diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 7946e3ca5c2..a9cf9783ce3 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -32,6 +32,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix parsing of Elasticsearch node name by `elasticsearch/slowlog` fileset. {pull}14547[14547] - CEF extensions are now mapped to the data types defined in the CEF guide. {pull}14342[14342] +- Improve ECS field mappings in panw module. event.outcome now only contains success/failure per ECS specification. {issue}16025[16025] {pull}17910[17910] *Heartbeat* diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 5e163ab76c5..b1412d99429 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -28240,6 +28240,15 @@ type: keyword Palo Alto Networks name for the threat. +type: keyword + +-- + +*`panw.panos.action`*:: ++ +-- +Action taken for the session. + type: keyword -- diff --git a/x-pack/filebeat/module/panw/fields.go b/x-pack/filebeat/module/panw/fields.go index 8d877ad9d7e..5864f7597ab 100644 --- a/x-pack/filebeat/module/panw/fields.go +++ b/x-pack/filebeat/module/panw/fields.go @@ -19,5 +19,5 @@ func init() { // AssetPanw returns asset data. // This is the base64 encoded gzipped contents of module/panw. func AssetPanw() string { - return "eJzMmM9u4zYQxu95irm5BeLcesmhQNpFgABpauw26HFBUyOJNcXRDkdxtU+/IC3bWpu2tLbXiG6STH6/+fNRpKewwPYeauWWNwBixOLmLkOv2dRiyN3D7zcAAH9R1liEnBhmyhI8WCF4QVkSLzz8Mnt4mf796dcbgNygzfx9HDQFp6rttOGStsZ7KJiaunuSEAvXY5wHcqYKpMQ4B1SR4q77UV8KdvTIbx+nVI9Jf6dPHOUTQa9iBkuFv+uP3cPqkXFj0aN8L9XhLbBdEmc7744xAsCLqhAoj4xhcpBSCVRKdIkZSGk8ePTekLtLAnlqWGOSZy9dwzRd0oQA/xd0WcQSqqcW39B2YkDz/1DL3c7oVNr6pF/J7XIO5W4Ecbg+rbCCQFfvQ1nr8xgnyLnaS95loTYqP0Dm1G6DwdGijiSakZfpy8M/6zKqLGP0/hZMvn4U3hoPNXJOXGG2z3i4zr3MpgDXARx4OYJ/P4KnWQpws4oQp/K4BrHkisuhBLEtTNKqGXoxToV5r+TXnuK7M+2HHtv7cm6f7D3at1/Vvof7z88z8qCVB8w80kMHYkq7eoSvB519HtcIi7vV3uJK9u7UTrR2rVX92aQ8cgEPzZReoIBWtTSM8PQh+keBlIzqUBbhTBONaWhNVdU4I2069DHhj0xBuP5cq8UMWFpOS+XLzaY0dNhvU2nq7Z74QGPlxl5rkxekTmypENxp/fKHcYpb2GRn3SkrGo9OAu8cQTll26+Yrsu8jbH8a2z2aDiM4zejMbWcpIuczH3D9kqpb9iemHmtBAvi9ue4+TH2a6zH68fn8LWRiY/srx+fN9rpVTuMXRfkNo55Q86MFiAXb2OFlcvA+OQEaKREhkmlrNGGGj+5hUnBql0qxsktEMNkjs4UbjJkIkvLfdufcXh7CrsDpyy4pkI2GkyGTkxukGMXo9Ll/n4hfY7DLw06jZ9dU82Rk4yJ79oA4DMVgE647ZPFE6bxYJxmrNAJZp28GGVtoo6vznxpcBuSpSIiDcTULfaMRw6pJ+U9dB3xqnOC1JiPyw7UJdsg8d/CTiNEm/8AXbj5qXybrPXJvgUAAP//KvmK+g==" + return "eJzMmM9u4zYQxu95irm5BeLcesmhQNpFgABpauw26HFBUyOJNcXRDkdxtU+/IC3LWouOtE42iG6STH6/+fNRpJewwfYaauW2FwBixGJ/l6HXbGox5K7h9wsAgL8oayxCTgwrZQlurBA8oGyJNx5+Wd08LP/+9OsFQG7QZv46DlqCU9Vh2nBJW+M1FExN3T1JiIXrNs4DOVMFUmKcA6pIcdX9aCgFR3rkD49Tqs9Jf6dPHOUTQe9iBkuFvxqOHWENyLix6FG+l+rwNthuibOjd88xAsCDqhAoj4xhcpBSCVRKdIkZSGk8ePTekLtKAnlqWGOSZ5SuaZouaUKA/wu6LGIJ1UuLT2g7MaD1f6jl6mh0Km1D0q/kjjmncjeDOFyfdlhBoKv3qawNeYwT5FyNkve6UL3KD5A5ddxg8GxRZxKtyMvy4eaffRlVljF6fwkm3z8Kb42HGjknrjAbM56u8yCzKcB9ACdezuAfR3C3SgH2qwhxKo97EEuueD2UIHaASVo1Qy/GqTDvG/l1oPjuTPthwPa+nDske4/2HVZ16OHh85cZedLKE2ae6aETMaVdPcPXk85+GdcMi7vd3uKN7N2pnWntWqv6s0l55BU8tFJ6gwJa1dIwwt2H6B8FUjKqU1mEF5poTkNrqqrGGWnToc8Jf2YKwvXnXi1mwNJ2WSpf9pvS0GG/LaWpD3viE42VG/tWm7wgdWZLheDO65c/jFPcQp+dfafsaDw6CbxrBOWUbb9iui7rNsbyr7HZreEwjp+MxtRyki5yMvcN2zdKfcP2zMxrJVgQtz/HzbexX2M9Hj/eh6+NLHxkf/x432unV+0wdl+QyzjmCTkzWoBcvI0VVi4D45MToJESGRaVskYbavziEhYFq3arGBeXQAyLNTpTuMWUiSxtx7Z/weHtLuwOnLLgmgrZaDAZOjG5QY5djEqX4/1C+hyHXxp0Gj+7plojJxkT37UJwHsqAJ1wOySLJ0zjwTjNWKETzDp5McraRB0fnfnS4CEkS0VEmoipW+wZnzmknpX30HXEu84JUnM+LkdQr9kGif8Wjhoh2vwH6MLNT+Xrs5YiGwIpffK8ModlOYK5iROCqA26nqD3yLcAAAD//yC/rB0=" } diff --git a/x-pack/filebeat/module/panw/panos/_meta/fields.yml b/x-pack/filebeat/module/panw/panos/_meta/fields.yml index 14920667ca6..a5900461f08 100644 --- a/x-pack/filebeat/module/panw/panos/_meta/fields.yml +++ b/x-pack/filebeat/module/panw/panos/_meta/fields.yml @@ -127,3 +127,7 @@ type: keyword description: > Palo Alto Networks name for the threat. + - name: action + type: keyword + description: >- + Action taken for the session. diff --git a/x-pack/filebeat/module/panw/panos/config/input.yml b/x-pack/filebeat/module/panw/panos/config/input.yml index 7998f04511a..929237b99af 100644 --- a/x-pack/filebeat/module/panw/panos/config/input.yml +++ b/x-pack/filebeat/module/panw/panos/config/input.yml @@ -70,7 +70,7 @@ processors: destination.nat.port: 27 _temp_.labels: 28 network.transport: 29 - event.outcome: 30 + panw.panos.action: 30 network.bytes: 31 client.bytes: 32 destination.bytes: 32 @@ -123,7 +123,7 @@ processors: destination.nat.port: 27 _temp_.labels: 28 network.transport: 29 - event.outcome: 30 + panw.panos.action: 30 panw.panos.threat.resource: 31 url.original: 31 panw.panos.threat.name: 32 diff --git a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml index 135d90a04dc..1c2c912bd87 100644 --- a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml +++ b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml @@ -175,34 +175,82 @@ processors: # Set event.category depending on log type. - set: + field: event.kind + value: event + if: 'ctx?._temp_?.message_type == "TRAFFIC"' + - append: field: event.category - value: network_traffic + value: + - network_traffic + - network if: 'ctx?._temp_?.message_type == "TRAFFIC"' - set: + field: event.kind + value: alert + if: 'ctx?._temp_?.message_type == "THREAT"' + - append: field: event.category - value: security_threat + value: + - security_threat + - intrusion_detection + - network if: 'ctx?._temp_?.message_type == "THREAT"' - - drop: if: 'ctx?.event?.category == null' + - append: + field: event.type + value: allowed + if: "ctx?.panw?.panos?.action != null && ['alert', 'allow', 'continue'].contains(ctx.panw.panos.action)" + - append: + field: event.type + value: denied + if: "ctx?.panw?.panos?.action != null && ['deny', 'drop', 'reset-client', 'reset-server', 'reset-both', 'block-url', 'block-ip', 'random-drop', 'sinkhole', 'block'].contains(ctx.panw.panos.action)" + - set: + field: event.outcome + value: success + # event.action for traffic logs. - set: field: event.action value: flow_started if: 'ctx?._temp_?.message_subtype == "start"' + - append: + field: event.type + value: + - start + - connection + if: 'ctx?._temp_?.message_subtype == "start"' - set: field: event.action value: flow_terminated if: 'ctx?._temp_?.message_subtype == "end"' + - append: + field: event.type + value: + - end + - connection + if: 'ctx?._temp_?.message_subtype == "end"' - set: field: event.action value: flow_dropped if: 'ctx?._temp_?.message_subtype == "drop"' + - append: + field: event.type + value: + - denied + - connection + if: 'ctx?._temp_?.message_subtype == "drop"' - set: field: event.action value: flow_denied if: 'ctx?._temp_?.message_subtype == "deny"' + - append: + field: event.type + value: + - denied + - connection + if: 'ctx?._temp_?.message_subtype == "deny"' # event.action for threat logs. - set: @@ -276,21 +324,21 @@ processors: # Normalize event.outcome. # These values appear in the TRAFFIC docs but look like a mistake. - set: - field: event.outcome + field: panw.panos.action value: 'drop-icmp' - if: 'ctx?.event?.outcome == "drop icmp" || ctx?.event?.outcome == "drop ICMP"' + if: 'ctx?.panw?.panos?.action == "drop icmp" || ctx?.panw?.panos?.action == "drop ICMP"' - set: - field: event.outcome + field: panw.panos.action value: 'reset-both' - if: 'ctx?.event?.outcome == "reset both"' + if: 'ctx?.panw?.panos?.action == "reset both"' - set: - field: event.outcome + field: panw.panos.action value: 'reset-client' - if: 'ctx?.event?.outcome == "reset client"' + if: 'ctx?.panw?.panos?.action == "reset client"' - set: - field: event.outcome + field: panw.panos.action value: 'reset-server' - if: 'ctx?.event?.outcome == "reset server"' + if: 'ctx?.panw?.panos?.action == "reset server"' # Build related.ip array from src/dest/NAT IPs. - append: @@ -391,6 +439,36 @@ processors: value: 'URL-filtering' if: 'ctx?.panw?.panos?.threat?.id == "9999"' + - set: + field: rule.name + value: "{{panw.panos.ruleset}}" + if: "ctx?.panw?.panos?.ruleset != null" + + - append: + field: related.user + value: "{{client.user.name}}" + if: "ctx?.client?.user?.name != null" + + - append: + field: related.user + value: "{{source.user.name}}" + if: "ctx?.source?.user?.name != null" + + - append: + field: related.user + value: "{{server.user.name}}" + if: "ctx?.server?.user?.name != null" + + - append: + field: related.user + value: "{{destination.user.name}}" + if: "ctx?.destination?.user?.name != null" + + - append: + field: related.hash + value: "{{panw.panos.file.hash}}" + if: "ctx?.panw?.panos?.file?.hash != null" + # Remove temporary fields. - remove: field: diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json index e94019b5a55..5b43295399c 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json @@ -23,14 +23,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:56.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:56.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -44,6 +53,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -62,6 +72,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json index ecf18d56eb3..f6ca00ac200 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json @@ -20,12 +20,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -38,6 +46,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -58,6 +67,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -94,12 +108,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -112,6 +134,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -132,6 +155,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -168,12 +196,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -186,6 +222,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -206,6 +243,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -242,12 +284,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -260,6 +310,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -280,6 +331,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -316,12 +372,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -334,6 +398,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -354,6 +419,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -390,12 +460,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -408,6 +486,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -428,6 +507,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -464,12 +548,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -482,6 +574,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -502,6 +595,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -538,12 +636,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -556,6 +662,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -576,6 +683,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -612,12 +724,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -630,6 +750,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -650,6 +771,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -686,12 +812,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -704,6 +838,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -724,6 +859,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -760,12 +900,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -778,6 +926,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -798,6 +947,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -834,12 +988,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -852,6 +1014,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -872,6 +1035,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -908,12 +1076,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -926,6 +1102,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -946,6 +1123,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -982,12 +1164,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -999,6 +1189,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1019,6 +1210,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -1055,12 +1251,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1073,6 +1277,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1093,6 +1298,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -1129,12 +1339,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1147,6 +1365,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1167,6 +1386,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -1200,12 +1424,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1217,6 +1449,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1237,6 +1470,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "78.159.99.224", "server.port": 80, "service.type": "panw", @@ -1273,12 +1511,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1291,6 +1537,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1311,6 +1558,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -1347,12 +1599,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1365,6 +1625,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1385,6 +1646,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -1421,12 +1687,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1439,6 +1713,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1459,6 +1734,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -1495,12 +1775,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1513,6 +1801,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1533,6 +1822,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -1569,12 +1863,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1587,6 +1889,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1607,6 +1910,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -1643,12 +1951,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1661,6 +1977,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1681,6 +1998,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -1717,12 +2039,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1735,6 +2065,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1755,6 +2086,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -1791,12 +2127,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1809,6 +2153,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1829,6 +2174,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -1865,12 +2215,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1883,6 +2241,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1903,6 +2262,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -1939,12 +2303,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1957,6 +2329,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1977,6 +2350,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -2013,12 +2391,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2031,6 +2417,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2051,6 +2438,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -2087,12 +2479,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2105,6 +2505,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2125,6 +2526,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -2161,12 +2567,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2179,6 +2593,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2199,6 +2614,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -2235,12 +2655,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2253,6 +2681,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2273,6 +2702,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -2309,12 +2743,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2327,6 +2769,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2347,6 +2790,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -2383,12 +2831,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2401,6 +2857,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2421,6 +2878,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -2454,12 +2916,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2471,6 +2941,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2491,6 +2962,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "69.43.161.167", "server.port": 80, "service.type": "panw", @@ -2524,12 +3000,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2541,6 +3025,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2561,6 +3046,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "202.31.187.154", "server.port": 80, "service.type": "panw", @@ -2594,12 +3084,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2611,6 +3109,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2631,6 +3130,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "89.111.176.67", "server.port": 80, "service.type": "panw", @@ -2667,12 +3171,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2684,6 +3196,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2704,6 +3217,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -2737,12 +3255,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2754,6 +3280,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2774,6 +3301,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "208.73.210.29", "server.port": 80, "service.type": "panw", @@ -2807,12 +3339,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2824,6 +3364,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2844,6 +3385,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "208.73.210.29", "server.port": 80, "service.type": "panw", @@ -2880,12 +3426,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2897,6 +3451,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2917,6 +3472,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -2950,12 +3510,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2967,6 +3535,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2987,6 +3556,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "208.73.210.29", "server.port": 80, "service.type": "panw", @@ -3020,12 +3594,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3037,6 +3619,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3057,6 +3640,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "89.108.64.156", "server.port": 80, "service.type": "panw", @@ -3090,12 +3678,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3107,6 +3703,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3127,6 +3724,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "89.108.64.156", "server.port": 80, "service.type": "panw", @@ -3154,10 +3756,15 @@ "destination.port": 58849, "destination.user.name": "crusher", "event.action": "spyware_detected", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "drop-all-packets", + "event.outcome": "success", "event.severity": 1, "event.timezone": "-02:00", "fileset.name": "panos", @@ -3171,6 +3778,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "drop-all-packets", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3191,6 +3799,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 58849, "server.user.name": "crusher", @@ -3236,12 +3849,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3253,6 +3874,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3273,6 +3895,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "216.8.179.25", "server.port": 80, "service.type": "panw", @@ -3306,12 +3933,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3323,6 +3958,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3343,6 +3979,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "69.43.161.154", "server.port": 80, "service.type": "panw", @@ -3376,12 +4017,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3393,6 +4042,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3413,6 +4063,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "208.91.196.252", "server.port": 80, "service.type": "panw", @@ -3446,12 +4101,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3463,6 +4126,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3483,6 +4147,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "208.73.210.29", "server.port": 80, "service.type": "panw", @@ -3519,12 +4188,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3536,6 +4213,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3556,6 +4234,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -3592,12 +4275,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3609,6 +4300,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3629,6 +4321,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -3665,12 +4362,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3682,6 +4387,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3702,6 +4408,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -3738,12 +4449,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3755,6 +4474,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "1606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3775,6 +4495,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -3811,12 +4536,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3828,6 +4561,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "1606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3848,6 +4582,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -3875,12 +4614,20 @@ "destination.port": 54431, "destination.user.name": "crusher", "event.action": "file_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "deny", + "event.outcome": "success", "event.severity": 4, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3892,6 +4639,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "1606001116", + "panw.panos.action": "deny", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3912,6 +4660,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 54431, "server.user.name": "crusher", @@ -3957,12 +4710,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3974,6 +4735,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "1606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3994,6 +4756,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -4021,12 +4788,20 @@ "destination.port": 61220, "destination.user.name": "crusher", "event.action": "file_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "deny", + "event.outcome": "success", "event.severity": 4, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4038,6 +4813,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "deny", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4058,6 +4834,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 61220, "server.user.name": "crusher", @@ -4094,12 +4875,20 @@ "destination.port": 61726, "destination.user.name": "crusher", "event.action": "file_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "deny", + "event.outcome": "success", "event.severity": 4, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4111,6 +4900,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "deny", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4131,6 +4921,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 61726, "server.user.name": "crusher", @@ -4175,12 +4970,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4192,6 +4995,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4212,6 +5016,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -4239,12 +5048,20 @@ "destination.port": 60212, "destination.user.name": "crusher", "event.action": "file_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "deny", + "event.outcome": "success", "event.severity": 4, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4256,6 +5073,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "deny", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4276,6 +5094,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 60212, "server.user.name": "crusher", @@ -4309,12 +5132,20 @@ "destination.port": 60392, "destination.user.name": "crusher", "event.action": "file_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "deny", + "event.outcome": "success", "event.severity": 4, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4326,6 +5157,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "deny", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4346,6 +5178,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 60392, "server.user.name": "crusher", @@ -4388,12 +5225,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4405,6 +5250,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4425,6 +5271,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "213.180.199.61", "server.port": 80, "service.type": "panw", @@ -4458,12 +5309,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4475,6 +5334,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4495,6 +5355,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "213.180.199.61", "server.port": 80, "service.type": "panw", @@ -4528,12 +5393,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4545,6 +5418,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4565,6 +5439,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "213.180.199.61", "server.port": 80, "service.type": "panw", @@ -4592,12 +5471,20 @@ "destination.port": 54431, "destination.user.name": "crusher", "event.action": "file_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "deny", + "event.outcome": "success", "event.severity": 4, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4609,6 +5496,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "deny", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4629,6 +5517,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 54431, "server.user.name": "crusher", @@ -4674,12 +5567,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4691,6 +5592,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4711,6 +5613,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.ip": "204.232.231.46", "server.port": 80, "service.type": "panw", @@ -4747,12 +5654,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4764,6 +5679,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4784,6 +5700,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "207.46.140.46", "server.port": 80, "service.type": "panw", @@ -4811,12 +5732,20 @@ "destination.port": 1039, "destination.user.name": "jordy", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4828,6 +5757,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4848,6 +5778,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "192.168.0.6", "server.port": 1039, "server.user.name": "jordy", @@ -4884,12 +5819,20 @@ "destination.port": 1064, "destination.user.name": "jordy", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4901,6 +5844,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4921,6 +5865,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "192.168.0.6", "server.port": 1064, "server.user.name": "jordy", @@ -4966,12 +5915,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4983,6 +5940,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5003,6 +5961,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "65.54.71.11", "server.port": 80, "service.type": "panw", @@ -5030,12 +5993,20 @@ "destination.port": 1071, "destination.user.name": "jordy", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5047,6 +6018,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5067,6 +6039,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "192.168.0.6", "server.port": 1071, "server.user.name": "jordy", @@ -5106,12 +6083,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5123,6 +6108,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5143,6 +6129,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "208.85.40.48", "server.port": 80, "service.type": "panw", @@ -5170,12 +6161,20 @@ "destination.port": 57876, "destination.user.name": "picard", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5187,6 +6186,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5207,6 +6207,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 57876, "server.user.name": "picard", @@ -5240,12 +6245,20 @@ "destination.port": 1082, "destination.user.name": "jordy", "event.action": "file_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "deny", + "event.outcome": "success", "event.severity": 4, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5257,6 +6270,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "deny", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5277,6 +6291,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "192.168.0.6", "server.port": 1082, "server.user.name": "jordy", @@ -5313,12 +6332,20 @@ "destination.port": 50986, "destination.user.name": "picard", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5330,6 +6357,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5350,6 +6378,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 50986, "server.user.name": "picard", @@ -5383,12 +6416,20 @@ "destination.port": 51716, "destination.user.name": "picard", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5400,6 +6441,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5420,6 +6462,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 51716, "server.user.name": "picard", @@ -5453,12 +6500,20 @@ "destination.port": 52119, "destination.user.name": "picard", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5470,6 +6525,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5490,6 +6546,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 52119, "server.user.name": "picard", @@ -5523,12 +6584,20 @@ "destination.port": 52411, "destination.user.name": "picard", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5540,6 +6609,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5560,6 +6630,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 52411, "server.user.name": "picard", @@ -5599,12 +6674,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5616,6 +6699,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5636,6 +6720,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "74.125.239.6", "server.port": 80, "service.type": "panw", @@ -5663,12 +6752,20 @@ "destination.port": 53026, "destination.user.name": "picard", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5680,6 +6777,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5700,6 +6798,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 53026, "server.user.name": "picard", @@ -5733,12 +6836,20 @@ "destination.port": 53809, "destination.user.name": "picard", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5750,6 +6861,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5770,6 +6882,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 53809, "server.user.name": "picard", @@ -5803,12 +6920,20 @@ "destination.port": 55912, "destination.user.name": "picard", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5820,6 +6945,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5840,6 +6966,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 55912, "server.user.name": "picard", @@ -5873,12 +7004,20 @@ "destination.port": 55916, "destination.user.name": "picard", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5890,6 +7029,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5910,6 +7050,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 55916, "server.user.name": "picard", @@ -5943,12 +7088,20 @@ "destination.port": 1046, "destination.user.name": "jordy", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5960,6 +7113,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5980,6 +7134,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "192.168.0.6", "server.port": 1046, "server.user.name": "jordy", @@ -6016,12 +7175,20 @@ "destination.port": 61734, "destination.user.name": "jordy", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6033,6 +7200,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6053,6 +7221,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 61734, "server.user.name": "jordy", @@ -6086,12 +7259,20 @@ "destination.port": 62292, "destination.user.name": "jordy", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6103,6 +7284,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6123,6 +7305,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 62292, "server.user.name": "jordy", @@ -6156,12 +7343,20 @@ "destination.port": 64669, "destination.user.name": "jordy", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6173,6 +7368,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6193,6 +7389,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 64669, "server.user.name": "jordy", @@ -6229,12 +7430,20 @@ "destination.port": 65265, "destination.user.name": "picard", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6246,6 +7455,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6266,6 +7476,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 65265, "server.user.name": "picard", @@ -6299,12 +7514,20 @@ "destination.port": 64979, "destination.user.name": "picard", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6316,6 +7539,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6336,6 +7560,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 64979, "server.user.name": "picard", @@ -6369,12 +7598,20 @@ "destination.port": 49432, "destination.user.name": "picard", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6386,6 +7623,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6406,6 +7644,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 49432, "server.user.name": "picard", @@ -6442,12 +7685,20 @@ "destination.port": 49722, "destination.user.name": "picard", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6459,6 +7710,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6479,6 +7731,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 49722, "server.user.name": "picard", @@ -6518,12 +7775,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6535,6 +7800,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6555,6 +7821,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "74.125.224.201", "server.port": 80, "service.type": "panw", @@ -6582,12 +7853,20 @@ "destination.port": 50108, "destination.user.name": "picard", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6599,6 +7878,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6619,6 +7899,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 50108, "server.user.name": "picard", @@ -6652,12 +7937,20 @@ "destination.port": 50387, "destination.user.name": "picard", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6669,6 +7962,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6689,6 +7983,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "picard", + "picard" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 50387, "server.user.name": "picard", @@ -6728,12 +8027,20 @@ "destination.nat.port": 0, "destination.port": 80, "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6745,6 +8052,7 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6765,6 +8073,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "208.85.40.48", "server.port": 80, "service.type": "panw", @@ -6792,12 +8105,20 @@ "destination.port": 60005, "destination.user.name": "jordy", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6809,6 +8130,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6829,6 +8151,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 60005, "server.user.name": "jordy", @@ -6862,12 +8189,20 @@ "destination.port": 60443, "destination.user.name": "jordy", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6879,6 +8214,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6899,6 +8235,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 60443, "server.user.name": "jordy", @@ -6932,12 +8273,20 @@ "destination.port": 60822, "destination.user.name": "jordy", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6949,6 +8298,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6969,6 +8319,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 60822, "server.user.name": "jordy", @@ -7002,12 +8357,20 @@ "destination.port": 61105, "destination.user.name": "jordy", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7019,6 +8382,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -7039,6 +8403,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 61105, "server.user.name": "jordy", @@ -7072,12 +8441,20 @@ "destination.port": 60782, "destination.user.name": "jordy", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "alert", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7089,6 +8466,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "alert", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -7109,6 +8487,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 60782, "server.user.name": "jordy", @@ -7142,12 +8525,20 @@ "destination.port": 61470, "destination.user.name": "jordy", "event.action": "data_match", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7159,6 +8550,7 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -7179,6 +8571,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "jordy", + "jordy" + ], + "rule.name": "rule1", "server.ip": "192.168.0.2", "server.port": 61470, "server.user.name": "jordy", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json index 4565c577acd..c285f88d43d 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json @@ -23,14 +23,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:59.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:59.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -44,6 +53,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -62,6 +72,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -100,14 +115,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:58.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:58.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -121,6 +145,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -139,6 +164,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -177,14 +207,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:58.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:58.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -198,6 +237,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -216,6 +256,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -257,14 +302,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:58.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:58.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -278,6 +332,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -296,6 +351,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -337,14 +397,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:58.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:58.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -358,6 +427,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -376,6 +446,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -414,14 +489,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:58.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:58.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -435,6 +519,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -453,6 +538,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -491,14 +581,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:58.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:58.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -512,6 +611,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -530,6 +630,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -571,14 +676,23 @@ "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:28.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:27.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -592,6 +706,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -610,6 +725,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 806, "server.ip": "204.232.231.46", "server.packets": 6, @@ -651,14 +771,23 @@ "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:28.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:28.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -672,6 +801,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -690,6 +820,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 806, "server.ip": "204.232.231.46", "server.packets": 6, @@ -731,14 +866,23 @@ "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:28.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:27.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -752,6 +896,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -770,6 +915,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 806, "server.ip": "204.232.231.46", "server.packets": 6, @@ -811,14 +961,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:58.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:58.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -832,6 +991,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -850,6 +1010,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -891,14 +1056,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:57.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:57.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -912,6 +1086,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -930,6 +1105,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -971,14 +1151,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:57.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:57.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -992,6 +1181,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1010,6 +1200,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -1051,14 +1246,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:57.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:57.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1072,6 +1276,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1090,6 +1295,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -1131,14 +1341,23 @@ "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:27.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:27.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1152,6 +1371,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1170,6 +1390,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 806, "server.ip": "204.232.231.46", "server.packets": 6, @@ -1211,14 +1436,23 @@ "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:27.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:26.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1232,6 +1466,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1250,6 +1485,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 806, "server.ip": "204.232.231.46", "server.packets": 6, @@ -1291,14 +1531,23 @@ "destination.packets": 18, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 512000000000, "event.end": "2012-04-10T04:38:26.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:29:54.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1312,6 +1561,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1330,6 +1580,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 551, "server.ip": "204.232.231.46", "server.packets": 18, @@ -1371,14 +1626,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:56.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:56.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1392,6 +1656,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1410,6 +1675,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -1451,14 +1721,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:56.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:56.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1472,6 +1751,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1490,6 +1770,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -1528,14 +1813,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:56.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:56.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1549,6 +1843,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1567,6 +1862,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -1605,14 +1905,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:56.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:56.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1626,6 +1935,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1644,6 +1954,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -1685,14 +2000,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:56.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:56.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1706,6 +2030,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1724,6 +2049,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -1762,14 +2092,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:26.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:26.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1783,6 +2122,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1801,6 +2141,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 98, "server.ip": "205.171.2.25", "server.packets": 1, @@ -1842,14 +2187,23 @@ "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:26.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:26.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1863,6 +2217,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1881,6 +2236,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 806, "server.ip": "204.232.231.46", "server.packets": 6, @@ -1922,14 +2282,23 @@ "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:26.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:26.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -1943,6 +2312,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -1961,6 +2331,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 806, "server.ip": "204.232.231.46", "server.packets": 6, @@ -2002,14 +2377,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:56.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:56.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2023,6 +2407,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2041,6 +2426,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -2079,14 +2469,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:55.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:55.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2100,6 +2499,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2118,6 +2518,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -2156,14 +2561,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:55.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:55.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2177,6 +2591,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2195,6 +2610,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -2236,14 +2656,23 @@ "destination.packets": 8, "destination.port": 13069, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 125000000000, "event.end": "2012-04-10T04:39:55.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:37:50.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2257,6 +2686,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2275,6 +2705,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 504, "server.ip": "98.149.55.63", "server.packets": 8, @@ -2316,14 +2751,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:55.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:55.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2337,6 +2781,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2355,6 +2800,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -2393,14 +2843,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:55.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:55.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2414,6 +2873,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2432,6 +2892,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -2473,14 +2938,23 @@ "destination.packets": 10, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:25.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:24.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2494,6 +2968,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2512,6 +2987,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 9130, "server.ip": "212.48.10.58", "server.packets": 10, @@ -2553,14 +3033,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:55.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:55.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2574,6 +3063,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2592,6 +3082,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -2630,14 +3125,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:54.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:54.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2651,6 +3155,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2669,6 +3174,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -2707,14 +3217,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:54.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:54.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2728,6 +3247,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2746,6 +3266,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -2787,14 +3312,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:54.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:54.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2808,6 +3342,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2826,6 +3361,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -2867,14 +3407,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:54.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:54.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2888,6 +3437,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2906,6 +3456,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -2944,14 +3499,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:54.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:54.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -2965,6 +3529,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -2983,6 +3548,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -3021,14 +3591,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:54.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:54.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3042,6 +3621,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3060,6 +3640,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -3097,14 +3682,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:24.