diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index ace63d069bf..46f56f31894 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -189,7 +189,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add Filebeat envoyproxy module. {pull}11700[11700] - Add apache2(httpd) log path (`/var/log/httpd`) to make apache2 module work out of the box on Redhat-family OSes. {issue}11887[11887] {pull}11888[11888] - Add support to new MongoDB additional diagnostic information {pull}11952[11952] -- New module `palo_alto` for Palo Alto Networks PAN-OS logs. {pull}11999[11999] +- New module `panw` for Palo Alto Networks PAN-OS logs. {pull}11999[11999] - Add RabbitMQ module. {pull}12032[12032] - Add new `container` input. {pull}12162[12162] diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index ba03fa95af7..d420fd42739 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -40,7 +40,7 @@ grouped in the following categories: * <> * <> * <> -* <> +* <> * <> * <> * <> @@ -11840,28 +11840,28 @@ String representation of the collection time, as formatted by osquery. -- -[[exported-fields-palo_alto]] -== palo_alto fields +[[exported-fields-panw]] +== panw fields Module for Palo Alto Networks (PAN-OS) [float] -== palo_alto fields +== panw fields -Fields from the palo_alto logs. +Fields from the panw module. [float] -== pan_os fields +== panos fields Fields for the Palo Alto Networks PAN-OS logs. -*`palo_alto.pan_os.ruleset`*:: +*`panw.panos.ruleset`*:: + -- type: keyword @@ -11878,7 +11878,7 @@ Fields to extend the top-level source object. -*`palo_alto.pan_os.source.zone`*:: +*`panw.panos.source.zone`*:: + -- type: keyword @@ -11888,7 +11888,7 @@ Source zone for this session. -- -*`palo_alto.pan_os.source.interface`*:: +*`panw.panos.source.interface`*:: + -- type: keyword @@ -11905,7 +11905,7 @@ Post-NAT source address, if source NAT is performed. -*`palo_alto.pan_os.source.nat.ip`*:: +*`panw.panos.source.nat.ip`*:: + -- type: ip @@ -11915,7 +11915,7 @@ Post-NAT source IP. -- -*`palo_alto.pan_os.source.nat.port`*:: +*`panw.panos.source.nat.port`*:: + -- type: long @@ -11932,7 +11932,7 @@ Fields to extend the top-level destination object. -*`palo_alto.pan_os.destination.zone`*:: +*`panw.panos.destination.zone`*:: + -- type: keyword @@ -11942,7 +11942,7 @@ Destination zone for this session. -- -*`palo_alto.pan_os.destination.interface`*:: +*`panw.panos.destination.interface`*:: + -- type: keyword @@ -11959,7 +11959,7 @@ Post-NAT destination address, if destination NAT is performed. -*`palo_alto.pan_os.destination.nat.ip`*:: +*`panw.panos.destination.nat.ip`*:: + -- type: ip @@ -11969,7 +11969,7 @@ Post-NAT destination IP. -- -*`palo_alto.pan_os.destination.nat.port`*:: +*`panw.panos.destination.nat.port`*:: + -- type: long @@ -11986,7 +11986,7 @@ Fields to extend the top-level network object. -*`palo_alto.pan_os.network.pcap_id`*:: +*`panw.panos.network.pcap_id`*:: + -- type: keyword @@ -11997,7 +11997,7 @@ Packet capture ID for a threat. -- -*`palo_alto.pan_os.network.nat.community_id`*:: +*`panw.panos.network.nat.community_id`*:: + -- type: keyword @@ -12014,7 +12014,7 @@ Fields to extend the top-level file object. -*`palo_alto.pan_os.file.hash`*:: +*`panw.panos.file.hash`*:: + -- type: keyword @@ -12031,7 +12031,7 @@ Fields to extend the top-level url object. -*`palo_alto.pan_os.url.category`*:: +*`panw.panos.url.category`*:: + -- type: keyword @@ -12041,7 +12041,7 @@ For threat URLs, it's the URL category. For WildFire, the verdict on the file an -- -*`palo_alto.pan_os.flow_id`*:: +*`panw.panos.flow_id`*:: + -- type: keyword @@ -12051,7 +12051,7 @@ Internal numeric identifier for each session. -- -*`palo_alto.pan_os.sequence_number`*:: +*`panw.panos.sequence_number`*:: + -- type: long @@ -12061,7 +12061,7 @@ Log entry identifier that is incremented sequentially. Unique for each log type. -- -*`palo_alto.pan_os.threat.resource`*:: +*`panw.panos.threat.resource`*:: + -- type: keyword @@ -12071,7 +12071,7 @@ URL or file name for a threat. -- -*`palo_alto.pan_os.threat.id`*:: +*`panw.panos.threat.id`*:: + -- type: keyword @@ -12081,7 +12081,7 @@ Palo Alto Networks identifier for the threat. -- -*`palo_alto.pan_os.threat.name`*:: +*`panw.panos.threat.name`*:: + -- type: keyword diff --git a/filebeat/docs/images/filebeat-palo-alto-threat.png b/filebeat/docs/images/filebeat-panw-threat.png similarity index 100% rename from filebeat/docs/images/filebeat-palo-alto-threat.png rename to filebeat/docs/images/filebeat-panw-threat.png diff --git a/filebeat/docs/images/filebeat-palo-alto-traffic.png b/filebeat/docs/images/filebeat-panw-traffic.png similarity index 100% rename from filebeat/docs/images/filebeat-palo-alto-traffic.png rename to filebeat/docs/images/filebeat-panw-traffic.png diff --git a/filebeat/docs/modules/palo_alto.asciidoc b/filebeat/docs/modules/panw.asciidoc similarity index 70% rename from filebeat/docs/modules/palo_alto.asciidoc rename to filebeat/docs/modules/panw.asciidoc index a387ef460aa..be4671ba7d2 100644 --- a/filebeat/docs/modules/palo_alto.asciidoc +++ b/filebeat/docs/modules/panw.asciidoc @@ -2,10 +2,10 @@ This file is generated! See scripts/docs_collector.py //// -[[filebeat-module-palo_alto]] +[[filebeat-module-panw]] [role="xpack"] -:modulename: palo_alto +:modulename: panw :has-dashboards: true == Palo Alto Networks module @@ -29,7 +29,7 @@ include::../include/running-modules.asciidoc[] === ECS field mappings These are the PAN-OS to ECS field mappings as well as those fields still not -in ECS that are added under the `palo_alto` prefix: +in ECS that are added under the `panw.panos` prefix: .Traffic log mappings [options="header"] @@ -42,21 +42,21 @@ in ECS that are added under the `palo_alto` prefix: | Generated Time | `@timestamp` | | Source IP | client.ip source.ip | | Destination IP | server.ip destination.ip | -| NAT Source IP | | palo_alto.source.nat.ip -| NAT Destination IP | | palo_alto.destination.nat.ip -| Rule Name | | palo_alto.ruleset +| NAT Source IP | | panw.panos.source.nat.ip +| NAT Destination IP | | panw.panos.destination.nat.ip +| Rule Name | | panw.panos.ruleset | Source User | client.user.name source.user.name | | Destination User | server.user.name destination.user.name | | Application | network.application | -| Source Zone | | palo_alto.source.zone -| Destination Zone | | palo_alto.destination.zone -| Ingress Interface | | palo_alto.source.interface -| Egress Interface | | palo_alto.destination.interface -| Session ID | | palo_alto.flow_id +| Source Zone | | panw.panos.source.zone +| Destination Zone | | panw.panos.destination.zone +| Ingress Interface | | panw.panos.source.interface +| Egress Interface | | panw.panos.destination.interface +| Session ID | | panw.panos.flow_id | Source Port | client.port source.port | | Destination Port | destination.port server.port | -| NAT Source Port | | palo_alto.source.nat.port -| NAT Destination Port | | palo_alto.destination.nat.port +| NAT Source Port | | panw.panos.source.nat.port +| NAT Destination Port | | panw.panos.destination.nat.port | Flags | labels | | Protocol | network.transport | | Action | event.outcome | @@ -66,8 +66,8 @@ in ECS that are added under the `palo_alto` prefix: | Packets | network.packets | | Start Time | event.start | | Elapsed Time | event.duration | -| Category | | palo_alto.url.category -| Sequence Number | | palo_alto.sequence_number +| Category | | panw.panos.url.category +| Sequence Number | | panw.panos.sequence_number | Packets Sent | server.packets destination.packets | | Packets Received | client.packets source.packets | | Device Name | observer.hostname | @@ -84,39 +84,39 @@ in ECS that are added under the `palo_alto` prefix: | Generated Time | `@timestamp` | | Source IP | client.ip source.ip | | Destination IP | server.ip destination.ip | -| NAT Source IP | | palo_alto.source.nat.ip -| NAT Destination IP | | palo_alto.destination.nat.ip -| Rule Name | | palo_alto.ruleset +| NAT Source IP | | panw.panos.source.nat.ip +| NAT Destination IP | | panw.panos.destination.nat.ip +| Rule Name | | panw.panos.ruleset | Source User | client.user.name source.user.name | | Destination User | server.user.name destination.user.name | | Application | network.application | -| Source Zone | | palo_alto.source.zone -| Destination Zone | | palo_alto.destination.zone -| Ingress Interface | | palo_alto.source.interface -| Egress Interface | | palo_alto.destination.interface -| Session ID | | palo_alto.flow_id +| Source Zone | | panw.panos.source.zone +| Destination Zone | | panw.panos.destination.zone +| Ingress Interface | | panw.panos.source.interface +| Egress Interface | | panw.panos.destination.interface +| Session ID | | panw.panos.flow_id | Source Port | client.port source.port | | Destination Port | destination.port server.port | -| NAT Source Port | | palo_alto.source.nat.port -| NAT Destination Port | | palo_alto.destination.nat.port +| NAT Source Port | | panw.panos.source.nat.port +| NAT Destination Port | | panw.panos.destination.nat.port | Flags | labels | | Protocol | network.transport | | Action | event.outcome | -| Miscellaneous | url.original | palo_alto.threat_file_or_url -| Threat ID | | palo_alto.threat_id -| Category | | palo_alto.url.category +| Miscellaneous | url.original | panw.panos.threat.resource +| Threat ID | | panw.panos.threat.id +| Category | | panw.panos.url.category | Severity | log.level | | Direction | network.direction | | Source Location | source.geo.country_iso_code | | Destination Location | destination.geo.country_iso_code | -| PCAP_id | | palo_alto.network.pcap_id -| Filedigest | | palo_alto.file.hash +| PCAP_id | | panw.panos.network.pcap_id +| Filedigest | | panw.panos.file.hash | User Agent | user_agent.original | | File Type | file.type | | X-Forwarded-For | network.forwarded_ip | | Referer | http.request.referer | | Sender | source.user.email | -| Subject | | palo_alto.subject +| Subject | | panw.panos.subject | Recipient | destination.user.email | | Device Name | observer.hostname | |============== @@ -127,10 +127,10 @@ in ECS that are added under the `palo_alto` prefix: This module comes with two sample dashboards: [role="screenshot"] -image::./images/filebeat-palo-alto-traffic.png[] +image::./images/filebeat-panw-traffic.png[] [role="screenshot"] -image::./images/filebeat-palo-alto-threat.png[] +image::./images/filebeat-panw-threat.png[] include::../include/configuring-intro.asciidoc[] @@ -139,25 +139,25 @@ it can also be configured to read logs from a file. See the following example. ["source","yaml",subs="attributes"] ----- -- module: palo_alto - pan_os: +- module: panw + panos: enabled: true var.paths: ["/var/log/pan-os.log"] var.input: "file" ----- -:fileset_ex: pan_os +:fileset_ex: panos include::../include/config-option-intro.asciidoc[] [float] -==== `pan_os` fileset settings +==== `panos` fileset settings Example config: [source,yaml] ---- - pan_os: + panos: var.syslog_host: 0.0.0.0 var.syslog_port: 514 ---- @@ -186,5 +186,5 @@ NOTE: Ports below 1024 require {beatname_uc} to run as root. === Fields For a description of each field in the module, see the -<> section. +<> section. diff --git a/filebeat/docs/modules_list.asciidoc b/filebeat/docs/modules_list.asciidoc index 461df2631f9..d0ee0f35dff 100644 --- a/filebeat/docs/modules_list.asciidoc +++ b/filebeat/docs/modules_list.asciidoc @@ -22,7 +22,7 @@ This file is generated! See scripts/docs_collector.py * <> * <> * <> - * <> + * <> * <> * <> * <> @@ -55,7 +55,7 @@ include::modules/nats.asciidoc[] include::modules/netflow.asciidoc[] include::modules/nginx.asciidoc[] include::modules/osquery.asciidoc[] -include::modules/palo_alto.asciidoc[] +include::modules/panw.asciidoc[] include::modules/postgresql.asciidoc[] include::modules/rabbitmq.asciidoc[] include::modules/redis.asciidoc[] diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 20f6903305c..a3ab3697f2d 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -403,9 +403,9 @@ filebeat.modules: # of the document. The default is true. #var.use_namespace: true -#------------------------------ Palo_alto Module ------------------------------ -- module: palo_alto - pan_os: +#--------------------------------- Panw Module --------------------------------- +- module: panw + panos: enabled: true # Set which input to use between syslog (default) or file. diff --git a/x-pack/filebeat/include/list.go b/x-pack/filebeat/include/list.go index 3265bfe6f8f..0b15c711b35 100644 --- a/x-pack/filebeat/include/list.go +++ b/x-pack/filebeat/include/list.go @@ -14,7 +14,7 @@ import ( _ "github.com/elastic/beats/x-pack/filebeat/module/envoyproxy" _ "github.com/elastic/beats/x-pack/filebeat/module/iptables" _ "github.com/elastic/beats/x-pack/filebeat/module/netflow" - _ "github.com/elastic/beats/x-pack/filebeat/module/palo_alto" + _ "github.com/elastic/beats/x-pack/filebeat/module/panw" _ "github.com/elastic/beats/x-pack/filebeat/module/rabbitmq" _ "github.com/elastic/beats/x-pack/filebeat/module/suricata" _ "github.com/elastic/beats/x-pack/filebeat/module/zeek" diff --git a/x-pack/filebeat/module/palo_alto/fields.go b/x-pack/filebeat/module/palo_alto/fields.go deleted file mode 100644 index 7648c70ea20..00000000000 --- a/x-pack/filebeat/module/palo_alto/fields.go +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. - -package palo_alto - -import ( - "github.com/elastic/beats/libbeat/asset" -) - -func init() { - if err := asset.SetFields("filebeat", "palo_alto", asset.ModuleFieldsPri, AssetPaloAlto); err != nil { - panic(err) - } -} - -// AssetPaloAlto returns asset data. -// This is the base64 encoded gzipped contents of module/palo_alto. -func AssetPaloAlto() string { - return "eJzMmMFu4zYQhu95irm5BeLcesmhQNpFgABpauw26DGgqZHEhuJoh6O42qdfkJYd2aYtre01opupkPPNP/NTZKbwiu0t1MrSi7JCVwBixOLmUIZes6nFkLuF368AAP6irLEIOTHMlCW4s0LwhLIgfvXwy+zuafr3l1+vAHKDNvO3cdIUnKq21g6PtDXeQsHU1N1IImJ47uNikDNVICW+LwSWCn/T/V0/JGzGdS/k38dTkQ+F32AgjgiJ7JfJbyCluXpo3Fj0KJuhOrxXbBfE2da7Q4wA8KQqBMojY1gcpFQClRJdYgZSGg8evTfkbpJAnhrWmOTZkWuYphNNCPB/QZdFLKF6avENbRcMaP4farnZmp2SrU/6jdw255B2I4jD82WJFQJ09d6nWp/HOEHO1Y5454VaR/kBMqe2GwwOFnUk0Yy8TJ/u/lmVUWUZo/fXYPLVUHhrPNTIOXGF2S7j/jr3lE0BrhLY83IE/24GD7MU4HobIU7puAKx5IrzoYRg7zBJq2boxTgV1r2QX3sRP5xpP/XYPpZz+2Qf0b79qvY93B8/zciDVh4w80gP7ckp7eoRvh509mlcIyzulmeLC9m7i3aktWut6heT8sgZPDRT+hUFtKqlYYSHT9E/CqRkVPtUhBNNNKahNVVV44y06dTHpD9SgvD8uYoWFbC0mJbKl+tDaeiw36bS1BYHGis39lKHvBDqyJYKyR3XL38Yp7iFtTqrTlnSeHQSeOcIyinbfsN0XeZtzOVfY7N7w2EevxmNqe0kXeSk9g3bC0nfsD1Sea0EC+L257j5PvZrrMfz58fwtZGJj+zPnx/XsdO7dpi7Ksh1nPOGnBktQC7+jBVWLgPjkwugkRIZJpWyRhtq/OQaJgWrdqEYJ9dADJM5OlO4yZCJLC12bX/C5e0hnA6csuCaCtloMBk6MblBjl2MSpe754X0PQ6/Nug0vrimmiMnGRPftQHARyoAnXDbJ4s3TOPBOM1YoRPMuvBilLWJOj4787XB95QsFRFpIKdus2c8cEk9SvfQdcTLzgmhxnxctqDO2QaJ/y1sNUK0+Q/QhR8/lW+tWp/sewAAAP//0JiSnA==" -} diff --git a/x-pack/filebeat/module/palo_alto/README.md b/x-pack/filebeat/module/panw/README.md similarity index 64% rename from x-pack/filebeat/module/palo_alto/README.md rename to x-pack/filebeat/module/panw/README.md index 2c391053826..c81b1b2c629 100644 --- a/x-pack/filebeat/module/palo_alto/README.md +++ b/x-pack/filebeat/module/panw/README.md @@ -1,4 +1,4 @@ -# Palo Alto module +# Palo Alto Networks module ## Caveats diff --git a/x-pack/filebeat/module/palo_alto/_meta/config.yml b/x-pack/filebeat/module/panw/_meta/config.yml similarity index 88% rename from x-pack/filebeat/module/palo_alto/_meta/config.yml rename to x-pack/filebeat/module/panw/_meta/config.yml index e507060d2f0..41c54c3700c 100644 --- a/x-pack/filebeat/module/palo_alto/_meta/config.yml +++ b/x-pack/filebeat/module/panw/_meta/config.yml @@ -1,5 +1,5 @@ -- module: palo_alto - pan_os: +- module: panw + panos: enabled: true # Set which input to use between syslog (default) or file. diff --git a/x-pack/filebeat/module/palo_alto/_meta/docs.asciidoc b/x-pack/filebeat/module/panw/_meta/docs.asciidoc similarity index 71% rename from x-pack/filebeat/module/palo_alto/_meta/docs.asciidoc rename to x-pack/filebeat/module/panw/_meta/docs.asciidoc index 9780f002508..f1228fdc364 100644 --- a/x-pack/filebeat/module/palo_alto/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/panw/_meta/docs.asciidoc @@ -1,6 +1,6 @@ [role="xpack"] -:modulename: palo_alto +:modulename: panw :has-dashboards: true == Palo Alto Networks module @@ -24,7 +24,7 @@ include::../include/running-modules.asciidoc[] === ECS field mappings These are the PAN-OS to ECS field mappings as well as those fields still not -in ECS that are added under the `palo_alto` prefix: +in ECS that are added under the `panw.panos` prefix: .Traffic log mappings [options="header"] @@ -37,21 +37,21 @@ in ECS that are added under the `palo_alto` prefix: | Generated Time | `@timestamp` | | Source IP | client.ip source.ip | | Destination IP | server.ip destination.ip | -| NAT Source IP | | palo_alto.source.nat.ip -| NAT Destination IP | | palo_alto.destination.nat.ip -| Rule Name | | palo_alto.ruleset +| NAT Source IP | | panw.panos.source.nat.ip +| NAT Destination IP | | panw.panos.destination.nat.ip +| Rule Name | | panw.panos.ruleset | Source User | client.user.name source.user.name | | Destination User | server.user.name destination.user.name | | Application | network.application | -| Source Zone | | palo_alto.source.zone -| Destination Zone | | palo_alto.destination.zone -| Ingress Interface | | palo_alto.source.interface -| Egress Interface | | palo_alto.destination.interface -| Session ID | | palo_alto.flow_id +| Source Zone | | panw.panos.source.zone +| Destination Zone | | panw.panos.destination.zone +| Ingress Interface | | panw.panos.source.interface +| Egress Interface | | panw.panos.destination.interface +| Session ID | | panw.panos.flow_id | Source Port | client.port source.port | | Destination Port | destination.port server.port | -| NAT Source Port | | palo_alto.source.nat.port -| NAT Destination Port | | palo_alto.destination.nat.port +| NAT Source Port | | panw.panos.source.nat.port +| NAT Destination Port | | panw.panos.destination.nat.port | Flags | labels | | Protocol | network.transport | | Action | event.outcome | @@ -61,8 +61,8 @@ in ECS that are added under the `palo_alto` prefix: | Packets | network.packets | | Start Time | event.start | | Elapsed Time | event.duration | -| Category | | palo_alto.url.category -| Sequence Number | | palo_alto.sequence_number +| Category | | panw.panos.url.category +| Sequence Number | | panw.panos.sequence_number | Packets Sent | server.packets destination.packets | | Packets Received | client.packets source.packets | | Device Name | observer.hostname | @@ -79,39 +79,39 @@ in ECS that are added under the `palo_alto` prefix: | Generated Time | `@timestamp` | | Source IP | client.ip source.ip | | Destination IP | server.ip destination.ip | -| NAT Source IP | | palo_alto.source.nat.ip -| NAT Destination IP | | palo_alto.destination.nat.ip -| Rule Name | | palo_alto.ruleset +| NAT Source IP | | panw.panos.source.nat.ip +| NAT Destination IP | | panw.panos.destination.nat.ip +| Rule Name | | panw.panos.ruleset | Source User | client.user.name source.user.name | | Destination User | server.user.name destination.user.name | | Application | network.application | -| Source Zone | | palo_alto.source.zone -| Destination Zone | | palo_alto.destination.zone -| Ingress Interface | | palo_alto.source.interface -| Egress Interface | | palo_alto.destination.interface -| Session ID | | palo_alto.flow_id +| Source Zone | | panw.panos.source.zone +| Destination Zone | | panw.panos.destination.zone +| Ingress Interface | | panw.panos.source.interface +| Egress Interface | | panw.panos.destination.interface +| Session ID | | panw.panos.flow_id | Source Port | client.port source.port | | Destination Port | destination.port server.port | -| NAT Source Port | | palo_alto.source.nat.port -| NAT Destination Port | | palo_alto.destination.nat.port +| NAT Source Port | | panw.panos.source.nat.port +| NAT Destination Port | | panw.panos.destination.nat.port | Flags | labels | | Protocol | network.transport | | Action | event.outcome | -| Miscellaneous | url.original | palo_alto.threat_file_or_url -| Threat ID | | palo_alto.threat_id -| Category | | palo_alto.url.category +| Miscellaneous | url.original | panw.panos.threat.resource +| Threat ID | | panw.panos.threat.id +| Category | | panw.panos.url.category | Severity | log.level | | Direction | network.direction | | Source Location | source.geo.country_iso_code | | Destination Location | destination.geo.country_iso_code | -| PCAP_id | | palo_alto.network.pcap_id -| Filedigest | | palo_alto.file.hash +| PCAP_id | | panw.panos.network.pcap_id +| Filedigest | | panw.panos.file.hash | User Agent | user_agent.original | | File Type | file.type | | X-Forwarded-For | network.forwarded_ip | | Referer | http.request.referer | | Sender | source.user.email | -| Subject | | palo_alto.subject +| Subject | | panw.panos.subject | Recipient | destination.user.email | | Device Name | observer.hostname | |============== @@ -122,10 +122,10 @@ in ECS that are added under the `palo_alto` prefix: This module comes with two sample dashboards: [role="screenshot"] -image::./images/filebeat-palo-alto-traffic.png[] +image::./images/filebeat-panw-traffic.png[] [role="screenshot"] -image::./images/filebeat-palo-alto-threat.png[] +image::./images/filebeat-panw-threat.png[] include::../include/configuring-intro.asciidoc[] @@ -134,25 +134,25 @@ it can also be configured to read logs from a file. See the following example. ["source","yaml",subs="attributes"] ----- -- module: palo_alto - pan_os: +- module: panw + panos: enabled: true var.paths: ["/var/log/pan-os.log"] var.input: "file" ----- -:fileset_ex: pan_os +:fileset_ex: panos include::../include/config-option-intro.asciidoc[] [float] -==== `pan_os` fileset settings +==== `panos` fileset settings Example config: [source,yaml] ---- - pan_os: + panos: var.syslog_host: 0.0.0.0 var.syslog_port: 514 ---- diff --git a/x-pack/filebeat/module/palo_alto/_meta/fields.yml b/x-pack/filebeat/module/panw/_meta/fields.yml similarity index 55% rename from x-pack/filebeat/module/palo_alto/_meta/fields.yml rename to x-pack/filebeat/module/panw/_meta/fields.yml index c02e9c69aa1..6cd468b1015 100644 --- a/x-pack/filebeat/module/palo_alto/_meta/fields.yml +++ b/x-pack/filebeat/module/panw/_meta/fields.yml @@ -1,10 +1,10 @@ -- key: palo_alto - title: palo_alto +- key: panw + title: panw description: > Module for Palo Alto Networks (PAN-OS) fields: - - name: palo_alto + - name: panw type: group description: > - Fields from the palo_alto logs. + Fields from the panw module. fields: diff --git a/x-pack/filebeat/module/palo_alto/_meta/kibana/7/dashboard/Filebeat-palo-alto-network-overview.json b/x-pack/filebeat/module/panw/_meta/kibana/7/dashboard/Filebeat-panw-network-overview.json similarity index 96% rename from x-pack/filebeat/module/palo_alto/_meta/kibana/7/dashboard/Filebeat-palo-alto-network-overview.json rename to x-pack/filebeat/module/panw/_meta/kibana/7/dashboard/Filebeat-panw-network-overview.json index 6f8eacad468..b921d93d87a 100644 --- a/x-pack/filebeat/module/palo_alto/_meta/kibana/7/dashboard/Filebeat-palo-alto-network-overview.json +++ b/x-pack/filebeat/module/panw/_meta/kibana/7/dashboard/Filebeat-panw-network-overview.json @@ -119,7 +119,7 @@ } ], "timeRestore": false, - "title": "[Filebeat palo_alto] Network Flows ECS", + "title": "[Filebeat PANW] Network Flows ECS", "version": 1 }, "id": "e40ba240-7572-11e9-976e-65a8f47cc4c1", @@ -180,7 +180,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Destination Flows Map [Filebeat palo_alto] ECS", + "title": "Destination Flows Map [Filebeat PANW] ECS", "uiStateJSON": {}, "version": 1, "visState": { @@ -231,7 +231,7 @@ } } }, - "title": "Destination Flows Map [Filebeat palo_alto] ECS", + "title": "Destination Flows Map [Filebeat PANW] ECS", "type": "tile_map" } }, @@ -263,7 +263,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Source Flows Map [Filebeat palo_alto] ECS", + "title": "Source Flows Map [Filebeat PANW] ECS", "uiStateJSON": { "mapCenter": [ -0.17578097424708533, @@ -320,7 +320,7 @@ } } }, - "title": "Source Flows Map [Filebeat palo_alto] ECS", + "title": "Source Flows Map [Filebeat PANW] ECS", "type": "tile_map" } }, @@ -378,7 +378,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Flow Creation Histogram [Filebeat palo_alto] ECS", + "title": "Flow Creation Histogram [Filebeat PANW] ECS", "uiStateJSON": {}, "version": 1, "visState": { @@ -491,7 +491,7 @@ } ] }, - "title": "Flow Creation Histogram [Filebeat palo_alto] ECS", + "title": "Flow Creation Histogram [Filebeat PANW] ECS", "type": "histogram" } }, @@ -554,7 +554,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Source Zone breakout [Filebeat palo_alto] ECS", + "title": "Source Zone breakout [Filebeat PANW] ECS", "uiStateJSON": {}, "version": 1, "visState": { @@ -570,7 +570,7 @@ "enabled": true, "id": "2", "params": { - "field": "palo_alto.pan_os.source.zone", + "field": "panw.panos.source.zone", "missingBucket": false, "missingBucketLabel": "Missing", "order": "desc", @@ -666,7 +666,7 @@ } ] }, - "title": "Source Zone breakout [Filebeat palo_alto] ECS", + "title": "Source Zone breakout [Filebeat PANW] ECS", "type": "horizontal_bar" } }, @@ -729,7 +729,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Destination Zone breakout [Filebeat palo_alto] ECS", + "title": "Destination Zone breakout [Filebeat PANW] ECS", "uiStateJSON": {}, "version": 1, "visState": { @@ -745,7 +745,7 @@ "enabled": true, "id": "2", "params": { - "field": "palo_alto.pan_os.destination.zone", + "field": "panw.panos.destination.zone", "missingBucket": false, "missingBucketLabel": "Missing", "order": "desc", @@ -841,7 +841,7 @@ } ] }, - "title": "Destination Zone breakout [Filebeat palo_alto] ECS", + "title": "Destination Zone breakout [Filebeat PANW] ECS", "type": "horizontal_bar" } }, @@ -878,7 +878,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Event Outcome by Transport and Destination Port [Filebeat palo_alto] ECS", + "title": "Event Outcome by Transport and Destination Port [Filebeat PANW] ECS", "uiStateJSON": {}, "version": 1, "visState": { @@ -952,7 +952,7 @@ "legendPosition": "right", "type": "pie" }, - "title": "Event Outcome by Transport and Destination Port [Filebeat palo_alto] ECS", + "title": "Event Outcome by Transport and Destination Port [Filebeat PANW] ECS", "type": "pie" } }, @@ -984,7 +984,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Network Application breakout [Filebeat palo_alto] ECS", + "title": "Network Application breakout [Filebeat PANW] ECS", "uiStateJSON": {}, "version": 1, "visState": { @@ -1042,7 +1042,7 @@ "legendPosition": "right", "type": "pie" }, - "title": "Network Application breakout [Filebeat palo_alto] ECS", + "title": "Network Application breakout [Filebeat PANW] ECS", "type": "pie" } }, @@ -1075,7 +1075,7 @@ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", - "query": "palo_alto.pan_os:* and event.category: \"network_traffic\"" + "query": "panw.panos:* and event.category: \"network_traffic\"" }, "version": true } @@ -1084,7 +1084,7 @@ "@timestamp", "desc" ], - "title": "PAN-OS Flows [Filebeat palo_alto] ECS", + "title": "PAN-OS Flows [Filebeat PANW] ECS", "version": 1 }, "id": "290685e0-7569-11e9-976e-65a8f47cc4c1", diff --git a/x-pack/filebeat/module/palo_alto/_meta/kibana/7/dashboard/Filebeat-palo-alto-threat-overview.json b/x-pack/filebeat/module/panw/_meta/kibana/7/dashboard/Filebeat-panw-threat-overview.json similarity index 95% rename from x-pack/filebeat/module/palo_alto/_meta/kibana/7/dashboard/Filebeat-palo-alto-threat-overview.json rename to x-pack/filebeat/module/panw/_meta/kibana/7/dashboard/Filebeat-panw-threat-overview.json index c0d4034c7d1..667bbd5f40d 100644 --- a/x-pack/filebeat/module/palo_alto/_meta/kibana/7/dashboard/Filebeat-palo-alto-threat-overview.json +++ b/x-pack/filebeat/module/panw/_meta/kibana/7/dashboard/Filebeat-panw-threat-overview.json @@ -112,7 +112,7 @@ } ], "timeRestore": false, - "title": "[Filebeat palo_alto] Threats Overview ECS", + "title": "[Filebeat PANW] Threats Overview ECS", "version": 1 }, "id": "772964e0-7591-11e9-aacf-79a3704914a0", @@ -168,7 +168,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Threat outcome histogram [Filebeat palo_alto] ECS", + "title": "Threat outcome histogram [Filebeat PANW] ECS", "uiStateJSON": {}, "version": 1, "visState": { @@ -281,7 +281,7 @@ } ] }, - "title": "Threat outcome histogram [Filebeat palo_alto] ECS", + "title": "Threat outcome histogram [Filebeat PANW] ECS", "type": "histogram" } }, @@ -313,7 +313,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Threat ID Cloud [Filebeat palo_alto] ECS", + "title": "Threat ID Cloud [Filebeat PANW] ECS", "uiStateJSON": {}, "version": 1, "visState": { @@ -329,7 +329,7 @@ "enabled": true, "id": "2", "params": { - "field": "palo_alto.pan_os.threat.name", + "field": "panw.panos.threat.name", "missingBucket": false, "missingBucketLabel": "Missing", "order": "desc", @@ -349,7 +349,7 @@ "scale": "linear", "showLabel": true }, - "title": "Threat ID Cloud [Filebeat palo_alto] ECS", + "title": "Threat ID Cloud [Filebeat PANW] ECS", "type": "tagcloud" } }, @@ -381,7 +381,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Threat Resource Cloud [Filebeat palo_alto] ECS", + "title": "Threat Resource Cloud [Filebeat PANW] ECS", "uiStateJSON": {}, "version": 1, "visState": { @@ -417,7 +417,7 @@ "scale": "linear", "showLabel": true }, - "title": "Threat Resource Cloud [Filebeat palo_alto] ECS", + "title": "Threat Resource Cloud [Filebeat PANW] ECS", "type": "tagcloud" } }, @@ -475,7 +475,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Top attackers (clients) [Filebeat palo_alto] ECS", + "title": "Top attackers (clients) [Filebeat PANW] ECS", "uiStateJSON": { "vis": { "params": { @@ -524,7 +524,7 @@ }, "totalFunc": "sum" }, - "title": "Top attackers (clients) [Filebeat palo_alto] ECS", + "title": "Top attackers (clients) [Filebeat PANW] ECS", "type": "table" } }, @@ -587,7 +587,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Top attackers (servers) [Filebeat palo_alto] ECS", + "title": "Top attackers (servers) [Filebeat PANW] ECS", "uiStateJSON": { "vis": { "params": { @@ -636,7 +636,7 @@ }, "totalFunc": "sum" }, - "title": "Top attackers (servers) [Filebeat palo_alto] ECS", + "title": "Top attackers (servers) [Filebeat PANW] ECS", "type": "table" } }, @@ -673,7 +673,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Outcome by Threat Type [Filebeat palo_alto] ECS", + "title": "Outcome by Threat Type [Filebeat PANW] ECS", "uiStateJSON": {}, "version": 1, "visState": { @@ -731,7 +731,7 @@ "legendPosition": "right", "type": "pie" }, - "title": "Outcome by Threat Type [Filebeat palo_alto] ECS", + "title": "Outcome by Threat Type [Filebeat PANW] ECS", "type": "pie" } }, @@ -764,7 +764,7 @@ "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", - "query": "palo_alto.pan_os:* and event.category: \"security_threat\"" + "query": "panw.panos:* and event.category: \"security_threat\"" }, "version": true } @@ -773,7 +773,7 @@ "@timestamp", "desc" ], - "title": "PAN-OS Threats [Filebeat palo_alto] ECS", + "title": "PAN-OS Threats [Filebeat PANW] ECS", "version": 1 }, "id": "3cea1360-7569-11e9-976e-65a8f47cc4c1", diff --git a/x-pack/filebeat/module/panw/fields.go b/x-pack/filebeat/module/panw/fields.go new file mode 100644 index 00000000000..0748e2a7374 --- /dev/null +++ b/x-pack/filebeat/module/panw/fields.go @@ -0,0 +1,23 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package panw + +import ( + "github.com/elastic/beats/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "panw", asset.ModuleFieldsPri, AssetPanw); err != nil { + panic(err) + } +} + +// AssetPanw returns asset data. +// This is the base64 encoded gzipped contents of module/panw. +func AssetPanw() string { + return "eJzMmM9u4zYQxu95irm5BeLcesmhQNpFgABpauw26HFBUyOJNcXRDkdxtU+/IC3bWpu2tLbXiG6STH6/+fNRpKewwPYeauWWNwBixOLmLkOv2dRiyN3D7zcAAH9R1liEnBhmyhI8WCF4QVkSLzz8Mnt4mf796dcbgNygzfx9HDQFp6rttOGStsZ7KJiaunuSEAvXY5wHcqYKpMQ4B1SR4q77UV8KdvTIbx+nVI9Jf6dPHOUTQa9iBkuFv+uP3cPqkXFj0aN8L9XhLbBdEmc7744xAsCLqhAoj4xhcpBSCVRKdIkZSGk8ePTekLtLAnlqWGOSZy9dwzRd0oQA/xd0WcQSqqcW39B2YkDz/1DL3c7oVNr6pF/J7XIO5W4Ecbg+rbCCQFfvQ1nr8xgnyLnaS95loTYqP0Dm1G6DwdGijiSakZfpy8M/6zKqLGP0/hZMvn4U3hoPNXJOXGG2z3i4zr3MpgDXARx4OYJ/P4KnWQpws4oQp/K4BrHkisuhBLEtTNKqGXoxToV5r+TXnuK7M+2HHtv7cm6f7D3at1/Vvof7z88z8qCVB8w80kMHYkq7eoSvB519HtcIi7vV3uJK9u7UTrR2rVX92aQ8cgEPzZReoIBWtTSM8PQh+keBlIzqUBbhTBONaWhNVdU4I2069DHhj0xBuP5cq8UMWFpOS+XLzaY0dNhvU2nq7Z74QGPlxl5rkxekTmypENxp/fKHcYpb2GRn3SkrGo9OAu8cQTll26+Yrsu8jbH8a2z2aDiM4zejMbWcpIuczH3D9kqpb9iemHmtBAvi9ue4+TH2a6zH68fn8LWRiY/srx+fN9rpVTuMXRfkNo55Q86MFiAXb2OFlcvA+OQEaKREhkmlrNGGGj+5hUnBql0qxsktEMNkjs4UbjJkIkvLfdufcXh7CrsDpyy4pkI2GkyGTkxukGMXo9Ll/n4hfY7DLw06jZ9dU82Rk4yJ79oA4DMVgE647ZPFE6bxYJxmrNAJZp28GGVtoo6vznxpcBuSpSIiDcTULfaMRw6pJ+U9dB3xqnOC1JiPyw7UJdsg8d/CTiNEm/8AXbj5qXybrPXJvgUAAP//KvmK+g==" +} diff --git a/x-pack/filebeat/module/palo_alto/module.yml b/x-pack/filebeat/module/panw/module.yml similarity index 50% rename from x-pack/filebeat/module/palo_alto/module.yml rename to x-pack/filebeat/module/panw/module.yml index aa3264f7585..ed975d78f70 100644 --- a/x-pack/filebeat/module/palo_alto/module.yml +++ b/x-pack/filebeat/module/panw/module.yml @@ -1,5 +1,5 @@ dashboards: - id: 772964e0-7591-11e9-aacf-79a3704914a0 - file: Filebeat-palo-alto-threat-overview.json + file: Filebeat-panw-threat-overview.json - id: e40ba240-7572-11e9-976e-65a8f47cc4c1 - file: Filebeat-palo-alto-network-overview.json + file: Filebeat-panw-network-overview.json diff --git a/x-pack/filebeat/module/palo_alto/pan_os/_meta/fields.yml b/x-pack/filebeat/module/panw/panos/_meta/fields.yml similarity index 99% rename from x-pack/filebeat/module/palo_alto/pan_os/_meta/fields.yml rename to x-pack/filebeat/module/panw/panos/_meta/fields.yml index e19c9dac2a6..14920667ca6 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/_meta/fields.yml +++ b/x-pack/filebeat/module/panw/panos/_meta/fields.yml @@ -1,4 +1,4 @@ - - name: pan_os + - name: panos type: group description: > Fields for the Palo Alto Networks PAN-OS logs. diff --git a/x-pack/filebeat/module/palo_alto/pan_os/config/input.yml b/x-pack/filebeat/module/panw/panos/config/input.yml similarity index 65% rename from x-pack/filebeat/module/palo_alto/pan_os/config/input.yml rename to x-pack/filebeat/module/panw/panos/config/input.yml index 879fa479b28..0a143adcfcc 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/config/input.yml +++ b/x-pack/filebeat/module/panw/panos/config/input.yml @@ -51,25 +51,25 @@ processors: server.ip: 8 destination.ip: 8 destination.address: 8 - palo_alto.pan_os.source.nat.ip: 9 - palo_alto.pan_os.destination.nat.ip: 10 - palo_alto.pan_os.ruleset: 11 + panw.panos.source.nat.ip: 9 + panw.panos.destination.nat.ip: 10 + panw.panos.ruleset: 11 client.user.name: 12 source.user.name: 12 server.user.name: 13 destination.user.name: 13 network.application: 14 - palo_alto.pan_os.source.zone: 16 - palo_alto.pan_os.destination.zone: 17 - palo_alto.pan_os.source.interface: 18 - palo_alto.pan_os.destination.interface: 19 - palo_alto.pan_os.flow_id: 22 + panw.panos.source.zone: 16 + panw.panos.destination.zone: 17 + panw.panos.source.interface: 18 + panw.panos.destination.interface: 19 + panw.panos.flow_id: 22 client.port: 24 source.port: 24 destination.port: 25 server.port: 25 - palo_alto.pan_os.source.nat.port: 26 - palo_alto.pan_os.destination.nat.port: 27 + panw.panos.source.nat.port: 26 + panw.panos.destination.nat.port: 27 _temp_.labels: 28 network.transport: 29 event.outcome: 30 @@ -81,8 +81,8 @@ processors: network.packets: 34 event.start: 35 event.duration: 36 - palo_alto.pan_os.url.category: 37 - palo_alto.pan_os.sequence_number: 39 + panw.panos.url.category: 37 + panw.panos.sequence_number: 39 server.packets: 44 destination.packets: 44 client.packets: 45 @@ -104,44 +104,44 @@ processors: server.ip: 8 destination.ip: 8 destination.address: 8 - palo_alto.pan_os.source.nat.ip: 9 - palo_alto.pan_os.destination.nat.ip: 10 - palo_alto.pan_os.ruleset: 11 + panw.panos.source.nat.ip: 9 + panw.panos.destination.nat.ip: 10 + panw.panos.ruleset: 11 client.user.name: 12 source.user.name: 12 server.user.name: 13 destination.user.name: 13 network.application: 14 - palo_alto.pan_os.source.zone: 16 - palo_alto.pan_os.destination.zone: 17 - palo_alto.pan_os.source.interface: 18 - palo_alto.pan_os.destination.interface: 19 - palo_alto.pan_os.flow_id: 22 + panw.panos.source.zone: 16 + panw.panos.destination.zone: 17 + panw.panos.source.interface: 18 + panw.panos.destination.interface: 19 + panw.panos.flow_id: 22 client.port: 24 source.port: 24 destination.port: 25 server.port: 25 - palo_alto.pan_os.source.nat.port: 26 - palo_alto.pan_os.destination.nat.port: 27 + panw.panos.source.nat.port: 26 + panw.panos.destination.nat.port: 27 _temp_.labels: 28 network.transport: 29 event.outcome: 30 - palo_alto.pan_os.threat.resource: 31 + panw.panos.threat.resource: 31 url.original: 31 - palo_alto.pan_os.threat.name: 32 - palo_alto.pan_os.url.category: 33 + panw.panos.threat.name: 32 + panw.panos.url.category: 33 log.level: 34 _temp_.direction: 35 source.geo.country_iso_code: 38 destination.geo.country_iso_code: 39 - palo_alto.pan_os.network.pcap_id: 42 - palo_alto.pan_os.file.hash: 43 + panw.panos.network.pcap_id: 42 + panw.panos.file.hash: 43 user_agent.original: 46 file.type: 47 network.forwarded_ip: 48 http.request.referer: 49 source.user.email: 50 - palo_alto.pan_os.subject: 51 + panw.panos.subject: 51 destination.user.email: 52 observer.hostname: 59 @@ -152,9 +152,9 @@ processors: - community_id: ~ - community_id: - target: palo_alto.pan_os.network.nat.community_id + target: panw.panos.network.nat.community_id fields: - source_ip: palo_alto.pan_os.source.nat.ip - source_port: palo_alto.pan_os.source.nat.port - destination_ip: palo_alto.pan_os.destination.nat.ip - destination_port: palo_alto.pan_os.destination.nat.port + source_ip: panw.panos.source.nat.ip + source_port: panw.panos.source.nat.port + destination_ip: panw.panos.destination.nat.ip + destination_port: panw.panos.destination.nat.port diff --git a/x-pack/filebeat/module/palo_alto/pan_os/ingest/pipeline.yml b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml similarity index 81% rename from x-pack/filebeat/module/palo_alto/pan_os/ingest/pipeline.yml rename to