From ba9c7a1059165629db01bb0eba76d5664dd75253 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Tue, 11 Aug 2020 07:25:34 -0400 Subject: [PATCH] Add panw.panos.endreason field (#18705) (#20531) PANW firewalls expone why a session is ended (endreason). Currenlty it's not tracked. End reason is important to track down why a specific session is ended (timeout, rst from client/server...). This adds panw.panos.endreason. Co-authored-by: Andrea Dainese Co-authored-by: Adrian Serrano (cherry picked from commit 6c0c3bfee10b1c07cc6a3663ead2d3c3756228fe) Co-authored-by: dainok --- CHANGELOG.next.asciidoc | 1 + filebeat/docs/fields.asciidoc | 10 ++ x-pack/filebeat/module/panw/fields.go | 2 +- .../module/panw/panos/_meta/fields.yml | 5 + .../module/panw/panos/config/input.yml | 1 + .../panw/panos/test/traffic.log-expected.json | 100 ++++++++++++++++++ 6 files changed, 118 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index aa9ceed9392..9e909e33c4c 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -76,6 +76,7 @@ field. You can revert this change by configuring tags for the module and omittin - Adds Gsuite Groups support. {pull}19725[19725] - Move file metrics to dataset endpoint {pull}19977[19977] - Disable the option of running --machine-learning on its own. {pull}20241[20241] +- Tracking session end reason in panw module. {pull}18705[18705] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 637134f13d4..38bcbca69b4 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -105249,6 +105249,16 @@ type: long -- +*`panw.panos.endreason`*:: ++ +-- +The reason a session terminated. + + +type: keyword + +-- + [float] === network diff --git a/x-pack/filebeat/module/panw/fields.go b/x-pack/filebeat/module/panw/fields.go index 5864f7597ab..313130fb135 100644 --- a/x-pack/filebeat/module/panw/fields.go +++ b/x-pack/filebeat/module/panw/fields.go @@ -19,5 +19,5 @@ func init() { // AssetPanw returns asset data. // This is the base64 encoded gzipped contents of module/panw. func AssetPanw() string { - return "eJzMmM9u4zYQxu95irm5BeLcesmhQNpFgABpauw26HFBUyOJNcXRDkdxtU+/IC3LWouOtE42iG6STH6/+fNRpJewwfYaauW2FwBixGJ/l6HXbGox5K7h9wsAgL8oayxCTgwrZQlurBA8oGyJNx5+Wd08LP/+9OsFQG7QZv46DlqCU9Vh2nBJW+M1FExN3T1JiIXrNs4DOVMFUmKcA6pIcdX9aCgFR3rkD49Tqs9Jf6dPHOUTQe9iBkuFvxqOHWENyLix6FG+l+rwNthuibOjd88xAsCDqhAoj4xhcpBSCVRKdIkZSGk8ePTekLtKAnlqWGOSZ5SuaZouaUKA/wu6LGIJ1UuLT2g7MaD1f6jl6mh0Km1D0q/kjjmncjeDOFyfdlhBoKv3qawNeYwT5FyNkve6UL3KD5A5ddxg8GxRZxKtyMvy4eaffRlVljF6fwkm3z8Kb42HGjknrjAbM56u8yCzKcB9ACdezuAfR3C3SgH2qwhxKo97EEuueD2UIHaASVo1Qy/GqTDvG/l1oPjuTPthwPa+nDske4/2HVZ16OHh85cZedLKE2ae6aETMaVdPcPXk85+GdcMi7vd3uKN7N2pnWntWqv6s0l55BU8tFJ6gwJa1dIwwt2H6B8FUjKqU1mEF5poTkNrqqrGGWnToc8Jf2YKwvXnXi1mwNJ2WSpf9pvS0GG/LaWpD3viE42VG/tWm7wgdWZLheDO65c/jFPcQp+dfafsaDw6CbxrBOWUbb9iui7rNsbyr7HZreEwjp+MxtRyki5yMvcN2zdKfcP2zMxrJVgQtz/HzbexX2M9Hj/eh6+NLHxkf/x432unV+0wdl+QyzjmCTkzWoBcvI0VVi4D45MToJESGRaVskYbavziEhYFq3arGBeXQAyLNTpTuMWUiSxtx7Z/weHtLuwOnLLgmgrZaDAZOjG5QY5djEqX4/1C+hyHXxp0Gj+7plojJxkT37UJwHsqAJ1wOySLJ0zjwTjNWKETzDp5McraRB0fnfnS4CEkS0VEmoipW+wZnzmknpX30HXEu84JUnM+LkdQr9kGif8Wjhoh2vwH6MLNT+Xrs5YiGwIpffK8ModlOYK5iROCqA26nqD3yLcAAAD//yC/rB0=" + return "eJzMmE1v4zYQhu/5FXNzC8S59ZJDgbSLAAHS1NjdoMcFTY4s1hRHOxzF1f76grQsa2060jrZILpZCvk+8/HyI3NYY3sNtfKbCwCx4rD/ZTBotrVY8tfw+wUAwF9kGodQEMNCOYIbJwQPKBvidYBfFjcP878//XoBUFh0JlynQXPwqtpPGx9pa7yGFVNTd28yYvG5TfNAwVSBlJjmgCpRXHV/NJSCAz0K+9c51eekv9MnTvKZoLcxg6NVuBqOPcIakHHjMKB8L9XhrbHdEJuDb88xAsCDqhCoSIxxcpBSCVRKdIkGpLQBAoZgyV9lgQI1rDHLc5SucZouaUKA/wl6k7CE6rnDJ3SdGNDyX9RydTA6l7Yh6Tfyh5xjuZtAHJ9PW6wo0NX7VNaGPNYLcqGOkve6UL3KD5B5ddhg8GxRJxItKMj84ebzrozKGMYQLsEWu1fxqw1QIxfEFZpjxtN1HmQ2B7gL4MTHCfzHEdwtcoD9KkKcy+MOxJFfvR5KFNvDZK1qMIj1Ks77Rn4dKL47034YsL0v5w7J3qN9h1Udenj4/mVGHrXyiJkneuhETHlXT/D1qLNfxjXB4ugNowonDH7WAeFzPBikOUHteg8EuYpYw8Jmgfz2sPNG602nduZaU2tVf7E5076CqRdKr1FAq1oaRrj7kAytQEpGdaqs8EJXT3GYpqpqvJU2H/qU8CemID5/7tRSBhxt5qUKZX9Kji3/21yaen9IP9FYhXVvdeqMUme2VAzuvH75w3rFLfTZ2XXKliagl8i7RFBeufYb5uuybFMs/1hnbi3HcfxkNebWt3yRs7lv2L1R6ht2Z2ZeK8EVcftz3Hyb+jXV4/Hjfdz+ZBYS++PH+147v43EsbuCXKYxT8jGaoG4sJa4rbDyBmzIToBWSmSYVcpZbakJs0uYrVi1G8U4uwRimC3R25WfjZnI0ebY9i/YLO7iccUrB76pkK0Ga9CLLSxy6mJUujw+wOQvlvi1Qa/xi2+qJXKWMbPRjgDe0wrQC7dDsnTltQGs14wVekHTyYtVzmXq+Ojt1wb3ITlaJaSRmLrFnvGZW/NZeY9dR7ztnCg1ZXM5gHrNNsj8s+OgEZLNf4Au/vipfH3WcmRDIKVPXqCmsMyPYG7ShCBqjb4n6D3yfwAAAP//PRbQnA==" } diff --git a/x-pack/filebeat/module/panw/panos/_meta/fields.yml b/x-pack/filebeat/module/panw/panos/_meta/fields.yml index a5900461f08..1508ec99aef 100644 --- a/x-pack/filebeat/module/panw/panos/_meta/fields.yml +++ b/x-pack/filebeat/module/panw/panos/_meta/fields.yml @@ -61,6 +61,11 @@ description: > Post-NAT destination port. + - name: endreason + type: keyword + description: > + The reason a session terminated. + - name: network type: group description: > diff --git a/x-pack/filebeat/module/panw/panos/config/input.yml b/x-pack/filebeat/module/panw/panos/config/input.yml index 8cf62c795ab..eece005ad00 100644 --- a/x-pack/filebeat/module/panw/panos/config/input.yml +++ b/x-pack/filebeat/module/panw/panos/config/input.yml @@ -101,6 +101,7 @@ processors: source.packets: 44 server.packets: 45 destination.packets: 45 + panw.panos.endreason: 46 observer.hostname: 52 - extract_array: diff --git a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json index 62c6b543cca..3d742b52ee2 100644 --- a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json @@ -67,6 +67,7 @@ "panw.panos.destination.nat.ip": "184.51.253.152", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "22751", "panw.panos.network.nat.community_id": "1:D1fZ8H3SfYS5p3yDzVdiwbnGJlU=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -170,6 +171,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24223", "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -276,6 +278,7 @@ "panw.panos.destination.nat.ip": "17.253.3.202", "panw.panos.destination.nat.port": 80, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24138", "panw.panos.network.nat.community_id": "1:VnGCPYRgvHZCFJBmPOwtCg7/sMY=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -379,6 +382,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24043", "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -485,6 +489,7 @@ "panw.panos.destination.nat.ip": "216.58.194.99", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "23003", "panw.panos.network.nat.community_id": "1:pvg9sIAzBs2eyqMclcdCIYEBO1Q=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -588,6 +593,7 @@ "panw.panos.destination.nat.ip": "209.234.224.22", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "23919", "panw.panos.network.nat.community_id": "1:u81/Ahz4HsL4LAVrUEiPkbXlX9A=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -691,6 +697,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "21394", "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -794,6 +801,7 @@ "panw.panos.destination.nat.ip": "172.217.2.238", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "23698", "panw.panos.network.nat.community_id": "1:DoBKpBbAds/XQwbKPGjMrcuHTGo=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -897,6 +905,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24179", "panw.panos.network.nat.community_id": "1:viuINkmqZ3Q7wH9NHmhVu6rZuOs=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -1000,6 +1009,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "23933", "panw.panos.network.nat.community_id": "1:wR8JpmqlhC4f7BvxdzxRlKdkPiQ=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -1103,6 +1113,7 @@ "panw.panos.destination.nat.ip": "17.249.60.78", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-rst-from-client", "panw.panos.flow_id": "22662", "panw.panos.network.nat.community_id": "1:JuPhgq+FyomxcGW/tt851C0l4Hg=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -1206,6 +1217,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24161", "panw.panos.network.nat.community_id": "1:rsDXUIQYGBC2VYTxep2/bVIc3Xs=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -1309,6 +1321,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24107", "panw.panos.network.nat.community_id": "1:ewaPydF3S4wOU8oEi8ykj+ETSIY=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -1412,6 +1425,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24063", "panw.panos.network.nat.community_id": "1:+6FjOLCCWY+JDxSWKn7tYpAXksA=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -1515,6 +1529,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24145", "panw.panos.network.nat.community_id": "1:rR5F8eZHI1nwmznedxqG9e8vUQE=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -1618,6 +1633,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24245", "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -1721,6 +1737,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24167", "panw.panos.network.nat.community_id": "1:81Mi4MwpmNYtUrc7CMJH0MPRelU=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -1824,6 +1841,7 @@ "panw.panos.destination.nat.ip": "98.138.49.44", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24212", "panw.panos.network.nat.community_id": "1:FfbVY/+5Mds7zDjSs5/Yfw5bxNQ=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -1927,6 +1945,7 @@ "panw.panos.destination.nat.ip": "72.30.3.43", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24149", "panw.panos.network.nat.community_id": "1:TGvDRLypWuNWkuMsAxPzc5TSbAo=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -2030,6 +2049,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24185", "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -2133,6 +2153,7 @@ "panw.panos.destination.nat.ip": "172.217.9.142", "panw.panos.destination.nat.port": 80, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "23856", "panw.panos.network.nat.community_id": "1:NNgF+9vrbBFNpCI3JhUT4YWepd4=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -2236,6 +2257,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24173", "panw.panos.network.nat.community_id": "1:9T+RKr8xDB21pvAf/Fihyq72sLY=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -2342,6 +2364,7 @@ "panw.panos.destination.nat.ip": "54.84.80.198", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24257", "panw.panos.network.nat.community_id": "1:k69UBIONLgCiGo9UhMOEY0pQnZ4=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -2446,6 +2469,7 @@ "panw.panos.destination.nat.ip": "199.167.55.52", "panw.panos.destination.nat.port": 4282, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24090", "panw.panos.network.nat.community_id": "1:07q7McJtir76GhJwAJffz+C0sNo=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -2549,6 +2573,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24242", "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -2649,6 +2674,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24190", "panw.panos.network.nat.community_id": "1:JM1EdN05nKTy8Sq9WGpY15fCNJk=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -2749,6 +2775,7 @@ "panw.panos.destination.nat.ip": "172.217.9.142", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "23892", "panw.panos.network.nat.community_id": "1:3vS12CJ5QBY6RbGXOUPYKL9E0+U=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -2852,6 +2879,7 @@ "panw.panos.destination.nat.ip": "151.101.2.2", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-rst-from-client", "panw.panos.flow_id": "24360", "panw.panos.network.nat.community_id": "1:l6nFWeOSs/2aQaVCfYhfQ09l0ko=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -2958,6 +2986,7 @@ "panw.panos.destination.nat.ip": "216.58.194.66", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "23952", "panw.panos.network.nat.community_id": "1:hVpNmZPedeB/gYRm9U4/gS+LNkQ=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -3061,6 +3090,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24328", "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -3164,6 +3194,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24385", "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -3267,6 +3298,7 @@ "panw.panos.destination.nat.ip": "184.51.253.193", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24172", "panw.panos.network.nat.community_id": "1:zBrhHOnlJT7YZV7WXiPAQBEhScI=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -3370,6 +3402,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24131", "panw.panos.network.nat.community_id": "1:QjiWUuclXv+JzWhbuYDyyP+YyTk=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -3474,6 +3507,7 @@ "panw.panos.destination.nat.ip": "199.167.55.52", "panw.panos.destination.nat.port": 4282, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24393", "panw.panos.network.nat.community_id": "1:WSYAeVnYXY4WmfLFYEEo/atQJE8=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -3580,6 +3614,7 @@ "panw.panos.destination.nat.ip": "199.167.52.219", "panw.panos.destination.nat.port": 17472, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-rst-from-client", "panw.panos.flow_id": "24976", "panw.panos.network.nat.community_id": "1:XrQuj5ypAzAqGAy0lpIvWQVVZ2E=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -3686,6 +3721,7 @@ "panw.panos.destination.nat.ip": "52.71.117.196", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-rst-from-client", "panw.panos.flow_id": "24348", "panw.panos.network.nat.community_id": "1:EG9O/WtvoWuYwaB1MXJTgr43kac=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -3789,6 +3825,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24046", "panw.panos.network.nat.community_id": "1:eI0W7/EQJgRBimA1ZM4XVOSKMqo=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -3892,6 +3929,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24196", "panw.panos.network.nat.community_id": "1:uSrPYHIl4eJpdC+J0IAMuGStuNc=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -3998,6 +4036,7 @@ "panw.panos.destination.nat.ip": "35.186.194.41", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24264", "panw.panos.network.nat.community_id": "1:djhBHAw6H+Q9Bcz6i7V+GTrjtzA=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -4100,6 +4139,7 @@ "panw.panos.destination.nat.ip": "35.201.124.9", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24248", "panw.panos.network.nat.community_id": "1:hIY5A8O11VWtEfpYG2l5voTvbVQ=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -4206,6 +4246,7 @@ "panw.panos.destination.nat.ip": "100.24.131.237", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-rst-from-client", "panw.panos.flow_id": "24268", "panw.panos.network.nat.community_id": "1:sXYelUOdA/EfjcKKE8M5kPe+M+c=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -4309,6 +4350,7 @@ "panw.panos.destination.nat.ip": "184.51.252.247", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-rst-from-client", "panw.panos.flow_id": "24175", "panw.panos.network.nat.community_id": "1:D6pPzYoIWTOXxVzuweKvZYK6FVE=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -4415,6 +4457,7 @@ "panw.panos.destination.nat.ip": "35.190.88.148", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24312", "panw.panos.network.nat.community_id": "1:VFQjrA+iaNcIu6vFJNU6ls7+4Is=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -4521,6 +4564,7 @@ "panw.panos.destination.nat.ip": "35.186.243.83", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24164", "panw.panos.network.nat.community_id": "1:Xx31zYZNYc/mjf2GOihkp6JogmA=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -4624,6 +4668,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24198", "panw.panos.network.nat.community_id": "1:445AeHI1LAvb+ii4arRZeLAO4zM=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -4727,6 +4772,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "trust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24184", "panw.panos.network.nat.community_id": "1:+5KwsEYW+tFecEENSBwHbKTvUv8=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -4833,6 +4879,7 @@ "panw.panos.destination.nat.ip": "100.24.165.74", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "trust", + "panw.panos.endreason": "tcp-rst-from-client", "panw.panos.flow_id": "24314", "panw.panos.network.nat.community_id": "1:DRqq/mx90TOYq1a5yLf562kwIvc=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -4936,6 +4983,7 @@ "panw.panos.destination.nat.ip": "184.51.252.247", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-rst-from-client", "panw.panos.flow_id": "24204", "panw.panos.network.nat.community_id": "1:vx03vuDn4sh2/e89Lm3RoSpVIVM=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -5038,6 +5086,7 @@ "panw.panos.destination.nat.ip": "35.201.94.140", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "xuntrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24234", "panw.panos.network.nat.community_id": "1:u1uvQ3wfJoaG/nNiBhvQMHQSVlU=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -5138,6 +5187,7 @@ "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24390", "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -5240,6 +5290,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24093", "panw.panos.network.nat.community_id": "1:lz0ZCL4R4wwyqmvefpkiJk7yR18=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -5343,6 +5394,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24117", "panw.panos.network.nat.community_id": "1:DkOVz0BGrlh9OPZZ8+58eugW7gU=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -5446,6 +5498,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24142", "panw.panos.network.nat.community_id": "1:twx1eOqehbazvI0g0nkTeVynrY0=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -5549,6 +5602,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24195", "panw.panos.network.nat.community_id": "1:hcgjXpi+ne3QnFDBLeskkVg4V+M=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -5652,6 +5706,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24124", "panw.panos.network.nat.community_id": "1:C91XK45Q10iqwwp4XYM+Wg1Ua8A=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -5755,6 +5810,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24153", "panw.panos.network.nat.community_id": "1:hsTAFtOdeb7+Ofe152B+9h69mbE=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -5858,6 +5914,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24122", "panw.panos.network.nat.community_id": "1:htOXUg3QOGd0fpgLjYzQlvRMzUQ=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -5961,6 +6018,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24171", "panw.panos.network.nat.community_id": "1:gHWCOTtilTTqOn7fOKh7zVq45Xw=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -6064,6 +6122,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24069", "panw.panos.network.nat.community_id": "1:OGDvpe1+4KQfCsxk0I61jm0+DIc=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -6167,6 +6226,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24282", "panw.panos.network.nat.community_id": "1:po/vy4RoD5WeFPgCZnduQkE47yY=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -6270,6 +6330,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24218", "panw.panos.network.nat.community_id": "1:wIxYOe++IxscmxBcRwrPGEIlZF4=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -6373,6 +6434,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24200", "panw.panos.network.nat.community_id": "1:xN7R3QI47jVAQhgJrOAvdsu+oes=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -6476,6 +6538,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24224", "panw.panos.network.nat.community_id": "1:BxuDgAhR5Rh55XOXYnYF+6GKhps=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -6582,6 +6645,7 @@ "panw.panos.destination.nat.ip": "66.28.0.45", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24240", "panw.panos.network.nat.community_id": "1:Yv+Yq/7HK9SajeKHOV50RYQWjRU=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -6685,6 +6749,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24183", "panw.panos.network.nat.community_id": "1:MxVcaRP5Y1xyEiYiNsmO1lVcN+A=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -6788,6 +6853,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24211", "panw.panos.network.nat.community_id": "1:p8DU1xLXG63f/3s/r6ZKJcQo9u8=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -6891,6 +6957,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24253", "panw.panos.network.nat.community_id": "1:bU3nBIz+M3cDoPKg8azcJgVx+8Q=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -6994,6 +7061,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24221", "panw.panos.network.nat.community_id": "1:vnb4ttnFy2i39tg89p3jkGs6eDg=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -7097,6 +7165,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24310", "panw.panos.network.nat.community_id": "1:71/qcXOmOV3sXCqZ1T6JVPlE9y8=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -7203,6 +7272,7 @@ "panw.panos.destination.nat.ip": "23.52.174.25", "panw.panos.destination.nat.port": 80, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24326", "panw.panos.network.nat.community_id": "1:5ECmBtgiSUvWFJAA318pVeeu5Pw=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -7306,6 +7376,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24201", "panw.panos.network.nat.community_id": "1:hxrz+dYE5XEf60JMlFz6JKWD6Ek=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -7409,6 +7480,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24130", "panw.panos.network.nat.community_id": "1:8cb9oPS9OJnzqGAkowgmRpiqmJU=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -7515,6 +7587,7 @@ "panw.panos.destination.nat.ip": "54.230.5.228", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24237", "panw.panos.network.nat.community_id": "1:Qc2oBV7ermdHPwGTWFOi4D1TcLg=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -7618,6 +7691,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24108", "panw.panos.network.nat.community_id": "1:5IHTDvzRd4yPLPdpI4ErHcRK4/w=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -7721,6 +7795,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24247", "panw.panos.network.nat.community_id": "1:0s4n+/itsIbV3mUc8OnOxmZ6exs=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -7824,6 +7899,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24098", "panw.panos.network.nat.community_id": "1:+GsjKlESn/QeXwrAsS8c8EaMzi0=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -7927,6 +8003,7 @@ "panw.panos.destination.nat.ip": "208.83.246.20", "panw.panos.destination.nat.port": 123, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24263", "panw.panos.network.nat.community_id": "1:OSARbLstqz9D5CGo0NQuv0a9g20=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -8029,6 +8106,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24258", "panw.panos.network.nat.community_id": "1:Cc+ekkpKaB3f2BPdSyd/esY/QVI=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -8131,6 +8209,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24155", "panw.panos.network.nat.community_id": "1:uPFYX4KL/wjyCp4kt+08v7myT3w=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -8233,6 +8312,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24232", "panw.panos.network.nat.community_id": "1:f3vxOCmoOo/FOLV6VRqKjZ7eUVE=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -8337,6 +8417,7 @@ "panw.panos.destination.nat.ip": "35.185.88.112", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-rst-from-client", "panw.panos.flow_id": "24330", "panw.panos.network.nat.community_id": "1:/rmnQ6QBbJzgkfNBrkCgvu5UHiU=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -8440,6 +8521,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "23960", "panw.panos.network.nat.community_id": "1:9Ub1pskil4C0tLo85OJa61g1D0Q=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -8543,6 +8625,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24236", "panw.panos.network.nat.community_id": "1:rh7nCIUBzUAekx4F+OTwBbpRh+E=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -8646,6 +8729,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24276", "panw.panos.network.nat.community_id": "1:eIIc+AXkJtZLyfNqUAVZLumaYVQ=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -8752,6 +8836,7 @@ "panw.panos.destination.nat.ip": "50.19.85.24", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-rst-from-client", "panw.panos.flow_id": "24299", "panw.panos.network.nat.community_id": "1:Mn7w9ScywW3qjDMNsO8QsGj6BY0=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -8858,6 +8943,7 @@ "panw.panos.destination.nat.ip": "50.19.85.24", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-rst-from-client", "panw.panos.flow_id": "24229", "panw.panos.network.nat.community_id": "1:8oAG19bm5FROhazDy0CcTH+Cfqc=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -8964,6 +9050,7 @@ "panw.panos.destination.nat.ip": "50.19.85.24", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-rst-from-client", "panw.panos.flow_id": "24283", "panw.panos.network.nat.community_id": "1:ZhVElLU1QcpGayhElc2L/+Rp+xw=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -9067,6 +9154,7 @@ "panw.panos.destination.nat.ip": "104.254.150.9", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-rst-from-client", "panw.panos.flow_id": "24369", "panw.panos.network.nat.community_id": "1:aHhDlT3Bx285CJRrBykpRsei1a0=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -9173,6 +9261,7 @@ "panw.panos.destination.nat.ip": "50.19.85.24", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-rst-from-client", "panw.panos.flow_id": "24354", "panw.panos.network.nat.community_id": "1:RLfRarGPGl+PnGhB8fb+S+uTX1o=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -9279,6 +9368,7 @@ "panw.panos.destination.nat.ip": "52.0.218.108", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24254", "panw.panos.network.nat.community_id": "1:/0iCZCsnpk+5MR4Tc26unyr/T4Q=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -9385,6 +9475,7 @@ "panw.panos.destination.nat.ip": "52.6.117.19", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24246", "panw.panos.network.nat.community_id": "1:486dmnLzuTH8P7j6jI6JsUtW2VU=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -9491,6 +9582,7 @@ "panw.panos.destination.nat.ip": "34.238.96.22", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24343", "panw.panos.network.nat.community_id": "1:6LTK93w8ZdfxzSfZXzebKR6jWxo=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -9597,6 +9689,7 @@ "panw.panos.destination.nat.ip": "130.211.47.17", "panw.panos.destination.nat.port": 443, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "tcp-fin", "panw.panos.flow_id": "24262", "panw.panos.network.nat.community_id": "1:roV5JFl0FdQHIRUkgeZm+ZeyeCQ=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -9700,6 +9793,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24281", "panw.panos.network.nat.community_id": "1:5G+JVi/ClM/MfHhUL//vH/GmuaA=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -9803,6 +9897,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24424", "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -9906,6 +10001,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24230", "panw.panos.network.nat.community_id": "1:mdksC4jGw6MN7g3nGdquiqQ95vU=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -10009,6 +10105,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24243", "panw.panos.network.nat.community_id": "1:+zC2Y+UE7UqApr01oqb755Xyuf4=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -10112,6 +10209,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24077", "panw.panos.network.nat.community_id": "1:xawqUBgLyfe1E61ObEXv4nbO590=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -10215,6 +10313,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24266", "panw.panos.network.nat.community_id": "1:PDWWOeDVqKGZ/hwjVVdCDdF6qB4=", "panw.panos.ruleset": "new_outbound_from_trust", @@ -10318,6 +10417,7 @@ "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, "panw.panos.destination.zone": "untrust", + "panw.panos.endreason": "aged-out", "panw.panos.flow_id": "24269", "panw.panos.network.nat.community_id": "1:yNIHAg1M08IChho9000mtg7zUOc=", "panw.panos.ruleset": "new_outbound_from_trust",