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:24.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "log.offset": 14217, @@ -3117,6 +3711,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3135,6 +3730,7 @@ "0.0.0.0", "0.0.0.0" ], + "rule.name": "rule1", "server.bytes": 111, "server.ip": "8.8.8.8", "server.packets": 1, @@ -3172,14 +3768,23 @@ "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:24.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:23.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3193,6 +3798,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3211,6 +3817,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 906, "server.ip": "62.211.68.12", "server.packets": 6, @@ -3251,14 +3862,23 @@ "destination.packets": 10, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:24.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:24.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "log.offset": 14933, @@ -3271,6 +3891,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3289,6 +3910,7 @@ "0.0.0.0", "0.0.0.0" ], + "rule.name": "rule1", "server.bytes": 5013, "server.ip": "50.19.102.116", "server.packets": 10, @@ -3329,14 +3951,23 @@ "destination.packets": 1, "destination.port": 40026, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:24.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:24.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3350,6 +3981,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3368,6 +4000,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 99, "server.ip": "65.55.223.19", "server.packets": 1, @@ -3409,14 +4046,23 @@ "destination.packets": 1, "destination.port": 40029, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:24.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:24.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3430,6 +4076,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3448,6 +4095,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 902, "server.ip": "65.55.223.24", "server.packets": 1, @@ -3485,14 +4137,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:24.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:24.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "log.offset": 16061, @@ -3505,6 +4166,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3523,6 +4185,7 @@ "0.0.0.0", "0.0.0.0" ], + "rule.name": "rule1", "server.bytes": 141, "server.ip": "8.8.8.8", "server.packets": 1, @@ -3563,14 +4226,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:54.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:54.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3584,6 +4256,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3602,6 +4275,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -3640,14 +4318,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:53.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:53.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3661,6 +4348,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3679,6 +4367,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -3720,14 +4413,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:53.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:53.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3741,6 +4443,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3759,6 +4462,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -3797,14 +4505,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:53.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:53.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3818,6 +4535,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3836,6 +4554,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -3874,14 +4597,23 @@ "destination.packets": 2, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:23.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:22.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3895,6 +4627,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3913,6 +4646,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 316, "server.ip": "205.171.2.25", "server.packets": 2, @@ -3951,14 +4689,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:23.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:23.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -3972,6 +4719,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -3990,6 +4738,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 121, "server.ip": "205.171.2.25", "server.packets": 1, @@ -4028,14 +4781,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:23.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:23.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4049,6 +4811,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4067,6 +4830,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 169, "server.ip": "205.171.2.25", "server.packets": 1, @@ -4105,14 +4873,23 @@ "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:23.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:23.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4126,6 +4903,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4144,6 +4922,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 954, "server.ip": "62.211.68.12", "server.packets": 6, @@ -4185,14 +4968,23 @@ "destination.packets": 12, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 2000000000, "event.end": "2012-04-10T04:39:23.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:21.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4206,6 +4998,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4224,6 +5017,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 9130, "server.ip": "212.48.10.58", "server.packets": 12, @@ -4265,14 +5063,23 @@ "destination.packets": 18, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 512000000000, "event.end": "2012-04-10T04:38:23.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:29:51.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4286,6 +5093,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4304,6 +5112,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 555, "server.ip": "204.232.231.46", "server.packets": 18, @@ -4342,14 +5155,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:53.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:53.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4363,6 +5185,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4381,6 +5204,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -4422,14 +5250,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:53.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:53.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4443,6 +5280,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4461,6 +5299,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -4499,14 +5342,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:52.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:52.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4520,6 +5372,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4538,6 +5391,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -4576,14 +5434,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:52.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:52.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4597,6 +5464,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4615,6 +5483,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -4656,14 +5529,23 @@ "destination.packets": 1, "destination.port": 40043, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:52.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:52.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4677,6 +5559,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4695,6 +5578,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "65.55.223.31", "server.packets": 1, @@ -4736,14 +5624,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:52.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:52.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4757,6 +5654,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4775,6 +5673,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -4813,14 +5716,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:52.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:52.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4834,6 +5746,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4852,6 +5765,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -4890,14 +5808,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:52.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:52.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4911,6 +5838,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -4929,6 +5857,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -4967,14 +5900,23 @@ "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:22.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:21.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4988,6 +5930,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5006,6 +5949,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 906, "server.ip": "62.211.68.12", "server.packets": 6, @@ -5044,14 +5992,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:22.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:22.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5065,6 +6022,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5083,6 +6041,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 163, "server.ip": "205.171.2.25", "server.packets": 1, @@ -5121,14 +6084,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:51.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:51.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5142,6 +6114,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5160,6 +6133,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -5198,14 +6176,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:51.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:51.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5219,6 +6206,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5237,6 +6225,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -5278,14 +6271,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:51.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:51.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5299,6 +6301,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5317,6 +6320,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -5355,14 +6363,23 @@ "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:21.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:20.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5376,6 +6393,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5394,6 +6412,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 922, "server.ip": "62.211.68.12", "server.packets": 6, @@ -5435,14 +6458,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:51.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:51.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5456,6 +6488,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5474,6 +6507,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -5512,14 +6550,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:50.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:50.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5533,6 +6580,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5551,6 +6599,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -5589,14 +6642,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:50.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:50.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5610,6 +6672,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5628,6 +6691,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -5669,14 +6737,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:50.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:50.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5690,6 +6767,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5708,6 +6786,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -5746,14 +6829,23 @@ "destination.packets": 17, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:20.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:20.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5767,6 +6859,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5785,6 +6878,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 26786, "server.ip": "8.5.1.1", "server.packets": 17, @@ -5823,14 +6921,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:50.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:50.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5844,6 +6951,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5862,6 +6970,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -5900,14 +7013,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:50.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:50.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5921,6 +7043,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -5939,6 +7062,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -5980,14 +7108,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:50.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:50.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6001,6 +7138,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6019,6 +7157,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -6051,14 +7194,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:20.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:20.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6072,6 +7224,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6090,6 +7243,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 169, "server.ip": "192.168.0.1", "server.packets": 1, @@ -6131,14 +7289,23 @@ "destination.packets": 12, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 3000000000, "event.end": "2012-04-10T04:39:20.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:17.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6152,6 +7319,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6170,6 +7338,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 9064, "server.ip": "212.48.10.58", "server.packets": 12, @@ -6211,14 +7384,23 @@ "destination.packets": 12, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 7000000000, "event.end": "2012-04-10T04:39:20.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6232,6 +7414,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6250,6 +7433,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 9124, "server.ip": "212.48.10.58", "server.packets": 12, @@ -6282,14 +7470,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:20.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:20.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6303,6 +7500,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6321,6 +7519,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 137, "server.ip": "192.168.0.1", "server.packets": 1, @@ -6353,14 +7556,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:20.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:20.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6374,6 +7586,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6392,6 +7605,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 93, "server.ip": "192.168.0.1", "server.packets": 1, @@ -6433,14 +7651,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:49.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:49.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6454,6 +7681,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6472,6 +7700,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -6510,14 +7743,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:49.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:49.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6531,6 +7773,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6549,6 +7792,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -6587,14 +7835,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:49.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:49.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6608,6 +7865,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6626,6 +7884,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -6667,14 +7930,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:49.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:49.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6688,6 +7960,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6706,6 +7979,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -6744,14 +8022,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:49.