x-pack/filebeat/module/panw/panos/ingest/pipeline.yml index b08de6b8706..8cbe2aee853 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/ingest/pipeline.yml +++ b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml @@ -1,4 +1,4 @@ -description: "Pipeline for Palo Alto PAN-OS Logs" +description: "Pipeline for Palo Alto Networks PAN-OS Logs" processors: # keep message as log.original. @@ -55,15 +55,15 @@ processors: - convert: { type: long, ignore_missing: true, field: network.packets } - convert: { type: long, ignore_missing: true, field: event.duration } - convert: { type: long, ignore_missing: true, field: _temp_.labels } - - convert: { type: long, ignore_missing: true, field: palo_alto.pan_os.sequence_number } - - convert: { type: long, ignore_missing: true, field: palo_alto.pan_os.source.nat.port } - - convert: { type: long, ignore_missing: true, field: palo_alto.pan_os.destination.nat.port } + - convert: { type: long, ignore_missing: true, field: panw.panos.sequence_number } + - convert: { type: long, ignore_missing: true, field: panw.panos.source.nat.port } + - convert: { type: long, ignore_missing: true, field: panw.panos.destination.nat.port } # Remove PCAP ID when zero (no packet capture). - remove: - if: 'ctx?.palo_alto?.pan_os?.network?.pcap_id == "0"' + if: 'ctx?.panw?.panos?.network?.pcap_id == "0"' field: - - palo_alto.pan_os.network.pcap_id + - panw.panos.network.pcap_id # Extract 'flags' bitfield into labels. - script: @@ -112,23 +112,23 @@ processors: - set: field: network.direction value: inbound - if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.palo_alto?.pan_os?.source?.zone == "untrust" && ctx?.palo_alto?.pan_os?.destination?.zone == "trust"' + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "untrust" && ctx?.panw?.panos?.destination?.zone == "trust"' - set: field: network.direction value: outbound - if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.palo_alto?.pan_os?.source?.zone == "trust" && ctx?.palo_alto?.pan_os?.destination?.zone == "untrust"' + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "trust" && ctx?.panw?.panos?.destination?.zone == "untrust"' - set: field: network.direction value: internal - if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.palo_alto?.pan_os?.source?.zone == "trust" && ctx?.palo_alto?.pan_os?.destination?.zone == "trust"' + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "trust" && ctx?.panw?.panos?.destination?.zone == "trust"' - set: field: network.direction value: external - if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.palo_alto?.pan_os?.source?.zone == "untrust" && ctx?.palo_alto?.pan_os?.destination?.zone == "untrust"' + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ctx?.panw?.panos?.source?.zone == "untrust" && ctx?.panw?.panos?.destination?.zone == "untrust"' - set: field: network.direction value: unknown - if: 'ctx?._temp_?.message_type == "TRAFFIC" && ((ctx?.palo_alto?.pan_os?.source?.zone != "trust" && ctx?.palo_alto?.pan_os?.source?.zone != "untrust") || (ctx?.palo_alto?.pan_os?.destination?.zone != "trust" && ctx?.palo_alto?.pan_os?.destination?.zone != "untrust"))' + if: 'ctx?._temp_?.message_type == "TRAFFIC" && ((ctx?.panw?.panos?.source?.zone != "trust" && ctx?.panw?.panos?.source?.zone != "untrust") || (ctx?.panw?.panos?.destination?.zone != "trust" && ctx?.panw?.panos?.destination?.zone != "untrust"))' # Set network.direction from threat direction (Threat logs). - set: @@ -287,15 +287,15 @@ processors: value: - '{{destination.ip}}' - append: - if: 'ctx?.palo_alto?.pan_os?.source?.nat?.ip != null' + if: 'ctx?.panw?.panos?.source?.nat?.ip != null' field: related.ip value: - - '{{palo_alto.pan_os.source.nat.ip}}' + - '{{panw.panos.source.nat.ip}}' - append: - if: 'ctx?.palo_alto?.pan_os?.destination?.nat?.ip != null' + if: 'ctx?.panw?.panos?.destination?.nat?.ip != null' field: related.ip value: - - '{{palo_alto.pan_os.destination.nat.ip}}' + - '{{panw.panos.destination.nat.ip}}' # Geolocation for source. - geoip: @@ -311,22 +311,22 @@ processors: # Append NAT community_id to network.community_id - append: - if: 'ctx?.palo_alto?.pan_os?.network?.nat?.community_id != null && ctx.palo_alto.pan_os.network.nat.community_id != ctx?.network?.community_id' + if: 'ctx?.panw?.panos?.network?.nat?.community_id != null && ctx.panw.panos.network.nat.community_id != ctx?.network?.community_id' field: network.community_id value: - - '{{palo_alto.pan_os.network.nat.community_id}}' + - '{{panw.panos.network.nat.community_id}}' - grok: - if: 'ctx?.palo_alto?.pan_os?.threat?.name != null' - field: palo_alto.pan_os.threat.name + if: 'ctx?.panw?.panos?.threat?.name != null' + field: panw.panos.threat.name ignore_failure: true patterns: - - '%{GREEDYDATA:palo_alto.pan_os.threat.name}\(\s*%{GREEDYDATA:palo_alto.pan_os.threat.id}\s*\)' + - '%{GREEDYDATA:panw.panos.threat.name}\(\s*%{GREEDYDATA:panw.panos.threat.id}\s*\)' - set: - field: palo_alto.pan_os.threat.name + field: panw.panos.threat.name value: 'URL-filtering' - if: 'ctx?.palo_alto?.pan_os?.threat?.id == "9999"' + if: 'ctx?.panw?.panos?.threat?.id == "9999"' # Remove temporary fields. - remove: diff --git a/x-pack/filebeat/module/palo_alto/pan_os/manifest.yml b/x-pack/filebeat/module/panw/panos/manifest.yml similarity index 100% rename from x-pack/filebeat/module/palo_alto/pan_os/manifest.yml rename to x-pack/filebeat/module/panw/panos/manifest.yml diff --git a/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_other.log b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log similarity index 100% rename from x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_other.log rename to x-pack/filebeat/module/panw/panos/test/pan_inc_other.log diff --git a/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_other.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json similarity index 75% rename from x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_other.log-expected.json rename to x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json index 802ceacf752..b237e752007 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_other.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json @@ -21,14 +21,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:56.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:56.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 5853, @@ -41,18 +41,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25149", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25149", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -63,7 +63,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", diff --git a/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_threat.log b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log similarity index 100% rename from x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_threat.log rename to x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log diff --git a/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json similarity index 70% rename from x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_threat.log-expected.json rename to x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json index d2abcd6573d..affd9e20ffb 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json @@ -17,12 +17,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -34,20 +34,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25149", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "lorexx.cn/loader.exe", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25149", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "lorexx.cn/loader.exe", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -56,7 +56,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -85,12 +85,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -102,20 +102,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26067", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "lsiu.info/evo/count.php?o=2", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26067", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "lsiu.info/evo/count.php?o=2", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -124,7 +124,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -153,12 +153,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -170,20 +170,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26522", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "lsiu.info/evo/count.php?o=5", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26522", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "lsiu.info/evo/count.php?o=5", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -192,7 +192,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -221,12 +221,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -238,20 +238,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25112", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "lsiu.info/evo/count.php?o=7", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25112", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "lsiu.info/evo/count.php?o=7", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -260,7 +260,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -289,12 +289,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -306,20 +306,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25179", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25179", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -328,7 +328,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -357,12 +357,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -374,20 +374,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25848", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25848", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -396,7 +396,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -425,12 +425,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -442,20 +442,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24910", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "liteautobestguide.cn/load.php", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24910", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "liteautobestguide.cn/load.php", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -464,7 +464,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -493,12 +493,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -510,20 +510,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26862", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "liteautobestguide.cn/index.php", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26862", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "liteautobestguide.cn/index.php", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -532,7 +532,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -561,12 +561,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -578,20 +578,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "22860", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "litetopdetect.cn/index.php", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "22860", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "litetopdetect.cn/index.php", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -600,7 +600,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -629,12 +629,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -646,20 +646,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26360", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26360", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -668,7 +668,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -697,12 +697,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -714,20 +714,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25543", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "girlteenxxxfreemov.com/", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25543", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "girlteenxxxfreemov.com/", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -736,7 +736,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -765,12 +765,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -782,20 +782,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25437", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "imagesrepository.com/resolution.php", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25437", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "imagesrepository.com/resolution.php", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -804,7 +804,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -833,12 +833,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -850,20 +850,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26338", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "hottestfiles.com/search/search.php?q=xxx", - "palo_alto.pan_os.url.category": "search-engines", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26338", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "hottestfiles.com/search/search.php?q=xxx", + "panw.panos.url.category": "search-engines", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -872,7 +872,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -901,12 +901,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -917,20 +917,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25713", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "infodist1.com/in.cgi?11¶meter=404", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25713", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "infodist1.com/in.cgi?11¶meter=404", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -939,7 +939,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -968,12 +968,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -985,20 +985,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25451", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "cls-softwares.com/suc.php", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25451", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "cls-softwares.com/suc.php", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1007,7 +1007,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -1036,12 +1036,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -1053,20 +1053,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26414", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "cls-softwares.com/softwarefortubeview.40013.exe", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26414", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "cls-softwares.com/softwarefortubeview.40013.exe", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1075,7 +1075,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -1101,12 +1101,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -1117,20 +1117,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26927", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "findmorepill.com/klik/search.php?q=xxx", - "palo_alto.pan_os.url.category": "online-gambling", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26927", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "findmorepill.com/klik/search.php?q=xxx", + "panw.panos.url.category": "online-gambling", "related.ip": [ "192.168.0.2", "78.159.99.224", @@ -1139,7 +1139,7 @@ ], "server.ip": "78.159.99.224", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -1168,12 +1168,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -1185,20 +1185,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26127", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "allowedwebsurfing.com/", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26127", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "allowedwebsurfing.com/", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1207,7 +1207,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -1236,12 +1236,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -1253,20 +1253,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25306", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "antivirus-remote.com/", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25306", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "antivirus-remote.com/", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1275,7 +1275,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -1304,12 +1304,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -1321,20 +1321,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24561", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "bklinkov.ru/hi/start.cfg", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24561", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "bklinkov.ru/hi/start.cfg", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1343,7 +1343,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -1372,12 +1372,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -1389,20 +1389,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "15099", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "blogsexnakedgirlxxx.com/", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "15099", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "blogsexnakedgirlxxx.com/", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1411,7 +1411,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -1440,12 +1440,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -1457,20 +1457,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24955", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "bklinkov.ru/hi/start.exe", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24955", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "bklinkov.ru/hi/start.exe", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1479,7 +1479,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -1508,12 +1508,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -1525,20 +1525,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25398", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "-/", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25398", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1547,7 +1547,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -1576,12 +1576,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -1593,20 +1593,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25945", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "-/", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25945", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1615,7 +1615,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -1644,12 +1644,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -1661,20 +1661,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "27111", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "-/", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "27111", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1683,7 +1683,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -1712,12 +1712,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -1729,20 +1729,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25871", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "-/", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25871", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1751,7 +1751,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -1780,12 +1780,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -1797,20 +1797,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26251", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "-/", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26251", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1819,7 +1819,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -1848,12 +1848,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -1865,20 +1865,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24816", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "-/", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24816", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1887,7 +1887,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -1916,12 +1916,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -1933,20 +1933,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25062", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "-/", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25062", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1955,7 +1955,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -1984,12 +1984,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -2001,20 +2001,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26266", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "-/", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26266", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2023,7 +2023,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -2052,12 +2052,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -2069,20 +2069,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "23898", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "-/", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23898", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2091,7 +2091,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -2120,12 +2120,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -2137,20 +2137,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25259", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "-/", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25259", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2159,7 +2159,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -2188,12 +2188,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "labels.container_page": true, @@ -2205,20 +2205,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26466", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "-/", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26466", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "-/", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2227,7 +2227,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -2253,12 +2253,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -2269,20 +2269,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "4086", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "wantfinest.com/tds/in.cgi?default", - "palo_alto.pan_os.url.category": "unknown", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "4086", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "wantfinest.com/tds/in.cgi?default", + "panw.panos.url.category": "unknown", "related.ip": [ "192.168.0.2", "69.43.161.167", @@ -2291,7 +2291,7 @@ ], "server.ip": "69.43.161.167", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -2317,12 +2317,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -2333,20 +2333,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26534", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "sameshitasiteverwas.com/traf/tds/in.cgi?2", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26534", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "sameshitasiteverwas.com/traf/tds/in.cgi?2", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "202.31.187.154", @@ -2355,7 +2355,7 @@ ], "server.ip": "202.31.187.154", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -2384,12 +2384,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -2400,20 +2400,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26965", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "svarkon.ru/update.exe", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26965", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "svarkon.ru/update.exe", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "89.111.176.67", @@ -2422,7 +2422,7 @@ ], "server.ip": "89.111.176.67", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -2451,12 +2451,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -2467,20 +2467,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26076", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "onlinescanxpp.com/land/eurl/1.php?code=", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26076", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "onlinescanxpp.com/land/eurl/1.php?code=", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2489,7 +2489,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -2515,12 +2515,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -2531,20 +2531,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26198", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26198", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "208.73.210.29", @@ -2553,7 +2553,7 @@ ], "server.ip": "208.73.210.29", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -2579,12 +2579,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -2595,20 +2595,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26056", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "nolagtime.com/gwc.txt", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26056", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "nolagtime.com/gwc.txt", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "208.73.210.29", @@ -2617,7 +2617,7 @@ ], "server.ip": "208.73.210.29", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -2646,12 +2646,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -2662,20 +2662,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25465", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "karavan.us/bon/index.php", - "palo_alto.pan_os.url.category": "unknown", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25465", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "karavan.us/bon/index.php", + "panw.panos.url.category": "unknown", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2684,7 +2684,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -2710,12 +2710,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -2726,20 +2726,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24316", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "findnolimits.com/go.php?sid=1", - "palo_alto.pan_os.url.category": "dead-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24316", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "findnolimits.com/go.php?sid=1", + "panw.panos.url.category": "dead-sites", "related.ip": [ "192.168.0.2", "208.73.210.29", @@ -2748,7 +2748,7 @@ ], "server.ip": "208.73.210.29", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -2774,12 +2774,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -2790,20 +2790,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "17258", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "bizoplata.ru/moun.html", - "palo_alto.pan_os.url.category": "parked-domains", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "17258", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "bizoplata.ru/moun.html", + "panw.panos.url.category": "parked-domains", "related.ip": [ "192.168.0.2", "89.108.64.156", @@ -2812,7 +2812,7 @@ ], "server.ip": "89.108.64.156", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -2838,12 +2838,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -2854,20 +2854,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24735", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "bizoplata.ru/palast.html", - "palo_alto.pan_os.url.category": "parked-domains", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24735", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "bizoplata.ru/palast.html", + "panw.panos.url.category": "parked-domains", "related.ip": [ "192.168.0.2", "89.108.64.156", @@ -2876,7 +2876,7 @@ ], "server.ip": "89.108.64.156", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -2899,12 +2899,12 @@ "ecs.version": "1.0.0", "event.action": "spyware_detected", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "drop-all-packets", "event.severity": 1, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "critical", @@ -2915,20 +2915,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "23497", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "13024", - "palo_alto.pan_os.threat.name": "Bredolab.Gen Command and Control Traffic", - "palo_alto.pan_os.threat.resource": "controller.php", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "23497", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "13024", + "panw.panos.threat.name": "Bredolab.Gen Command and Control Traffic", + "panw.panos.threat.resource": "controller.php", + "panw.panos.url.category": "any", "related.ip": [ "204.232.231.46", "192.168.0.2", @@ -2938,7 +2938,7 @@ "server.ip": "192.168.0.2", "server.port": 58849, "server.user.name": "crusher", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "204.232.231.46", "source.geo.city_name": "Charlotte", "source.geo.continent_name": "North America", @@ -2972,12 +2972,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -2988,20 +2988,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "23711", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "www.15min.it/", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23711", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "www.15min.it/", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "216.8.179.25", @@ -3010,7 +3010,7 @@ ], "server.ip": "216.8.179.25", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -3036,12 +3036,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -3052,20 +3052,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "23659", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "tubemov.com/", - "palo_alto.pan_os.url.category": "adult-and-pornography", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23659", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "tubemov.com/", + "panw.panos.url.category": "adult-and-pornography", "related.ip": [ "192.168.0.2", "69.43.161.154", @@ -3074,7 +3074,7 @@ ], "server.ip": "69.43.161.154", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -3100,12 +3100,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -3116,20 +3116,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "23782", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "pagesinxt.com/?dn=teenstube.us&flrdr=yes&nxte=js", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23782", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "pagesinxt.com/?dn=teenstube.us&flrdr=yes&nxte=js", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "208.91.196.252", @@ -3138,7 +3138,7 @@ ], "server.ip": "208.91.196.252", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -3164,12 +3164,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -3180,20 +3180,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "23239", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "movfree.com/", - "palo_alto.pan_os.url.category": "spyware-and-adware", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23239", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "movfree.com/", + "panw.panos.url.category": "spyware-and-adware", "related.ip": [ "192.168.0.2", "208.73.210.29", @@ -3202,7 +3202,7 @@ ], "server.ip": "208.73.210.29", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -3231,12 +3231,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -3247,20 +3247,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "22479", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "gometascan.com/", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "22479", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "gometascan.com/", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3269,7 +3269,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -3298,12 +3298,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -3314,20 +3314,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "21458", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "antivirus-powerful-scannerv2.com/download/Install_11-1.exe", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "21458", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "antivirus-powerful-scannerv2.com/download/Install_11-1.exe", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3336,7 +3336,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -3365,12 +3365,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -3381,20 +3381,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "21577", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "antivirus-powerful-scannerv2.com/1/?id=11-1&back==TQzyDTyMUQNMI=N", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "21577", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "antivirus-powerful-scannerv2.com/1/?id=11-1&back==TQzyDTyMUQNMI=N", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3403,7 +3403,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -3432,12 +3432,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -3448,20 +3448,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "1606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "21487", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "basdzsdas.com/poker/config.bin", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "21487", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "basdzsdas.com/poker/config.bin", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3470,7 +3470,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -3499,12 +3499,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -3515,20 +3515,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "1606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "21487", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "basdzsdas.com/poker/config.bin", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "21487", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "basdzsdas.com/poker/config.bin", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3537,7 +3537,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -3560,12 +3560,12 @@ "ecs.version": "1.0.0", "event.action": "file_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "deny", "event.severity": 4, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "low", @@ -3576,20 +3576,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "1606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "64856", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "52020", - "palo_alto.pan_os.threat.name": "Windows Executable (EXE)", - "palo_alto.pan_os.threat.resource": "uLLGRaXP.exe", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "64856", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "52020", + "panw.panos.threat.name": "Windows Executable (EXE)", + "panw.panos.threat.resource": "uLLGRaXP.exe", + "panw.panos.url.category": "any", "related.ip": [ "173.236.179.57", "192.168.0.2", @@ -3599,7 +3599,7 @@ "server.ip": "192.168.0.2", "server.port": 54431, "server.user.name": "crusher", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "173.236.179.57", "source.geo.city_name": "Brea", "source.geo.continent_name": "North America", @@ -3633,12 +3633,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -3649,20 +3649,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "1606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "21487", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "basdzsdas.com/poker/config.bin", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "21487", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "basdzsdas.com/poker/config.bin", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3671,7 +3671,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -3694,12 +3694,12 @@ "ecs.version": "1.0.0", "event.action": "file_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "deny", "event.severity": 4, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "low", @@ -3710,20 +3710,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "37983", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "52020", - "palo_alto.pan_os.threat.name": "Windows Executable (EXE)", - "palo_alto.pan_os.threat.resource": "FunkyEmoticons_setup.exe", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "37983", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "52020", + "panw.panos.threat.name": "Windows Executable (EXE)", + "panw.panos.threat.resource": "FunkyEmoticons_setup.exe", + "panw.panos.url.category": "any", "related.ip": [ "91.209.163.202", "192.168.0.2", @@ -3733,7 +3733,7 @@ "server.ip": "192.168.0.2", "server.port": 61220, "server.user.name": "crusher", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "91.209.163.202", "source.geo.country_iso_code": "European Union", "source.ip": "91.209.163.202", @@ -3755,12 +3755,12 @@ "ecs.version": "1.0.0", "event.action": "file_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "deny", "event.severity": 4, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "low", @@ -3771,20 +3771,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "41989", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "52020", - "palo_alto.pan_os.threat.name": "Windows Executable (EXE)", - "palo_alto.pan_os.threat.resource": "52hxw.exe", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "41989", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "52020", + "panw.panos.threat.name": "Windows Executable (EXE)", + "panw.panos.threat.resource": "52hxw.exe", + "panw.panos.url.category": "any", "related.ip": [ "122.226.169.183", "192.168.0.2", @@ -3794,7 +3794,7 @@ "server.ip": "192.168.0.2", "server.port": 61726, "server.user.name": "crusher", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "122.226.169.183", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", @@ -3827,12 +3827,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -3843,20 +3843,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "49238", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "softsellfast.com/test/config.bin", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "49238", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "softsellfast.com/test/config.bin", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3865,7 +3865,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -3888,12 +3888,12 @@ "ecs.version": "1.0.0", "event.action": "file_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "deny", "event.severity": 4, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "low", @@ -3904,20 +3904,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "21592", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "52020", - "palo_alto.pan_os.threat.name": "Windows Executable (EXE)", - "palo_alto.pan_os.threat.resource": "setup.exe", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "21592", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "52020", + "panw.panos.threat.name": "Windows Executable (EXE)", + "panw.panos.threat.resource": "setup.exe", + "panw.panos.url.category": "any", "related.ip": [ "109.201.131.15", "192.168.0.2", @@ -3927,7 +3927,7 @@ "server.ip": "192.168.0.2", "server.port": 60212, "server.user.name": "crusher", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "109.201.131.15", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "NL", @@ -3952,12 +3952,12 @@ "ecs.version": "1.0.0", "event.action": "file_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "deny", "event.severity": 4, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "low", @@ -3968,20 +3968,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "33760", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "52020", - "palo_alto.pan_os.threat.name": "Windows Executable (EXE)", - "palo_alto.pan_os.threat.resource": "Live-Player_setup.exe", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "33760", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "52020", + "panw.panos.threat.name": "Windows Executable (EXE)", + "panw.panos.threat.resource": "Live-Player_setup.exe", + "panw.panos.url.category": "any", "related.ip": [ "91.209.163.202", "192.168.0.2", @@ -3991,7 +3991,7 @@ "server.ip": "192.168.0.2", "server.port": 60392, "server.user.name": "crusher", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "91.209.163.202", "source.geo.country_iso_code": "European Union", "source.ip": "91.209.163.202", @@ -4016,12 +4016,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -4032,20 +4032,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28723", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "boialex.narod.ru/config.txt", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28723", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "boialex.narod.ru/config.txt", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "213.180.199.61", @@ -4054,7 +4054,7 @@ ], "server.ip": "213.180.199.61", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -4080,12 +4080,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -4096,20 +4096,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28932", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "edw-melon.narod.ru/config.txt", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28932", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "edw-melon.narod.ru/config.txt", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "213.180.199.61", @@ -4118,7 +4118,7 @@ ], "server.ip": "213.180.199.61", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -4144,12 +4144,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -4160,20 +4160,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28953", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "maximtushin.narod.ru/config.txt", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28953", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "maximtushin.narod.ru/config.txt", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "213.180.199.61", @@ -4182,7 +4182,7 @@ ], "server.ip": "213.180.199.61", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -4205,12 +4205,12 @@ "ecs.version": "1.0.0", "event.action": "file_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "deny", "event.severity": 4, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "low", @@ -4221,20 +4221,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "64856", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "52020", - "palo_alto.pan_os.threat.name": "Windows Executable (EXE)", - "palo_alto.pan_os.threat.resource": "uLLGRaXP.exe", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "64856", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "52020", + "panw.panos.threat.name": "Windows Executable (EXE)", + "panw.panos.threat.resource": "uLLGRaXP.exe", + "panw.panos.url.category": "any", "related.ip": [ "173.236.179.57", "192.168.0.2", @@ -4244,7 +4244,7 @@ "server.ip": "192.168.0.2", "server.port": 54431, "server.user.name": "crusher", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "173.236.179.57", "source.geo.city_name": "Brea", "source.geo.continent_name": "North America", @@ -4278,12 +4278,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -4294,20 +4294,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "55402", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "marketingsoluchion.biz/fkn/config.bin", - "palo_alto.pan_os.url.category": "unknown", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "55402", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "marketingsoluchion.biz/fkn/config.bin", + "panw.panos.url.category": "unknown", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -4316,7 +4316,7 @@ ], "server.ip": "204.232.231.