MSpe754X0PQ6/Nug0vrimmiMnGRPftQHARyoAnXDbJ4s3TOPBOM1YoRPMuvBilLWJOj4787XB95QsFRFpIKdus2c8cEk9SvfQdcTLzgmhxnxctqDO2QaJ/y1sNUK0+Q/QhR8/lW+tWp/sewAAAP//0JiSnA==" } diff --git a/x-pack/filebeat/module/palo_alto/module.yml b/x-pack/filebeat/module/palo_alto/module.yml index b78832712d05..aa3264f75850 100644 --- a/x-pack/filebeat/module/palo_alto/module.yml +++ b/x-pack/filebeat/module/palo_alto/module.yml @@ -1,3 +1,5 @@ dashboards: -# TODO - + - id: 772964e0-7591-11e9-aacf-79a3704914a0 + file: Filebeat-palo-alto-threat-overview.json + - id: e40ba240-7572-11e9-976e-65a8f47cc4c1 + file: Filebeat-palo-alto-network-overview.json diff --git a/x-pack/filebeat/module/palo_alto/pan_os/_meta/fields.yml b/x-pack/filebeat/module/palo_alto/pan_os/_meta/fields.yml index 0e7f15e7d391..e19c9dac2a61 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/_meta/fields.yml +++ b/x-pack/filebeat/module/palo_alto/pan_os/_meta/fields.yml @@ -113,12 +113,17 @@ Log entry identifier that is incremented sequentially. Unique for each log type. - - name: threat_file_or_url + - name: threat.resource type: keyword description: > URL or file name for a threat. - - name: threat_id + - name: threat.id type: keyword description: > Palo Alto Networks identifier for the threat. + + - name: threat.name + type: keyword + description: > + Palo Alto Networks name for the threat. diff --git a/x-pack/filebeat/module/palo_alto/pan_os/config/input.yml b/x-pack/filebeat/module/palo_alto/pan_os/config/input.yml index be15016ae311..879fa479b288 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/config/input.yml +++ b/x-pack/filebeat/module/palo_alto/pan_os/config/input.yml @@ -126,9 +126,9 @@ processors: _temp_.labels: 28 network.transport: 29 event.outcome: 30 - palo_alto.pan_os.threat_file_or_url: 31 + palo_alto.pan_os.threat.resource: 31 url.original: 31 - palo_alto.pan_os.threat_id: 32 + palo_alto.pan_os.threat.name: 32 palo_alto.pan_os.url.category: 33 log.level: 34 _temp_.direction: 35 diff --git a/x-pack/filebeat/module/palo_alto/pan_os/ingest/pipeline.yml b/x-pack/filebeat/module/palo_alto/pan_os/ingest/pipeline.yml index 18da07007dae..b08de6b8706b 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/ingest/pipeline.yml +++ b/x-pack/filebeat/module/palo_alto/pan_os/ingest/pipeline.yml @@ -146,7 +146,17 @@ processors: value: unknown if: 'ctx?._temp_?.message_type == "THREAT" && ctx?.network?.direction == null' -# Set event.category depending on log type. +# Set network.type for TRAFFIC. + - set: + field: network.type + value: 'ipv4' + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.labels?.ipv6_session == null' + - set: + field: network.type + value: 'ipv6' + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.labels?.ipv6_session != null' + + # Set event.category depending on log type. - set: field: event.category value: network_traffic @@ -306,6 +316,18 @@ processors: value: - '{{palo_alto.pan_os.network.nat.community_id}}' + - grok: + if: 'ctx?.palo_alto?.pan_os?.threat?.name != null' + field: palo_alto.pan_os.threat.name + ignore_failure: true + patterns: + - '%{GREEDYDATA:palo_alto.pan_os.threat.name}\(\s*%{GREEDYDATA:palo_alto.pan_os.threat.id}\s*\)' + + - set: + field: palo_alto.pan_os.threat.name + value: 'URL-filtering' + if: 'ctx?.palo_alto?.pan_os?.threat?.id == "9999"' + # Remove temporary fields. - remove: field: diff --git a/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_other.log-expected.json b/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_other.log-expected.json index 45de9e62f21d..49029d6a1c48 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_other.log-expected.json +++ b/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_other.log-expected.json @@ -38,6 +38,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", diff --git a/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_threat.log-expected.json b/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_threat.log-expected.json index 29373236d667..50baddececb1 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_threat.log-expected.json +++ b/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_threat.log-expected.json @@ -43,8 +43,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "lorexx.cn/loader.exe", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "lorexx.cn/loader.exe", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -109,8 +110,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "lsiu.info/evo/count.php?o=2", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "lsiu.info/evo/count.php?o=2", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -175,8 +177,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "lsiu.info/evo/count.php?o=5", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "lsiu.info/evo/count.php?o=5", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -241,8 +244,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "lsiu.info/evo/count.php?o=7", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "lsiu.info/evo/count.php?o=7", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -307,8 +311,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -373,8 +378,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -439,8 +445,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "liteautobestguide.cn/load.php", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "liteautobestguide.cn/load.php", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -505,8 +512,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "liteautobestguide.cn/index.php", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "liteautobestguide.cn/index.php", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -571,8 +579,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "litetopdetect.cn/index.php", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "litetopdetect.cn/index.php", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -637,8 +646,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -703,8 +713,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "girlteenxxxfreemov.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "girlteenxxxfreemov.com/", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -769,8 +780,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "imagesrepository.com/resolution.php", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "imagesrepository.com/resolution.php", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -835,8 +847,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "hottestfiles.com/search/search.php?q=xxx", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "hottestfiles.com/search/search.php?q=xxx", "palo_alto.pan_os.url.category": "search-engines", "related.ip": [ "192.168.0.2", @@ -900,8 +913,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "infodist1.com/in.cgi?11¶meter=404", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "infodist1.com/in.cgi?11¶meter=404", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -966,8 +980,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "cls-softwares.com/suc.php", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "cls-softwares.com/suc.php", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -1032,8 +1047,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "cls-softwares.com/softwarefortubeview.40013.exe", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "cls-softwares.com/softwarefortubeview.40013.exe", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -1094,8 +1110,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "findmorepill.com/klik/search.php?q=xxx", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "findmorepill.com/klik/search.php?q=xxx", "palo_alto.pan_os.url.category": "online-gambling", "related.ip": [ "192.168.0.2", @@ -1160,8 +1177,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "allowedwebsurfing.