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:49.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6765,6 +8052,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6783,6 +8071,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -6815,14 +8108,23 @@ "destination.packets": 2, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:19.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:18.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6836,6 +8138,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6854,6 +8157,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "192.168.0.1", "server.packets": 2, @@ -6892,14 +8200,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:49.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:49.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6913,6 +8230,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -6931,6 +8249,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -6972,14 +8295,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:48.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:48.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6993,6 +8325,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -7011,6 +8344,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -7049,14 +8387,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:48.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:48.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7070,6 +8417,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -7088,6 +8436,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -7126,14 +8479,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:48.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:48.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7147,6 +8509,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -7165,6 +8528,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "205.171.2.25", "server.packets": 1, @@ -7203,14 +8571,23 @@ "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:18.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:17.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7224,6 +8601,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -7242,6 +8620,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 906, "server.ip": "62.211.68.12", "server.packets": 6, @@ -7283,14 +8666,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:48.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:48.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7304,6 +8696,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -7322,6 +8715,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -7363,14 +8761,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:48.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:48.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7384,6 +8791,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -7402,6 +8810,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -7443,14 +8856,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:47.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:47.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7464,6 +8886,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -7482,6 +8905,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, @@ -7514,14 +8942,23 @@ "destination.packets": 2, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:17.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:16.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7535,6 +8972,7 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -7553,6 +8991,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "192.168.0.1", "server.packets": 2, @@ -7594,14 +9037,23 @@ "destination.packets": 3, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:47.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:47.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7615,6 +9067,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -7633,6 +9086,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 78, "server.ip": "204.232.231.46", "server.packets": 3, @@ -7674,14 +9132,23 @@ "destination.packets": 3, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:47.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:47.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7695,6 +9162,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -7713,6 +9181,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 78, "server.ip": "204.232.231.46", "server.packets": 3, @@ -7754,14 +9227,23 @@ "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:46.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2012-04-10T04:39:46.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7775,6 +9257,7 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "0.0.0.0", "panw.panos.destination.nat.port": 0, @@ -7793,6 +9276,11 @@ "0.0.0.0", "0.0.0.0" ], + "related.user": [ + "crusher", + "crusher" + ], + "rule.name": "rule1", "server.bytes": 0, "server.ip": "204.232.231.46", "server.packets": 1, diff --git a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json index c8c9082e093..c17fcbee131 100644 --- a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json @@ -16,12 +16,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -38,6 +46,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -59,6 +68,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -90,12 +100,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -112,6 +130,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -133,6 +152,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -164,12 +184,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -186,6 +214,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -207,6 +236,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -238,12 +268,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -260,6 +298,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -281,6 +320,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -312,12 +352,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -334,6 +382,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -355,6 +404,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -386,12 +436,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -408,6 +466,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -429,6 +488,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -460,12 +520,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -482,6 +550,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -503,6 +572,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -534,12 +604,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -556,6 +634,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -577,6 +656,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -608,12 +688,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -630,6 +718,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -651,6 +740,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -682,12 +772,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -704,6 +802,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -725,6 +824,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -756,12 +856,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -778,6 +886,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -799,6 +908,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -830,12 +940,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -852,6 +970,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -873,6 +992,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -904,12 +1024,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -926,6 +1054,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -947,6 +1076,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -978,12 +1108,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1000,6 +1138,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -1021,6 +1160,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -1052,12 +1192,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1074,6 +1222,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -1095,6 +1244,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -1126,12 +1276,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1148,6 +1306,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -1169,6 +1328,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -1200,12 +1360,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1222,6 +1390,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -1243,6 +1412,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -1274,12 +1444,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1296,6 +1474,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -1317,6 +1496,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -1348,12 +1528,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1370,6 +1558,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -1391,6 +1580,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -1422,12 +1612,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1444,6 +1642,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -1465,6 +1664,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -1496,12 +1696,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1518,6 +1726,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "23.72.137.131", "panw.panos.destination.nat.port": 443, @@ -1539,6 +1748,7 @@ "192.168.1.63", "23.72.137.131" ], + "rule.name": "new_outbound_from_trust", "server.ip": "23.72.137.131", "server.port": 443, "service.type": "panw", @@ -1570,12 +1780,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1592,6 +1810,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -1613,6 +1832,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -1644,12 +1864,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1666,6 +1894,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -1687,6 +1916,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -1718,12 +1948,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1740,6 +1978,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -1761,6 +2000,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -1792,12 +2032,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1814,6 +2062,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -1835,6 +2084,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -1866,12 +2116,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1888,6 +2146,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -1909,6 +2168,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -1940,12 +2200,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1962,6 +2230,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -1983,6 +2252,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -2014,12 +2284,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2036,6 +2314,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -2057,6 +2336,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -2088,12 +2368,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2110,6 +2398,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -2131,6 +2420,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -2162,12 +2452,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2184,6 +2482,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -2205,6 +2504,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -2236,12 +2536,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2258,6 +2566,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -2279,6 +2588,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -2310,12 +2620,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2332,6 +2650,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -2353,6 +2672,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -2384,12 +2704,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2406,6 +2734,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -2427,6 +2756,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -2458,12 +2788,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2480,6 +2818,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -2501,6 +2840,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -2532,12 +2872,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2554,6 +2902,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "152.195.55.192", "panw.panos.destination.nat.port": 443, @@ -2575,6 +2924,7 @@ "192.168.1.63", "152.195.55.192" ], + "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", "server.port": 443, "service.type": "panw", @@ -2606,12 +2956,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2628,6 +2986,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "151.101.2.2", "panw.panos.destination.nat.port": 443, @@ -2649,6 +3008,7 @@ "192.168.1.63", "151.101.2.2" ], + "rule.name": "new_outbound_from_trust", "server.ip": "151.101.2.2", "server.port": 443, "service.type": "panw", @@ -2683,12 +3043,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2705,6 +3073,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.192.7.152", "panw.panos.destination.nat.port": 443, @@ -2726,6 +3095,7 @@ "192.168.1.63", "54.192.7.152" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.192.7.152", "server.port": 443, "service.type": "panw", @@ -2760,12 +3130,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2782,6 +3160,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "52.4.120.175", "panw.panos.destination.nat.port": 443, @@ -2803,6 +3182,7 @@ "192.168.1.63", "52.4.120.175" ], + "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", "server.port": 443, "service.type": "panw", @@ -2837,12 +3217,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2859,6 +3247,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "52.4.120.175", "panw.panos.destination.nat.port": 443, @@ -2880,6 +3269,7 @@ "192.168.1.63", "52.4.120.175" ], + "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", "server.port": 443, "service.type": "panw", @@ -2914,12 +3304,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2936,6 +3334,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "52.4.120.175", "panw.panos.destination.nat.port": 443, @@ -2957,6 +3356,7 @@ "192.168.1.63", "52.4.120.175" ], + "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", "server.port": 443, "service.type": "panw", @@ -2991,12 +3391,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3013,6 +3421,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "52.4.120.175", "panw.panos.destination.nat.port": 443, @@ -3034,6 +3443,7 @@ "192.168.1.63", "52.4.120.175" ], + "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", "server.port": 443, "service.type": "panw", @@ -3068,12 +3478,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3090,6 +3508,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "52.4.120.175", "panw.panos.destination.nat.port": 443, @@ -3111,6 +3530,7 @@ "192.168.1.63", "52.4.120.175" ], + "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", "server.port": 443, "service.type": "panw", @@ -3145,12 +3565,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3167,6 +3595,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "52.4.120.175", "panw.panos.destination.nat.port": 443, @@ -3188,6 +3617,7 @@ "192.168.1.63", "52.4.120.175" ], + "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", "server.port": 443, "service.type": "panw", @@ -3222,12 +3652,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3244,6 +3682,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "52.4.120.175", "panw.panos.destination.nat.port": 443, @@ -3265,6 +3704,7 @@ "192.168.1.63", "52.4.120.175" ], + "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", "server.port": 443, "service.type": "panw", @@ -3299,12 +3739,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3321,6 +3769,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "52.4.120.175", "panw.panos.destination.nat.port": 443, @@ -3342,6 +3791,7 @@ "192.168.1.63", "52.4.120.175" ], + "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", "server.port": 443, "service.type": "panw", @@ -3376,12 +3826,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3398,6 +3856,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "52.4.120.175", "panw.panos.destination.nat.port": 443, @@ -3419,6 +3878,7 @@ "192.168.1.63", "52.4.120.175" ], + "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", "server.port": 443, "service.type": "panw", @@ -3453,12 +3913,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3475,6 +3943,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "52.4.120.175", "panw.panos.destination.nat.port": 443, @@ -3496,6 +3965,7 @@ "192.168.1.63", "52.4.120.175" ], + "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", "server.port": 443, "service.type": "panw", @@ -3530,12 +4000,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3552,6 +4030,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "52.4.120.175", "panw.panos.destination.nat.port": 443, @@ -3573,6 +4052,7 @@ "192.168.1.63", "52.4.120.175" ], + "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", "server.port": 443, "service.type": "panw", @@ -3607,12 +4087,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3629,6 +4117,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "52.4.120.175", "panw.panos.destination.nat.port": 443, @@ -3650,6 +4139,7 @@ "192.168.1.63", "52.4.120.175" ], + "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", "server.port": 443, "service.type": "panw", @@ -3684,12 +4174,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3706,6 +4204,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "216.58.194.98", "panw.panos.destination.nat.port": 443, @@ -3727,6 +4226,7 @@ "192.168.1.63", "216.58.194.98" ], + "rule.name": "new_outbound_from_trust", "server.ip": "216.58.194.98", "server.port": 443, "service.type": "panw", @@ -3758,12 +4258,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3780,6 +4288,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "23.72.145.245", "panw.panos.destination.nat.port": 443, @@ -3801,6 +4310,7 @@ "192.168.1.63", "23.72.145.245" ], + "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", "server.port": 443, "service.type": "panw", @@ -3832,12 +4342,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3854,6 +4372,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "23.72.145.245", "panw.panos.destination.nat.port": 443, @@ -3875,6 +4394,7 @@ "192.168.1.63", "23.72.145.245" ], + "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", "server.port": 443, "service.type": "panw", @@ -3906,12 +4426,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3928,6 +4456,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "23.72.145.245", "panw.panos.destination.nat.port": 443, @@ -3949,6 +4478,7 @@ "192.168.1.63", "23.72.145.245" ], + "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", "server.port": 443, "service.type": "panw", @@ -3980,12 +4510,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4002,6 +4540,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "23.72.145.245", "panw.panos.destination.nat.port": 443, @@ -4023,6 +4562,7 @@ "192.168.1.63", "23.72.145.245" ], + "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", "server.port": 443, "service.type": "panw", @@ -4054,12 +4594,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4076,6 +4624,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "23.72.145.245", "panw.panos.destination.nat.port": 443, @@ -4097,6 +4646,7 @@ "192.168.1.63", "23.72.145.245" ], + "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", "server.port": 443, "service.type": "panw", @@ -4128,12 +4678,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4150,6 +4708,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "23.72.145.245", "panw.panos.destination.nat.port": 443, @@ -4171,6 +4730,7 @@ "192.168.1.63", "23.72.145.245" ], + "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", "server.port": 443, "service.type": "panw", @@ -4202,12 +4762,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4224,6 +4792,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "23.72.145.245", "panw.panos.destination.nat.port": 443, @@ -4245,6 +4814,7 @@ "192.168.1.63", "23.72.145.245" ], + "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", "server.port": 443, "service.type": "panw", @@ -4276,12 +4846,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4298,6 +4876,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "23.72.145.245", "panw.panos.destination.nat.port": 443, @@ -4319,6 +4898,7 @@ "192.168.1.63", "23.72.145.245" ], + "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", "server.port": 443, "service.type": "panw", @@ -4350,12 +4930,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4372,6 +4960,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "23.72.145.245", "panw.panos.destination.nat.port": 443, @@ -4393,6 +4982,7 @@ "192.168.1.63", "23.72.145.245" ], + "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", "server.port": 443, "service.type": "panw", @@ -4424,12 +5014,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4446,6 +5044,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "23.72.145.245", "panw.panos.destination.nat.port": 443, @@ -4467,6 +5066,7 @@ "192.168.1.63", "23.72.145.245" ], + "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", "server.port": 443, "service.type": "panw", @@ -4501,12 +5101,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4523,6 +5131,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -4544,6 +5153,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", @@ -4578,12 +5188,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4600,6 +5218,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -4621,6 +5240,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", @@ -4655,12 +5275,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4677,6 +5305,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -4698,6 +5327,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", @@ -4732,12 +5362,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4754,6 +5392,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -4775,6 +5414,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", @@ -4809,12 +5449,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4831,6 +5479,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -4852,6 +5501,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", @@ -4886,12 +5536,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4908,6 +5566,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -4929,6 +5588,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", @@ -4963,12 +5623,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4985,6 +5653,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -5006,6 +5675,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", @@ -5040,12 +5710,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5062,6 +5740,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -5083,6 +5762,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", @@ -5117,12 +5797,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5139,6 +5827,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -5160,6 +5849,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", @@ -5194,12 +5884,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5216,6 +5914,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -5237,6 +5936,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", @@ -5271,12 +5971,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5293,6 +6001,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -5314,6 +6023,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", @@ -5348,12 +6058,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5370,6 +6088,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -5391,6 +6110,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", @@ -5425,12 +6145,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5447,6 +6175,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -5468,6 +6197,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", @@ -5502,12 +6232,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5524,6 +6262,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -5545,6 +6284,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", @@ -5579,12 +6319,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5601,6 +6349,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -5622,6 +6371,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", @@ -5656,12 +6406,20 @@ "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", - "event.category": "security_threat", + "event.category": [ + "security_threat", + "intrusion_detection", + "network" + ], "event.dataset": "panw.panos", + "event.kind": "alert", "event.module": "panw", - "event.outcome": "block-url", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", + "event.type": [ + "denied" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5678,6 +6436,7 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "block-url", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.209.101.70", "panw.panos.destination.nat.port": 443, @@ -5699,6 +6458,7 @@ "192.168.1.63", "54.209.101.70" ], + "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", "server.port": 443, "service.type": "panw", diff --git a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json index 563290f9dba..9e1333f9fb8 100644 --- a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json @@ -19,14 +19,23 @@ "destination.packets": 16, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 586000000000, "event.end": "2018-11-30T16:08:50.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T15:59:04.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -44,6 +53,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "184.51.253.152", "panw.panos.destination.nat.port": 443, @@ -63,6 +73,7 @@ "192.168.1.63", "184.51.253.152" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 5976, "server.ip": "184.51.253.152", "server.packets": 16, @@ -99,14 +110,23 @@ "destination.packets": 6, "destination.port": 0, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:55.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:08:55.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -124,6 +144,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, @@ -143,6 +164,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 588, "server.ip": "8.8.8.8", "server.packets": 6, @@ -182,14 +204,23 @@ "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2018-11-30T16:08:52.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:08:51.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -207,6 +238,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "17.253.3.202", "panw.panos.destination.nat.port": 80, @@ -226,6 +258,7 @@ "192.168.1.63", "17.253.3.202" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 1035, "server.ip": "17.253.3.202", "server.packets": 6, @@ -262,14 +295,23 @@ "destination.packets": 6, "destination.port": 0, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:01.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:01.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -287,6 +329,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, @@ -306,6 +349,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 588, "server.ip": "8.8.8.8", "server.packets": 6, @@ -345,14 +389,23 @@ "destination.packets": 5, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:07:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:07:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -370,6 +423,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "216.58.194.99", "panw.panos.destination.nat.port": 443, @@ -389,6 +443,7 @@ "192.168.1.63", "216.58.194.99" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 1613, "server.ip": "216.58.194.99", "server.packets": 5, @@ -425,14 +480,23 @@ "destination.packets": 62, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 85000000000, "event.end": "2018-11-30T16:08:58.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:07:33.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -450,6 +514,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "209.234.224.22", "panw.panos.destination.nat.port": 443, @@ -469,6 +534,7 @@ "192.168.1.63", "209.234.224.22" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 21111, "server.ip": "209.234.224.22", "server.packets": 62, @@ -505,14 +571,23 @@ "destination.packets": 6, "destination.port": 0, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:07.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:07.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -530,6 +605,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, @@ -549,6 +625,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 588, "server.ip": "8.8.8.8", "server.packets": 6, @@ -585,14 +662,23 @@ "destination.packets": 7, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 15000000000, "event.end": "2018-11-30T16:07:19.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:07:04.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -610,6 +696,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "172.217.2.238", "panw.panos.destination.nat.port": 443, @@ -629,6 +716,7 @@ "192.168.1.63", "172.217.2.238" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 3732, "server.ip": "172.217.2.238", "server.packets": 7, @@ -665,14 +753,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:50.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:08:50.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -690,6 +787,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -709,6 +807,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 221, "server.ip": "8.8.8.8", "server.packets": 1, @@ -745,14 +844,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:51.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:08:51.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -770,6 +878,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -789,6 +898,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 221, "server.ip": "8.8.8.8", "server.packets": 1, @@ -825,14 +935,23 @@ "destination.packets": 16, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 593000000000, "event.end": "2018-11-30T16:08:52.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T15:58:59.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -850,6 +969,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "17.249.60.78", "panw.panos.destination.nat.port": 443, @@ -869,6 +989,7 @@ "192.168.1.63", "17.249.60.78" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 5469, "server.ip": "17.249.60.78", "server.packets": 16, @@ -905,14 +1026,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:52.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:08:52.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -930,6 +1060,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -949,6 +1080,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 224, "server.ip": "8.8.8.8", "server.packets": 1, @@ -985,14 +1117,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:52.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:08:52.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1010,6 +1151,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -1029,6 +1171,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 117, "server.ip": "8.8.8.8", "server.packets": 1, @@ -1065,14 +1208,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:52.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:08:52.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1090,6 +1242,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -1109,6 +1262,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 307, "server.ip": "8.8.8.8", "server.packets": 1, @@ -1145,14 +1299,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:52.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:08:52.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1170,6 +1333,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -1189,6 +1353,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 365, "server.ip": "8.8.8.8", "server.packets": 1, @@ -1225,14 +1390,23 @@ "destination.packets": 6, "destination.port": 0, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1250,6 +1424,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, @@ -1269,6 +1444,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 588, "server.ip": "8.8.8.8", "server.packets": 6, @@ -1305,14 +1481,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2018-11-30T16:08:55.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:08:54.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1330,6 +1515,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -1349,6 +1535,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 161, "server.ip": "8.8.8.8", "server.packets": 1, @@ -1385,14 +1572,23 @@ "destination.packets": 14, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 17000000000, "event.end": "2018-11-30T16:09:11.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:08:54.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1410,6 +1606,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "98.138.49.44", "panw.panos.destination.nat.port": 443, @@ -1429,6 +1626,7 @@ "192.168.1.63", "98.138.49.44" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 7805, "server.ip": "98.138.49.44", "server.packets": 14, @@ -1465,14 +1663,23 @@ "destination.packets": 13, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 17000000000, "event.end": "2018-11-30T16:09:11.