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -4345,12 +4345,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -4361,20 +4361,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25217", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "default.aspx", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25217", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "default.aspx", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.6", "207.46.140.46", @@ -4383,7 +4383,7 @@ ], "server.ip": "207.46.140.46", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.6", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.6", @@ -4406,12 +4406,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -4422,20 +4422,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "25653", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "sck.aspx", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "25653", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "sck.aspx", + "panw.panos.url.category": "any", "related.ip": [ "65.54.161.34", "192.168.0.6", @@ -4445,7 +4445,7 @@ "server.ip": "192.168.0.6", "server.port": 1039, "server.user.name": "jordy", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "65.54.161.34", "source.geo.city_name": "Redmond", "source.geo.continent_name": "North America", @@ -4473,12 +4473,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -4489,20 +4489,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "25717", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "ADSAdClient31.dll", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "25717", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "ADSAdClient31.dll", + "panw.panos.url.category": "any", "related.ip": [ "65.55.5.231", "192.168.0.6", @@ -4512,7 +4512,7 @@ "server.ip": "192.168.0.6", "server.port": 1064, "server.user.name": "jordy", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "65.55.5.231", "source.geo.city_name": "Redmond", "source.geo.continent_name": "North America", @@ -4546,12 +4546,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -4562,20 +4562,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25290", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "c.gif", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25290", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "c.gif", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.6", "65.54.71.11", @@ -4584,7 +4584,7 @@ ], "server.ip": "65.54.71.11", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.6", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.6", @@ -4607,12 +4607,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -4623,20 +4623,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "25932", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "csi", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "25932", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "csi", + "panw.panos.url.category": "any", "related.ip": [ "74.125.239.17", "192.168.0.6", @@ -4646,7 +4646,7 @@ "server.ip": "192.168.0.6", "server.port": 1071, "server.user.name": "jordy", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.239.17", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4674,12 +4674,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -4690,20 +4690,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28264", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "internal-tuner.pandora.com", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28264", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "internal-tuner.pandora.com", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "208.85.40.48", @@ -4712,7 +4712,7 @@ ], "server.ip": "208.85.40.48", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -4735,12 +4735,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -4751,20 +4751,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "29312", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "29312", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.198", "192.168.0.2", @@ -4774,7 +4774,7 @@ "server.ip": "192.168.0.2", "server.port": 57876, "server.user.name": "picard", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.198", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4799,12 +4799,12 @@ "ecs.version": "1.0.0", "event.action": "file_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "deny", "event.severity": 4, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "low", @@ -4815,20 +4815,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "26747", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "52020", - "palo_alto.pan_os.threat.name": "Windows Executable (EXE)", - "palo_alto.pan_os.threat.resource": "about.exe", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "26747", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "52020", + "panw.panos.threat.name": "Windows Executable (EXE)", + "panw.panos.threat.resource": "about.exe", + "panw.panos.url.category": "any", "related.ip": [ "188.190.124.75", "192.168.0.6", @@ -4838,7 +4838,7 @@ "server.ip": "192.168.0.6", "server.port": 1082, "server.user.name": "jordy", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "188.190.124.75", "source.geo.country_iso_code": "Ukraine", "source.ip": "188.190.124.75", @@ -4860,12 +4860,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -4876,20 +4876,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "19205", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "19205", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", "192.168.0.2", @@ -4899,7 +4899,7 @@ "server.ip": "192.168.0.2", "server.port": 50986, "server.user.name": "picard", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.200", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4924,12 +4924,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -4940,20 +4940,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "19360", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "19360", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.239.3", "192.168.0.2", @@ -4963,7 +4963,7 @@ "server.ip": "192.168.0.2", "server.port": 51716, "server.user.name": "picard", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.239.3", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4988,12 +4988,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5004,20 +5004,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "19696", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "19696", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.239.3", "192.168.0.2", @@ -5027,7 +5027,7 @@ "server.ip": "192.168.0.2", "server.port": 52119, "server.user.name": "picard", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.239.3", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -5052,12 +5052,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5068,20 +5068,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "19679", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "19679", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", "192.168.0.2", @@ -5091,7 +5091,7 @@ "server.ip": "192.168.0.2", "server.port": 52411, "server.user.name": "picard", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.200", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -5119,12 +5119,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5135,20 +5135,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "19448", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "__utm.gif", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "19448", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "__utm.gif", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "74.125.239.6", @@ -5157,7 +5157,7 @@ ], "server.ip": "74.125.239.6", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -5180,12 +5180,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5196,20 +5196,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "20422", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "20422", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.193", "192.168.0.2", @@ -5219,7 +5219,7 @@ "server.ip": "192.168.0.2", "server.port": 53026, "server.user.name": "picard", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.193", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -5244,12 +5244,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5260,20 +5260,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "21267", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "nav_logo107.png", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "21267", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "nav_logo107.png", + "panw.panos.url.category": "any", "related.ip": [ "74.125.239.20", "192.168.0.2", @@ -5283,7 +5283,7 @@ "server.ip": "192.168.0.2", "server.port": 53809, "server.user.name": "picard", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.239.20", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -5308,12 +5308,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5324,20 +5324,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "24567", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "Eadweard_Muybridge", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "24567", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "Eadweard_Muybridge", + "panw.panos.url.category": "any", "related.ip": [ "208.80.154.225", "192.168.0.2", @@ -5347,7 +5347,7 @@ "server.ip": "192.168.0.2", "server.port": 55912, "server.user.name": "picard", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "208.80.154.225", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -5372,12 +5372,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5388,20 +5388,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "24646", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "load.php", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "24646", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "load.php", + "panw.panos.url.category": "any", "related.ip": [ "208.80.154.234", "192.168.0.2", @@ -5411,7 +5411,7 @@ "server.ip": "192.168.0.2", "server.port": 55916, "server.user.name": "picard", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "208.80.154.234", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -5436,12 +5436,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5452,20 +5452,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "25874", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "8fe44cb728c0f40750c64ee906eb72.css", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "25874", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "8fe44cb728c0f40750c64ee906eb72.css", + "panw.panos.url.category": "any", "related.ip": [ "65.54.75.25", "192.168.0.6", @@ -5475,7 +5475,7 @@ "server.ip": "192.168.0.6", "server.port": 1046, "server.user.name": "jordy", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "65.54.75.25", "source.geo.city_name": "Los Angeles", "source.geo.continent_name": "North America", @@ -5503,12 +5503,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5519,20 +5519,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "2175", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "2175", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.206", "192.168.0.2", @@ -5542,7 +5542,7 @@ "server.ip": "192.168.0.2", "server.port": 61734, "server.user.name": "jordy", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.206", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -5567,12 +5567,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5583,20 +5583,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "3046", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "3046", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.195", "192.168.0.2", @@ -5606,7 +5606,7 @@ "server.ip": "192.168.0.2", "server.port": 62292, "server.user.name": "jordy", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.195", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -5631,12 +5631,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5647,20 +5647,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "1560", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "appcast.xml", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "1560", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "appcast.xml", + "panw.panos.url.category": "any", "related.ip": [ "207.178.96.34", "192.168.0.2", @@ -5670,7 +5670,7 @@ "server.ip": "192.168.0.2", "server.port": 64669, "server.user.name": "jordy", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "207.178.96.34", "source.geo.city_name": "Wichita", "source.geo.continent_name": "North America", @@ -5698,12 +5698,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5714,20 +5714,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "16852", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "16852", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.195", "192.168.0.2", @@ -5737,7 +5737,7 @@ "server.ip": "192.168.0.2", "server.port": 65265, "server.user.name": "picard", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.195", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -5762,12 +5762,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5778,20 +5778,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "15948", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "csi", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "15948", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "csi", + "panw.panos.url.category": "any", "related.ip": [ "74.125.239.20", "192.168.0.2", @@ -5801,7 +5801,7 @@ "server.ip": "192.168.0.2", "server.port": 64979, "server.user.name": "picard", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.239.20", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -5826,12 +5826,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5842,20 +5842,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "17028", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "index.php", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "17028", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "index.php", + "panw.panos.url.category": "any", "related.ip": [ "66.152.109.24", "192.168.0.2", @@ -5865,7 +5865,7 @@ "server.ip": "192.168.0.2", "server.port": 49432, "server.user.name": "picard", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "66.152.109.24", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -5890,12 +5890,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5906,20 +5906,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "15878", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "15878", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", "192.168.0.2", @@ -5929,7 +5929,7 @@ "server.ip": "192.168.0.2", "server.port": 49722, "server.user.name": "picard", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.200", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -5957,12 +5957,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -5973,20 +5973,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "16602", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "__utm.gif", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "16602", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "__utm.gif", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "74.125.224.201", @@ -5995,7 +5995,7 @@ ], "server.ip": "74.125.224.201", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -6018,12 +6018,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -6034,20 +6034,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "17433", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "17433", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", "192.168.0.2", @@ -6057,7 +6057,7 @@ "server.ip": "192.168.0.2", "server.port": 50108, "server.user.name": "picard", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.200", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -6082,12 +6082,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -6098,20 +6098,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "17104", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "17104", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", "192.168.0.2", @@ -6121,7 +6121,7 @@ "server.ip": "192.168.0.2", "server.port": 50387, "server.user.name": "picard", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.200", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -6149,12 +6149,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -6165,20 +6165,20 @@ "network.direction": "inbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "63706", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "internal-tuner.pandora.com", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "63706", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "internal-tuner.pandora.com", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "208.85.40.48", @@ -6187,7 +6187,7 @@ ], "server.ip": "208.85.40.48", "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", @@ -6210,12 +6210,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -6226,20 +6226,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "65257", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "65257", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.201", "192.168.0.2", @@ -6249,7 +6249,7 @@ "server.ip": "192.168.0.2", "server.port": 60005, "server.user.name": "jordy", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.201", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -6274,12 +6274,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -6290,20 +6290,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "537", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "537", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.201", "192.168.0.2", @@ -6313,7 +6313,7 @@ "server.ip": "192.168.0.2", "server.port": 60443, "server.user.name": "jordy", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.201", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -6338,12 +6338,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -6354,20 +6354,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "914", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "914", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", "192.168.0.2", @@ -6377,7 +6377,7 @@ "server.ip": "192.168.0.2", "server.port": 60822, "server.user.name": "jordy", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.200", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -6402,12 +6402,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -6418,20 +6418,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "1475", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "1475", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", "192.168.0.2", @@ -6441,7 +6441,7 @@ "server.ip": "192.168.0.2", "server.port": 61105, "server.user.name": "jordy", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.200", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -6466,12 +6466,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "alert", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -6482,20 +6482,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "883", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "ga.js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "883", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "ga.js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.198", "192.168.0.2", @@ -6505,7 +6505,7 @@ "server.ip": "192.168.0.2", "server.port": 60782, "server.user.name": "jordy", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.198", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -6530,12 +6530,12 @@ "ecs.version": "1.0.0", "event.action": "data_match", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "reset-both", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.level": "informational", @@ -6546,20 +6546,20 @@ "network.direction": "outbound", "network.transport": "tcp", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "1965", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.threat.id": "60000", - "palo_alto.pan_os.threat.name": "PII", - "palo_alto.pan_os.threat.resource": "js", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "1965", + "panw.panos.ruleset": "rule1", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "untrust", + "panw.panos.threat.id": "60000", + "panw.panos.threat.name": "PII", + "panw.panos.threat.resource": "js", + "panw.panos.url.category": "any", "related.ip": [ "74.125.224.200", "192.168.0.2", @@ -6569,7 +6569,7 @@ "server.ip": "192.168.0.2", "server.port": 61470, "server.user.name": "jordy", - "service.type": "palo_alto", + "service.type": "panw", "source.address": "74.125.224.200", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_traffic.log b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log similarity index 100% rename from x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_traffic.log rename to x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log diff --git a/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json similarity index 74% rename from x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_traffic.log-expected.json rename to x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json index 25dfa09fb38..2d63d6817ae 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/test/pan_inc_traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json @@ -21,14 +21,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:59.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:59.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 0, @@ -41,18 +41,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "11449", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "11449", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -63,7 +63,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -93,14 +93,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:58.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:58.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 364, @@ -113,18 +113,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25572", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25572", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -135,7 +135,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -165,14 +165,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:58.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:58.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 717, @@ -185,18 +185,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26208", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26208", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -207,7 +207,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -240,14 +240,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:58.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:58.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 1070, @@ -260,18 +260,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "14931", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "14931", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -282,7 +282,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -315,14 +315,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:58.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:58.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 1434, @@ -335,18 +335,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25544", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25544", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -357,7 +357,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -387,14 +387,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:58.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:58.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 1798, @@ -407,18 +407,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25308", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25308", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -429,7 +429,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -459,14 +459,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:58.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:58.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 2151, @@ -479,18 +479,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26376", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26376", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -501,7 +501,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -534,14 +534,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:28.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:27.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 2504, @@ -554,18 +554,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25118", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25118", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -576,7 +576,7 @@ "server.ip": "204.232.231.46", "server.packets": 6, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 806, "source.ip": "192.168.0.2", @@ -609,14 +609,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:28.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:28.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 2889, @@ -629,18 +629,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26146", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26146", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -651,7 +651,7 @@ "server.ip": "204.232.231.46", "server.packets": 6, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 806, "source.ip": "192.168.0.2", @@ -684,14 +684,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:28.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:27.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 3274, @@ -704,18 +704,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25272", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25272", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -726,7 +726,7 @@ "server.ip": "204.232.231.46", "server.packets": 6, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 806, "source.ip": "192.168.0.2", @@ -759,14 +759,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:58.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:58.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 3659, @@ -779,18 +779,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24069", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24069", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -801,7 +801,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -834,14 +834,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:57.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:57.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 4023, @@ -854,18 +854,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25848", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25848", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -876,7 +876,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -909,14 +909,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:57.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:57.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 4387, @@ -929,18 +929,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25179", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25179", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -951,7 +951,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -984,14 +984,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:57.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:57.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 4751, @@ -1004,18 +1004,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25112", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25112", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1026,7 +1026,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -1059,14 +1059,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:27.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:27.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 5115, @@ -1079,18 +1079,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26161", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26161", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1101,7 +1101,7 @@ "server.ip": "204.232.231.46", "server.packets": 6, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 806, "source.ip": "192.168.0.2", @@ -1134,14 +1134,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:27.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:26.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 5500, @@ -1154,18 +1154,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26000", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26000", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1176,7 +1176,7 @@ "server.ip": "204.232.231.46", "server.packets": 6, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 806, "source.ip": "192.168.0.2", @@ -1209,14 +1209,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 512000000000, "event.end": "2012-04-10T04:38:26.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:29:54.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 5885, @@ -1229,18 +1229,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "65184", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "65184", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1251,7 +1251,7 @@ "server.ip": "204.232.231.46", "server.packets": 18, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 551, "source.ip": "192.168.0.2", @@ -1284,14 +1284,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:56.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:56.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 6267, @@ -1304,18 +1304,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26522", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26522", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1326,7 +1326,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -1359,14 +1359,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:56.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:56.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 6631, @@ -1379,18 +1379,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26067", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26067", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1401,7 +1401,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -1431,14 +1431,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:56.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:56.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 6995, @@ -1451,18 +1451,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26573", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26573", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -1473,7 +1473,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -1503,14 +1503,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:56.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:56.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 7348, @@ -1523,18 +1523,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26894", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26894", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -1545,7 +1545,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -1578,14 +1578,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:56.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:56.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 7701, @@ -1598,18 +1598,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25149", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25149", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1620,7 +1620,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -1650,14 +1650,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:26.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:26.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 8065, @@ -1670,18 +1670,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25258", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25258", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -1692,7 +1692,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 98, "source.ip": "192.168.0.2", @@ -1725,14 +1725,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:26.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:26.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 8418, @@ -1745,18 +1745,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25025", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25025", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1767,7 +1767,7 @@ "server.ip": "204.232.231.46", "server.packets": 6, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 806, "source.ip": "192.168.0.2", @@ -1800,14 +1800,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:26.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:26.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 8803, @@ -1820,18 +1820,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26138", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "private-ip-addresses", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26138", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "private-ip-addresses", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1842,7 +1842,7 @@ "server.ip": "204.232.231.46", "server.packets": 6, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 806, "source.ip": "192.168.0.2", @@ -1875,14 +1875,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:56.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:56.