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "allowedwebsurfing.com/", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -1226,8 +1244,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "antivirus-remote.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "antivirus-remote.com/", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -1292,8 +1311,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "bklinkov.ru/hi/start.cfg", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "bklinkov.ru/hi/start.cfg", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -1358,8 +1378,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "blogsexnakedgirlxxx.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "blogsexnakedgirlxxx.com/", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -1424,8 +1445,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "bklinkov.ru/hi/start.exe", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "bklinkov.ru/hi/start.exe", "palo_alto.pan_os.url.category": "not-resolved", "related.ip": [ "192.168.0.2", @@ -1490,8 +1512,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "-/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "-/", "palo_alto.pan_os.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -1556,8 +1579,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "-/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "-/", "palo_alto.pan_os.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -1622,8 +1646,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "-/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "-/", "palo_alto.pan_os.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -1688,8 +1713,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "-/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "-/", "palo_alto.pan_os.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -1754,8 +1780,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "-/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "-/", "palo_alto.pan_os.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -1820,8 +1847,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "-/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "-/", "palo_alto.pan_os.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -1886,8 +1914,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "-/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "-/", "palo_alto.pan_os.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -1952,8 +1981,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "-/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "-/", "palo_alto.pan_os.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -2018,8 +2048,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "-/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "-/", "palo_alto.pan_os.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -2084,8 +2115,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "-/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "-/", "palo_alto.pan_os.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -2150,8 +2182,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "-/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "-/", "palo_alto.pan_os.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", @@ -2212,8 +2245,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "wantfinest.com/tds/in.cgi?default", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "wantfinest.com/tds/in.cgi?default", "palo_alto.pan_os.url.category": "unknown", "related.ip": [ "192.168.0.2", @@ -2274,8 +2308,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "sameshitasiteverwas.com/traf/tds/in.cgi?2", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "sameshitasiteverwas.com/traf/tds/in.cgi?2", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -2339,8 +2374,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "svarkon.ru/update.exe", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "svarkon.ru/update.exe", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -2404,8 +2440,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "onlinescanxpp.com/land/eurl/1.php?code=", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "onlinescanxpp.com/land/eurl/1.php?code=", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -2466,8 +2503,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -2528,8 +2566,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "nolagtime.com/gwc.txt", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "nolagtime.com/gwc.txt", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -2593,8 +2632,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "karavan.us/bon/index.php", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "karavan.us/bon/index.php", "palo_alto.pan_os.url.category": "unknown", "related.ip": [ "192.168.0.2", @@ -2655,8 +2695,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "findnolimits.com/go.php?sid=1", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "findnolimits.com/go.php?sid=1", "palo_alto.pan_os.url.category": "dead-sites", "related.ip": [ "192.168.0.2", @@ -2717,8 +2758,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "bizoplata.ru/moun.html", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "bizoplata.ru/moun.html", "palo_alto.pan_os.url.category": "parked-domains", "related.ip": [ "192.168.0.2", @@ -2779,8 +2821,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "bizoplata.ru/palast.html", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "bizoplata.ru/palast.html", "palo_alto.pan_os.url.category": "parked-domains", "related.ip": [ "192.168.0.2", @@ -2838,8 +2881,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "controller.php", - "palo_alto.pan_os.threat_id": "Bredolab.Gen Command and Control Traffic(13024)", + "palo_alto.pan_os.threat.id": "13024", + "palo_alto.pan_os.threat.name": "Bredolab.Gen Command and Control Traffic", + "palo_alto.pan_os.threat.resource": "controller.php", "palo_alto.pan_os.url.category": "any", "related.ip": [ "204.232.231.46", @@ -2909,8 +2953,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "www.15min.it/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "www.15min.it/", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -2971,8 +3016,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "tubemov.