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:08:54.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1490,6 +1697,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "72.30.3.43", "panw.panos.destination.nat.port": 443, @@ -1509,6 +1717,7 @@ "192.168.1.63", "72.30.3.43" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 6106, "server.ip": "72.30.3.43", "server.packets": 13, @@ -1545,14 +1754,23 @@ "destination.packets": 2, "destination.port": 0, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:15.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:15.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1570,6 +1788,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, @@ -1589,6 +1808,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 196, "server.ip": "8.8.8.8", "server.packets": 2, @@ -1625,14 +1845,23 @@ "destination.packets": 19, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 116000000000, "event.end": "2018-11-30T16:09:12.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:07:16.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1650,6 +1879,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "172.217.9.142", "panw.panos.destination.nat.port": 80, @@ -1669,6 +1899,7 @@ "192.168.1.63", "172.217.9.142" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 3245, "server.ip": "172.217.9.142", "server.packets": 19, @@ -1705,14 +1936,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:57.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:08:57.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1730,6 +1970,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -1749,6 +1990,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 179, "server.ip": "8.8.8.8", "server.packets": 1, @@ -1788,14 +2030,23 @@ "destination.packets": 13, "destination.port": 443, "event.action": "flow_started", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "start", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1813,6 +2064,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.84.80.198", "panw.panos.destination.nat.port": 443, @@ -1832,6 +2084,7 @@ "192.168.1.63", "54.84.80.198" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 4537, "server.ip": "54.84.80.198", "server.packets": 13, @@ -1869,14 +2122,23 @@ "destination.packets": 8, "destination.port": 4282, "event.action": "flow_dropped", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 13000000000, "event.end": "2018-11-30T16:09:25.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:12.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "denied", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1894,6 +2156,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "199.167.55.52", "panw.panos.destination.nat.port": 4282, @@ -1913,6 +2176,7 @@ "192.168.1.63", "199.167.55.52" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 0, "server.ip": "199.167.55.52", "server.packets": 8, @@ -1949,14 +2213,23 @@ "destination.packets": 6, "destination.port": 0, "event.action": "flow_denied", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:19.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "denied", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -1974,6 +2247,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, @@ -1993,6 +2267,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 588, "server.ip": "8.8.8.8", "server.packets": 6, @@ -2028,14 +2303,21 @@ "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:02.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:02.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2053,6 +2335,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -2072,6 +2355,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 130, "server.ip": "8.8.8.8", "server.packets": 1, @@ -2107,14 +2391,21 @@ "destination.nat.port": 443, "destination.packets": 6, "destination.port": 443, - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 15000000000, "event.end": "2018-11-30T16:07:35.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:07:20.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2132,6 +2423,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "172.217.9.142", "panw.panos.destination.nat.port": 443, @@ -2151,6 +2443,7 @@ "192.168.1.63", "172.217.9.142" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 1991, "server.ip": "172.217.9.142", "server.packets": 6, @@ -2187,14 +2480,23 @@ "destination.packets": 8, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:21.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2212,6 +2514,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "151.101.2.2", "panw.panos.destination.nat.port": 443, @@ -2231,6 +2534,7 @@ "192.168.1.63", "151.101.2.2" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 523, "server.ip": "151.101.2.2", "server.packets": 8, @@ -2270,14 +2574,23 @@ "destination.packets": 5, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:07:36.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:07:36.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2295,6 +2608,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "216.58.194.66", "panw.panos.destination.nat.port": 443, @@ -2314,6 +2628,7 @@ "192.168.1.63", "216.58.194.66" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 2428, "server.ip": "216.58.194.66", "server.packets": 5, @@ -2350,14 +2665,23 @@ "destination.packets": 6, "destination.port": 0, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:25.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:25.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2375,6 +2699,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, @@ -2394,6 +2719,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 588, "server.ip": "8.8.8.8", "server.packets": 6, @@ -2430,14 +2756,23 @@ "destination.packets": 2, "destination.port": 0, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:25.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:25.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2455,6 +2790,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, @@ -2474,6 +2810,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 196, "server.ip": "8.8.8.8", "server.packets": 2, @@ -2510,14 +2847,23 @@ "destination.packets": 12, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:22.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:22.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2535,6 +2881,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "184.51.253.193", "panw.panos.destination.nat.port": 443, @@ -2554,6 +2901,7 @@ "192.168.1.63", "184.51.253.193" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 5003, "server.ip": "184.51.253.193", "server.packets": 12, @@ -2590,14 +2938,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:08.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:08.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2615,6 +2972,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -2634,6 +2992,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 171, "server.ip": "8.8.8.8", "server.packets": 1, @@ -2671,14 +3030,23 @@ "destination.packets": 1, "destination.port": 4282, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:33.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:33.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2696,6 +3064,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "199.167.55.52", "panw.panos.destination.nat.port": 4282, @@ -2715,6 +3084,7 @@ "192.168.1.63", "199.167.55.52" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 0, "server.ip": "199.167.55.52", "server.packets": 1, @@ -2754,14 +3124,23 @@ "destination.packets": 11, "destination.port": 17472, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:25.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:25.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2779,6 +3158,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "199.167.52.219", "panw.panos.destination.nat.port": 17472, @@ -2798,6 +3178,7 @@ "192.168.1.63", "199.167.52.219" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 2316, "server.ip": "199.167.52.219", "server.packets": 11, @@ -2837,14 +3218,23 @@ "destination.packets": 19, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 4000000000, "event.end": "2018-11-30T16:09:25.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2862,6 +3252,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "52.71.117.196", "panw.panos.destination.nat.port": 443, @@ -2881,6 +3272,7 @@ "192.168.1.63", "52.71.117.196" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 13966, "server.ip": "52.71.117.196", "server.packets": 19, @@ -2917,14 +3309,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:12.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:12.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -2942,6 +3343,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -2961,6 +3363,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 244, "server.ip": "8.8.8.8", "server.packets": 1, @@ -2997,14 +3400,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:12.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:12.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3022,6 +3434,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -3041,6 +3454,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 205, "server.ip": "8.8.8.8", "server.packets": 1, @@ -3080,14 +3494,23 @@ "destination.packets": 24, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 8000000000, "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3105,6 +3528,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "35.186.194.41", "panw.panos.destination.nat.port": 443, @@ -3124,6 +3548,7 @@ "192.168.1.63", "35.186.194.41" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 2302, "server.ip": "35.186.194.41", "server.packets": 24, @@ -3159,14 +3584,23 @@ "destination.packets": 63, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 8000000000, "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3184,6 +3618,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "35.201.124.9", "panw.panos.destination.nat.port": 443, @@ -3203,6 +3638,7 @@ "192.168.1.63", "35.201.124.9" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 6757, "server.ip": "35.201.124.9", "server.packets": 63, @@ -3242,14 +3678,23 @@ "destination.packets": 17, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 6000000000, "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3267,6 +3712,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "100.24.131.237", "panw.panos.destination.nat.port": 443, @@ -3286,6 +3732,7 @@ "192.168.1.63", "100.24.131.237" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 9007, "server.ip": "100.24.131.237", "server.packets": 17, @@ -3322,14 +3769,23 @@ "destination.packets": 8, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 13000000000, "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3347,6 +3803,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "184.51.252.247", "panw.panos.destination.nat.port": 443, @@ -3366,6 +3823,7 @@ "192.168.1.63", "184.51.252.247" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 661, "server.ip": "184.51.252.247", "server.packets": 8, @@ -3405,14 +3863,23 @@ "destination.packets": 15, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 8000000000, "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3430,6 +3897,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "35.190.88.148", "panw.panos.destination.nat.port": 443, @@ -3449,6 +3917,7 @@ "192.168.1.63", "35.190.88.148" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 11136, "server.ip": "35.190.88.148", "server.packets": 15, @@ -3488,14 +3957,23 @@ "destination.packets": 15, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 8000000000, "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3513,6 +3991,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "35.186.243.83", "panw.panos.destination.nat.port": 443, @@ -3532,6 +4011,7 @@ "192.168.1.63", "35.186.243.83" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 11136, "server.ip": "35.186.243.83", "server.packets": 15, @@ -3568,14 +4048,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:12.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:12.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3593,6 +4082,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -3612,6 +4102,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 182, "server.ip": "8.8.8.8", "server.packets": 1, @@ -3648,14 +4139,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:12.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:12.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3673,6 +4173,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -3692,6 +4193,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 90, "server.ip": "8.8.8.8", "server.packets": 1, @@ -3731,14 +4233,23 @@ "destination.packets": 17, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 6000000000, "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3756,6 +4267,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "100.24.165.74", "panw.panos.destination.nat.port": 443, @@ -3775,6 +4287,7 @@ "192.168.1.63", "100.24.165.74" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 6669, "server.ip": "100.24.165.74", "server.packets": 17, @@ -3811,14 +4324,23 @@ "destination.packets": 8, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 13000000000, "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3836,6 +4358,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "184.51.252.247", "panw.panos.destination.nat.port": 443, @@ -3855,6 +4378,7 @@ "192.168.1.63", "184.51.252.247" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 661, "server.ip": "184.51.252.247", "server.packets": 8, @@ -3890,14 +4414,23 @@ "destination.packets": 15, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 8000000000, "event.end": "2018-11-30T16:09:27.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3915,6 +4448,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "35.201.94.140", "panw.panos.destination.nat.port": 443, @@ -3934,6 +4468,7 @@ "192.168.1.63", "35.201.94.140" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 11136, "server.ip": "35.201.94.140", "server.packets": 15, @@ -3970,14 +4505,23 @@ "destination.packets": 6, "destination.port": 0, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:31.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:31.