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 9188, @@ -1895,18 +1895,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "27175", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "27175", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1917,7 +1917,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -1947,14 +1947,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:55.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:55.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 9552, @@ -1967,18 +1967,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26261", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26261", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -1989,7 +1989,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -2019,14 +2019,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:55.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:55.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 9905, @@ -2039,18 +2039,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25022", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25022", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -2061,7 +2061,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -2091,14 +2091,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 125000000000, "event.end": "2012-04-10T04:39:55.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:37:50.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 10258, @@ -2111,18 +2111,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24027", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24027", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "98.149.55.63", @@ -2133,7 +2133,7 @@ "server.ip": "98.149.55.63", "server.packets": 8, "server.port": 13069, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 504, "source.ip": "192.168.0.2", @@ -2166,14 +2166,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:55.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:55.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 10624, @@ -2186,18 +2186,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26360", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26360", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2208,7 +2208,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -2238,14 +2238,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:55.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:55.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 10988, @@ -2258,18 +2258,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26394", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26394", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -2280,7 +2280,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -2313,14 +2313,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:25.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:24.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 11341, @@ -2333,18 +2333,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24917", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "search-engines", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24917", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "search-engines", "related.ip": [ "192.168.0.2", "212.48.10.58", @@ -2355,7 +2355,7 @@ "server.ip": "212.48.10.58", "server.packets": 10, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 9130, "source.ip": "192.168.0.2", @@ -2388,14 +2388,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:55.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:55.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 11713, @@ -2408,18 +2408,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "22860", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "22860", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2430,7 +2430,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -2460,14 +2460,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:54.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:54.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 12077, @@ -2480,18 +2480,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "14146", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "14146", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -2502,7 +2502,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -2532,14 +2532,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:54.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:54.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 12430, @@ -2552,18 +2552,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25876", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25876", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -2574,7 +2574,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -2607,14 +2607,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:54.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:54.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 12783, @@ -2627,18 +2627,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24910", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24910", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2649,7 +2649,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -2682,14 +2682,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:54.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:54.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 13147, @@ -2702,18 +2702,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26862", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26862", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2724,7 +2724,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -2754,14 +2754,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:54.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:54.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 13511, @@ -2774,18 +2774,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26222", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26222", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -2796,7 +2796,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -2826,14 +2826,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:54.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:54.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 13864, @@ -2846,18 +2846,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26329", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26329", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -2868,7 +2868,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -2897,14 +2897,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:24.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:24.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "log.offset": 14217, "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:54,192.168.0.100,8.8.8.8,0.0.0.0,0.0.0.0,rule1,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25142,1,38796,53,0,0,0x0,udp,allow,206,95,111,2,2012/04/10 04:39:24,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1", @@ -2916,18 +2916,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25142", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25142", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.100", "8.8.8.8", @@ -2938,7 +2938,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.100", "source.bytes": 111, "source.ip": "192.168.0.100", @@ -2970,14 +2970,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:24.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:23.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 14556, @@ -2990,18 +2990,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25095", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "entertainment-and-arts", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25095", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "entertainment-and-arts", "related.ip": [ "192.168.0.2", "62.211.68.12", @@ -3012,7 +3012,7 @@ "server.ip": "62.211.68.12", "server.packets": 6, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 906, "source.ip": "192.168.0.2", @@ -3044,14 +3044,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:24.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:24.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "log.offset": 14933, "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:54,192.168.0.100,50.19.102.116,0.0.0.0,0.0.0.0,rule1,,,paloalto-wildfire-cloud,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,24787,1,48412,443,0,0,0x0,tcp,allow,5817,804,5013,17,2012/04/10 04:39:24,0,computer-and-internet-security,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,10,7", @@ -3063,18 +3063,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24787", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "computer-and-internet-security", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24787", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-security", "related.ip": [ "192.168.0.100", "50.19.102.116", @@ -3085,7 +3085,7 @@ "server.ip": "50.19.102.116", "server.packets": 10, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.100", "source.bytes": 5013, "source.ip": "192.168.0.100", @@ -3117,14 +3117,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:24.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:24.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 15331, @@ -3137,18 +3137,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25948", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25948", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "65.55.223.19", @@ -3159,7 +3159,7 @@ "server.ip": "65.55.223.19", "server.packets": 1, "server.port": 40026, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 99, "source.ip": "192.168.0.2", @@ -3192,14 +3192,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:24.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:24.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 15696, @@ -3212,18 +3212,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25444", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25444", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "65.55.223.24", @@ -3234,7 +3234,7 @@ "server.ip": "65.55.223.24", "server.packets": 1, "server.port": 40029, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 902, "source.ip": "192.168.0.2", @@ -3263,14 +3263,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:24.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:24.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "log.offset": 16061, "log.original": "Oct 30 09:46:22 1,2012/10/30 09:46:22,01606001116,TRAFFIC,end,1,2012/04/10 04:39:54,192.168.0.100,8.8.8.8,0.0.0.0,0.0.0.0,rule1,,,dns,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:54,25349,1,52189,53,0,0,0x0,udp,allow,227,86,141,2,2012/04/10 04:39:24,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,1", @@ -3282,18 +3282,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25349", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25349", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.100", "8.8.8.8", @@ -3304,7 +3304,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.100", "source.bytes": 141, "source.ip": "192.168.0.100", @@ -3336,14 +3336,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:54.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:54.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 16400, @@ -3356,18 +3356,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25713", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25713", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3378,7 +3378,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -3408,14 +3408,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:53.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:53.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 16764, @@ -3428,18 +3428,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26499", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26499", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -3450,7 +3450,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -3483,14 +3483,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:53.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:53.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 17117, @@ -3503,18 +3503,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25437", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25437", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3525,7 +3525,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -3555,14 +3555,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:53.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:53.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 17481, @@ -3575,18 +3575,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24848", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24848", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -3597,7 +3597,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -3627,14 +3627,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:23.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:22.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 17834, @@ -3647,18 +3647,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24924", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24924", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -3669,7 +3669,7 @@ "server.ip": "205.171.2.25", "server.packets": 2, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 316, "source.ip": "192.168.0.2", @@ -3699,14 +3699,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:23.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:23.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 18189, @@ -3719,18 +3719,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25899", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25899", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -3741,7 +3741,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 121, "source.ip": "192.168.0.2", @@ -3771,14 +3771,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:23.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:23.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 18543, @@ -3791,18 +3791,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26066", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26066", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -3813,7 +3813,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 169, "source.ip": "192.168.0.2", @@ -3846,14 +3846,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:23.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:23.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 18897, @@ -3866,18 +3866,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24908", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24908", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.0.2", "62.211.68.12", @@ -3888,7 +3888,7 @@ "server.ip": "62.211.68.12", "server.packets": 6, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 954, "source.ip": "192.168.0.2", @@ -3921,14 +3921,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 2000000000, "event.end": "2012-04-10T04:39:23.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:21.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 19272, @@ -3941,18 +3941,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25105", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "search-engines", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25105", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "search-engines", "related.ip": [ "192.168.0.2", "212.48.10.58", @@ -3963,7 +3963,7 @@ "server.ip": "212.48.10.58", "server.packets": 12, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 9130, "source.ip": "192.168.0.2", @@ -3996,14 +3996,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 512000000000, "event.end": "2012-04-10T04:38:23.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:29:51.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 19646, @@ -4016,18 +4016,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "11964", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "malware-sites", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "11964", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "malware-sites", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -4038,7 +4038,7 @@ "server.ip": "204.232.231.46", "server.packets": 18, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 555, "source.ip": "192.168.0.2", @@ -4068,14 +4068,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:53.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:53.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 20028, @@ -4088,18 +4088,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26502", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26502", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -4110,7 +4110,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -4143,14 +4143,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:53.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:53.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 20381, @@ -4163,18 +4163,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26338", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26338", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -4185,7 +4185,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -4215,14 +4215,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:52.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:52.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 20745, @@ -4235,18 +4235,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24919", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24919", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -4257,7 +4257,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -4287,14 +4287,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:52.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:52.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 21098, @@ -4307,18 +4307,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26731", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26731", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -4329,7 +4329,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -4362,14 +4362,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:52.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:52.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 21451, @@ -4382,18 +4382,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26504", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26504", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "65.55.223.31", @@ -4404,7 +4404,7 @@ "server.ip": "65.55.223.31", "server.packets": 1, "server.port": 40043, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -4437,14 +4437,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:52.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:52.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 21817, @@ -4457,18 +4457,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25543", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25543", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -4479,7 +4479,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -4509,14 +4509,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:52.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:52.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 22181, @@ -4529,18 +4529,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "21948", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "21948", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -4551,7 +4551,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -4581,14 +4581,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:52.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:52.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 22534, @@ -4601,18 +4601,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26279", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26279", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -4623,7 +4623,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -4656,14 +4656,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:22.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:21.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 22887, @@ -4676,18 +4676,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24894", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "entertainment-and-arts", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24894", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "entertainment-and-arts", "related.ip": [ "192.168.0.2", "62.211.68.12", @@ -4698,7 +4698,7 @@ "server.ip": "62.211.68.12", "server.packets": 6, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 906, "source.ip": "192.168.0.2", @@ -4728,14 +4728,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:22.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:22.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 23264, @@ -4748,18 +4748,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24985", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24985", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -4770,7 +4770,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 163, "source.ip": "192.168.0.2", @@ -4800,14 +4800,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:51.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:51.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 23618, @@ -4820,18 +4820,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25380", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25380", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -4842,7 +4842,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -4872,14 +4872,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:51.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:51.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 23971, @@ -4892,18 +4892,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24994", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24994", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -4914,7 +4914,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -4947,14 +4947,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:51.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:51.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 24324, @@ -4967,18 +4967,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25451", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25451", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -4989,7 +4989,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -5022,14 +5022,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:21.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:20.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 24688, @@ -5042,18 +5042,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24866", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24866", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.0.2", "62.211.68.12", @@ -5064,7 +5064,7 @@ "server.ip": "62.211.68.12", "server.packets": 6, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 922, "source.ip": "192.168.0.2", @@ -5097,14 +5097,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:51.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:51.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 25063, @@ -5117,18 +5117,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26414", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26414", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -5139,7 +5139,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -5169,14 +5169,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:50.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:50.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 25427, @@ -5189,18 +5189,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26131", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26131", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -5211,7 +5211,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -5241,14 +5241,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:50.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:50.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 25780, @@ -5261,18 +5261,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26555", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26555", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -5283,7 +5283,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -5316,14 +5316,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:50.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:50.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 26133, @@ -5336,18 +5336,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "15099", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "15099", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -5358,7 +5358,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -5388,14 +5388,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:20.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:20.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 26497, @@ -5408,18 +5408,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24980", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "not-resolved", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24980", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "not-resolved", "related.ip": [ "192.168.0.2", "8.5.1.1", @@ -5430,7 +5430,7 @@ "server.ip": "8.5.1.1", "server.packets": 17, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 26786, "source.ip": "192.168.0.2", @@ -5460,14 +5460,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:50.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:50.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 26873, @@ -5480,18 +5480,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26215", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26215", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -5502,7 +5502,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -5532,14 +5532,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:50.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:50.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 27226, @@ -5552,18 +5552,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25881", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25881", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -5574,7 +5574,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -5607,14 +5607,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:50.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:50.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 27579, @@ -5627,18 +5627,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24955", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24955", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -5649,7 +5649,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -5675,14 +5675,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:20.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:20.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 27943, @@ -5695,18 +5695,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24961", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24961", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "192.168.0.1", @@ -5717,7 +5717,7 @@ "server.ip": "192.168.0.1", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 169, "source.ip": "192.168.0.2", @@ -5750,14 +5750,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 3000000000, "event.end": "2012-04-10T04:39:20.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:17.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 28310, @@ -5770,18 +5770,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24226", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "search-engines", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24226", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "search-engines", "related.ip": [ "192.168.0.2", "212.48.10.58", @@ -5792,7 +5792,7 @@ "server.ip": "212.48.10.58", "server.packets": 12, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 9064, "source.ip": "192.168.0.2", @@ -5825,14 +5825,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 7000000000, "event.end": "2012-04-10T04:39:20.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 28683, @@ -5845,18 +5845,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25129", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "search-engines", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25129", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "search-engines", "related.ip": [ "192.168.0.2", "212.48.10.58", @@ -5867,7 +5867,7 @@ "server.ip": "212.48.10.58", "server.packets": 12, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 9124, "source.ip": "192.168.0.2", @@ -5893,14 +5893,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:20.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:20.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 29056, @@ -5913,18 +5913,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25194", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25194", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "192.168.0.1", @@ -5935,7 +5935,7 @@ "server.ip": "192.168.0.1", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 137, "source.ip": "192.168.0.2", @@ -5961,14 +5961,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:20.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:20.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 29423, @@ -5981,18 +5981,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26257", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26257", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "192.168.0.1", @@ -6003,7 +6003,7 @@ "server.ip": "192.168.0.1", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 93, "source.ip": "192.168.0.2", @@ -6036,14 +6036,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:49.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:49.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 29789, @@ -6056,18 +6056,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24561", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24561", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -6078,7 +6078,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -6108,14 +6108,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:49.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:49.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 30153, @@ -6128,18 +6128,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26150", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26150", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -6150,7 +6150,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -6180,14 +6180,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:49.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:49.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 30506, @@ -6200,18 +6200,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25676", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25676", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -6222,7 +6222,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -6255,14 +6255,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:49.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:49.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 30859, @@ -6275,18 +6275,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25306", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25306", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -6297,7 +6297,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -6327,14 +6327,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:49.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:49.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 31223, @@ -6347,18 +6347,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26411", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26411", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -6369,7 +6369,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -6395,14 +6395,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:19.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:18.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 31576, @@ -6415,18 +6415,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24844", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24844", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "192.168.0.1", @@ -6437,7 +6437,7 @@ "server.ip": "192.168.0.1", "server.packets": 2, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -6467,14 +6467,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:49.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:49.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 31942, @@ -6487,18 +6487,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26335", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26335", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -6509,7 +6509,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -6542,14 +6542,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:48.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:48.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 32295, @@ -6562,18 +6562,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26127", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26127", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -6584,7 +6584,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -6614,14 +6614,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:48.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:48.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 32659, @@ -6634,18 +6634,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25488", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25488", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -6656,7 +6656,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -6686,14 +6686,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:48.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:48.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 33012, @@ -6706,18 +6706,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25269", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25269", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -6728,7 +6728,7 @@ "server.ip": "205.171.2.25", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -6761,14 +6761,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:18.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:17.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 33365, @@ -6781,18 +6781,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25715", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "entertainment-and-arts", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25715", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "entertainment-and-arts", "related.ip": [ "192.168.0.2", "62.211.68.12", @@ -6803,7 +6803,7 @@ "server.ip": "62.211.68.12", "server.packets": 6, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 906, "source.ip": "192.168.0.2", @@ -6836,14 +6836,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:48.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:48.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 33742, @@ -6856,18 +6856,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "26251", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "26251", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -6878,7 +6878,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -6911,14 +6911,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:48.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:48.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 34106, @@ -6931,18 +6931,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25871", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25871", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -6953,7 +6953,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -6986,14 +6986,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:47.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:47.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 34470, @@ -7006,18 +7006,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25945", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25945", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -7028,7 +7028,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -7054,14 +7054,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2012-04-10T04:39:17.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:16.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 34834, @@ -7074,18 +7074,18 @@ "network.transport": "udp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25310", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25310", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "192.168.0.1", @@ -7096,7 +7096,7 @@ "server.ip": "192.168.0.1", "server.packets": 2, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", @@ -7129,14 +7129,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:47.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:47.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 35200, @@ -7149,18 +7149,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "27111", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "27111", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -7171,7 +7171,7 @@ "server.ip": "204.232.231.46", "server.packets": 3, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 78, "source.ip": "192.168.0.2", @@ -7204,14 +7204,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:47.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:47.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 35567, @@ -7224,18 +7224,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25398", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25398", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -7246,7 +7246,7 @@ "server.ip": "204.232.231.46", "server.packets": 3, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 78, "source.ip": "192.168.0.2", @@ -7279,14 +7279,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2012-04-10T04:39:46.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2012-04-10T04:39:46.