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "tubemov.com/", "palo_alto.pan_os.url.category": "adult-and-pornography", "related.ip": [ "192.168.0.2", @@ -3033,8 +3079,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "pagesinxt.com/?dn=teenstube.us&flrdr=yes&nxte=js", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "pagesinxt.com/?dn=teenstube.us&flrdr=yes&nxte=js", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -3095,8 +3142,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "movfree.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "movfree.com/", "palo_alto.pan_os.url.category": "spyware-and-adware", "related.ip": [ "192.168.0.2", @@ -3160,8 +3208,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "gometascan.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "gometascan.com/", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -3225,8 +3274,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "antivirus-powerful-scannerv2.com/download/Install_11-1.exe", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "antivirus-powerful-scannerv2.com/download/Install_11-1.exe", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -3290,8 +3340,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "antivirus-powerful-scannerv2.com/1/?id=11-1&back==TQzyDTyMUQNMI=N", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "antivirus-powerful-scannerv2.com/1/?id=11-1&back==TQzyDTyMUQNMI=N", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -3355,8 +3406,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "basdzsdas.com/poker/config.bin", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "basdzsdas.com/poker/config.bin", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -3420,8 +3472,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "basdzsdas.com/poker/config.bin", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "basdzsdas.com/poker/config.bin", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -3479,8 +3532,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "uLLGRaXP.exe", - "palo_alto.pan_os.threat_id": "Windows Executable (EXE)(52020)", + "palo_alto.pan_os.threat.id": "52020", + "palo_alto.pan_os.threat.name": "Windows Executable (EXE)", + "palo_alto.pan_os.threat.resource": "uLLGRaXP.exe", "palo_alto.pan_os.url.category": "any", "related.ip": [ "173.236.179.57", @@ -3550,8 +3604,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "basdzsdas.com/poker/config.bin", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "basdzsdas.com/poker/config.bin", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -3609,8 +3664,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "FunkyEmoticons_setup.exe", - "palo_alto.pan_os.threat_id": "Windows Executable (EXE)(52020)", + "palo_alto.pan_os.threat.id": "52020", + "palo_alto.pan_os.threat.name": "Windows Executable (EXE)", + "palo_alto.pan_os.threat.resource": "FunkyEmoticons_setup.exe", "palo_alto.pan_os.url.category": "any", "related.ip": [ "91.209.163.202", @@ -3668,8 +3724,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "52hxw.exe", - "palo_alto.pan_os.threat_id": "Windows Executable (EXE)(52020)", + "palo_alto.pan_os.threat.id": "52020", + "palo_alto.pan_os.threat.name": "Windows Executable (EXE)", + "palo_alto.pan_os.threat.resource": "52hxw.exe", "palo_alto.pan_os.url.category": "any", "related.ip": [ "122.226.169.183", @@ -3738,8 +3795,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "softsellfast.com/test/config.bin", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "softsellfast.com/test/config.bin", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -3797,8 +3855,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "setup.exe", - "palo_alto.pan_os.threat_id": "Windows Executable (EXE)(52020)", + "palo_alto.pan_os.threat.id": "52020", + "palo_alto.pan_os.threat.name": "Windows Executable (EXE)", + "palo_alto.pan_os.threat.resource": "setup.exe", "palo_alto.pan_os.url.category": "any", "related.ip": [ "109.201.131.15", @@ -3859,8 +3918,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "Live-Player_setup.exe", - "palo_alto.pan_os.threat_id": "Windows Executable (EXE)(52020)", + "palo_alto.pan_os.threat.id": "52020", + "palo_alto.pan_os.threat.name": "Windows Executable (EXE)", + "palo_alto.pan_os.threat.resource": "Live-Player_setup.exe", "palo_alto.pan_os.url.category": "any", "related.ip": [ "91.209.163.202", @@ -3921,8 +3981,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "boialex.narod.ru/config.txt", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "boialex.narod.ru/config.txt", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -3983,8 +4044,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "edw-melon.narod.ru/config.txt", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "edw-melon.narod.ru/config.txt", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -4045,8 +4107,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "maximtushin.narod.ru/config.txt", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "maximtushin.narod.ru/config.txt", "palo_alto.pan_os.url.category": "malware-sites", "related.ip": [ "192.168.0.2", @@ -4104,8 +4167,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "uLLGRaXP.exe", - "palo_alto.pan_os.threat_id": "Windows Executable (EXE)(52020)", + "palo_alto.pan_os.threat.id": "52020", + "palo_alto.pan_os.threat.name": "Windows Executable (EXE)", + "palo_alto.pan_os.threat.resource": "uLLGRaXP.exe", "palo_alto.pan_os.url.category": "any", "related.ip": [ "173.236.179.57", @@ -4175,8 +4239,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "marketingsoluchion.biz/fkn/config.bin", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "marketingsoluchion.biz/fkn/config.bin", "palo_alto.pan_os.url.category": "unknown", "related.ip": [ "192.168.0.2", @@ -4240,8 +4305,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "default.aspx", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "default.aspx", "palo_alto.pan_os.url.category": "any", "related.ip": [ "192.168.0.6", @@ -4299,8 +4365,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "sck.aspx", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "sck.aspx", "palo_alto.pan_os.url.category": "any", "related.ip": [ "65.54.161.34", @@ -4364,8 +4431,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "ADSAdClient31.dll", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "ADSAdClient31.dll", "palo_alto.pan_os.url.category": "any", "related.ip": [ "65.55.5.231", @@ -4435,8 +4503,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "c.gif", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "c.gif", "palo_alto.pan_os.url.category": "any", "related.ip": [ "192.168.0.6", @@ -4494,8 +4563,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "csi", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "csi", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.239.17", @@ -4559,8 +4629,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "internal-tuner.pandora.com", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "internal-tuner.pandora.com", "palo_alto.pan_os.url.category": "any", "related.ip": [ "192.168.0.2", @@ -4618,8 +4689,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.198", @@ -4680,8 +4752,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "about.exe", - "palo_alto.pan_os.threat_id": "Windows Executable (EXE)(52020)", + "palo_alto.pan_os.threat.id": "52020", + "palo_alto.pan_os.threat.name": "Windows Executable (EXE)", + "palo_alto.pan_os.threat.resource": "about.exe", "palo_alto.pan_os.url.category": "any", "related.ip": [ "188.190.124.75", @@ -4739,8 +4812,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.200", @@ -4801,8 +4875,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.239.3", @@ -4863,8 +4938,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.239.3", @@ -4925,8 +5001,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.200", @@ -4990,8 +5067,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "__utm.gif", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "__utm.gif", "palo_alto.pan_os.url.category": "any", "related.ip": [ "192.168.0.2", @@ -5049,8 +5127,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.193", @@ -5111,8 +5190,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "nav_logo107.png", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "nav_logo107.png", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.239.20", @@ -5173,8 +5253,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "Eadweard_Muybridge", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "Eadweard_Muybridge", "palo_alto.pan_os.url.category": "any", "related.ip": [ "208.80.154.225", @@ -5235,8 +5316,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "load.php", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "load.php", "palo_alto.pan_os.url.category": "any", "related.ip": [ "208.80.154.234", @@ -5297,8 +5379,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "8fe44cb728c0f40750c64ee906eb72.css", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "8fe44cb728c0f40750c64ee906eb72.css", "palo_alto.pan_os.url.category": "any", "related.ip": [ "65.54.75.25", @@ -5362,8 +5445,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.206", @@ -5424,8 +5508,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.195", @@ -5486,8 +5571,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "appcast.xml", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "appcast.xml", "palo_alto.pan_os.url.category": "any", "related.ip": [ "207.178.96.34", @@ -5551,8 +5637,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.195", @@ -5613,8 +5700,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "csi", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "csi", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.239.20", @@ -5675,8 +5763,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "index.php", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "index.php", "palo_alto.pan_os.url.category": "any", "related.ip": [ "66.152.109.24", @@ -5737,8 +5826,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.200", @@ -5802,8 +5892,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "__utm.gif", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "__utm.gif", "palo_alto.pan_os.url.category": "any", "related.ip": [ "192.168.0.2", @@ -5861,8 +5952,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.200", @@ -5923,8 +6015,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.200", @@ -5988,8 +6081,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "internal-tuner.pandora.com", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "internal-tuner.pandora.com", "palo_alto.pan_os.url.category": "any", "related.ip": [ "192.168.0.2", @@ -6047,8 +6141,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.201", @@ -6109,8 +6204,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.201", @@ -6171,8 +6267,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.200", @@ -6233,8 +6330,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.200", @@ -6295,8 +6393,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "ga.js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "ga.js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.198", @@ -6357,8 +6456,9 @@ "palo_alto.pan_os.source.nat.ip": "0.0.0.0", "palo_alto.pan_os.source.nat.port": 0, "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat_file_or_url": "js", - "palo_alto.pan_os.threat_id": "PII(60000)", + "palo_alto.pan_os.threat.id": "60000", + "palo_alto.pan_os.threat.name": "PII", + "palo_alto.pan_os.threat.resource": "js", "palo_alto.pan_os.url.category": "any", "related.ip": [ "74.125.224.200", diff --git a/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_traffic.log-expected.json b/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_traffic.log-expected.json index bdf2ad4d7baf..6550d19201ef 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_traffic.log-expected.json +++ b/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_traffic.log-expected.json @@ -38,6 +38,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -108,6 +109,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -178,6 +180,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -251,6 +254,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -324,6 +328,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -394,6 +399,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -464,6 +470,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -537,6 +544,7 @@ "network.direction": "outbound", "network.packets": 10, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -610,6 +618,7 @@ "network.direction": "outbound", "network.packets": 10, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -683,6 +692,7 @@ "network.direction": "outbound", "network.packets": 10, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -756,6 +766,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -829,6 +840,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -902,6 +914,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -975,6 +988,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -1048,6 +1062,7 @@ "network.direction": "outbound", "network.packets": 10, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -1121,6 +1136,7 @@ "network.direction": "outbound", "network.packets": 10, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -1194,6 +1210,7 @@ "network.direction": "outbound", "network.packets": 21, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -1267,6 +1284,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -1340,6 +1358,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -1410,6 +1429,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -1480,6 +1500,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -1553,6 +1574,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -1623,6 +1645,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -1696,6 +1719,7 @@ "network.direction": "outbound", "network.packets": 10, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -1769,6 +1793,7 @@ "network.direction": "outbound", "network.packets": 10, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -1842,6 +1867,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -1912,6 +1938,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -1982,6 +2009,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -2052,6 +2080,7 @@ "network.direction": "outbound", "network.packets": 16, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -2125,6 +2154,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -2195,6 +2225,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -2268,6 +2299,7 @@ "network.direction": "outbound", "network.packets": 20, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -2341,6 +2373,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -2411,6 +2444,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -2481,6 +2515,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -2554,6 +2589,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -2627,6 +2663,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -2697,6 +2734,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -2767,6 +2805,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -2835,6 +2874,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -2907,6 +2947,7 @@ "network.direction": "outbound", "network.packets": 13, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -2978,6 +3019,7 @@ "network.direction": "outbound", "network.packets": 17, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -3050,6 +3092,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -3123,6 +3166,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -3191,6 +3235,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -3263,6 +3308,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -3333,6 +3379,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -3406,6 +3453,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -3476,6 +3524,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -3546,6 +3595,7 @@ "network.direction": "outbound", "network.packets": 4, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -3616,6 +3666,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -3686,6 +3737,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -3759,6 +3811,7 @@ "network.direction": "outbound", "network.packets": 13, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -3832,6 +3885,7 @@ "network.direction": "outbound", "network.packets": 22, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -3905,6 +3959,7 @@ "network.direction": "outbound", "network.packets": 21, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -3975,6 +4030,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -4048,6 +4104,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -4118,6 +4175,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -4188,6 +4246,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -4261,6 +4320,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -4334,6 +4394,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -4404,6 +4465,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -4474,6 +4536,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -4547,6 +4610,7 @@ "network.direction": "outbound", "network.packets": 13, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -4617,6 +4681,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -4687,6 +4752,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -4757,6 +4823,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -4830,6 +4897,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -4903,6 +4971,7 @@ "network.direction": "outbound", "network.packets": 13, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -4976,6 +5045,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -5046,6 +5116,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -5116,6 +5187,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -5189,6 +5261,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -5259,6 +5332,7 @@ "network.direction": "outbound", "network.packets": 39, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -5329,6 +5403,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -5399,6 +5474,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -5472,6 +5548,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -5538,6 +5615,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -5611,6 +5689,7 @@ "network.direction": "outbound", "network.packets": 21, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -5684,6 +5763,7 @@ "network.direction": "outbound", "network.packets": 22, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -5750,6 +5830,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -5816,6 +5897,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -5889,6 +5971,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -5959,6 +6042,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -6029,6 +6113,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -6102,6 +6187,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -6172,6 +6258,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -6238,6 +6325,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -6308,6 +6396,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -6381,6 +6470,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -6451,6 +6541,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -6521,6 +6612,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -6594,6 +6686,7 @@ "network.direction": "outbound", "network.packets": 13, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -6667,6 +6760,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -6740,6 +6834,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -6813,6 +6908,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -6879,6 +6975,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -6952,6 +7049,7 @@ "network.direction": "outbound", "network.packets": 4, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -7025,6 +7123,7 @@ "network.direction": "outbound", "network.packets": 4, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", @@ -7098,6 +7197,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.serial_number": "01606001116", "palo_alto.pan_os.destination.interface": "ethernet1/1", "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", diff --git a/x-pack/filebeat/module/palo_alto/pan_os/test/threat.log-expected.json b/x-pack/filebeat/module/palo_alto/pan_os/test/threat.log-expected.json index 0b4a7a429350..15fe217fb319 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/test/threat.log-expected.json +++ b/x-pack/filebeat/module/palo_alto/pan_os/test/threat.log-expected.json @@ -44,8 +44,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 37679, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -110,8 +111,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 28249, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -176,8 +178,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 63898, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -242,8 +245,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 7515, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -308,8 +312,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 