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -3995,6 +4539,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, @@ -4012,6 +4557,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 588, "server.ip": "8.8.8.8", "server.packets": 6, @@ -4048,14 +4594,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4073,6 +4628,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -4092,6 +4648,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 144, "server.ip": "8.8.8.8", "server.packets": 1, @@ -4128,14 +4685,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4153,6 +4719,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -4172,6 +4739,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 206, "server.ip": "8.8.8.8", "server.packets": 1, @@ -4208,14 +4776,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4233,6 +4810,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -4252,6 +4830,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 206, "server.ip": "8.8.8.8", "server.packets": 1, @@ -4288,14 +4867,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4313,6 +4901,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -4332,6 +4921,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 169, "server.ip": "8.8.8.8", "server.packets": 1, @@ -4368,14 +4958,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4393,6 +4992,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -4412,6 +5012,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 132, "server.ip": "8.8.8.8", "server.packets": 1, @@ -4448,14 +5049,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4473,6 +5083,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -4492,6 +5103,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 127, "server.ip": "8.8.8.8", "server.packets": 1, @@ -4528,14 +5140,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4553,6 +5174,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -4572,6 +5194,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 105, "server.ip": "8.8.8.8", "server.packets": 1, @@ -4608,14 +5231,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4633,6 +5265,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -4652,6 +5285,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 172, "server.ip": "8.8.8.8", "server.packets": 1, @@ -4688,14 +5322,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4713,6 +5356,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -4732,6 +5376,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 134, "server.ip": "8.8.8.8", "server.packets": 1, @@ -4768,14 +5413,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4793,6 +5447,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -4812,6 +5467,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 179, "server.ip": "8.8.8.8", "server.packets": 1, @@ -4848,14 +5504,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4873,6 +5538,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -4892,6 +5558,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 218, "server.ip": "8.8.8.8", "server.packets": 1, @@ -4928,14 +5595,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -4953,6 +5629,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -4972,6 +5649,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 172, "server.ip": "8.8.8.8", "server.packets": 1, @@ -5008,14 +5686,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5033,6 +5720,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -5052,6 +5740,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 305, "server.ip": "8.8.8.8", "server.packets": 1, @@ -5091,14 +5780,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5116,6 +5814,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "66.28.0.45", "panw.panos.destination.nat.port": 53, @@ -5135,6 +5834,7 @@ "192.168.1.63", "66.28.0.45" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 527, "server.ip": "66.28.0.45", "server.packets": 1, @@ -5171,14 +5871,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5196,6 +5905,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -5215,6 +5925,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 153, "server.ip": "8.8.8.8", "server.packets": 1, @@ -5251,14 +5962,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5276,6 +5996,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -5295,6 +6016,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 169, "server.ip": "8.8.8.8", "server.packets": 1, @@ -5331,14 +6053,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5356,6 +6087,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -5375,6 +6107,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 128, "server.ip": "8.8.8.8", "server.packets": 1, @@ -5411,14 +6144,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5436,6 +6178,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -5455,6 +6198,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 181, "server.ip": "8.8.8.8", "server.packets": 1, @@ -5491,14 +6235,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5516,6 +6269,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -5535,6 +6289,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 121, "server.ip": "8.8.8.8", "server.packets": 1, @@ -5574,14 +6329,23 @@ "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:29.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:29.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5599,6 +6363,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "23.52.174.25", "panw.panos.destination.nat.port": 80, @@ -5618,6 +6383,7 @@ "192.168.1.63", "23.52.174.25" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 1246, "server.ip": "23.52.174.25", "server.packets": 6, @@ -5654,14 +6420,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5679,6 +6454,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -5698,6 +6474,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 315, "server.ip": "8.8.8.8", "server.packets": 1, @@ -5734,14 +6511,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5759,6 +6545,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -5778,6 +6565,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 130, "server.ip": "8.8.8.8", "server.packets": 1, @@ -5817,14 +6605,23 @@ "destination.packets": 5, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 12000000000, "event.end": "2018-11-30T16:09:29.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:17.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5842,6 +6639,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "54.230.5.228", "panw.panos.destination.nat.port": 443, @@ -5861,6 +6659,7 @@ "192.168.1.63", "54.230.5.228" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 288, "server.ip": "54.230.5.228", "server.packets": 5, @@ -5897,14 +6696,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -5922,6 +6730,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -5941,6 +6750,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 149, "server.ip": "8.8.8.8", "server.packets": 1, @@ -5977,14 +6787,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:15.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:15.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -6002,6 +6821,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -6021,6 +6841,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 202, "server.ip": "8.8.8.8", "server.packets": 1, @@ -6057,14 +6878,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:15.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:15.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -6082,6 +6912,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -6101,6 +6932,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 195, "server.ip": "8.8.8.8", "server.packets": 1, @@ -6137,14 +6969,23 @@ "destination.packets": 1, "destination.port": 123, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:15.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:15.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -6162,6 +7003,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "208.83.246.20", "panw.panos.destination.nat.port": 123, @@ -6181,6 +7023,7 @@ "192.168.1.63", "208.83.246.20" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 90, "server.ip": "208.83.246.20", "server.packets": 1, @@ -6217,14 +7060,22 @@ "destination.packets": 2, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:16.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "drop-icmp", + "event.outcome": "success", "event.start": "2018-11-30T16:09:16.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -6242,6 +7093,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "drop-icmp", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -6261,6 +7113,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 192, "server.ip": "8.8.8.8", "server.packets": 2, @@ -6297,14 +7150,22 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:16.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "reset-client", + "event.outcome": "success", "event.start": "2018-11-30T16:09:16.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -6322,6 +7183,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "reset-client", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -6341,6 +7203,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 208, "server.ip": "8.8.8.8", "server.packets": 1, @@ -6377,14 +7240,22 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:16.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "reset-server", + "event.outcome": "success", "event.start": "2018-11-30T16:09:16.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -6402,6 +7273,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "reset-server", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -6421,6 +7293,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 100, "server.ip": "8.8.8.8", "server.packets": 1, @@ -6459,14 +7332,22 @@ "destination.packets": 13, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 10000000000, "event.end": "2018-11-30T16:09:31.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "reset-both", + "event.outcome": "success", "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -6484,6 +7365,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "reset-both", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "35.185.88.112", "panw.panos.destination.nat.port": 443, @@ -6503,6 +7385,7 @@ "192.168.1.63", "35.185.88.112" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 7237, "server.ip": "35.185.88.112", "server.packets": 13, @@ -6539,14 +7422,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:16.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:16.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -6564,6 +7456,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -6583,6 +7476,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 109, "server.ip": "8.8.8.8", "server.packets": 1, @@ -6619,14 +7513,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:16.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:16.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -6644,6 +7547,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -6663,6 +7567,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 116, "server.ip": "8.8.8.8", "server.packets": 1, @@ -6699,14 +7604,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:16.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:16.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -6724,6 +7638,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -6743,6 +7658,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 96, "server.ip": "8.8.8.8", "server.packets": 1, @@ -6782,14 +7698,23 @@ "destination.packets": 8, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 11000000000, "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -6807,6 +7732,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "50.19.85.24", "panw.panos.destination.nat.port": 443, @@ -6826,6 +7752,7 @@ "192.168.1.63", "50.19.85.24" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 654, "server.ip": "50.19.85.24", "server.packets": 8, @@ -6865,14 +7792,23 @@ "destination.packets": 8, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 11000000000, "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -6890,6 +7826,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "50.19.85.24", "panw.panos.destination.nat.port": 443, @@ -6909,6 +7846,7 @@ "192.168.1.63", "50.19.85.24" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 654, "server.ip": "50.19.85.24", "server.packets": 8, @@ -6948,14 +7886,23 @@ "destination.packets": 8, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 11000000000, "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -6973,6 +7920,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "50.19.85.24", "panw.panos.destination.nat.port": 443, @@ -6992,6 +7940,7 @@ "192.168.1.63", "50.19.85.24" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 654, "server.ip": "50.19.85.24", "server.packets": 8, @@ -7028,14 +7977,23 @@ "destination.packets": 12, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 11000000000, "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -7053,6 +8011,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "104.254.150.9", "panw.panos.destination.nat.port": 443, @@ -7072,6 +8031,7 @@ "192.168.1.63", "104.254.150.9" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 7820, "server.ip": "104.254.150.9", "server.packets": 12, @@ -7111,14 +8071,23 @@ "destination.packets": 8, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 11000000000, "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -7136,6 +8105,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "50.19.85.24", "panw.panos.destination.nat.port": 443, @@ -7155,6 +8125,7 @@ "192.168.1.63", "50.19.85.24" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 654, "server.ip": "50.19.85.24", "server.packets": 8, @@ -7194,14 +8165,23 @@ "destination.packets": 4, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 12000000000, "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:20.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -7219,6 +8199,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "52.0.218.108", "panw.panos.destination.nat.port": 443, @@ -7238,6 +8219,7 @@ "192.168.1.63", "52.0.218.108" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 214, "server.ip": "52.0.218.108", "server.packets": 4, @@ -7277,14 +8259,23 @@ "destination.packets": 4, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 12000000000, "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:20.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -7302,6 +8293,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "52.6.117.19", "panw.panos.destination.nat.port": 443, @@ -7321,6 +8313,7 @@ "192.168.1.63", "52.6.117.19" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 214, "server.ip": "52.6.117.19", "server.packets": 4, @@ -7360,14 +8353,23 @@ "destination.packets": 4, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 12000000000, "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:20.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -7385,6 +8387,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "34.238.96.22", "panw.panos.destination.nat.port": 443, @@ -7404,6 +8407,7 @@ "192.168.1.63", "34.238.96.22" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 214, "server.ip": "34.238.96.22", "server.packets": 4, @@ -7443,14 +8447,23 @@ "destination.packets": 4, "destination.port": 443, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 12000000000, "event.end": "2018-11-30T16:09:32.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:20.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -7468,6 +8481,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "130.211.47.17", "panw.panos.destination.nat.port": 443, @@ -7487,6 +8501,7 @@ "192.168.1.63", "130.211.47.17" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 280, "server.ip": "130.211.47.17", "server.packets": 4, @@ -7523,14 +8538,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:18.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:18.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -7548,6 +8572,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -7567,6 +8592,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 172, "server.ip": "8.8.8.8", "server.packets": 1, @@ -7603,14 +8629,23 @@ "destination.packets": 6, "destination.port": 0, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:37.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:37.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -7628,6 +8663,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 0, @@ -7647,6 +8683,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 588, "server.ip": "8.8.8.8", "server.packets": 6, @@ -7683,14 +8720,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:19.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -7708,6 +8754,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -7727,6 +8774,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 94, "server.ip": "8.8.8.8", "server.packets": 1, @@ -7763,14 +8811,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:19.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -7788,6 +8845,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -7807,6 +8865,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 170, "server.ip": "8.8.8.8", "server.packets": 1, @@ -7843,14 +8902,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:19.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -7868,6 +8936,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -7887,6 +8956,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 94, "server.ip": "8.8.8.8", "server.packets": 1, @@ -7923,14 +8993,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:19.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -7948,6 +9027,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -7967,6 +9047,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 94, "server.ip": "8.8.8.8", "server.packets": 1, @@ -8003,14 +9084,23 @@ "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", - "event.category": "network_traffic", + "event.category": [ + "network_traffic", + "network" + ], "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:19.000-02:00", + "event.kind": "event", "event.module": "panw", - "event.outcome": "allow", + "event.outcome": "success", "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", + "event.type": [ + "allowed", + "end", + "connection" + ], "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, @@ -8028,6 +9118,7 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", + "panw.panos.action": "allow", "panw.panos.destination.interface": "ethernet1/1", "panw.panos.destination.nat.ip": "8.8.8.8", "panw.panos.destination.nat.port": 53, @@ -8047,6 +9138,7 @@ "192.168.1.63", "8.8.8.8" ], + "rule.name": "new_outbound_from_trust", "server.bytes": 166, "server.ip": "8.8.8.8", "server.packets": 1,