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, "log.offset": 35934, @@ -7299,18 +7299,18 @@ "network.transport": "tcp", "network.type": "ipv4", "observer.serial_number": "01606001116", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "0.0.0.0", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "23898", - "palo_alto.pan_os.ruleset": "rule1", - "palo_alto.pan_os.sequence_number": 0, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "0.0.0.0", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "0.0.0.0", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23898", + "panw.panos.ruleset": "rule1", + "panw.panos.sequence_number": 0, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "0.0.0.0", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -7321,7 +7321,7 @@ "server.ip": "204.232.231.46", "server.packets": 1, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", diff --git a/x-pack/filebeat/module/palo_alto/pan_os/test/threat.log b/x-pack/filebeat/module/panw/panos/test/threat.log similarity index 100% rename from x-pack/filebeat/module/palo_alto/pan_os/test/threat.log rename to x-pack/filebeat/module/panw/panos/test/threat.log diff --git a/x-pack/filebeat/module/palo_alto/pan_os/test/threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json similarity index 69% rename from x-pack/filebeat/module/palo_alto/pan_os/test/threat.log-expected.json rename to x-pack/filebeat/module/panw/panos/test/threat.log-expected.json index 7539d54cd7f..fc67637971b 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/test/threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json @@ -13,12 +13,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -34,21 +34,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28191", - "palo_alto.pan_os.network.nat.community_id": "1:qjpdroY6VaRSEUbSXzSWtUX00kc=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 37679, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28191", + "panw.panos.network.nat.community_id": "1:qjpdroY6VaRSEUbSXzSWtUX00kc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 37679, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -57,7 +57,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -81,12 +81,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -102,21 +102,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28219", - "palo_alto.pan_os.network.nat.community_id": "1:j6so5fl9DGKhDhaNmjI+6ipOFyc=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 28249, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28219", + "panw.panos.network.nat.community_id": "1:j6so5fl9DGKhDhaNmjI+6ipOFyc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 28249, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -125,7 +125,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -149,12 +149,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -170,21 +170,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "27723", - "palo_alto.pan_os.network.nat.community_id": "1:c4Xs8aAPhIYB760P+BLmrzOvjv4=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 63898, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "27723", + "panw.panos.network.nat.community_id": "1:c4Xs8aAPhIYB760P+BLmrzOvjv4=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 63898, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -193,7 +193,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -217,12 +217,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -238,21 +238,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28172", - "palo_alto.pan_os.network.nat.community_id": "1:RU/nMZByVkBbsckJ18XtpXhQlPg=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 7515, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28172", + "panw.panos.network.nat.community_id": "1:RU/nMZByVkBbsckJ18XtpXhQlPg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 7515, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -261,7 +261,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -285,12 +285,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -306,21 +306,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28151", - "palo_alto.pan_os.network.nat.community_id": "1:FTVZK5v5Nqts17X+FJm/bQk1rwM=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 3225, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28151", + "panw.panos.network.nat.community_id": "1:FTVZK5v5Nqts17X+FJm/bQk1rwM=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 3225, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -329,7 +329,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -353,12 +353,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -374,21 +374,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28076", - "palo_alto.pan_os.network.nat.community_id": "1:iHTY/vpQo2TsRYJW2n+lqb0w5f4=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 60449, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28076", + "panw.panos.network.nat.community_id": "1:iHTY/vpQo2TsRYJW2n+lqb0w5f4=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 60449, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -397,7 +397,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -421,12 +421,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -442,21 +442,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28173", - "palo_alto.pan_os.network.nat.community_id": "1:f+u5A73xp5gqmRCSN2kCCSbvBRg=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 60559, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28173", + "panw.panos.network.nat.community_id": "1:f+u5A73xp5gqmRCSN2kCCSbvBRg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 60559, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -465,7 +465,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -489,12 +489,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -510,21 +510,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28186", - "palo_alto.pan_os.network.nat.community_id": "1:v4+MIeqiGJJ9Z3SUTNLFEoYtw74=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 47414, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28186", + "panw.panos.network.nat.community_id": "1:v4+MIeqiGJJ9Z3SUTNLFEoYtw74=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 47414, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -533,7 +533,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -557,12 +557,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -578,21 +578,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28192", - "palo_alto.pan_os.network.nat.community_id": "1:BilmVEwf9nQIXodvin3X6lZuVAc=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 37673, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28192", + "panw.panos.network.nat.community_id": "1:BilmVEwf9nQIXodvin3X6lZuVAc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 37673, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -601,7 +601,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -625,12 +625,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -646,21 +646,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "27011", - "palo_alto.pan_os.network.nat.community_id": "1:CmZ6KkZzaxpkJHXJn0lNskvvZLA=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 8232, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "27011", + "panw.panos.network.nat.community_id": "1:CmZ6KkZzaxpkJHXJn0lNskvvZLA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 8232, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -669,7 +669,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -693,12 +693,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -714,21 +714,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28240", - "palo_alto.pan_os.network.nat.community_id": "1:Xy6vXuBmLPx1/PDpu/KMI1ZPnW0=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 32982, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28240", + "panw.panos.network.nat.community_id": "1:Xy6vXuBmLPx1/PDpu/KMI1ZPnW0=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 32982, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -737,7 +737,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -761,12 +761,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -782,21 +782,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28143", - "palo_alto.pan_os.network.nat.community_id": "1:nmxmtIja0z/MV5rgbBnScsKtW0U=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 10473, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28143", + "panw.panos.network.nat.community_id": "1:nmxmtIja0z/MV5rgbBnScsKtW0U=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 10473, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -805,7 +805,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -829,12 +829,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -850,21 +850,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28272", - "palo_alto.pan_os.network.nat.community_id": "1:XNlHvX7cDGGCkvSS/aFHGg/RnAk=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 20446, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28272", + "panw.panos.network.nat.community_id": "1:XNlHvX7cDGGCkvSS/aFHGg/RnAk=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 20446, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -873,7 +873,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -897,12 +897,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -918,21 +918,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28146", - "palo_alto.pan_os.network.nat.community_id": "1:DqCF4BufQU/spPG8UYok6IrChWo=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 34699, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28146", + "panw.panos.network.nat.community_id": "1:DqCF4BufQU/spPG8UYok6IrChWo=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 34699, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -941,7 +941,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -965,12 +965,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -986,21 +986,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28278", - "palo_alto.pan_os.network.nat.community_id": "1:lJHLfl+/x95GohXozN52zokIxvA=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 22820, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28278", + "panw.panos.network.nat.community_id": "1:lJHLfl+/x95GohXozN52zokIxvA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 22820, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -1009,7 +1009,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -1033,12 +1033,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -1054,21 +1054,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28185", - "palo_alto.pan_os.network.nat.community_id": "1:OVE3ctnTt5X1L6qNDr4QILL0dFg=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 41060, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28185", + "panw.panos.network.nat.community_id": "1:OVE3ctnTt5X1L6qNDr4QILL0dFg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 41060, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -1077,7 +1077,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -1101,12 +1101,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -1122,21 +1122,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28201", - "palo_alto.pan_os.network.nat.community_id": "1:bzhUSIQYpz+jY7TA+j8UmFOdJ08=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 9058, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28201", + "panw.panos.network.nat.community_id": "1:bzhUSIQYpz+jY7TA+j8UmFOdJ08=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 9058, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -1145,7 +1145,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -1169,12 +1169,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -1190,21 +1190,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28148", - "palo_alto.pan_os.network.nat.community_id": "1:NRiTxPYsIvfOnUXhwuF5KPucNf8=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 54846, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28148", + "panw.panos.network.nat.community_id": "1:NRiTxPYsIvfOnUXhwuF5KPucNf8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 54846, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -1213,7 +1213,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -1237,12 +1237,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -1258,21 +1258,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28121", - "palo_alto.pan_os.network.nat.community_id": "1:9noBCzeHKSZpuQWETkS7W5mOTT0=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 52731, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28121", + "panw.panos.network.nat.community_id": "1:9noBCzeHKSZpuQWETkS7W5mOTT0=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 52731, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -1281,7 +1281,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -1305,12 +1305,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -1326,21 +1326,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28228", - "palo_alto.pan_os.network.nat.community_id": "1:NQ3UU1pIt7hTJ2TYkbe6yjIVIsw=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 15165, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28228", + "panw.panos.network.nat.community_id": "1:NQ3UU1pIt7hTJ2TYkbe6yjIVIsw=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 15165, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -1349,7 +1349,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -1373,12 +1373,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -1394,21 +1394,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "23.72.137.131", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28196", - "palo_alto.pan_os.network.nat.community_id": "1:pzcUv98hFdzW07/5bQ15jcEOAAM=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 53918, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "b.scorecardresearch.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.137.131", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28196", + "panw.panos.network.nat.community_id": "1:pzcUv98hFdzW07/5bQ15jcEOAAM=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 53918, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "b.scorecardresearch.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "23.72.137.131", @@ -1417,7 +1417,7 @@ ], "server.ip": "23.72.137.131", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -1441,12 +1441,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -1462,21 +1462,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28007", - "palo_alto.pan_os.network.nat.community_id": "1:iHNZW72XqbNDDHf4ziF4MHkPsq8=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 40792, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28007", + "panw.panos.network.nat.community_id": "1:iHNZW72XqbNDDHf4ziF4MHkPsq8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 40792, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -1485,7 +1485,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -1509,12 +1509,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -1530,21 +1530,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28117", - "palo_alto.pan_os.network.nat.community_id": "1:WmnET8BZufXJpdVk04PIVGj+Kgk=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 54044, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28117", + "panw.panos.network.nat.community_id": "1:WmnET8BZufXJpdVk04PIVGj+Kgk=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 54044, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -1553,7 +1553,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -1577,12 +1577,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -1598,21 +1598,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28109", - "palo_alto.pan_os.network.nat.community_id": "1:qCp/BEY5ANYRj3J+xhPpjW00kTA=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 19544, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28109", + "panw.panos.network.nat.community_id": "1:qCp/BEY5ANYRj3J+xhPpjW00kTA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 19544, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -1621,7 +1621,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -1645,12 +1645,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -1666,21 +1666,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28260", - "palo_alto.pan_os.network.nat.community_id": "1:QTdF07Qsc5riXT20oN+YWQ2Yt6U=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 13462, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28260", + "panw.panos.network.nat.community_id": "1:QTdF07Qsc5riXT20oN+YWQ2Yt6U=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 13462, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -1689,7 +1689,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -1713,12 +1713,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -1734,21 +1734,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28275", - "palo_alto.pan_os.network.nat.community_id": "1:v9tvyVPSkJni3/nd8jUVgcsqqQk=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 44892, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28275", + "panw.panos.network.nat.community_id": "1:v9tvyVPSkJni3/nd8jUVgcsqqQk=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 44892, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -1757,7 +1757,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -1781,12 +1781,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -1802,21 +1802,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28266", - "palo_alto.pan_os.network.nat.community_id": "1:00oN9bToRGtVdpy+GQ742sbkpfI=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 16487, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28266", + "panw.panos.network.nat.community_id": "1:00oN9bToRGtVdpy+GQ742sbkpfI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 16487, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -1825,7 +1825,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -1849,12 +1849,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -1870,21 +1870,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28294", - "palo_alto.pan_os.network.nat.community_id": "1:AmJtkqyAyzgRUMxNGxjT3hhwb8c=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 23952, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28294", + "panw.panos.network.nat.community_id": "1:AmJtkqyAyzgRUMxNGxjT3hhwb8c=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 23952, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -1893,7 +1893,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -1917,12 +1917,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -1938,21 +1938,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28248", - "palo_alto.pan_os.network.nat.community_id": "1:CzGrIa22/gNrIvkcJMIh6eWNjFI=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 2810, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28248", + "panw.panos.network.nat.community_id": "1:CzGrIa22/gNrIvkcJMIh6eWNjFI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 2810, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -1961,7 +1961,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -1985,12 +1985,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -2006,21 +2006,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28274", - "palo_alto.pan_os.network.nat.community_id": "1:b3MpSidntZseAvCtO89765ETlyI=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 13272, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28274", + "panw.panos.network.nat.community_id": "1:b3MpSidntZseAvCtO89765ETlyI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 13272, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -2029,7 +2029,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -2053,12 +2053,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -2074,21 +2074,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28285", - "palo_alto.pan_os.network.nat.community_id": "1:wug3mTERsDOMF1R52vDi6SpWbMc=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 8663, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28285", + "panw.panos.network.nat.community_id": "1:wug3mTERsDOMF1R52vDi6SpWbMc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 8663, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -2097,7 +2097,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -2121,12 +2121,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -2142,21 +2142,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28306", - "palo_alto.pan_os.network.nat.community_id": "1:ktdKYACJa2q76tdS55sj5QaeMBs=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 55738, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28306", + "panw.panos.network.nat.community_id": "1:ktdKYACJa2q76tdS55sj5QaeMBs=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 55738, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -2165,7 +2165,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -2189,12 +2189,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -2210,21 +2210,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28116", - "palo_alto.pan_os.network.nat.community_id": "1:sWvGFBOOisURcvYe5nB5HUSa6B8=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 10650, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28116", + "panw.panos.network.nat.community_id": "1:sWvGFBOOisURcvYe5nB5HUSa6B8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 10650, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -2233,7 +2233,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -2257,12 +2257,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -2278,21 +2278,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28214", - "palo_alto.pan_os.network.nat.community_id": "1:LHZawFx+zgZPTd01rJqX/31kNmE=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 44087, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28214", + "panw.panos.network.nat.community_id": "1:LHZawFx+zgZPTd01rJqX/31kNmE=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 44087, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -2301,7 +2301,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -2325,12 +2325,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -2346,21 +2346,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "152.195.55.192", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28080", - "palo_alto.pan_os.network.nat.community_id": "1:XcghkvaiKIQS/KgINx7Mb5Vvn3M=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 15915, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "consent.cmp.oath.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "152.195.55.192", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28080", + "panw.panos.network.nat.community_id": "1:XcghkvaiKIQS/KgINx7Mb5Vvn3M=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 15915, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "consent.cmp.oath.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "152.195.55.192", @@ -2369,7 +2369,7 @@ ], "server.ip": "152.195.55.192", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -2393,12 +2393,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -2414,21 +2414,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "151.101.2.2", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28318", - "palo_alto.pan_os.network.nat.community_id": "1:XdO4yHx+1HZM4GcutRTyur9ixdM=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 41165, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "cdn.taboola.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "151.101.2.2", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28318", + "panw.panos.network.nat.community_id": "1:XdO4yHx+1HZM4GcutRTyur9ixdM=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 41165, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "cdn.taboola.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "151.101.2.2", @@ -2437,7 +2437,7 @@ ], "server.ip": "151.101.2.2", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -2464,12 +2464,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -2485,21 +2485,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.192.7.152", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28300", - "palo_alto.pan_os.network.nat.community_id": "1:kCzU3MoZUMh7VlhTewngoP1twbw=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 54133, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "rules.quantcount.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.192.7.152", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28300", + "panw.panos.network.nat.community_id": "1:kCzU3MoZUMh7VlhTewngoP1twbw=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 54133, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "rules.quantcount.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.192.7.152", @@ -2508,7 +2508,7 @@ ], "server.ip": "54.192.7.152", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -2535,12 +2535,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -2556,21 +2556,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "52.4.120.175", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28339", - "palo_alto.pan_os.network.nat.community_id": "1:fj3W3hxHPqT4snZlcRibDiqLNvs=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 8485, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28339", + "panw.panos.network.nat.community_id": "1:fj3W3hxHPqT4snZlcRibDiqLNvs=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 8485, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "52.4.120.175", @@ -2579,7 +2579,7 @@ ], "server.ip": "52.4.120.175", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -2606,12 +2606,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -2627,21 +2627,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "52.4.120.175", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28299", - "palo_alto.pan_os.network.nat.community_id": "1:HLMiinoD9jzLzaYU394wqKksBUE=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 12496, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28299", + "panw.panos.network.nat.community_id": "1:HLMiinoD9jzLzaYU394wqKksBUE=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 12496, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "52.4.120.175", @@ -2650,7 +2650,7 @@ ], "server.ip": "52.4.120.175", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -2677,12 +2677,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -2698,21 +2698,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "52.4.120.175", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28303", - "palo_alto.pan_os.network.nat.community_id": "1:pNMLPgDpZv2+S840jW/Ggq8ng2I=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 17029, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28303", + "panw.panos.network.nat.community_id": "1:pNMLPgDpZv2+S840jW/Ggq8ng2I=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 17029, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "52.4.120.175", @@ -2721,7 +2721,7 @@ ], "server.ip": "52.4.120.175", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -2748,12 +2748,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -2769,21 +2769,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "52.4.120.175", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28390", - "palo_alto.pan_os.network.nat.community_id": "1:l6AkSmB92aDAHpLhiSCR28J+ANI=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 23696, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28390", + "panw.panos.network.nat.community_id": "1:l6AkSmB92aDAHpLhiSCR28J+ANI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 23696, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "52.4.120.175", @@ -2792,7 +2792,7 @@ ], "server.ip": "52.4.120.175", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -2819,12 +2819,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -2840,21 +2840,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "52.4.120.175", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28433", - "palo_alto.pan_os.network.nat.community_id": "1:33ah/rOB1xL3Yy0FUH0sEGuRvx8=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 34769, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28433", + "panw.panos.network.nat.community_id": "1:33ah/rOB1xL3Yy0FUH0sEGuRvx8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 34769, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "52.4.120.175", @@ -2863,7 +2863,7 @@ ], "server.ip": "52.4.120.175", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -2890,12 +2890,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -2911,21 +2911,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "52.4.120.175", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28380", - "palo_alto.pan_os.network.nat.community_id": "1:zOzoB9ZSg+/QZ7bt4sM6/I2TOXc=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 22486, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28380", + "panw.panos.network.nat.community_id": "1:zOzoB9ZSg+/QZ7bt4sM6/I2TOXc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 22486, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "52.4.120.175", @@ -2934,7 +2934,7 @@ ], "server.ip": "52.4.120.175", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -2961,12 +2961,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -2982,21 +2982,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "52.4.120.175", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28363", - "palo_alto.pan_os.network.nat.community_id": "1:l+VVTNzHKEhzOIqE/8PVt4xidPQ=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 12894, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28363", + "panw.panos.network.nat.community_id": "1:l+VVTNzHKEhzOIqE/8PVt4xidPQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 12894, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "52.4.120.175", @@ -3005,7 +3005,7 @@ ], "server.ip": "52.4.120.175", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -3032,12 +3032,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -3053,21 +3053,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "52.4.120.175", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28349", - "palo_alto.pan_os.network.nat.community_id": "1:/GTSxrH684FoBXpyEBepCy2M81Q=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 62348, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28349", + "panw.panos.network.nat.community_id": "1:/GTSxrH684FoBXpyEBepCy2M81Q=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 62348, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "52.4.120.175", @@ -3076,7 +3076,7 @@ ], "server.ip": "52.4.120.175", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -3103,12 +3103,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -3124,21 +3124,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "52.4.120.175", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28411", - "palo_alto.pan_os.network.nat.community_id": "1:z/innn6bIUB0vbGtF+NoTKxtaCQ=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 6224, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28411", + "panw.panos.network.nat.community_id": "1:z/innn6bIUB0vbGtF+NoTKxtaCQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 6224, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "52.4.120.175", @@ -3147,7 +3147,7 @@ ], "server.ip": "52.4.120.175", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -3174,12 +3174,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -3195,21 +3195,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "52.4.120.175", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28397", - "palo_alto.pan_os.network.nat.community_id": "1:7H4lb05cbTOpCa4pIgruj3M2WrY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 44120, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28397", + "panw.panos.network.nat.community_id": "1:7H4lb05cbTOpCa4pIgruj3M2WrY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 44120, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "52.4.120.175", @@ -3218,7 +3218,7 @@ ], "server.ip": "52.4.120.175", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -3245,12 +3245,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -3266,21 +3266,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "52.4.120.175", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28347", - "palo_alto.pan_os.network.nat.community_id": "1:G3GfJYWnCjo8Ato/aBgr49UKGTI=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 44228, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28347", + "panw.panos.network.nat.community_id": "1:G3GfJYWnCjo8Ato/aBgr49UKGTI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 44228, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "52.4.120.175", @@ -3289,7 +3289,7 @@ ], "server.ip": "52.4.120.175", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -3316,12 +3316,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -3337,21 +3337,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "52.4.120.175", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28443", - "palo_alto.pan_os.network.nat.community_id": "1:Ni0ZlLTDuNH8F3hFm9nLZkj/SKI=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 31322, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "srv-2018-11-30-22.config.parsely.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.4.120.175", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28443", + "panw.panos.network.nat.community_id": "1:Ni0ZlLTDuNH8F3hFm9nLZkj/SKI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 31322, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "52.4.120.175", @@ -3360,7 +3360,7 @@ ], "server.ip": "52.4.120.175", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -3387,12 +3387,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -3408,21 +3408,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "216.58.194.98", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28439", - "palo_alto.pan_os.network.nat.community_id": "1:WQC21tSR1QNUhWYgrcbgaLyTkos=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 1672, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "www.googleadservices.com/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "216.58.194.98", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28439", + "panw.panos.network.nat.community_id": "1:WQC21tSR1QNUhWYgrcbgaLyTkos=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 1672, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "www.googleadservices.com/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "216.58.194.98", @@ -3431,7 +3431,7 @@ ], "server.ip": "216.58.194.98", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -3455,12 +3455,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -3476,21 +3476,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "23.72.145.245", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "25958", - "palo_alto.pan_os.network.nat.community_id": "1:hYoXMUwV0cAKhYUb4hSHsLUSo1s=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 20801, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "25958", + "panw.panos.network.nat.community_id": "1:hYoXMUwV0cAKhYUb4hSHsLUSo1s=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 20801, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "23.72.145.245", @@ -3499,7 +3499,7 @@ ], "server.ip": "23.72.145.245", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -3523,12 +3523,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -3544,21 +3544,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "23.72.145.245", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28429", - "palo_alto.pan_os.network.nat.community_id": "1:al192CljLcXBQ5a9fXhiLM+uAKg=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 24533, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28429", + "panw.panos.network.nat.community_id": "1:al192CljLcXBQ5a9fXhiLM+uAKg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 24533, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "23.72.145.245", @@ -3567,7 +3567,7 @@ ], "server.ip": "23.72.145.245", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -3591,12 +3591,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -3612,21 +3612,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "23.72.145.245", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28465", - "palo_alto.pan_os.network.nat.community_id": "1:qI8dj7I/HOk1zkz/wkZBjQ/igsw=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 30150, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28465", + "panw.panos.network.nat.community_id": "1:qI8dj7I/HOk1zkz/wkZBjQ/igsw=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 30150, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "23.72.145.245", @@ -3635,7 +3635,7 @@ ], "server.ip": "23.72.145.245", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -3659,12 +3659,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -3680,21 +3680,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "23.72.145.245", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28504", - "palo_alto.pan_os.network.nat.community_id": "1:NTrpQ6lfrWcfRCXSB/tQ49z7sOQ=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 36305, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28504", + "panw.panos.network.nat.community_id": "1:NTrpQ6lfrWcfRCXSB/tQ49z7sOQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 36305, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "23.72.145.245", @@ -3703,7 +3703,7 @@ ], "server.ip": "23.72.145.245", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -3727,12 +3727,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -3748,21 +3748,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "23.72.145.245", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28458", - "palo_alto.pan_os.network.nat.community_id": "1:93oplAL+YibXq75Qng9iomHp97k=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 42682, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28458", + "panw.panos.network.nat.community_id": "1:93oplAL+YibXq75Qng9iomHp97k=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 42682, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "23.72.145.245", @@ -3771,7 +3771,7 @@ ], "server.ip": "23.72.145.245", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -3795,12 +3795,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -3816,21 +3816,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "23.72.145.245", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28491", - "palo_alto.pan_os.network.nat.community_id": "1:uhEHJXnnMaxBL0QYfNxS8lxZkls=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 22530, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28491", + "panw.panos.network.nat.community_id": "1:uhEHJXnnMaxBL0QYfNxS8lxZkls=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 22530, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "23.72.145.245", @@ -3839,7 +3839,7 @@ ], "server.ip": "23.72.145.245", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -3863,12 +3863,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -3884,21 +3884,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "23.72.145.245", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28520", - "palo_alto.pan_os.network.nat.community_id": "1:KtlZO5BbsoCg/ymqE05xAvw/iIA=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 43713, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28520", + "panw.panos.network.nat.community_id": "1:KtlZO5BbsoCg/ymqE05xAvw/iIA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 43713, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "23.72.145.245", @@ -3907,7 +3907,7 @@ ], "server.ip": "23.72.145.245", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -3931,12 +3931,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -3952,21 +3952,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "23.72.145.245", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28335", - "palo_alto.pan_os.network.nat.community_id": "1:4MqfykfAOpIQmtvXcxzLNXqgyTs=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 60608, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28335", + "panw.panos.network.nat.community_id": "1:4MqfykfAOpIQmtvXcxzLNXqgyTs=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 60608, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "23.72.145.245", @@ -3975,7 +3975,7 @@ ], "server.ip": "23.72.145.245", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -3999,12 +3999,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -4020,21 +4020,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "23.72.145.245", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28414", - "palo_alto.pan_os.network.nat.community_id": "1:Qj+AYB26PhFUPHkeHTP+u0XmR3A=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 9302, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28414", + "panw.panos.network.nat.community_id": "1:Qj+AYB26PhFUPHkeHTP+u0XmR3A=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 9302, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "23.72.145.245", @@ -4043,7 +4043,7 @@ ], "server.ip": "23.72.145.245", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -4067,12 +4067,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -4088,21 +4088,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "23.72.145.245", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28488", - "palo_alto.pan_os.network.nat.community_id": "1:BQw3RXiNvT4NW4kw0J5Ol6rFN5A=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 11634, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "service.maxymiser.