3225, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -374,8 +379,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 60449, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -440,8 +446,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 60559, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -506,8 +513,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 47414, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -572,8 +580,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 37673, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -638,8 +647,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 8232, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -704,8 +714,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 32982, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -770,8 +781,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 10473, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -836,8 +848,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 20446, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -902,8 +915,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 34699, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -968,8 +982,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 22820, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1034,8 +1049,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 41060, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1100,8 +1116,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 9058, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1166,8 +1183,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 54846, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1232,8 +1250,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 52731, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1298,8 +1317,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 15165, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1364,8 +1384,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 53918, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "b.scorecardresearch.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "b.scorecardresearch.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1430,8 +1451,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 40792, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1496,8 +1518,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 54044, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1562,8 +1585,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 19544, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1628,8 +1652,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 13462, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1694,8 +1719,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 44892, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1760,8 +1786,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 16487, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1826,8 +1853,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 23952, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1892,8 +1920,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 2810, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -1958,8 +1987,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 13272, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2024,8 +2054,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 8663, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2090,8 +2121,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 55738, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2156,8 +2188,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 10650, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2222,8 +2255,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 44087, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2288,8 +2322,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 15915, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "consent.cmp.oath.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2354,8 +2389,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 41165, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "cdn.taboola.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "cdn.taboola.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2423,8 +2459,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 54133, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "rules.quantcount.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "rules.quantcount.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2492,8 +2529,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 8485, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2561,8 +2599,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 12496, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2630,8 +2669,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 17029, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2699,8 +2739,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 23696, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2768,8 +2809,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 34769, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2837,8 +2879,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 22486, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2906,8 +2949,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 12894, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -2975,8 +3019,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 62348, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3044,8 +3089,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 6224, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3113,8 +3159,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 44120, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3182,8 +3229,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 44228, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3251,8 +3299,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 31322, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3320,8 +3369,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 1672, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "www.googleadservices.com/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "www.googleadservices.com/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3386,8 +3436,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 20801, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "service.maxymiser.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3452,8 +3503,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 24533, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "service.maxymiser.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3518,8 +3570,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 30150, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "service.maxymiser.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3584,8 +3637,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 36305, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "service.maxymiser.