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.72.145.245", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28488", + "panw.panos.network.nat.community_id": "1:BQw3RXiNvT4NW4kw0J5Ol6rFN5A=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 11634, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "service.maxymiser.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "23.72.145.245", @@ -4111,7 +4111,7 @@ ], "server.ip": "23.72.145.245", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -4138,12 +4138,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -4159,21 +4159,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28469", - "palo_alto.pan_os.network.nat.community_id": "1:1XJhGS1EujYy5wSCA64wjjK7hwA=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 30818, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28469", + "panw.panos.network.nat.community_id": "1:1XJhGS1EujYy5wSCA64wjjK7hwA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 30818, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -4182,7 +4182,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -4209,12 +4209,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -4230,21 +4230,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28556", - "palo_alto.pan_os.network.nat.community_id": "1:YHN6cU700Mp7622M1rIzbnPQ+ik=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 64260, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28556", + "panw.panos.network.nat.community_id": "1:YHN6cU700Mp7622M1rIzbnPQ+ik=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 64260, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -4253,7 +4253,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -4280,12 +4280,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -4301,21 +4301,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28558", - "palo_alto.pan_os.network.nat.community_id": "1:o5UB5uvp2ThXPXChyc7lgvBMH0s=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 7071, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28558", + "panw.panos.network.nat.community_id": "1:o5UB5uvp2ThXPXChyc7lgvBMH0s=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 7071, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -4324,7 +4324,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -4351,12 +4351,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -4372,21 +4372,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28531", - "palo_alto.pan_os.network.nat.community_id": "1:RRfOKybSMc/qYj1QHLEpuh+r0Eg=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 4512, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28531", + "panw.panos.network.nat.community_id": "1:RRfOKybSMc/qYj1QHLEpuh+r0Eg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 4512, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -4395,7 +4395,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -4422,12 +4422,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -4443,21 +4443,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28580", - "palo_alto.pan_os.network.nat.community_id": "1:KhCfFcRk3sovsTfN9pRRfgjsP84=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 3422, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28580", + "panw.panos.network.nat.community_id": "1:KhCfFcRk3sovsTfN9pRRfgjsP84=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 3422, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -4466,7 +4466,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -4493,12 +4493,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -4514,21 +4514,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28477", - "palo_alto.pan_os.network.nat.community_id": "1:hZhkH3fz7n30Q+zsXnQejsna14Q=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 4651, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28477", + "panw.panos.network.nat.community_id": "1:hZhkH3fz7n30Q+zsXnQejsna14Q=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 4651, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -4537,7 +4537,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -4564,12 +4564,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -4585,21 +4585,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28484", - "palo_alto.pan_os.network.nat.community_id": "1:lFuLGvzKiGz77tAPKRWLQ7eIBNw=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 19068, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28484", + "panw.panos.network.nat.community_id": "1:lFuLGvzKiGz77tAPKRWLQ7eIBNw=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 19068, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -4608,7 +4608,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -4635,12 +4635,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -4656,21 +4656,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28609", - "palo_alto.pan_os.network.nat.community_id": "1:lXgqW6uer7QCnFv+5qVbgX4vM6E=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 5831, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28609", + "panw.panos.network.nat.community_id": "1:lXgqW6uer7QCnFv+5qVbgX4vM6E=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 5831, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -4679,7 +4679,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -4706,12 +4706,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -4727,21 +4727,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28564", - "palo_alto.pan_os.network.nat.community_id": "1:SDf7YJ4JLx2oja8SY0iCD/f9ZYk=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 7084, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28564", + "panw.panos.network.nat.community_id": "1:SDf7YJ4JLx2oja8SY0iCD/f9ZYk=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 7084, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -4750,7 +4750,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -4777,12 +4777,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -4798,21 +4798,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28542", - "palo_alto.pan_os.network.nat.community_id": "1:/wf94ECkqPez+fxVgk+3KErtaBQ=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 18633, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28542", + "panw.panos.network.nat.community_id": "1:/wf94ECkqPez+fxVgk+3KErtaBQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 18633, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -4821,7 +4821,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -4848,12 +4848,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -4869,21 +4869,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28590", - "palo_alto.pan_os.network.nat.community_id": "1:lGMn2sEJLK3qbOX02axD1srH/FY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 25557, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28590", + "panw.panos.network.nat.community_id": "1:lGMn2sEJLK3qbOX02axD1srH/FY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 25557, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -4892,7 +4892,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -4919,12 +4919,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -4940,21 +4940,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28455", - "palo_alto.pan_os.network.nat.community_id": "1:O1zDnt5d52xTreiMgL/sHMRHiXA=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 20661, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28455", + "panw.panos.network.nat.community_id": "1:O1zDnt5d52xTreiMgL/sHMRHiXA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 20661, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -4963,7 +4963,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -4990,12 +4990,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -5011,21 +5011,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28585", - "palo_alto.pan_os.network.nat.community_id": "1:CwNRTMQumfdoC3msd4z5PIYkKLU=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 65438, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28585", + "panw.panos.network.nat.community_id": "1:CwNRTMQumfdoC3msd4z5PIYkKLU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 65438, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -5034,7 +5034,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -5061,12 +5061,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -5082,21 +5082,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28462", - "palo_alto.pan_os.network.nat.community_id": "1:0YBp8myYbHSoKWG2HvxutMfose0=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 53101, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28462", + "panw.panos.network.nat.community_id": "1:0YBp8myYbHSoKWG2HvxutMfose0=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 53101, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -5105,7 +5105,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -5132,12 +5132,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -5153,21 +5153,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28839", - "palo_alto.pan_os.network.nat.community_id": "1:CQrsQ2CJN8/aVtRj6kkSqGiLA4w=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 35463, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28839", + "panw.panos.network.nat.community_id": "1:CQrsQ2CJN8/aVtRj6kkSqGiLA4w=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 35463, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -5176,7 +5176,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", @@ -5203,12 +5203,12 @@ "ecs.version": "1.0.0", "event.action": "url_filtering", "event.category": "security_threat", - "event.dataset": "palo_alto.pan_os", - "event.module": "palo_alto", + "event.dataset": "panw.panos", + "event.module": "panw", "event.outcome": "block-url", "event.severity": 5, "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "labels.temporary_match": true, @@ -5224,21 +5224,21 @@ "network.transport": "tcp", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.209.101.70", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "28400", - "palo_alto.pan_os.network.nat.community_id": "1:vbknc+k7pE33+aNpIggpIzlC7MY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 45769, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.threat.id": "9999", - "palo_alto.pan_os.threat.name": "URL-filtering", - "palo_alto.pan_os.threat.resource": "segment-data.zqtk.net/", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.209.101.70", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "28400", + "panw.panos.network.nat.community_id": "1:vbknc+k7pE33+aNpIggpIzlC7MY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 45769, + "panw.panos.source.zone": "trust", + "panw.panos.threat.id": "9999", + "panw.panos.threat.name": "URL-filtering", + "panw.panos.threat.resource": "segment-data.zqtk.net/", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "54.209.101.70", @@ -5247,7 +5247,7 @@ ], "server.ip": "54.209.101.70", "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", diff --git a/x-pack/filebeat/module/palo_alto/pan_os/test/traffic.log b/x-pack/filebeat/module/panw/panos/test/traffic.log similarity index 100% rename from x-pack/filebeat/module/palo_alto/pan_os/test/traffic.log rename to x-pack/filebeat/module/panw/panos/test/traffic.log diff --git a/x-pack/filebeat/module/palo_alto/pan_os/test/traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json similarity index 72% rename from x-pack/filebeat/module/palo_alto/pan_os/test/traffic.log-expected.json rename to x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json index 4c9ce8a2c23..214308e73ef 100644 --- a/x-pack/filebeat/module/palo_alto/pan_os/test/traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json @@ -17,14 +17,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 586000000000, "event.end": "2018-11-30T16:08:50.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T15:59:04.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 0, @@ -41,19 +41,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "184.51.253.152", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "22751", - "palo_alto.pan_os.network.nat.community_id": "1:D1fZ8H3SfYS5p3yDzVdiwbnGJlU=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091112, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 16418, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "computer-and-internet-info", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "184.51.253.152", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "22751", + "panw.panos.network.nat.community_id": "1:D1fZ8H3SfYS5p3yDzVdiwbnGJlU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091112, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 16418, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.207", "184.51.253.152", @@ -64,7 +64,7 @@ "server.ip": "184.51.253.152", "server.packets": 16, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.207", "source.bytes": 5976, "source.ip": "192.168.15.207", @@ -92,14 +92,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:55.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:08:55.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 503, @@ -116,19 +116,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24223", - "palo_alto.pan_os.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091113, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24223", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091113, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -139,7 +139,7 @@ "server.ip": "8.8.8.8", "server.packets": 6, "server.port": 0, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", @@ -167,14 +167,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2018-11-30T16:08:52.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:08:51.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 947, @@ -191,19 +191,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "17.253.3.202", - "palo_alto.pan_os.destination.nat.port": 80, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24138", - "palo_alto.pan_os.network.nat.community_id": "1:VnGCPYRgvHZCFJBmPOwtCg7/sMY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091114, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 51990, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "computer-and-internet-info", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "17.253.3.202", + "panw.panos.destination.nat.port": 80, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24138", + "panw.panos.network.nat.community_id": "1:VnGCPYRgvHZCFJBmPOwtCg7/sMY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091114, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 51990, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.207", "17.253.3.202", @@ -214,7 +214,7 @@ "server.ip": "17.253.3.202", "server.packets": 6, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.207", "source.bytes": 1035, "source.ip": "192.168.15.207", @@ -242,14 +242,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:01.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:01.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 1441, @@ -266,19 +266,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24043", - "palo_alto.pan_os.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091115, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24043", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091115, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -289,7 +289,7 @@ "server.ip": "8.8.8.8", "server.packets": 6, "server.port": 0, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", @@ -320,14 +320,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:07:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:07:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 1885, @@ -344,19 +344,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "216.58.194.99", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "23003", - "palo_alto.pan_os.network.nat.community_id": "1:pvg9sIAzBs2eyqMclcdCIYEBO1Q=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091116, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 15252, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "216.58.194.99", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23003", + "panw.panos.network.nat.community_id": "1:pvg9sIAzBs2eyqMclcdCIYEBO1Q=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091116, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 15252, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.196", "216.58.194.99", @@ -367,7 +367,7 @@ "server.ip": "216.58.194.99", "server.packets": 5, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.196", "source.bytes": 1613, "source.ip": "192.168.15.196", @@ -395,14 +395,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 85000000000, "event.end": "2018-11-30T16:08:58.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:07:33.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 2353, @@ -419,19 +419,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "209.234.224.22", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "23919", - "palo_alto.pan_os.network.nat.community_id": "1:u81/Ahz4HsL4LAVrUEiPkbXlX9A=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091117, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 40763, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "web-advertisements", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "209.234.224.22", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23919", + "panw.panos.network.nat.community_id": "1:u81/Ahz4HsL4LAVrUEiPkbXlX9A=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091117, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 40763, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "web-advertisements", "related.ip": [ "192.168.15.224", "209.234.224.22", @@ -442,7 +442,7 @@ "server.ip": "209.234.224.22", "server.packets": 62, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 21111, "source.ip": "192.168.15.224", @@ -470,14 +470,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:07.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:07.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 2844, @@ -494,19 +494,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "21394", - "palo_alto.pan_os.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091118, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "21394", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091118, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -517,7 +517,7 @@ "server.ip": "8.8.8.8", "server.packets": 6, "server.port": 0, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", @@ -545,14 +545,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 15000000000, "event.end": "2018-11-30T16:07:19.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:07:04.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 3288, @@ -569,19 +569,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "172.217.2.238", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "23698", - "palo_alto.pan_os.network.nat.community_id": "1:DoBKpBbAds/XQwbKPGjMrcuHTGo=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091119, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 52881, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "172.217.2.238", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23698", + "panw.panos.network.nat.community_id": "1:DoBKpBbAds/XQwbKPGjMrcuHTGo=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091119, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 52881, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "172.217.2.238", @@ -592,7 +592,7 @@ "server.ip": "172.217.2.238", "server.packets": 7, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 3732, "source.ip": "192.168.15.224", @@ -620,14 +620,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:50.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:08:50.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 3758, @@ -644,19 +644,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24179", - "palo_alto.pan_os.network.nat.community_id": "1:viuINkmqZ3Q7wH9NHmhVu6rZuOs=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091120, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 26654, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24179", + "panw.panos.network.nat.community_id": "1:viuINkmqZ3Q7wH9NHmhVu6rZuOs=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091120, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 26654, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.207", "8.8.8.8", @@ -667,7 +667,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.207", "source.bytes": 221, "source.ip": "192.168.15.207", @@ -695,14 +695,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:51.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:08:51.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 4207, @@ -719,19 +719,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "23933", - "palo_alto.pan_os.network.nat.community_id": "1:wR8JpmqlhC4f7BvxdzxRlKdkPiQ=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091121, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 2486, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23933", + "panw.panos.network.nat.community_id": "1:wR8JpmqlhC4f7BvxdzxRlKdkPiQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091121, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 2486, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.207", "8.8.8.8", @@ -742,7 +742,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.207", "source.bytes": 221, "source.ip": "192.168.15.207", @@ -770,14 +770,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 593000000000, "event.end": "2018-11-30T16:08:52.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T15:58:59.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 4655, @@ -794,19 +794,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "17.249.60.78", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "22662", - "palo_alto.pan_os.network.nat.community_id": "1:JuPhgq+FyomxcGW/tt851C0l4Hg=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091122, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 42021, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "computer-and-internet-info", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "17.249.60.78", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "22662", + "panw.panos.network.nat.community_id": "1:JuPhgq+FyomxcGW/tt851C0l4Hg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091122, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 42021, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.207", "17.249.60.78", @@ -817,7 +817,7 @@ "server.ip": "17.249.60.78", "server.packets": 16, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.207", "source.bytes": 5469, "source.ip": "192.168.15.207", @@ -845,14 +845,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:52.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:08:52.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 5180, @@ -869,19 +869,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24161", - "palo_alto.pan_os.network.nat.community_id": "1:rsDXUIQYGBC2VYTxep2/bVIc3Xs=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091123, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 24377, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24161", + "panw.panos.network.nat.community_id": "1:rsDXUIQYGBC2VYTxep2/bVIc3Xs=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091123, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 24377, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.207", "8.8.8.8", @@ -892,7 +892,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.207", "source.bytes": 224, "source.ip": "192.168.15.207", @@ -920,14 +920,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:52.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:08:52.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 5629, @@ -944,19 +944,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24107", - "palo_alto.pan_os.network.nat.community_id": "1:ewaPydF3S4wOU8oEi8ykj+ETSIY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091124, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 48792, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24107", + "panw.panos.network.nat.community_id": "1:ewaPydF3S4wOU8oEi8ykj+ETSIY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091124, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 48792, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.207", "8.8.8.8", @@ -967,7 +967,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.207", "source.bytes": 117, "source.ip": "192.168.15.207", @@ -995,14 +995,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:52.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:08:52.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 6078, @@ -1019,19 +1019,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24063", - "palo_alto.pan_os.network.nat.community_id": "1:+6FjOLCCWY+JDxSWKn7tYpAXksA=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091125, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 2987, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24063", + "panw.panos.network.nat.community_id": "1:+6FjOLCCWY+JDxSWKn7tYpAXksA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091125, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 2987, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.207", "8.8.8.8", @@ -1042,7 +1042,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.207", "source.bytes": 307, "source.ip": "192.168.15.207", @@ -1070,14 +1070,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:52.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:08:52.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 6526, @@ -1094,19 +1094,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24145", - "palo_alto.pan_os.network.nat.community_id": "1:rR5F8eZHI1nwmznedxqG9e8vUQE=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091126, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 6945, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24145", + "panw.panos.network.nat.community_id": "1:rR5F8eZHI1nwmznedxqG9e8vUQE=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091126, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 6945, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.207", "8.8.8.8", @@ -1117,7 +1117,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.207", "source.bytes": 365, "source.ip": "192.168.15.207", @@ -1145,14 +1145,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 6974, @@ -1169,19 +1169,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24245", - "palo_alto.pan_os.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091127, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24245", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091127, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -1192,7 +1192,7 @@ "server.ip": "8.8.8.8", "server.packets": 6, "server.port": 0, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", @@ -1220,14 +1220,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2018-11-30T16:08:55.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:08:54.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 7418, @@ -1244,19 +1244,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24167", - "palo_alto.pan_os.network.nat.community_id": "1:81Mi4MwpmNYtUrc7CMJH0MPRelU=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091128, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 42208, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24167", + "panw.panos.network.nat.community_id": "1:81Mi4MwpmNYtUrc7CMJH0MPRelU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091128, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 42208, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -1267,7 +1267,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 161, "source.ip": "192.168.15.224", @@ -1295,14 +1295,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 17000000000, "event.end": "2018-11-30T16:09:11.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:08:54.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 7867, @@ -1319,19 +1319,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "98.138.49.44", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24212", - "palo_alto.pan_os.network.nat.community_id": "1:FfbVY/+5Mds7zDjSs5/Yfw5bxNQ=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091129, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 14660, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "web-advertisements", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "98.138.49.44", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24212", + "panw.panos.network.nat.community_id": "1:FfbVY/+5Mds7zDjSs5/Yfw5bxNQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091129, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 14660, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "web-advertisements", "related.ip": [ "192.168.15.224", "98.138.49.44", @@ -1342,7 +1342,7 @@ "server.ip": "98.138.49.44", "server.packets": 14, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 7805, "source.ip": "192.168.15.224", @@ -1370,14 +1370,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 17000000000, "event.end": "2018-11-30T16:09:11.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:08:54.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 8350, @@ -1394,19 +1394,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "72.30.3.43", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24149", - "palo_alto.pan_os.network.nat.community_id": "1:TGvDRLypWuNWkuMsAxPzc5TSbAo=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091130, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 16483, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "web-advertisements", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "72.30.3.43", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24149", + "panw.panos.network.nat.community_id": "1:TGvDRLypWuNWkuMsAxPzc5TSbAo=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091130, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 16483, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "web-advertisements", "related.ip": [ "192.168.15.224", "72.30.3.43", @@ -1417,7 +1417,7 @@ "server.ip": "72.30.3.43", "server.packets": 13, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 6106, "source.ip": "192.168.15.224", @@ -1445,14 +1445,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:15.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:15.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 8829, @@ -1469,19 +1469,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24185", - "palo_alto.pan_os.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091131, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24185", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091131, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.196", "8.8.8.8", @@ -1492,7 +1492,7 @@ "server.ip": "8.8.8.8", "server.packets": 2, "server.port": 0, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.196", "source.bytes": 196, "source.ip": "192.168.15.196", @@ -1520,14 +1520,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 116000000000, "event.end": "2018-11-30T16:09:12.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:07:16.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 9271, @@ -1544,19 +1544,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "172.217.9.142", - "palo_alto.pan_os.destination.nat.port": 80, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "23856", - "palo_alto.pan_os.network.nat.community_id": "1:NNgF+9vrbBFNpCI3JhUT4YWepd4=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091132, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 5570, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "computer-and-internet-info", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "172.217.9.142", + "panw.panos.destination.nat.port": 80, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23856", + "panw.panos.network.nat.community_id": "1:NNgF+9vrbBFNpCI3JhUT4YWepd4=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091132, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 5570, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", "172.217.9.142", @@ -1567,7 +1567,7 @@ "server.ip": "172.217.9.142", "server.packets": 19, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 3245, "source.ip": "192.168.15.224", @@ -1595,14 +1595,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:08:57.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:08:57.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 9763, @@ -1619,19 +1619,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24173", - "palo_alto.pan_os.network.nat.community_id": "1:9T+RKr8xDB21pvAf/Fihyq72sLY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091133, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 24430, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24173", + "panw.panos.network.nat.community_id": "1:9T+RKr8xDB21pvAf/Fihyq72sLY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091133, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 24430, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.207", "8.8.8.8", @@ -1642,7 +1642,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.207", "source.bytes": 179, "source.ip": "192.168.15.207", @@ -1673,14 +1673,14 @@ "ecs.version": "1.0.0", "event.action": "flow_started", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 10212, @@ -1697,19 +1697,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.84.80.198", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24257", - "palo_alto.pan_os.network.nat.community_id": "1:k69UBIONLgCiGo9UhMOEY0pQnZ4=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091134, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 12122, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "computer-and-internet-info", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.84.80.198", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24257", + "panw.panos.network.nat.community_id": "1:k69UBIONLgCiGo9UhMOEY0pQnZ4=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091134, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 12122, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", "54.84.80.198", @@ -1720,7 +1720,7 @@ "server.ip": "54.84.80.198", "server.packets": 13, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 4537, "source.ip": "192.168.15.224", @@ -1751,14 +1751,14 @@ "ecs.version": "1.0.0", "event.action": "flow_dropped", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 13000000000, "event.end": "2018-11-30T16:09:25.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:12.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 10725, @@ -1775,19 +1775,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "199.167.55.52", - "palo_alto.pan_os.destination.nat.port": 4282, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24090", - "palo_alto.pan_os.network.nat.community_id": "1:07q7McJtir76GhJwAJffz+C0sNo=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091135, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 49145, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "199.167.55.52", + "panw.panos.destination.nat.port": 4282, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24090", + "panw.panos.network.nat.community_id": "1:07q7McJtir76GhJwAJffz+C0sNo=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091135, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 49145, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "199.167.55.52", @@ -1798,7 +1798,7 @@ "server.ip": "199.167.55.52", "server.packets": 8, "server.port": 4282, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 0, "source.ip": "192.168.15.224", @@ -1826,14 +1826,14 @@ "ecs.version": "1.0.0", "event.action": "flow_denied", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:19.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:19.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 11198, @@ -1850,19 +1850,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24242", - "palo_alto.pan_os.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091136, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24242", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091136, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -1873,7 +1873,7 @@ "server.ip": "8.8.8.8", "server.packets": 6, "server.port": 0, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", @@ -1900,14 +1900,14 @@ "destination.port": 53, "ecs.version": "1.0.0", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:02.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:02.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 11643, @@ -1924,19 +1924,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24190", - "palo_alto.pan_os.network.nat.community_id": "1:JM1EdN05nKTy8Sq9WGpY15fCNJk=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091137, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 33110, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24190", + "panw.panos.network.nat.community_id": "1:JM1EdN05nKTy8Sq9WGpY15fCNJk=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091137, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 33110, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.210", "8.8.8.8", @@ -1947,7 +1947,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.210", "source.bytes": 130, "source.ip": "192.168.15.210", @@ -1974,14 +1974,14 @@ "destination.port": 443, "ecs.version": "1.0.0", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 15000000000, "event.end": "2018-11-30T16:07:35.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:07:20.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 12089, @@ -1998,19 +1998,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "172.217.9.142", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "23892", - "palo_alto.pan_os.network.nat.community_id": "1:3vS12CJ5QBY6RbGXOUPYKL9E0+U=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091138, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 9299, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "172.217.9.142", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23892", + "panw.panos.network.nat.community_id": "1:3vS12CJ5QBY6RbGXOUPYKL9E0+U=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091138, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 9299, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "172.217.9.142", @@ -2021,7 +2021,7 @@ "server.ip": "172.217.9.142", "server.packets": 6, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 1991, "source.ip": "192.168.15.224", @@ -2049,14 +2049,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:21.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:21.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 12559, @@ -2073,19 +2073,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "151.101.2.2", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24360", - "palo_alto.pan_os.network.nat.community_id": "1:l6nFWeOSs/2aQaVCfYhfQ09l0ko=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091139, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 47194, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "151.101.2.2", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24360", + "panw.panos.network.nat.community_id": "1:l6nFWeOSs/2aQaVCfYhfQ09l0ko=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091139, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 47194, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "151.101.2.2", @@ -2096,7 +2096,7 @@ "server.ip": "151.101.2.2", "server.packets": 8, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 523, "source.ip": "192.168.15.224", @@ -2127,14 +2127,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:07:36.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:07:36.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 13050, @@ -2151,19 +2151,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "216.58.194.66", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "23952", - "palo_alto.pan_os.network.nat.community_id": "1:hVpNmZPedeB/gYRm9U4/gS+LNkQ=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091140, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 62921, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "216.58.194.66", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23952", + "panw.panos.network.nat.community_id": "1:hVpNmZPedeB/gYRm9U4/gS+LNkQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091140, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 62921, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "216.58.194.66", @@ -2174,7 +2174,7 @@ "server.ip": "216.58.194.66", "server.packets": 5, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 2428, "source.ip": "192.168.15.224", @@ -2202,14 +2202,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:25.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:25.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 13518, @@ -2226,19 +2226,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24328", - "palo_alto.pan_os.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091141, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24328", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091141, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -2249,7 +2249,7 @@ "server.ip": "8.8.8.8", "server.packets": 6, "server.port": 0, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", @@ -2277,14 +2277,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:25.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:25.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 13962, @@ -2301,19 +2301,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24385", - "palo_alto.pan_os.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091142, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24385", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091142, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.210", "8.8.8.8", @@ -2324,7 +2324,7 @@ "server.ip": "8.8.8.8", "server.packets": 2, "server.port": 0, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.210", "source.bytes": 196, "source.ip": "192.168.15.210", @@ -2352,14 +2352,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:22.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:22.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 14404, @@ -2376,19 +2376,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "184.51.253.193", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24172", - "palo_alto.pan_os.network.nat.community_id": "1:zBrhHOnlJT7YZV7WXiPAQBEhScI=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091143, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 41958, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "web-advertisements", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "184.51.253.193", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24172", + "panw.panos.network.nat.community_id": "1:zBrhHOnlJT7YZV7WXiPAQBEhScI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091143, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 41958, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "web-advertisements", "related.ip": [ "192.168.15.224", "184.51.253.193", @@ -2399,7 +2399,7 @@ "server.ip": "184.51.253.193", "server.packets": 12, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 5003, "source.ip": "192.168.15.224", @@ -2427,14 +2427,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:08.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:08.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 14890, @@ -2451,19 +2451,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24131", - "palo_alto.pan_os.network.nat.community_id": "1:QjiWUuclXv+JzWhbuYDyyP+YyTk=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091144, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 51374, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24131", + "panw.panos.network.nat.community_id": "1:QjiWUuclXv+JzWhbuYDyyP+YyTk=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091144, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 51374, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -2474,7 +2474,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 171, "source.ip": "192.168.15.224", @@ -2505,14 +2505,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:33.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:33.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 15339, @@ -2529,19 +2529,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "199.167.55.52", - "palo_alto.pan_os.destination.nat.port": 4282, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24393", - "palo_alto.pan_os.network.nat.community_id": "1:WSYAeVnYXY4WmfLFYEEo/atQJE8=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091145, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 25566, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "199.167.55.52", + "panw.panos.destination.nat.port": 4282, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24393", + "panw.panos.network.nat.community_id": "1:WSYAeVnYXY4WmfLFYEEo/atQJE8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091145, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 25566, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "199.167.55.52", @@ -2552,7 +2552,7 @@ "server.ip": "199.167.55.52", "server.packets": 1, "server.port": 4282, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 0, "source.ip": "192.168.15.224", @@ -2583,14 +2583,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:25.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:25.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 15808, @@ -2607,19 +2607,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "199.167.52.219", - "palo_alto.pan_os.destination.nat.port": 17472, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24976", - "palo_alto.pan_os.network.nat.community_id": "1:XrQuj5ypAzAqGAy0lpIvWQVVZ2E=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091146, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 63757, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "199.167.52.219", + "panw.panos.destination.nat.port": 17472, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24976", + "panw.panos.network.nat.community_id": "1:XrQuj5ypAzAqGAy0lpIvWQVVZ2E=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091146, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 63757, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "199.167.52.219", @@ -2630,7 +2630,7 @@ "server.ip": "199.167.52.219", "server.packets": 11, "server.port": 17472, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 2316, "source.ip": "192.168.15.224", @@ -2661,14 +2661,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 4000000000, "event.end": "2018-11-30T16:09:25.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:21.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 16297, @@ -2685,19 +2685,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "52.71.117.196", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24348", - "palo_alto.pan_os.network.nat.community_id": "1:EG9O/WtvoWuYwaB1MXJTgr43kac=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091147, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 3803, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "computer-and-internet-info", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.71.117.196", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24348", + "panw.panos.network.nat.community_id": "1:EG9O/WtvoWuYwaB1MXJTgr43kac=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091147, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 3803, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", "52.71.117.196", @@ -2708,7 +2708,7 @@ "server.ip": "52.71.117.196", "server.packets": 19, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 13966, "source.ip": "192.168.15.224", @@ -2736,14 +2736,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:12.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:12.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 16802, @@ -2760,19 +2760,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24046", - "palo_alto.pan_os.network.nat.community_id": "1:eI0W7/EQJgRBimA1ZM4XVOSKMqo=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091148, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 34994, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24046", + "panw.panos.network.nat.community_id": "1:eI0W7/EQJgRBimA1ZM4XVOSKMqo=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091148, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 34994, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -2783,7 +2783,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 244, "source.ip": "192.168.15.224", @@ -2811,14 +2811,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:12.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:12.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 17250, @@ -2835,19 +2835,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24196", - "palo_alto.pan_os.network.nat.community_id": "1:uSrPYHIl4eJpdC+J0IAMuGStuNc=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091149, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 38064, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24196", + "panw.panos.network.nat.community_id": "1:uSrPYHIl4eJpdC+J0IAMuGStuNc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091149, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 38064, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -2858,7 +2858,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 205, "source.ip": "192.168.15.224", @@ -2889,14 +2889,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 8000000000, "event.end": "2018-11-30T16:09:27.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:19.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 17699, @@ -2913,19 +2913,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "35.186.194.41", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24264", - "palo_alto.pan_os.network.nat.community_id": "1:djhBHAw6H+Q9Bcz6i7V+GTrjtzA=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091150, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 42924, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "insufficient-content", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "35.186.194.41", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24264", + "panw.panos.network.nat.community_id": "1:djhBHAw6H+Q9Bcz6i7V+GTrjtzA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091150, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 42924, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "insufficient-content", "related.ip": [ "192.168.15.224", "35.186.194.41", @@ -2936,7 +2936,7 @@ "server.ip": "35.186.194.41", "server.packets": 24, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 2302, "source.ip": "192.168.15.224", @@ -2963,14 +2963,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 8000000000, "event.end": "2018-11-30T16:09:27.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:19.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 18185, @@ -2987,19 +2987,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "35.201.124.9", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24248", - "palo_alto.pan_os.network.nat.community_id": "1:hIY5A8O11VWtEfpYG2l5voTvbVQ=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091151, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 58977, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "insufficient-content", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "35.201.124.9", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24248", + "panw.panos.network.nat.community_id": "1:hIY5A8O11VWtEfpYG2l5voTvbVQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091151, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 58977, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "insufficient-content", "related.ip": [ "192.168.15.224", "35.201.124.9", @@ -3010,7 +3010,7 @@ "server.ip": "35.201.124.9", "server.packets": 63, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 6757, "source.ip": "192.168.15.224", @@ -3041,14 +3041,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 6000000000, "event.end": "2018-11-30T16:09:27.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:21.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 18678, @@ -3065,19 +3065,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "100.24.131.237", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24268", - "palo_alto.pan_os.network.nat.community_id": "1:sXYelUOdA/EfjcKKE8M5kPe+M+c=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091152, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 64732, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "100.24.131.237", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24268", + "panw.panos.network.nat.community_id": "1:sXYelUOdA/EfjcKKE8M5kPe+M+c=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091152, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 64732, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "100.24.131.237", @@ -3088,7 +3088,7 @@ "server.ip": "100.24.131.237", "server.packets": 17, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 9007, "source.ip": "192.168.15.224", @@ -3116,14 +3116,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 13000000000, "event.end": "2018-11-30T16:09:27.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:14.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 19179, @@ -3140,19 +3140,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "184.51.252.247", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24175", - "palo_alto.pan_os.network.nat.community_id": "1:D6pPzYoIWTOXxVzuweKvZYK6FVE=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091153, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 58292, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "computer-and-internet-info", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "184.51.252.247", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24175", + "panw.panos.network.nat.community_id": "1:D6pPzYoIWTOXxVzuweKvZYK6FVE=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091153, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 58292, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", "184.51.252.247", @@ -3163,7 +3163,7 @@ "server.ip": "184.51.252.247", "server.packets": 8, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 661, "source.ip": "192.168.15.224", @@ -3194,14 +3194,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 8000000000, "event.end": "2018-11-30T16:09:27.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:19.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 19683, @@ -3218,19 +3218,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "35.190.88.148", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24312", - "palo_alto.pan_os.network.nat.community_id": "1:VFQjrA+iaNcIu6vFJNU6ls7+4Is=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091154, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 32209, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "computer-and-internet-info", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "35.190.88.148", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24312", + "panw.panos.network.nat.community_id": "1:VFQjrA+iaNcIu6vFJNU6ls7+4Is=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091154, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 32209, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", "35.190.88.148", @@ -3241,7 +3241,7 @@ "server.ip": "35.190.88.148", "server.packets": 15, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 11136, "source.ip": "192.168.15.224", @@ -3272,14 +3272,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 8000000000, "event.end": "2018-11-30T16:09:27.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:19.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 20177, @@ -3296,19 +3296,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "35.186.243.83", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24164", - "palo_alto.pan_os.network.nat.community_id": "1:Xx31zYZNYc/mjf2GOihkp6JogmA=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091155, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 38822, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "computer-and-internet-info", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "35.186.243.83", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24164", + "panw.panos.network.nat.community_id": "1:Xx31zYZNYc/mjf2GOihkp6JogmA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091155, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 38822, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", "35.186.243.83", @@ -3319,7 +3319,7 @@ "server.ip": "35.186.243.83", "server.packets": 15, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 11136, "source.ip": "192.168.15.224", @@ -3347,14 +3347,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:12.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:12.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 20671, @@ -3371,19 +3371,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24198", - "palo_alto.pan_os.network.nat.community_id": "1:445AeHI1LAvb+ii4arRZeLAO4zM=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091156, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 16044, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24198", + "panw.panos.network.nat.community_id": "1:445AeHI1LAvb+ii4arRZeLAO4zM=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091156, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 16044, + "panw.panos.source.zone": "untrust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -3394,7 +3394,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 182, "source.ip": "192.168.15.224", @@ -3422,14 +3422,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:12.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:12.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 21122, @@ -3446,19 +3446,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "24184", - "palo_alto.pan_os.network.nat.community_id": "1:+5KwsEYW+tFecEENSBwHbKTvUv8=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091157, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 56614, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "24184", + "panw.panos.network.nat.community_id": "1:+5KwsEYW+tFecEENSBwHbKTvUv8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091157, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 56614, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -3469,7 +3469,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 90, "source.ip": "192.168.15.224", @@ -3500,14 +3500,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 6000000000, "event.end": "2018-11-30T16:09:27.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:21.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 21568, @@ -3524,19 +3524,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "100.24.165.74", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "trust", - "palo_alto.pan_os.flow_id": "24314", - "palo_alto.pan_os.network.nat.community_id": "1:DRqq/mx90TOYq1a5yLf562kwIvc=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091158, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 53168, - "palo_alto.pan_os.source.zone": "untrust", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "100.24.165.74", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "trust", + "panw.panos.flow_id": "24314", + "panw.panos.network.nat.community_id": "1:DRqq/mx90TOYq1a5yLf562kwIvc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091158, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 53168, + "panw.panos.source.zone": "untrust", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "100.24.165.74", @@ -3547,7 +3547,7 @@ "server.ip": "100.24.165.74", "server.packets": 17, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 6669, "source.ip": "192.168.15.224", @@ -3575,14 +3575,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 13000000000, "event.end": "2018-11-30T16:09:27.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:14.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 22066, @@ -3599,19 +3599,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "184.51.252.247", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24204", - "palo_alto.pan_os.network.nat.community_id": "1:vx03vuDn4sh2/e89Lm3RoSpVIVM=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091159, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 28012, - "palo_alto.pan_os.source.zone": "xtrust", - "palo_alto.pan_os.url.category": "computer-and-internet-info", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "184.51.252.247", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24204", + "panw.panos.network.nat.community_id": "1:vx03vuDn4sh2/e89Lm3RoSpVIVM=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091159, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 28012, + "panw.panos.source.zone": "xtrust", + "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", "184.51.252.247", @@ -3622,7 +3622,7 @@ "server.ip": "184.51.252.247", "server.packets": 8, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 661, "source.ip": "192.168.15.224", @@ -3649,14 +3649,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 8000000000, "event.end": "2018-11-30T16:09:27.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:19.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 22571, @@ -3673,19 +3673,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "35.201.94.140", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "xuntrust", - "palo_alto.pan_os.flow_id": "24234", - "palo_alto.pan_os.network.nat.community_id": "1:u1uvQ3wfJoaG/nNiBhvQMHQSVlU=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091160, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 16050, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "computer-and-internet-info", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "35.201.94.140", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "xuntrust", + "panw.panos.flow_id": "24234", + "panw.panos.network.nat.community_id": "1:u1uvQ3wfJoaG/nNiBhvQMHQSVlU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091160, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 16050, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", "35.201.94.140", @@ -3696,7 +3696,7 @@ "server.ip": "35.201.94.140", "server.packets": 15, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 11136, "source.ip": "192.168.15.224", @@ -3724,14 +3724,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:31.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:31.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 23072, @@ -3748,17 +3748,17 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.flow_id": "24390", - "palo_alto.pan_os.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091161, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.flow_id": "24390", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091161, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -3769,7 +3769,7 @@ "server.ip": "8.8.8.8", "server.packets": 6, "server.port": 0, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", @@ -3797,14 +3797,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 23504, @@ -3821,19 +3821,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24093", - "palo_alto.pan_os.network.nat.community_id": "1:lz0ZCL4R4wwyqmvefpkiJk7yR18=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091162, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 61722, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24093", + "panw.panos.network.nat.community_id": "1:lz0ZCL4R4wwyqmvefpkiJk7yR18=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091162, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 61722, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -3844,7 +3844,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 144, "source.ip": "192.168.15.224", @@ -3872,14 +3872,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 23953, @@ -3896,19 +3896,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24117", - "palo_alto.pan_os.network.nat.community_id": "1:DkOVz0BGrlh9OPZZ8+58eugW7gU=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091163, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 14247, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24117", + "panw.panos.network.nat.community_id": "1:DkOVz0BGrlh9OPZZ8+58eugW7gU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091163, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 14247, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -3919,7 +3919,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 206, "source.ip": "192.168.15.224", @@ -3947,14 +3947,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 24403, @@ -3971,19 +3971,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24142", - "palo_alto.pan_os.network.nat.community_id": "1:twx1eOqehbazvI0g0nkTeVynrY0=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091164, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 33580, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24142", + "panw.panos.network.nat.community_id": "1:twx1eOqehbazvI0g0nkTeVynrY0=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091164, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 33580, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -3994,7 +3994,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 206, "source.ip": "192.168.15.224", @@ -4022,14 +4022,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 24853, @@ -4046,19 +4046,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24195", - "palo_alto.pan_os.network.nat.community_id": "1:hcgjXpi+ne3QnFDBLeskkVg4V+M=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091165, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 13498, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24195", + "panw.panos.network.nat.community_id": "1:hcgjXpi+ne3QnFDBLeskkVg4V+M=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091165, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 13498, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -4069,7 +4069,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 169, "source.ip": "192.168.15.224", @@ -4097,14 +4097,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 25302, @@ -4121,19 +4121,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24124", - "palo_alto.pan_os.network.nat.community_id": "1:C91XK45Q10iqwwp4XYM+Wg1Ua8A=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091166, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 20365, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24124", + "panw.panos.network.nat.community_id": "1:C91XK45Q10iqwwp4XYM+Wg1Ua8A=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091166, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 20365, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -4144,7 +4144,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 132, "source.ip": "192.168.15.224", @@ -4172,14 +4172,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 25752, @@ -4196,19 +4196,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24153", - "palo_alto.pan_os.network.nat.community_id": "1:hsTAFtOdeb7+Ofe152B+9h69mbE=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091167, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 61464, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24153", + "panw.panos.network.nat.community_id": "1:hsTAFtOdeb7+Ofe152B+9h69mbE=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091167, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 61464, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -4219,7 +4219,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 127, "source.ip": "192.168.15.224", @@ -4247,14 +4247,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 26200, @@ -4271,19 +4271,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24122", - "palo_alto.pan_os.network.nat.community_id": "1:htOXUg3QOGd0fpgLjYzQlvRMzUQ=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091168, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 42877, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24122", + "panw.panos.network.nat.community_id": "1:htOXUg3QOGd0fpgLjYzQlvRMzUQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091168, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 42877, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.196", "8.8.8.8", @@ -4294,7 +4294,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.196", "source.bytes": 105, "source.ip": "192.168.15.196", @@ -4322,14 +4322,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 26649, @@ -4346,19 +4346,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24171", - "palo_alto.pan_os.network.nat.community_id": "1:gHWCOTtilTTqOn7fOKh7zVq45Xw=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091169, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 5918, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24171", + "panw.panos.network.nat.community_id": "1:gHWCOTtilTTqOn7fOKh7zVq45Xw=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091169, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 5918, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -4369,7 +4369,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 172, "source.ip": "192.168.15.224", @@ -4397,14 +4397,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 27097, @@ -4421,19 +4421,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24069", - "palo_alto.pan_os.network.nat.community_id": "1:OGDvpe1+4KQfCsxk0I61jm0+DIc=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091170, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 28944, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24069", + "panw.panos.network.nat.community_id": "1:OGDvpe1+4KQfCsxk0I61jm0+DIc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091170, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 28944, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -4444,7 +4444,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 134, "source.ip": "192.168.15.224", @@ -4472,14 +4472,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 27546, @@ -4496,19 +4496,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24282", - "palo_alto.pan_os.network.nat.community_id": "1:po/vy4RoD5WeFPgCZnduQkE47yY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091171, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 13415, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24282", + "panw.panos.network.nat.community_id": "1:po/vy4RoD5WeFPgCZnduQkE47yY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091171, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 13415, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -4519,7 +4519,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 179, "source.ip": "192.168.15.224", @@ -4547,14 +4547,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 27995, @@ -4571,19 +4571,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24218", - "palo_alto.pan_os.network.nat.community_id": "1:wIxYOe++IxscmxBcRwrPGEIlZF4=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091172, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 2489, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24218", + "panw.panos.network.nat.community_id": "1:wIxYOe++IxscmxBcRwrPGEIlZF4=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091172, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 2489, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -4594,7 +4594,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 218, "source.ip": "192.168.15.224", @@ -4622,14 +4622,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 28443, @@ -4646,19 +4646,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24200", - "palo_alto.pan_os.network.nat.community_id": "1:xN7R3QI47jVAQhgJrOAvdsu+oes=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091173, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 49328, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24200", + "panw.panos.network.nat.community_id": "1:xN7R3QI47jVAQhgJrOAvdsu+oes=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091173, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 49328, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -4669,7 +4669,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 172, "source.ip": "192.168.15.224", @@ -4697,14 +4697,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:13.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 28892, @@ -4721,19 +4721,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24224", - "palo_alto.pan_os.network.nat.community_id": "1:BxuDgAhR5Rh55XOXYnYF+6GKhps=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091174, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 36036, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24224", + "panw.panos.network.nat.community_id": "1:BxuDgAhR5Rh55XOXYnYF+6GKhps=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091174, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 36036, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -4744,7 +4744,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 305, "source.ip": "192.168.15.224", @@ -4775,14 +4775,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:14.