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3650,8 +3704,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 42682, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "service.maxymiser.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3716,8 +3771,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 22530, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "service.maxymiser.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3782,8 +3838,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 43713, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "service.maxymiser.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3848,8 +3905,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 60608, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "service.maxymiser.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3914,8 +3972,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 9302, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "service.maxymiser.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -3980,8 +4039,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 11634, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "service.maxymiser.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4049,8 +4109,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 30818, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4118,8 +4179,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 64260, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4187,8 +4249,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 7071, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4256,8 +4319,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 4512, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4325,8 +4389,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 3422, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4394,8 +4459,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 4651, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4463,8 +4529,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 19068, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4532,8 +4599,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 5831, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4601,8 +4669,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 7084, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4670,8 +4739,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 18633, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4739,8 +4809,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 25557, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4808,8 +4879,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 20661, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4877,8 +4949,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 65438, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -4946,8 +5019,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 53101, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -5015,8 +5089,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 35463, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", @@ -5084,8 +5159,9 @@ "palo_alto.pan_os.source.nat.ip": "192.168.1.63", "palo_alto.pan_os.source.nat.port": 45769, "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat_file_or_url": "segment-data.zqtk.net/", - "palo_alto.pan_os.threat_id": "(9999)", + "palo_alto.pan_os.threat.id": "9999", + "palo_alto.pan_os.threat.name": "URL-filtering", + "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", "palo_alto.pan_os.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", diff --git a/x-pack/filebeat/module/palo_alto/pan_os/test/traffic.log-expected.json b/x-pack/filebeat/module/palo_alto/pan_os/test/traffic.log-expected.json index 755e84659bfe..2b48c80e8d97 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/test/traffic.log-expected.json +++ b/x-pack/filebeat/module/palo_alto/pan_os/test/traffic.log-expected.json @@ -37,6 +37,7 @@ "network.direction": "outbound", "network.packets": 36, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -110,6 +111,7 @@ "network.direction": "outbound", "network.packets": 12, "network.transport": "icmp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -183,6 +185,7 @@ "network.direction": "outbound", "network.packets": 11, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -256,6 +259,7 @@ "network.direction": "outbound", "network.packets": 12, "network.transport": "icmp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -332,6 +336,7 @@ "network.direction": "outbound", "network.packets": 8, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -405,6 +410,7 @@ "network.direction": "outbound", "network.packets": 113, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -478,6 +484,7 @@ "network.direction": "outbound", "network.packets": 12, "network.transport": "icmp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -551,6 +558,7 @@ "network.direction": "outbound", "network.packets": 16, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -624,6 +632,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -697,6 +706,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -770,6 +780,7 @@ "network.direction": "outbound", "network.packets": 32, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -843,6 +854,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -916,6 +928,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -989,6 +1002,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -1062,6 +1076,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -1135,6 +1150,7 @@ "network.direction": "outbound", "network.packets": 12, "network.transport": "icmp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -1208,6 +1224,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -1281,6 +1298,7 @@ "network.direction": "outbound", "network.packets": 27, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -1354,6 +1372,7 @@ "network.direction": "outbound", "network.packets": 24, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -1427,6 +1446,7 @@ "network.direction": "outbound", "network.packets": 4, "network.transport": "icmp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -1500,6 +1520,7 @@ "network.direction": "outbound", "network.packets": 36, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -1573,6 +1594,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -1649,6 +1671,7 @@ "network.direction": "outbound", "network.packets": 25, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -1725,6 +1748,7 @@ "network.direction": "outbound", "network.packets": 8, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -1798,6 +1822,7 @@ "network.direction": "outbound", "network.packets": 12, "network.transport": "icmp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -1870,6 +1895,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -1942,6 +1968,7 @@ "network.direction": "outbound", "network.packets": 12, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -2015,6 +2042,7 @@ "network.direction": "outbound", "network.packets": 13, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -2091,6 +2119,7 @@ "network.direction": "outbound", "network.packets": 9, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -2164,6 +2193,7 @@ "network.direction": "outbound", "network.packets": 12, "network.transport": "icmp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -2237,6 +2267,7 @@ "network.direction": "outbound", "network.packets": 4, "network.transport": "icmp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -2310,6 +2341,7 @@ "network.direction": "outbound", "network.packets": 22, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -2383,6 +2415,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -2459,6 +2492,7 @@ "network.direction": "outbound", "network.packets": 1, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -2535,6 +2569,7 @@ "network.direction": "outbound", "network.packets": 20, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -2611,6 +2646,7 @@ "network.direction": "outbound", "network.packets": 38, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -2684,6 +2720,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -2757,6 +2794,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -2833,6 +2871,7 @@ "network.direction": "outbound", "network.packets": 44, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -2905,6 +2944,7 @@ "network.direction": "outbound", "network.packets": 104, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -2981,6 +3021,7 @@ "network.direction": "outbound", "network.packets": 32, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -3054,6 +3095,7 @@ "network.direction": "outbound", "network.packets": 15, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -3130,6 +3172,7 @@ "network.direction": "outbound", "network.packets": 31, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -3206,6 +3249,7 @@ "network.direction": "outbound", "network.packets": 31, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -3279,6 +3323,7 @@ "network.direction": "external", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -3352,6 +3397,7 @@ "network.direction": "internal", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -3428,6 +3474,7 @@ "network.direction": "inbound", "network.packets": 30, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -3501,6 +3548,7 @@ "network.direction": "unknown", "network.packets": 15, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -3573,6 +3621,7 @@ "network.direction": "unknown", "network.packets": 31, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -3646,6 +3695,7 @@ "network.direction": "unknown", "network.packets": 12, "network.transport": "icmp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -3717,6 +3767,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -3790,6 +3841,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -3863,6 +3915,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -3936,6 +3989,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -4009,6 +4063,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -4082,6 +4137,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -4155,6 +4211,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -4228,6 +4285,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -4301,6 +4359,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -4374,6 +4433,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -4447,6 +4507,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -4520,6 +4581,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -4593,6 +4655,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -4669,6 +4732,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -4742,6 +4806,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -4815,6 +4880,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -4888,6 +4954,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -4961,6 +5028,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -5034,6 +5102,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -5107,6 +5176,7 @@ "network.direction": "outbound", "network.packets": 11, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -5180,6 +5250,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -5253,6 +5324,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -5329,6 +5401,7 @@ "network.direction": "outbound", "network.packets": 9, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -5402,6 +5475,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -5475,6 +5549,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -5548,6 +5623,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -5621,6 +5697,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -5694,6 +5771,7 @@ "network.direction": "outbound", "network.packets": 4, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -5767,6 +5845,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -5840,6 +5919,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -5915,6 +5995,7 @@ "network.direction": "outbound", "network.packets": 24, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -5988,6 +6069,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -6061,6 +6143,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -6134,6 +6217,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -6210,6 +6294,7 @@ "network.direction": "outbound", "network.packets": 15, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -6286,6 +6371,7 @@ "network.direction": "outbound", "network.packets": 15, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -6362,6 +6448,7 @@ "network.direction": "outbound", "network.packets": 15, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -6435,6 +6522,7 @@ "network.direction": "outbound", "network.packets": 22, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -6511,6 +6599,7 @@ "network.direction": "outbound", "network.packets": 15, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -6587,6 +6676,7 @@ "network.direction": "outbound", "network.packets": 7, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -6663,6 +6753,7 @@ "network.direction": "outbound", "network.packets": 7, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -6739,6 +6830,7 @@ "network.direction": "outbound", "network.packets": 7, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -6815,6 +6907,7 @@ "network.direction": "outbound", "network.packets": 8, "network.transport": "tcp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -6888,6 +6981,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -6961,6 +7055,7 @@ "network.direction": "outbound", "network.packets": 12, "network.transport": "icmp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -7034,6 +7129,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -7107,6 +7203,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -7180,6 +7277,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -7253,6 +7351,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1", @@ -7326,6 +7425,7 @@ "network.direction": "outbound", "network.packets": 2, "network.transport": "udp", + "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", "palo_alto.pan_os.destination.interface": "ethernet1/1",