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 29341, @@ -4799,19 +4799,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "66.28.0.45", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24240", - "palo_alto.pan_os.network.nat.community_id": "1:Yv+Yq/7HK9SajeKHOV50RYQWjRU=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091175, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 33744, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "66.28.0.45", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24240", + "panw.panos.network.nat.community_id": "1:Yv+Yq/7HK9SajeKHOV50RYQWjRU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091175, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 33744, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "66.28.0.45", @@ -4822,7 +4822,7 @@ "server.ip": "66.28.0.45", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 527, "source.ip": "192.168.15.224", @@ -4850,14 +4850,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:14.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 29796, @@ -4874,19 +4874,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24183", - "palo_alto.pan_os.network.nat.community_id": "1:MxVcaRP5Y1xyEiYiNsmO1lVcN+A=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091176, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 45809, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24183", + "panw.panos.network.nat.community_id": "1:MxVcaRP5Y1xyEiYiNsmO1lVcN+A=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091176, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 45809, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -4897,7 +4897,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 153, "source.ip": "192.168.15.224", @@ -4925,14 +4925,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:14.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 30245, @@ -4949,19 +4949,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24211", - "palo_alto.pan_os.network.nat.community_id": "1:p8DU1xLXG63f/3s/r6ZKJcQo9u8=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091177, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 3675, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24211", + "panw.panos.network.nat.community_id": "1:p8DU1xLXG63f/3s/r6ZKJcQo9u8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091177, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 3675, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -4972,7 +4972,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 169, "source.ip": "192.168.15.224", @@ -5000,14 +5000,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:14.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 30692, @@ -5024,19 +5024,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24253", - "palo_alto.pan_os.network.nat.community_id": "1:bU3nBIz+M3cDoPKg8azcJgVx+8Q=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091178, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 5787, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24253", + "panw.panos.network.nat.community_id": "1:bU3nBIz+M3cDoPKg8azcJgVx+8Q=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091178, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 5787, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -5047,7 +5047,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 128, "source.ip": "192.168.15.224", @@ -5075,14 +5075,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:14.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 31139, @@ -5099,19 +5099,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24221", - "palo_alto.pan_os.network.nat.community_id": "1:vnb4ttnFy2i39tg89p3jkGs6eDg=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091179, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 12342, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24221", + "panw.panos.network.nat.community_id": "1:vnb4ttnFy2i39tg89p3jkGs6eDg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091179, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 12342, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -5122,7 +5122,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 181, "source.ip": "192.168.15.224", @@ -5150,14 +5150,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:14.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 31588, @@ -5174,19 +5174,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24310", - "palo_alto.pan_os.network.nat.community_id": "1:71/qcXOmOV3sXCqZ1T6JVPlE9y8=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091180, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 18729, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24310", + "panw.panos.network.nat.community_id": "1:71/qcXOmOV3sXCqZ1T6JVPlE9y8=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091180, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 18729, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -5197,7 +5197,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 121, "source.ip": "192.168.15.224", @@ -5225,14 +5225,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:29.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:29.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 32037, @@ -5249,19 +5249,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "23.52.174.25", - "palo_alto.pan_os.destination.nat.port": 80, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24326", - "palo_alto.pan_os.network.nat.community_id": "1:5ECmBtgiSUvWFJAA318pVeeu5Pw=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091181, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 57858, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "computer-and-internet-info", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "23.52.174.25", + "panw.panos.destination.nat.port": 80, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24326", + "panw.panos.network.nat.community_id": "1:5ECmBtgiSUvWFJAA318pVeeu5Pw=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091181, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 57858, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "computer-and-internet-info", "related.ip": [ "192.168.15.224", "23.52.174.25", @@ -5272,7 +5272,7 @@ "server.ip": "23.52.174.25", "server.packets": 6, "server.port": 80, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 1246, "source.ip": "192.168.15.224", @@ -5300,14 +5300,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 1000000000, "event.end": "2018-11-30T16:09:14.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:13.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 32523, @@ -5324,19 +5324,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24201", - "palo_alto.pan_os.network.nat.community_id": "1:hxrz+dYE5XEf60JMlFz6JKWD6Ek=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091182, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 2722, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24201", + "panw.panos.network.nat.community_id": "1:hxrz+dYE5XEf60JMlFz6JKWD6Ek=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091182, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 2722, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -5347,7 +5347,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 315, "source.ip": "192.168.15.224", @@ -5375,14 +5375,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:14.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 32970, @@ -5399,19 +5399,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24130", - "palo_alto.pan_os.network.nat.community_id": "1:8cb9oPS9OJnzqGAkowgmRpiqmJU=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091183, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 6674, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24130", + "panw.panos.network.nat.community_id": "1:8cb9oPS9OJnzqGAkowgmRpiqmJU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091183, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 6674, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -5422,7 +5422,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 130, "source.ip": "192.168.15.224", @@ -5453,14 +5453,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 12000000000, "event.end": "2018-11-30T16:09:29.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:17.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 33417, @@ -5477,19 +5477,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "54.230.5.228", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24237", - "palo_alto.pan_os.network.nat.community_id": "1:Qc2oBV7ermdHPwGTWFOi4D1TcLg=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091184, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 37427, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "54.230.5.228", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24237", + "panw.panos.network.nat.community_id": "1:Qc2oBV7ermdHPwGTWFOi4D1TcLg=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091184, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 37427, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "54.230.5.228", @@ -5500,7 +5500,7 @@ "server.ip": "54.230.5.228", "server.packets": 5, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 288, "source.ip": "192.168.15.224", @@ -5528,14 +5528,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:14.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:14.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 33886, @@ -5552,19 +5552,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24108", - "palo_alto.pan_os.network.nat.community_id": "1:5IHTDvzRd4yPLPdpI4ErHcRK4/w=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091185, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 22408, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24108", + "panw.panos.network.nat.community_id": "1:5IHTDvzRd4yPLPdpI4ErHcRK4/w=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091185, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 22408, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -5575,7 +5575,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 149, "source.ip": "192.168.15.224", @@ -5603,14 +5603,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:15.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:15.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 34335, @@ -5627,19 +5627,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24247", - "palo_alto.pan_os.network.nat.community_id": "1:0s4n+/itsIbV3mUc8OnOxmZ6exs=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091186, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 27899, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24247", + "panw.panos.network.nat.community_id": "1:0s4n+/itsIbV3mUc8OnOxmZ6exs=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091186, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 27899, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -5650,7 +5650,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 202, "source.ip": "192.168.15.224", @@ -5678,14 +5678,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:15.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:15.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 34784, @@ -5702,19 +5702,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24098", - "palo_alto.pan_os.network.nat.community_id": "1:+GsjKlESn/QeXwrAsS8c8EaMzi0=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091187, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 52939, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24098", + "panw.panos.network.nat.community_id": "1:+GsjKlESn/QeXwrAsS8c8EaMzi0=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091187, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 52939, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -5725,7 +5725,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 195, "source.ip": "192.168.15.224", @@ -5753,14 +5753,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:15.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:15.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 35233, @@ -5777,19 +5777,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "208.83.246.20", - "palo_alto.pan_os.destination.nat.port": 123, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24263", - "palo_alto.pan_os.network.nat.community_id": "1:OSARbLstqz9D5CGo0NQuv0a9g20=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091188, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 42907, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "208.83.246.20", + "panw.panos.destination.nat.port": 123, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24263", + "panw.panos.network.nat.community_id": "1:OSARbLstqz9D5CGo0NQuv0a9g20=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091188, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 42907, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.195", "208.83.246.20", @@ -5800,7 +5800,7 @@ "server.ip": "208.83.246.20", "server.packets": 1, "server.port": 123, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.195", "source.bytes": 90, "source.ip": "192.168.15.195", @@ -5828,14 +5828,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:16.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "drop-icmp", "event.start": "2018-11-30T16:09:16.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 35695, @@ -5852,19 +5852,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24258", - "palo_alto.pan_os.network.nat.community_id": "1:Cc+ekkpKaB3f2BPdSyd/esY/QVI=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091189, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 19658, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24258", + "panw.panos.network.nat.community_id": "1:Cc+ekkpKaB3f2BPdSyd/esY/QVI=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091189, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 19658, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.196", "8.8.8.8", @@ -5875,7 +5875,7 @@ "server.ip": "8.8.8.8", "server.packets": 2, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.196", "source.bytes": 192, "source.ip": "192.168.15.196", @@ -5903,14 +5903,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:16.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "reset-client", "event.start": "2018-11-30T16:09:16.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 36149, @@ -5927,19 +5927,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24155", - "palo_alto.pan_os.network.nat.community_id": "1:uPFYX4KL/wjyCp4kt+08v7myT3w=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091190, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 64352, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24155", + "panw.panos.network.nat.community_id": "1:uPFYX4KL/wjyCp4kt+08v7myT3w=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091190, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 64352, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -5950,7 +5950,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 208, "source.ip": "192.168.15.224", @@ -5978,14 +5978,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:16.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "reset-server", "event.start": "2018-11-30T16:09:16.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 36605, @@ -6002,19 +6002,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24232", - "palo_alto.pan_os.network.nat.community_id": "1:f3vxOCmoOo/FOLV6VRqKjZ7eUVE=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091191, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 60126, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24232", + "panw.panos.network.nat.community_id": "1:f3vxOCmoOo/FOLV6VRqKjZ7eUVE=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091191, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 60126, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -6025,7 +6025,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 100, "source.ip": "192.168.15.224", @@ -6055,14 +6055,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 10000000000, "event.end": "2018-11-30T16:09:31.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "reset-both", "event.start": "2018-11-30T16:09:21.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 37061, @@ -6079,19 +6079,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "35.185.88.112", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24330", - "palo_alto.pan_os.network.nat.community_id": "1:/rmnQ6QBbJzgkfNBrkCgvu5UHiU=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091192, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 59771, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "35.185.88.112", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24330", + "panw.panos.network.nat.community_id": "1:/rmnQ6QBbJzgkfNBrkCgvu5UHiU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091192, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 59771, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "35.185.88.112", @@ -6102,7 +6102,7 @@ "server.ip": "35.185.88.112", "server.packets": 13, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 7237, "source.ip": "192.168.15.224", @@ -6130,14 +6130,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:16.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:16.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 37565, @@ -6154,19 +6154,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "23960", - "palo_alto.pan_os.network.nat.community_id": "1:9Ub1pskil4C0tLo85OJa61g1D0Q=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091193, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 35748, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "23960", + "panw.panos.network.nat.community_id": "1:9Ub1pskil4C0tLo85OJa61g1D0Q=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091193, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 35748, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -6177,7 +6177,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 109, "source.ip": "192.168.15.224", @@ -6205,14 +6205,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:16.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:16.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 38014, @@ -6229,19 +6229,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24236", - "palo_alto.pan_os.network.nat.community_id": "1:rh7nCIUBzUAekx4F+OTwBbpRh+E=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091194, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 63701, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24236", + "panw.panos.network.nat.community_id": "1:rh7nCIUBzUAekx4F+OTwBbpRh+E=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091194, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 63701, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -6252,7 +6252,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 116, "source.ip": "192.168.15.224", @@ -6280,14 +6280,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:16.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:16.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 38463, @@ -6304,19 +6304,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24276", - "palo_alto.pan_os.network.nat.community_id": "1:eIIc+AXkJtZLyfNqUAVZLumaYVQ=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091195, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 57872, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24276", + "panw.panos.network.nat.community_id": "1:eIIc+AXkJtZLyfNqUAVZLumaYVQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091195, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 57872, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -6327,7 +6327,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 96, "source.ip": "192.168.15.224", @@ -6358,14 +6358,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 11000000000, "event.end": "2018-11-30T16:09:32.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:21.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 38911, @@ -6382,19 +6382,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "50.19.85.24", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24299", - "palo_alto.pan_os.network.nat.community_id": "1:Mn7w9ScywW3qjDMNsO8QsGj6BY0=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091196, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 37581, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "50.19.85.24", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24299", + "panw.panos.network.nat.community_id": "1:Mn7w9ScywW3qjDMNsO8QsGj6BY0=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091196, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 37581, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "50.19.85.24", @@ -6405,7 +6405,7 @@ "server.ip": "50.19.85.24", "server.packets": 8, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 654, "source.ip": "192.168.15.224", @@ -6436,14 +6436,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 11000000000, "event.end": "2018-11-30T16:09:32.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:21.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 39403, @@ -6460,19 +6460,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "50.19.85.24", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24229", - "palo_alto.pan_os.network.nat.community_id": "1:8oAG19bm5FROhazDy0CcTH+Cfqc=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091197, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 19226, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "50.19.85.24", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24229", + "panw.panos.network.nat.community_id": "1:8oAG19bm5FROhazDy0CcTH+Cfqc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091197, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 19226, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "50.19.85.24", @@ -6483,7 +6483,7 @@ "server.ip": "50.19.85.24", "server.packets": 8, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 654, "source.ip": "192.168.15.224", @@ -6514,14 +6514,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 11000000000, "event.end": "2018-11-30T16:09:32.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:21.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 39895, @@ -6538,19 +6538,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "50.19.85.24", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24283", - "palo_alto.pan_os.network.nat.community_id": "1:ZhVElLU1QcpGayhElc2L/+Rp+xw=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091198, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 61721, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "50.19.85.24", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24283", + "panw.panos.network.nat.community_id": "1:ZhVElLU1QcpGayhElc2L/+Rp+xw=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091198, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 61721, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "50.19.85.24", @@ -6561,7 +6561,7 @@ "server.ip": "50.19.85.24", "server.packets": 8, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 654, "source.ip": "192.168.15.224", @@ -6589,14 +6589,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 11000000000, "event.end": "2018-11-30T16:09:32.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:21.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 40387, @@ -6613,19 +6613,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "104.254.150.9", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24369", - "palo_alto.pan_os.network.nat.community_id": "1:aHhDlT3Bx285CJRrBykpRsei1a0=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091199, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 10098, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "web-advertisements", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "104.254.150.9", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24369", + "panw.panos.network.nat.community_id": "1:aHhDlT3Bx285CJRrBykpRsei1a0=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091199, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 10098, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "web-advertisements", "related.ip": [ "192.168.15.224", "104.254.150.9", @@ -6636,7 +6636,7 @@ "server.ip": "104.254.150.9", "server.packets": 12, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 7820, "source.ip": "192.168.15.224", @@ -6667,14 +6667,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 11000000000, "event.end": "2018-11-30T16:09:32.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:21.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 40885, @@ -6691,19 +6691,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "50.19.85.24", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24354", - "palo_alto.pan_os.network.nat.community_id": "1:RLfRarGPGl+PnGhB8fb+S+uTX1o=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091200, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 4564, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "business-and-economy", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "50.19.85.24", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24354", + "panw.panos.network.nat.community_id": "1:RLfRarGPGl+PnGhB8fb+S+uTX1o=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091200, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 4564, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "business-and-economy", "related.ip": [ "192.168.15.224", "50.19.85.24", @@ -6714,7 +6714,7 @@ "server.ip": "50.19.85.24", "server.packets": 8, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 654, "source.ip": "192.168.15.224", @@ -6745,14 +6745,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 12000000000, "event.end": "2018-11-30T16:09:32.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:20.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 41376, @@ -6769,19 +6769,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "52.0.218.108", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24254", - "palo_alto.pan_os.network.nat.community_id": "1:/0iCZCsnpk+5MR4Tc26unyr/T4Q=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091201, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 32104, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.0.218.108", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24254", + "panw.panos.network.nat.community_id": "1:/0iCZCsnpk+5MR4Tc26unyr/T4Q=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091201, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 32104, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "52.0.218.108", @@ -6792,7 +6792,7 @@ "server.ip": "52.0.218.108", "server.packets": 4, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 214, "source.ip": "192.168.15.224", @@ -6823,14 +6823,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 12000000000, "event.end": "2018-11-30T16:09:32.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:20.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 41845, @@ -6847,19 +6847,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "52.6.117.19", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24246", - "palo_alto.pan_os.network.nat.community_id": "1:486dmnLzuTH8P7j6jI6JsUtW2VU=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091202, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 14172, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "52.6.117.19", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24246", + "panw.panos.network.nat.community_id": "1:486dmnLzuTH8P7j6jI6JsUtW2VU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091202, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 14172, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "52.6.117.19", @@ -6870,7 +6870,7 @@ "server.ip": "52.6.117.19", "server.packets": 4, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 214, "source.ip": "192.168.15.224", @@ -6901,14 +6901,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 12000000000, "event.end": "2018-11-30T16:09:32.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:20.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 42312, @@ -6925,19 +6925,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "34.238.96.22", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24343", - "palo_alto.pan_os.network.nat.community_id": "1:6LTK93w8ZdfxzSfZXzebKR6jWxo=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091203, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 10286, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "34.238.96.22", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24343", + "panw.panos.network.nat.community_id": "1:6LTK93w8ZdfxzSfZXzebKR6jWxo=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091203, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 10286, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "34.238.96.22", @@ -6948,7 +6948,7 @@ "server.ip": "34.238.96.22", "server.packets": 4, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 214, "source.ip": "192.168.15.224", @@ -6979,14 +6979,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 12000000000, "event.end": "2018-11-30T16:09:32.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:20.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 42781, @@ -7003,19 +7003,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "130.211.47.17", - "palo_alto.pan_os.destination.nat.port": 443, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24262", - "palo_alto.pan_os.network.nat.community_id": "1:roV5JFl0FdQHIRUkgeZm+ZeyeCQ=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091204, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 30799, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "130.211.47.17", + "panw.panos.destination.nat.port": 443, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24262", + "panw.panos.network.nat.community_id": "1:roV5JFl0FdQHIRUkgeZm+ZeyeCQ=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091204, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 30799, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "130.211.47.17", @@ -7026,7 +7026,7 @@ "server.ip": "130.211.47.17", "server.packets": 4, "server.port": 443, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 280, "source.ip": "192.168.15.224", @@ -7054,14 +7054,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:18.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:18.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 43252, @@ -7078,19 +7078,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24281", - "palo_alto.pan_os.network.nat.community_id": "1:5G+JVi/ClM/MfHhUL//vH/GmuaA=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091205, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 13490, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24281", + "panw.panos.network.nat.community_id": "1:5G+JVi/ClM/MfHhUL//vH/GmuaA=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091205, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 13490, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -7101,7 +7101,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 172, "source.ip": "192.168.15.224", @@ -7129,14 +7129,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:37.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:37.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 43701, @@ -7153,19 +7153,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 0, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24424", - "palo_alto.pan_os.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091206, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 0, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 0, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24424", + "panw.panos.network.nat.community_id": "1:QVXHpdoObbzEeqP6DGULYxqYgAY=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091206, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 0, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -7176,7 +7176,7 @@ "server.ip": "8.8.8.8", "server.packets": 6, "server.port": 0, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", @@ -7204,14 +7204,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:19.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:19.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 44145, @@ -7228,19 +7228,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24230", - "palo_alto.pan_os.network.nat.community_id": "1:mdksC4jGw6MN7g3nGdquiqQ95vU=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091207, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 53751, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24230", + "panw.panos.network.nat.community_id": "1:mdksC4jGw6MN7g3nGdquiqQ95vU=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091207, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 53751, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -7251,7 +7251,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 94, "source.ip": "192.168.15.224", @@ -7279,14 +7279,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:19.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:19.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 44593, @@ -7303,19 +7303,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24243", - "palo_alto.pan_os.network.nat.community_id": "1:+zC2Y+UE7UqApr01oqb755Xyuf4=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091208, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 21643, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24243", + "panw.panos.network.nat.community_id": "1:+zC2Y+UE7UqApr01oqb755Xyuf4=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091208, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 21643, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -7326,7 +7326,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 170, "source.ip": "192.168.15.224", @@ -7354,14 +7354,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:19.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:19.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 45041, @@ -7378,19 +7378,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24077", - "palo_alto.pan_os.network.nat.community_id": "1:xawqUBgLyfe1E61ObEXv4nbO590=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091209, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 22446, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24077", + "panw.panos.network.nat.community_id": "1:xawqUBgLyfe1E61ObEXv4nbO590=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091209, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 22446, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -7401,7 +7401,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 94, "source.ip": "192.168.15.224", @@ -7429,14 +7429,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:19.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:19.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 45488, @@ -7453,19 +7453,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24266", - "palo_alto.pan_os.network.nat.community_id": "1:PDWWOeDVqKGZ/hwjVVdCDdF6qB4=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091210, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 22301, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24266", + "panw.panos.network.nat.community_id": "1:PDWWOeDVqKGZ/hwjVVdCDdF6qB4=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091210, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 22301, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -7476,7 +7476,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 94, "source.ip": "192.168.15.224", @@ -7504,14 +7504,14 @@ "ecs.version": "1.0.0", "event.action": "flow_terminated", "event.category": "network_traffic", - "event.dataset": "palo_alto.pan_os", + "event.dataset": "panw.panos", "event.duration": 0, "event.end": "2018-11-30T16:09:19.000Z", - "event.module": "palo_alto", + "event.module": "panw", "event.outcome": "allow", "event.start": "2018-11-30T16:09:19.000Z", "event.timezone": "+00:00", - "fileset.name": "pan_os", + "fileset.name": "panos", "input.type": "log", "labels.nat_translated": true, "log.offset": 45936, @@ -7528,19 +7528,19 @@ "network.type": "ipv4", "observer.hostname": "PA-220", "observer.serial_number": "012801096514", - "palo_alto.pan_os.destination.interface": "ethernet1/1", - "palo_alto.pan_os.destination.nat.ip": "8.8.8.8", - "palo_alto.pan_os.destination.nat.port": 53, - "palo_alto.pan_os.destination.zone": "untrust", - "palo_alto.pan_os.flow_id": "24269", - "palo_alto.pan_os.network.nat.community_id": "1:yNIHAg1M08IChho9000mtg7zUOc=", - "palo_alto.pan_os.ruleset": "new_outbound_from_trust", - "palo_alto.pan_os.sequence_number": 32091211, - "palo_alto.pan_os.source.interface": "ethernet1/2", - "palo_alto.pan_os.source.nat.ip": "192.168.1.63", - "palo_alto.pan_os.source.nat.port": 58124, - "palo_alto.pan_os.source.zone": "trust", - "palo_alto.pan_os.url.category": "any", + "panw.panos.destination.interface": "ethernet1/1", + "panw.panos.destination.nat.ip": "8.8.8.8", + "panw.panos.destination.nat.port": 53, + "panw.panos.destination.zone": "untrust", + "panw.panos.flow_id": "24269", + "panw.panos.network.nat.community_id": "1:yNIHAg1M08IChho9000mtg7zUOc=", + "panw.panos.ruleset": "new_outbound_from_trust", + "panw.panos.sequence_number": 32091211, + "panw.panos.source.interface": "ethernet1/2", + "panw.panos.source.nat.ip": "192.168.1.63", + "panw.panos.source.nat.port": 58124, + "panw.panos.source.zone": "trust", + "panw.panos.url.category": "any", "related.ip": [ "192.168.15.224", "8.8.8.8", @@ -7551,7 +7551,7 @@ "server.ip": "8.8.8.8", "server.packets": 1, "server.port": 53, - "service.type": "palo_alto", + "service.type": "panw", "source.address": "192.168.15.224", "source.bytes": 166, "source.ip": "192.168.15.224", diff --git a/x-pack/filebeat/modules.d/palo_alto.yml.disabled b/x-pack/filebeat/modules.d/panw.yml.disabled similarity index 78% rename from x-pack/filebeat/modules.d/palo_alto.yml.disabled rename to x-pack/filebeat/modules.d/panw.yml.disabled index f8d6fc2adb7..a16d9580ac1 100644 --- a/x-pack/filebeat/modules.d/palo_alto.yml.disabled +++ b/x-pack/filebeat/modules.d/panw.yml.disabled @@ -1,8 +1,8 @@ -# Module: palo_alto -# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-palo_alto.html +# Module: panw +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-panw.html -- module: palo_alto - pan_os: +- module: panw + panos: enabled: true # Set which input to use between syslog (default) or file.